This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/TGbCZuViZRutYQ8kdtCYXGqL0a8.roa
File:                     TGbCZuViZRutYQ8kdtCYXGqL0a8.roa (raw, json)
Hash identifier:          2GYObrMmJ1/1K508ZV9aU3wdDAxHFZeeaR+BqxvKFu4=
Subject key identifier:   4C:66:C2:66:E5:62:65:1B:AD:61:0F:24:76:D0:98:5C:6A:8B:D1:AF
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019B7F149EAB1E48970F446834E6DE830664
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/TGbCZuViZRutYQ8kdtCYXGqL0a8.roa
Signing time:             Fri 02 Jan 2026 14:20:16 +0000
ROA not before:           Fri 02 Jan 2026 14:20:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        194.231.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:9e:ab:1e:48:97:0f:44:68:34:e6:de:83:06:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 14:20:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c66c266e562651bad610f2476d0985c6a8bd1af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:be:5f:1d:65:12:ef:9e:67:08:62:46:ab:4d:
                    be:b8:9f:34:57:22:e6:18:d0:42:67:d7:72:b4:93:
                    af:06:9d:dc:bd:65:0c:c1:1a:3d:13:42:9f:4a:ba:
                    76:92:60:42:11:e4:4f:1c:e7:b4:d3:57:ab:ac:f3:
                    d3:98:4c:9d:5c:7b:d0:8a:65:47:ab:41:7c:38:7c:
                    ed:e8:ab:35:95:7d:c9:46:7f:47:a0:42:0e:2d:98:
                    36:e6:96:91:6c:73:d8:59:52:7b:9e:d9:be:1e:56:
                    68:16:16:c3:bf:b4:7e:d7:03:97:67:8e:83:5b:e1:
                    7f:c2:5b:07:86:0a:16:ab:12:8f:4c:89:ff:85:c4:
                    12:a2:d1:51:aa:68:64:8b:e7:c9:e4:cc:31:88:a9:
                    3e:0e:a7:e6:17:3a:e6:05:05:3b:05:a9:c6:32:c1:
                    87:9f:52:cd:5d:46:0c:39:b0:62:84:94:5b:9c:b6:
                    1d:71:2c:0d:59:e2:8f:a1:e1:4f:86:17:1d:a5:1c:
                    c2:1a:b4:80:90:90:b1:f2:3b:3a:b7:9d:09:f0:db:
                    ff:8d:e0:4e:87:dd:ec:30:67:94:5b:a4:d6:73:49:
                    ad:db:4b:7b:1e:79:ab:06:89:1e:ce:01:ce:87:34:
                    fd:48:bc:6b:ce:ee:09:e0:d2:13:20:06:c2:7a:2b:
                    ab:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:66:C2:66:E5:62:65:1B:AD:61:0F:24:76:D0:98:5C:6A:8B:D1:AF
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/TGbCZuViZRutYQ8kdtCYXGqL0a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.231.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6b:19:42:f3:44:c4:61:9d:d2:98:c1:86:6f:04:c0:a6:d9:15:
         30:6c:3e:34:2e:88:1e:da:6c:41:be:4b:e0:89:32:28:f3:18:
         ad:6a:32:57:93:4b:e9:01:01:9a:44:83:09:21:ca:a9:c6:07:
         c3:e2:49:37:7e:5c:12:53:d8:35:77:b1:ec:f4:54:24:85:04:
         b9:79:06:0b:db:2f:90:f2:b4:22:09:88:34:a0:89:0e:bc:e3:
         33:6b:71:a2:5f:de:81:4c:34:74:ab:58:5a:d1:e5:bd:38:e4:
         d1:ad:cb:94:fe:6c:38:f2:bf:19:f3:4c:95:85:6c:7f:0e:7b:
         63:bb:35:6c:88:7d:eb:ee:c7:e3:0f:5a:37:67:42:5e:bc:f5:
         6f:91:8a:7e:74:3e:bc:0c:3f:3b:43:ed:d5:75:a6:2b:f8:6c:
         3b:a9:86:ad:9c:fe:e7:2e:ed:ac:fc:a0:b1:7e:5c:44:5d:78:
         55:3a:b5:eb:7f:3a:06:5e:05:59:d3:34:98:c9:60:b0:6e:85:
         46:77:a0:06:ed:d8:b9:75:de:0d:51:f4:2e:1a:3e:ea:52:81:
         38:39:09:6d:6f:16:b5:5b:20:99:41:c1:b5:8e:37:e0:1c:bd:
         6d:53:4a:25:c9:47:0f:93:47:48:ec:8f:54:55:ec:c9:0c:8e:
         a4:58:39:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FJ6rHkiXD0RoNObegwZkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMTAyMTQyMDE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzY2YzI2NmU1NjI2NTFiYWQ2MTBmMjQ3NmQwOTg1YzZhOGJkMWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmL5fHWUS755nCGJGq02+uJ80VyLm
GNBCZ9dytJOvBp3cvWUMwRo9E0KfSrp2kmBCEeRPHOe001errPPTmEydXHvQimVH
q0F8OHzt6Ks1lX3JRn9HoEIOLZg25paRbHPYWVJ7ntm+HlZoFhbDv7R+1wOXZ46D
W+F/wlsHhgoWqxKPTIn/hcQSotFRqmhki+fJ5MwxiKk+DqfmFzrmBQU7BanGMsGH
n1LNXUYMObBihJRbnLYdcSwNWeKPoeFPhhcdpRzCGrSAkJCx8js6t50J8Nv/jeBO
h93sMGeUW6TWc0mt20t7HnmrBokezgHOhzT9SLxrzu4J4NITIAbCeiurPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExmwmblYmUbrWEPJHbQmFxqi9GvMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvVEdiQ1p1VmlaUnV0WVE4a2R0Q1lYR3FMMGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwufQMA0G
CSqGSIb3DQEBCwUAA4IBAQBrGULzRMRhndKYwYZvBMCm2RUwbD40Loge2mxBvkvg
iTIo8xitajJXk0vpAQGaRIMJIcqpxgfD4kk3flwSU9g1d7Hs9FQkhQS5eQYL2y+Q
8rQiCYg0oIkOvOMza3GiX96BTDR0q1ha0eW9OOTRrcuU/mw48r8Z80yVhWx/Dntj
uzVsiH3r7sfjD1o3Z0JevPVvkYp+dD68DD87Q+3VdaYr+Gw7qYatnP7nLu2s/KCx
flxEXXhVOrXrfzoGXgVZ0zSYyWCwboVGd6AG7di5dd4NUfQuGj7qUoE4OQltbxa1
WyCZQcG1jjfgHL1tU0olyUcPk0dI7I9UVezJDI6kWDmP
-----END CERTIFICATE-----