This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/TzcrPtQyygSQdE_9ZpW0U258FWA.roa
File:                     TzcrPtQyygSQdE_9ZpW0U258FWA.roa (raw, json)
Hash identifier:          XHB179G1NkuoxHUDA2RIeIaiHXV5LoFis8B7rN9rC4w=
Subject key identifier:   4F:37:2B:3E:D4:32:CA:04:90:74:4F:FD:66:95:B4:53:6E:7C:15:60
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       019B7C12B63370C2A74E7372DD6D329D8669
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/TzcrPtQyygSQdE_9ZpW0U258FWA.roa
Signing time:             Fri 02 Jan 2026 00:19:19 +0000
ROA not before:           Fri 02 Jan 2026 00:19:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200240
IP address blocks:        2a0a:280:3200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 12:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:b6:33:70:c2:a7:4e:73:72:dd:6d:32:9d:86:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: Jan  2 00:19:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f372b3ed432ca0490744ffd6695b4536e7c1560
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6f:f9:46:45:32:6e:c5:a1:e9:1d:0c:24:97:
                    ae:3a:ad:c6:4e:49:80:56:cb:57:57:e8:50:c7:b6:
                    08:a1:f5:f0:fe:b2:1c:a2:75:a5:18:88:a8:ee:82:
                    33:29:0a:69:37:dd:7d:39:68:38:43:e6:45:1a:cf:
                    62:19:d3:93:2b:62:b8:d7:7a:55:35:8d:c2:b6:ec:
                    ed:1d:92:b3:15:1c:3d:2e:39:33:d8:fe:44:69:af:
                    80:f2:8b:d3:41:88:be:8a:21:b0:ed:dd:3d:49:36:
                    44:77:53:a0:20:9b:09:d5:da:cb:bc:1e:86:e3:45:
                    bf:bb:3a:2f:23:32:7b:46:d4:b7:d6:06:5b:93:3c:
                    1d:9a:57:50:af:4f:5f:8c:ea:3b:2e:af:6d:da:1c:
                    f7:73:34:5d:00:2e:0e:2f:e7:9f:e4:f7:0e:7a:8a:
                    d5:e7:a0:51:10:32:f4:bd:f7:a7:2b:1d:7a:99:3e:
                    f3:9a:95:fe:1c:92:c9:1c:1d:a6:1e:7b:d6:9a:3f:
                    39:51:4d:2c:9d:7c:cb:db:fa:9f:b9:a3:00:95:d4:
                    89:a0:eb:7e:12:c9:cb:55:8c:e0:c4:d0:db:3e:93:
                    e3:bc:0a:c9:03:cc:18:5f:29:b4:ef:78:99:78:5a:
                    db:48:d5:9d:66:02:69:e8:aa:5c:82:5f:bd:84:60:
                    b1:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:37:2B:3E:D4:32:CA:04:90:74:4F:FD:66:95:B4:53:6E:7C:15:60
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/TzcrPtQyygSQdE_9ZpW0U258FWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:3200::/40

    Signature Algorithm: sha256WithRSAEncryption
         9b:47:46:2c:8c:01:36:13:b5:78:61:c9:5f:c4:ce:a6:3b:c1:
         02:86:c3:5d:50:cc:d7:36:fa:e1:07:2d:e0:e9:95:fb:7a:28:
         1e:d1:6f:ef:b1:56:48:f0:d6:a1:8d:ad:9e:bb:f9:79:54:00:
         09:4e:44:5d:f6:3c:0d:97:1b:f4:b6:d9:56:9c:e4:a4:18:b4:
         c7:2b:8b:76:c2:42:e4:44:fe:f7:24:da:67:d4:9b:62:99:f2:
         f0:bc:d5:8d:5b:3e:c5:a0:0a:7f:4e:59:14:ef:ce:75:fb:08:
         a1:31:a3:f0:af:11:ac:8f:6c:ae:39:13:19:d5:e2:cf:74:ad:
         e5:e8:e6:ec:3d:1e:4c:ee:cf:54:af:1f:08:00:83:2d:5b:33:
         2e:a5:cc:2e:c9:5e:7a:80:25:fc:90:7b:a6:02:7b:b1:68:d3:
         94:d6:8f:6f:60:9b:3f:31:dc:85:63:ae:3c:73:8e:14:00:cd:
         be:1c:05:3c:45:74:90:8d:dc:34:25:35:c5:4d:38:bf:74:88:
         26:b8:05:09:de:a6:e2:77:eb:36:54:47:06:7a:df:37:7c:eb:
         9c:04:48:a2:f5:c9:e3:91:44:32:57:85:a4:d2:d9:de:73:05:
         2a:cd:9e:42:e2:86:2b:3c:75:19:18:64:64:ed:e4:dd:ad:88:
         1e:d6:fa:61
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt8ErYzcMKnTnNy3W0ynYZpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjYwMTAyMDAxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjM3MmIzZWQ0MzJjYTA0OTA3NDRmZmQ2Njk1YjQ1MzZlN2MxNTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2/5RkUybsWh6R0MJJeuOq3GTkmA
VstXV+hQx7YIofXw/rIconWlGIio7oIzKQppN919OWg4Q+ZFGs9iGdOTK2K413pV
NY3CtuztHZKzFRw9Ljkz2P5Eaa+A8ovTQYi+iiGw7d09STZEd1OgIJsJ1drLvB6G
40W/uzovIzJ7RtS31gZbkzwdmldQr09fjOo7Lq9t2hz3czRdAC4OL+ef5PcOeorV
56BREDL0vfenKx16mT7zmpX+HJLJHB2mHnvWmj85UU0snXzL2/qfuaMAldSJoOt+
EsnLVYzgxNDbPpPjvArJA8wYXym073iZeFrbSNWdZgJp6Kpcgl+9hGCxXwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFE83Kz7UMsoEkHRP/WaVtFNufBVgMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvVHpjclB0UXl5Z1NRZEVfOVpwVzBVMjU4RldBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgoCgDIw
DQYJKoZIhvcNAQELBQADggEBAJtHRiyMATYTtXhhyV/EzqY7wQKGw11QzNc2+uEH
LeDplft6KB7Rb++xVkjw1qGNrZ67+XlUAAlORF32PA2XG/S22Vac5KQYtMcri3bC
QuRE/vck2mfUm2KZ8vC81Y1bPsWgCn9OWRTvznX7CKExo/CvEayPbK45ExnV4s90
reXo5uw9Hkzuz1SvHwgAgy1bMy6lzC7JXnqAJfyQe6YCe7Fo05TWj29gmz8x3IVj
rjxzjhQAzb4cBTxFdJCN3DQlNcVNOL90iCa4BQnepuJ36zZURwZ63zd865wESKL1
yeORRDJXhaTS2d5zBSrNnkLihis8dRkYZGTt5N2tiB7W+mE=
-----END CERTIFICATE-----