This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/TFHSombGEFpOEnNXNsGYvrJGdv0.roa
File:                     TFHSombGEFpOEnNXNsGYvrJGdv0.roa (raw, json)
Hash identifier:          /mqcFhr0w4cIRtBsI04NQ7kvUg9C5yo8DGAn8ldeUew=
Subject key identifier:   4C:51:D2:A2:66:C6:10:5A:4E:12:73:57:36:C1:98:BE:B2:46:76:FD
Certificate issuer:       /CN=9b08f4e76150309bbd224b01f89ec203c1fc56db
Certificate serial:       019B7F8590CD7C274881111CF2E37B4BCCDD
Authority key identifier: 9B:08:F4:E7:61:50:30:9B:BD:22:4B:01:F8:9E:C2:03:C1:FC:56:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mwj052FQMJu9IksB-J7CA8H8Vts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/TFHSombGEFpOEnNXNsGYvrJGdv0.roa
Signing time:             Fri 02 Jan 2026 16:23:38 +0000
ROA not before:           Fri 02 Jan 2026 16:23:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        141.13.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/mwj052FQMJu9IksB-J7CA8H8Vts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/mwj052FQMJu9IksB-J7CA8H8Vts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mwj052FQMJu9IksB-J7CA8H8Vts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:90:cd:7c:27:48:81:11:1c:f2:e3:7b:4b:cc:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b08f4e76150309bbd224b01f89ec203c1fc56db
        Validity
            Not Before: Jan  2 16:23:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c51d2a266c6105a4e12735736c198beb24676fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:66:54:68:dc:26:5b:e4:82:2b:d5:cc:90:0e:
                    13:eb:4c:fe:3e:f0:65:61:0a:ec:05:d7:56:27:46:
                    ef:74:e6:d5:51:50:b4:18:6d:87:52:9b:7c:ad:36:
                    65:21:3e:f4:4d:3f:89:16:67:4e:96:22:ec:ac:39:
                    ac:e0:00:15:6c:ef:90:58:74:42:68:f7:62:40:57:
                    1c:b6:3b:ac:cb:48:12:68:33:94:8b:39:c8:36:b0:
                    93:d4:0c:e1:f9:a1:aa:b0:e0:bb:8b:9b:84:7a:28:
                    f5:fd:78:64:d8:b6:f6:99:ed:04:ff:55:78:40:4d:
                    13:36:ea:5e:40:af:8c:7d:b3:a8:27:cb:e6:81:1f:
                    f1:62:d3:da:83:ac:60:f8:3b:00:cb:2b:2a:8a:3b:
                    04:72:d4:ea:ec:03:94:5a:07:da:b0:ff:5e:78:97:
                    d2:16:0b:5b:1b:29:0f:d8:b8:ed:5d:6e:74:96:bb:
                    2e:e9:19:5c:d7:31:98:c4:7e:e0:8f:43:a5:ac:bd:
                    c7:d6:5e:f8:da:fc:81:b7:be:53:ff:26:10:a8:ca:
                    97:47:61:ea:6f:77:16:9a:71:a6:19:42:d3:63:5f:
                    91:4a:8b:4a:bd:1f:27:b5:50:38:9d:7e:5f:c9:0f:
                    2c:f4:52:85:4e:1d:3b:d0:fb:94:14:3f:5b:11:0b:
                    67:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:51:D2:A2:66:C6:10:5A:4E:12:73:57:36:C1:98:BE:B2:46:76:FD
            X509v3 Authority Key Identifier:
                keyid:9B:08:F4:E7:61:50:30:9B:BD:22:4B:01:F8:9E:C2:03:C1:FC:56:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mwj052FQMJu9IksB-J7CA8H8Vts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/TFHSombGEFpOEnNXNsGYvrJGdv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d5d690-fe16-449c-a6de-69df81f2d83d/1/mwj052FQMJu9IksB-J7CA8H8Vts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.13.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         76:5c:f5:a6:88:74:b9:e9:14:1e:01:a0:93:ae:49:a3:fb:b8:
         b9:c3:4c:f5:33:eb:60:15:7a:35:02:9d:f3:66:1e:b0:ae:cd:
         08:e5:f4:3e:8d:66:5a:b8:83:bf:5f:71:34:bf:d4:d6:72:0b:
         d0:92:8b:ba:bf:20:f4:b2:7c:60:c8:92:94:c8:4c:5f:05:76:
         69:a7:0c:73:44:39:72:a2:5c:24:27:f8:0b:b6:56:34:0f:fe:
         a6:19:c4:b0:20:ad:cd:a0:ed:e2:2d:fc:4a:f0:a4:c7:45:1d:
         9d:15:b6:7a:2b:44:f6:c9:d3:52:6d:77:f3:4b:52:61:ae:4f:
         d2:50:ad:1e:55:a2:79:29:5b:66:15:7b:85:0c:d6:bb:2f:91:
         fe:d0:56:08:31:19:62:92:7f:ec:12:55:c7:86:9e:cc:55:b3:
         02:1c:b4:b1:5e:86:a6:de:74:83:6c:c0:cf:4b:61:b2:9b:3a:
         98:f3:a1:ed:68:d7:5e:8f:eb:eb:5d:7b:ae:94:23:64:24:94:
         ad:5d:a1:2a:fc:96:72:e5:67:77:5c:b8:39:48:9c:a5:f3:95:
         72:39:bd:ee:cd:44:b4:9d:b2:d3:33:1b:fb:5f:a5:88:d8:d0:
         a0:b3:f1:92:d5:7f:2f:30:0e:85:70:7e:8f:92:47:24:83:96:
         ba:b6:72:a0
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt/hZDNfCdIgREc8uN7S8zdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMDhmNGU3NjE1MDMwOWJiZDIyNGIwMWY4OWVjMjAzYzFm
YzU2ZGIwHhcNMjYwMTAyMTYyMzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzUxZDJhMjY2YzYxMDVhNGUxMjczNTczNmMxOThiZWIyNDY3NmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWZUaNwmW+SCK9XMkA4T60z+PvBl
YQrsBddWJ0bvdObVUVC0GG2HUpt8rTZlIT70TT+JFmdOliLsrDms4AAVbO+QWHRC
aPdiQFcctjusy0gSaDOUiznINrCT1Azh+aGqsOC7i5uEeij1/Xhk2Lb2me0E/1V4
QE0TNupeQK+MfbOoJ8vmgR/xYtPag6xg+DsAyysqijsEctTq7AOUWgfasP9eeJfS
FgtbGykP2LjtXW50lrsu6Rlc1zGYxH7gj0OlrL3H1l742vyBt75T/yYQqMqXR2Hq
b3cWmnGmGULTY1+RSotKvR8ntVA4nX5fyQ8s9FKFTh070PuUFD9bEQtn+QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFExR0qJmxhBaThJzVzbBmL6yRnb9MB8GA1UdIwQY
MBaAFJsI9OdhUDCbvSJLAfiewgPB/FbbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXdqMDUyRlFNSnU5SWtzQi1KN0NBOEg4VnRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNWQ2OTAtZmUxNi00NDljLWE2ZGUt
NjlkZjgxZjJkODNkLzEvVEZIU29tYkdFRnBPRW5OWE5zR1l2ckpHZHYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNWQ2OTAtZmUxNi00NDljLWE2ZGUtNjlkZjgxZjJkODNk
LzEvbXdqMDUyRlFNSnU5SWtzQi1KN0NBOEg4VnRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjQ0wDQYJ
KoZIhvcNAQELBQADggEBAHZc9aaIdLnpFB4BoJOuSaP7uLnDTPUz62AVejUCnfNm
HrCuzQjl9D6NZlq4g79fcTS/1NZyC9CSi7q/IPSyfGDIkpTITF8FdmmnDHNEOXKi
XCQn+Au2VjQP/qYZxLAgrc2g7eIt/ErwpMdFHZ0VtnorRPbJ01Jtd/NLUmGuT9JQ
rR5VonkpW2YVe4UM1rsvkf7QVggxGWKSf+wSVceGnsxVswIctLFehqbedINswM9L
YbKbOpjzoe1o116P6+tde66UI2QklK1doSr8lnLlZ3dcuDlInKXzlXI5ve7NRLSd
stMzG/tfpYjY0KCz8ZLVfy8wDoVwfo+SRySDlrq2cqA=
-----END CERTIFICATE-----