This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/TCb5uFhPdPPt5s0zbZfU0CT_KnY.roa
File:                     TCb5uFhPdPPt5s0zbZfU0CT_KnY.roa (raw, json)
Hash identifier:          3tVk5RYg9temA1jbnQb/lg9ElUgEcrVoHItu4Xp5xlA=
Subject key identifier:   4C:26:F9:B8:58:4F:74:F3:ED:E6:CD:33:6D:97:D4:D0:24:FF:2A:76
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       019B7BA3D57E617F36020C93B71020C185BD
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/TCb5uFhPdPPt5s0zbZfU0CT_KnY.roa
Signing time:             Thu 01 Jan 2026 22:18:13 +0000
ROA not before:           Thu 01 Jan 2026 22:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        217.67.78.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:d5:7e:61:7f:36:02:0c:93:b7:10:20:c1:85:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jan  1 22:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c26f9b8584f74f3ede6cd336d97d4d024ff2a76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b0:92:37:53:02:cd:85:1c:fb:af:bf:0c:03:
                    0d:25:2b:37:d3:4e:a4:65:56:87:65:6c:5d:8f:5d:
                    d5:f5:ff:06:be:4a:e1:5b:a1:21:3a:eb:0c:5f:78:
                    d4:65:c1:f3:e2:01:e4:3f:dc:e4:5f:f3:ae:1f:c7:
                    ea:b8:94:54:81:04:2f:7f:47:d9:e5:1e:45:c5:70:
                    f8:5d:0d:d7:27:b7:8a:b8:99:47:aa:7b:60:76:c7:
                    40:92:3b:37:8e:51:9e:80:b6:c9:e5:5c:28:31:61:
                    69:4d:77:63:5f:e6:ca:86:30:c5:b8:35:33:55:f2:
                    b5:1f:91:35:8b:e7:f3:6a:20:50:5d:95:58:8d:0a:
                    fa:49:69:84:a4:30:3a:2a:fd:89:56:d4:16:0d:69:
                    01:f8:bb:46:40:61:28:73:77:d4:bc:12:1e:3c:d1:
                    e6:79:1f:a5:bb:68:79:71:c3:20:36:66:56:54:bc:
                    61:bb:0a:fc:9f:8d:b2:d6:b3:18:60:eb:a4:ff:fd:
                    1c:4b:ba:4f:29:62:2e:6b:27:69:47:7f:0e:23:e1:
                    c4:3a:ec:47:c7:ca:be:3a:bc:10:a9:7e:cd:90:d3:
                    63:1a:81:8e:ed:fb:4e:79:7f:fc:13:e7:de:40:21:
                    51:38:a3:cb:80:e1:94:bd:f9:8f:28:d0:d0:7b:17:
                    bf:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:26:F9:B8:58:4F:74:F3:ED:E6:CD:33:6D:97:D4:D0:24:FF:2A:76
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/TCb5uFhPdPPt5s0zbZfU0CT_KnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.67.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d4:1c:2b:ae:f0:6b:19:78:d9:8e:31:94:72:80:d8:06:c6:e0:
         3c:4f:e9:d7:c7:c2:71:d1:ea:d4:5c:82:5c:5e:aa:d6:f4:4c:
         af:fe:55:c5:1b:85:8f:f5:75:be:e6:19:75:81:b8:45:80:83:
         52:1e:2b:c0:91:26:46:c1:92:78:12:91:09:61:49:08:5f:52:
         ff:74:7d:db:05:1d:62:dc:88:88:0d:a8:47:e2:3a:67:9c:39:
         80:8b:1d:9e:28:cf:ee:75:44:40:18:e8:60:15:aa:05:90:90:
         ef:19:5e:e2:f4:4a:7a:66:a4:5d:77:7f:bb:6e:86:cf:cc:14:
         50:9f:57:55:05:b4:bf:ea:13:d2:04:69:98:89:15:22:eb:75:
         bb:fd:b8:33:7f:48:4b:2e:64:4a:e4:f6:dc:93:b4:6a:80:59:
         a1:d8:bb:5c:e7:38:99:0d:ce:cf:c5:3f:d2:df:12:76:f2:09:
         d1:ac:80:71:25:40:e6:67:2c:69:85:60:a8:db:23:e6:20:e9:
         34:b7:a3:78:18:2f:08:fe:e7:61:02:77:ad:e9:eb:53:23:72:
         c1:cb:9e:2d:74:5a:0a:0b:32:3e:f3:9d:9b:7f:a9:e2:62:a3:
         37:2e:5f:eb:cc:cb:6f:39:23:2f:18:7a:54:81:dd:8b:5a:3a:
         e0:88:9a:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o9V+YX82AgyTtxAgwYW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjYwMTAxMjIxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzI2ZjliODU4NGY3NGYzZWRlNmNkMzM2ZDk3ZDRkMDI0ZmYyYTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLCSN1MCzYUc+6+/DAMNJSs3006k
ZVaHZWxdj13V9f8GvkrhW6EhOusMX3jUZcHz4gHkP9zkX/OuH8fquJRUgQQvf0fZ
5R5FxXD4XQ3XJ7eKuJlHqntgdsdAkjs3jlGegLbJ5VwoMWFpTXdjX+bKhjDFuDUz
VfK1H5E1i+fzaiBQXZVYjQr6SWmEpDA6Kv2JVtQWDWkB+LtGQGEoc3fUvBIePNHm
eR+lu2h5ccMgNmZWVLxhuwr8n42y1rMYYOuk//0cS7pPKWIuaydpR38OI+HEOuxH
x8q+OrwQqX7NkNNjGoGO7ftOeX/8E+feQCFROKPLgOGUvfmPKNDQexe/UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwm+bhYT3Tz7ebNM22X1NAk/yp2MB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvVENiNXVGaFBkUFB0NXMwemJaZlUwQ1RfS25ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB2UNOMA0G
CSqGSIb3DQEBCwUAA4IBAQDUHCuu8GsZeNmOMZRygNgGxuA8T+nXx8Jx0erUXIJc
XqrW9Eyv/lXFG4WP9XW+5hl1gbhFgINSHivAkSZGwZJ4EpEJYUkIX1L/dH3bBR1i
3IiIDahH4jpnnDmAix2eKM/udURAGOhgFaoFkJDvGV7i9Ep6ZqRdd3+7bobPzBRQ
n1dVBbS/6hPSBGmYiRUi63W7/bgzf0hLLmRK5Pbck7RqgFmh2Ltc5ziZDc7PxT/S
3xJ28gnRrIBxJUDmZyxphWCo2yPmIOk0t6N4GC8I/udhAnet6etTI3LBy54tdFoK
CzI+852bf6niYqM3Ll/rzMtvOSMvGHpUgd2LWjrgiJrC
-----END CERTIFICATE-----