This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/TD7LcMa8g07SO6E6QEZXj5yZzM0.roa
File:                     TD7LcMa8g07SO6E6QEZXj5yZzM0.roa (raw, json)
Hash identifier:          cD2AwS1X+5qcgIE9W2blNIYEjQyz6ExsjggeZZ5KKps=
Subject key identifier:   4C:3E:CB:70:C6:BC:83:4E:D2:3B:A1:3A:40:46:57:8F:9C:99:CC:CD
Certificate issuer:       /CN=f8ae9881bf112098a2bfd49a0bcffdccce7bc208
Certificate serial:       019B79EC60B1ED7D48339116AC4BF0D569CD
Authority key identifier: F8:AE:98:81:BF:11:20:98:A2:BF:D4:9A:0B:CF:FD:CC:CE:7B:C2:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/TD7LcMa8g07SO6E6QEZXj5yZzM0.roa
Signing time:             Thu 01 Jan 2026 14:18:13 +0000
ROA not before:           Thu 01 Jan 2026 14:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9009
IP address blocks:        194.145.240.0/24 maxlen: 24
                          194.145.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 02:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:60:b1:ed:7d:48:33:91:16:ac:4b:f0:d5:69:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8ae9881bf112098a2bfd49a0bcffdccce7bc208
        Validity
            Not Before: Jan  1 14:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c3ecb70c6bc834ed23ba13a4046578f9c99cccd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:00:e0:83:76:46:f7:ea:26:c5:67:f1:a0:5f:
                    f6:f7:9f:cc:3f:b0:1e:c9:44:43:96:3b:83:a0:b8:
                    cf:4b:29:9e:d0:29:e3:7f:02:56:8f:9c:03:a7:8a:
                    41:43:b4:c6:97:69:87:73:cc:bb:95:9a:4c:38:c4:
                    28:9d:08:77:9d:27:3a:f5:e9:5d:2c:e1:30:53:c6:
                    2f:46:ab:f8:ad:2b:7c:43:47:86:33:08:04:96:2c:
                    8f:f9:ad:1b:27:e2:e7:bf:10:61:4e:e3:7b:12:6f:
                    0e:5b:24:72:9e:0d:8d:23:d8:81:84:0f:6d:f6:8c:
                    eb:44:5d:65:d4:d7:e9:5a:d3:c5:2e:67:c3:77:bc:
                    ca:46:73:1f:da:5c:17:69:0a:d8:5c:68:34:be:43:
                    d0:d8:ea:9d:49:0e:fa:47:2f:6f:f9:b4:e5:b1:b2:
                    b3:15:93:4a:5b:ba:9b:08:79:ef:93:96:a5:d5:56:
                    06:76:37:69:d8:32:5e:f9:e1:4f:c9:af:71:e4:de:
                    08:db:7e:2d:53:01:92:67:d9:c2:6d:82:59:f7:16:
                    57:57:f3:ce:67:e5:e7:c4:5e:39:1a:44:2f:f3:38:
                    7d:8d:3c:01:0a:16:a0:0c:5c:da:3e:0a:69:e4:b7:
                    d7:d9:0c:04:67:60:63:fc:8d:ac:64:15:c6:77:e9:
                    43:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:3E:CB:70:C6:BC:83:4E:D2:3B:A1:3A:40:46:57:8F:9C:99:CC:CD
            X509v3 Authority Key Identifier:
                keyid:F8:AE:98:81:BF:11:20:98:A2:BF:D4:9A:0B:CF:FD:CC:CE:7B:C2:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/TD7LcMa8g07SO6E6QEZXj5yZzM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5d9f57-0f10-4e14-b4af-25a15a524f87/1/1-K6Ygb8RIJiiv9SaC8_9zM57wgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.145.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         59:bb:4d:9b:d2:08:28:4a:ab:71:2e:44:8e:ed:87:a3:35:b0:
         e7:26:63:34:1a:b1:96:8e:f1:3c:27:00:fd:2f:66:e4:3b:91:
         9d:78:96:0f:2b:a4:fb:31:37:05:cd:c6:7d:8e:e5:d9:f2:17:
         31:5f:19:77:2d:a0:6e:e3:b9:78:09:a4:3b:a8:47:20:e3:ff:
         96:d4:16:f0:d3:d3:f1:18:eb:e3:50:d1:8d:7f:47:ce:6f:3a:
         bd:87:77:76:e9:71:a0:fe:ae:18:a3:ae:5e:30:a0:3a:fa:a6:
         92:90:9b:b9:82:03:b4:11:83:79:b5:1c:66:68:68:fb:02:35:
         27:17:5c:b9:57:af:20:4f:0d:1e:21:cd:a5:6c:28:cb:03:d4:
         03:fa:5d:e4:a2:af:2e:41:7e:9d:6d:20:78:1d:04:d1:fa:f7:
         61:20:c4:05:0a:12:25:10:8e:72:d7:c1:90:c1:d8:ce:9a:c1:
         3e:11:c9:75:43:2a:8a:3f:e1:02:fd:4a:ff:17:55:8d:93:4e:
         77:e4:a4:2e:e4:28:b8:25:62:dd:bf:92:36:08:a8:f8:db:9b:
         5d:5c:b1:95:2d:e5:85:34:63:65:c5:c9:8a:6b:72:fa:5b:00:
         71:e6:de:0d:8c:e9:34:b8:86:f1:5d:7f:d5:9b:8d:fb:98:15:
         3f:98:e5:99
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt57GCx7X1IM5EWrEvw1WnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YWU5ODgxYmYxMTIwOThhMmJmZDQ5YTBiY2ZmZGNjY2U3
YmMyMDgwHhcNMjYwMTAxMTQxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzNlY2I3MGM2YmM4MzRlZDIzYmExM2E0MDQ2NTc4ZjljOTljY2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ADgg3ZG9+omxWfxoF/295/MP7Ae
yURDljuDoLjPSyme0CnjfwJWj5wDp4pBQ7TGl2mHc8y7lZpMOMQonQh3nSc69eld
LOEwU8YvRqv4rSt8Q0eGMwgEliyP+a0bJ+LnvxBhTuN7Em8OWyRyng2NI9iBhA9t
9ozrRF1l1NfpWtPFLmfDd7zKRnMf2lwXaQrYXGg0vkPQ2OqdSQ76Ry9v+bTlsbKz
FZNKW7qbCHnvk5al1VYGdjdp2DJe+eFPya9x5N4I234tUwGSZ9nCbYJZ9xZXV/PO
Z+XnxF45GkQv8zh9jTwBChagDFzaPgpp5LfX2QwEZ2Bj/I2sZBXGd+lDmQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEw+y3DGvINO0juhOkBGV4+cmczNMB8GA1UdIwQY
MBaAFPiumIG/ESCYor/UmgvP/czOe8IIMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LNllnYjhSSUppaXY5U2FDOF85ek01N3dnZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTQvNWQ5ZjU3LTBmMTAtNGUxNC1iNGFm
LTI1YTE1YTUyNGY4Ny8xL1REN0xjTWE4ZzA3U082RTZRRVpYajV5WnpNMC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTQvNWQ5ZjU3LTBmMTAtNGUxNC1iNGFmLTI1YTE1YTUyNGY4
Ny8xLzEtSzZZZ2I4UklKaWl2OVNhQzhfOXpNNTd3Z2cuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAHCkfAw
DQYJKoZIhvcNAQELBQADggEBAFm7TZvSCChKq3EuRI7th6M1sOcmYzQasZaO8Twn
AP0vZuQ7kZ14lg8rpPsxNwXNxn2O5dnyFzFfGXctoG7juXgJpDuoRyDj/5bUFvDT
0/EY6+NQ0Y1/R85vOr2Hd3bpcaD+rhijrl4woDr6ppKQm7mCA7QRg3m1HGZoaPsC
NScXXLlXryBPDR4hzaVsKMsD1AP6XeSiry5Bfp1tIHgdBNH692EgxAUKEiUQjnLX
wZDB2M6awT4RyXVDKoo/4QL9Sv8XVY2TTnfkpC7kKLglYt2/kjYIqPjbm11csZUt
5YU0Y2XFyYprcvpbAHHm3g2M6TS4hvFdf9WbjfuYFT+Y5Zk=
-----END CERTIFICATE-----