This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/TJCGzUQHxg4bwyTZRd9MjPgDFco.roa
File:                     TJCGzUQHxg4bwyTZRd9MjPgDFco.roa (raw, json)
Hash identifier:          mDKYo4+PY4/xDJecNKQRG7i12NJwnq+4UMvwsAIjYeA=
Subject key identifier:   4C:90:86:CD:44:07:C6:0E:1B:C3:24:D9:45:DF:4C:8C:F8:03:15:CA
Certificate issuer:       /CN=1ed3d8e29e063b9d2740ab3de6c72255ec8d0557
Certificate serial:       019B7B362A97407CA43F8B0782C5CF4EF930
Authority key identifier: 1E:D3:D8:E2:9E:06:3B:9D:27:40:AB:3D:E6:C7:22:55:EC:8D:05:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HtPY4p4GO50nQKs95sciVeyNBVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/TJCGzUQHxg4bwyTZRd9MjPgDFco.roa
Signing time:             Thu 01 Jan 2026 20:18:26 +0000
ROA not before:           Thu 01 Jan 2026 20:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8903
IP address blocks:        212.31.198.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/HtPY4p4GO50nQKs95sciVeyNBVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/HtPY4p4GO50nQKs95sciVeyNBVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HtPY4p4GO50nQKs95sciVeyNBVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:2a:97:40:7c:a4:3f:8b:07:82:c5:cf:4e:f9:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ed3d8e29e063b9d2740ab3de6c72255ec8d0557
        Validity
            Not Before: Jan  1 20:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c9086cd4407c60e1bc324d945df4c8cf80315ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:55:d5:88:fe:69:a0:85:01:cb:a0:40:4a:8f:
                    8e:e4:07:ef:ed:6a:13:0c:82:f5:df:2b:43:b6:56:
                    e2:0e:6e:ad:e4:e0:5c:3d:d0:2a:0e:e9:b2:23:64:
                    a7:e7:88:ce:5b:1d:39:dc:a4:96:e8:d8:7c:8e:b3:
                    65:05:73:c5:5d:03:31:9e:7f:4b:8b:12:80:72:73:
                    64:4a:39:60:19:d9:ad:88:59:6d:97:4c:7b:50:aa:
                    21:db:c7:fb:36:a0:3d:b2:d8:bf:c0:01:6f:4f:87:
                    a5:d9:b3:36:34:fd:81:bf:bb:b6:54:3b:af:bc:35:
                    65:be:04:5a:bb:cd:34:c1:53:63:4a:df:1e:33:9d:
                    b2:ef:2e:2e:f5:08:ef:ee:7a:65:d8:98:a2:3c:d2:
                    96:2b:74:39:ff:2e:05:7d:82:da:8b:66:db:6f:e5:
                    79:e0:f7:ae:31:b4:9f:ba:e4:f1:73:73:b5:9b:6b:
                    58:f3:12:00:f4:d4:ca:eb:70:e3:41:54:b0:67:cf:
                    8e:d4:2a:ab:c5:30:8a:ce:b0:6d:c1:b4:f8:af:72:
                    0b:e5:b3:25:08:3c:0a:ce:31:78:66:9d:a1:82:4d:
                    f3:b1:3a:4e:8e:66:70:6f:c5:9d:dc:e8:3e:4e:22:
                    ca:92:a7:fb:e2:10:56:31:01:e7:77:0b:56:53:9a:
                    64:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:90:86:CD:44:07:C6:0E:1B:C3:24:D9:45:DF:4C:8C:F8:03:15:CA
            X509v3 Authority Key Identifier:
                keyid:1E:D3:D8:E2:9E:06:3B:9D:27:40:AB:3D:E6:C7:22:55:EC:8D:05:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HtPY4p4GO50nQKs95sciVeyNBVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/TJCGzUQHxg4bwyTZRd9MjPgDFco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/4d9c83-f960-48ac-bbf5-9dca5cc80dd9/1/HtPY4p4GO50nQKs95sciVeyNBVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.31.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         48:54:d3:33:22:54:84:ea:35:a3:47:a7:4f:4d:63:e5:a9:2e:
         8e:2d:04:74:81:62:9a:a5:d7:35:14:90:48:e3:20:84:21:e3:
         43:c0:81:31:d1:09:19:88:ae:5c:39:2d:31:6c:44:72:a5:93:
         79:75:bb:44:f5:46:3d:1f:90:7f:24:a7:a1:13:03:f8:11:88:
         88:5a:c5:7a:64:21:3a:c7:9f:1a:33:1f:cc:10:ac:3e:da:ac:
         86:04:3c:2a:de:f4:c9:e9:24:7b:e6:b4:72:6f:94:57:34:85:
         3f:08:2b:b4:bb:eb:bc:ca:be:35:6b:8b:d6:e2:bb:e8:88:54:
         26:1b:fb:e0:e0:95:62:43:b3:fc:2c:e4:88:15:33:e1:14:fd:
         5f:3f:16:ef:91:76:e8:ea:5b:97:8e:8e:6a:6f:dc:60:4e:d5:
         63:69:5f:bb:ee:13:95:58:31:f9:a6:9c:0e:d3:8d:0e:ae:cf:
         33:46:ca:4b:fb:e4:af:53:05:8d:e3:65:ed:6d:d1:69:ed:f3:
         97:d4:05:6c:8a:b3:2b:87:ed:00:f0:42:fe:4b:d1:e0:fc:83:
         33:7a:ca:21:3f:8d:5a:e9:8d:13:c8:82:4b:86:4d:be:a2:ab:
         51:7f:d3:ae:1d:b1:87:b9:4a:93:d6:aa:15:dc:66:ee:fa:16:
         d9:1c:7f:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NiqXQHykP4sHgsXPTvkwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlZDNkOGUyOWUwNjNiOWQyNzQwYWIzZGU2YzcyMjU1ZWM4
ZDA1NTcwHhcNMjYwMTAxMjAxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzkwODZjZDQ0MDdjNjBlMWJjMzI0ZDk0NWRmNGM4Y2Y4MDMxNWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFXViP5poIUBy6BASo+O5Afv7WoT
DIL13ytDtlbiDm6t5OBcPdAqDumyI2Sn54jOWx053KSW6Nh8jrNlBXPFXQMxnn9L
ixKAcnNkSjlgGdmtiFltl0x7UKoh28f7NqA9sti/wAFvT4el2bM2NP2Bv7u2VDuv
vDVlvgRau800wVNjSt8eM52y7y4u9Qjv7npl2JiiPNKWK3Q5/y4FfYLai2bbb+V5
4PeuMbSfuuTxc3O1m2tY8xIA9NTK63DjQVSwZ8+O1CqrxTCKzrBtwbT4r3IL5bMl
CDwKzjF4Zp2hgk3zsTpOjmZwb8Wd3Og+TiLKkqf74hBWMQHndwtWU5pkXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyQhs1EB8YOG8Mk2UXfTIz4AxXKMB8GA1UdIwQY
MBaAFB7T2OKeBjudJ0CrPebHIlXsjQVXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHRQWTRwNEdPNTBuUUtzOTVzY2lWZXlOQlZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi80ZDljODMtZjk2MC00OGFjLWJiZjUt
OWRjYTVjYzgwZGQ5LzEvVEpDR3pVUUh4ZzRid3lUWlJkOU1qUGdERmNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi80ZDljODMtZjk2MC00OGFjLWJiZjUtOWRjYTVjYzgwZGQ5
LzEvSHRQWTRwNEdPNTBuUUtzOTVzY2lWZXlOQlZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1B/GMA0G
CSqGSIb3DQEBCwUAA4IBAQBIVNMzIlSE6jWjR6dPTWPlqS6OLQR0gWKapdc1FJBI
4yCEIeNDwIEx0QkZiK5cOS0xbERypZN5dbtE9UY9H5B/JKehEwP4EYiIWsV6ZCE6
x58aMx/MEKw+2qyGBDwq3vTJ6SR75rRyb5RXNIU/CCu0u+u8yr41a4vW4rvoiFQm
G/vg4JViQ7P8LOSIFTPhFP1fPxbvkXbo6luXjo5qb9xgTtVjaV+77hOVWDH5ppwO
040Ors8zRspL++SvUwWN42XtbdFp7fOX1AVsirMrh+0A8EL+S9Hg/IMzesohP41a
6Y0TyIJLhk2+oqtRf9OuHbGHuUqT1qoV3Gbu+hbZHH8v
-----END CERTIFICATE-----
Generated at Mon Jan 26 23:43:29 2026 by rpki-client