This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/tF9YKOONiKk1CscCM98zlB8EJLs.roa
File:                     tF9YKOONiKk1CscCM98zlB8EJLs.roa (raw, json)
Hash identifier:          6wUmwqGkAOvn8GZ/bao7dMUtyUHLPWG5h6PlJNzejcg=
Subject key identifier:   B4:5F:58:28:E3:8D:88:A9:35:0A:C7:02:33:DF:33:94:1F:04:24:BB
Certificate issuer:       /CN=7913f8c13ba8290f60da63ba89e935b275893adb
Certificate serial:       019B77C6A351DDCFAC8D1CD89DD05A9AF893
Authority key identifier: 79:13:F8:C1:3B:A8:29:0F:60:DA:63:BA:89:E9:35:B2:75:89:3A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/tF9YKOONiKk1CscCM98zlB8EJLs.roa
Signing time:             Thu 01 Jan 2026 04:17:45 +0000
ROA not before:           Thu 01 Jan 2026 04:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.78.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 16:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:a3:51:dd:cf:ac:8d:1c:d8:9d:d0:5a:9a:f8:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7913f8c13ba8290f60da63ba89e935b275893adb
        Validity
            Not Before: Jan  1 04:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b45f5828e38d88a9350ac70233df33941f0424bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a9:fc:22:70:e7:2d:a4:de:eb:16:8a:81:73:
                    2f:e9:e7:29:33:d4:6d:f1:2c:a0:e5:81:2f:a1:c4:
                    c2:3a:36:21:71:80:fa:8f:c6:93:9e:90:bf:db:14:
                    e9:46:9c:30:60:2e:23:9b:63:c8:0a:20:cf:1c:43:
                    52:3c:63:c1:a0:45:98:59:dd:33:d6:29:f9:7f:ff:
                    60:55:e0:1e:8b:7a:d4:23:2c:c6:60:69:4c:81:8b:
                    d7:a8:aa:20:9e:c7:bb:db:d0:7f:78:b5:ce:4f:fa:
                    04:bf:a8:f8:7f:2a:fc:a1:a7:b1:9e:ce:23:ca:33:
                    ea:1b:eb:f3:ad:19:68:d9:d7:ee:33:32:7b:39:e3:
                    4b:c1:20:ff:78:e5:c8:e5:d0:3b:9b:a6:e2:1f:df:
                    b4:57:da:9e:ca:4f:6a:aa:ec:ca:ff:e5:f4:c8:5c:
                    7a:8b:64:79:c3:38:ad:ac:da:b2:4f:6c:ff:dc:cd:
                    16:71:1c:3a:c2:72:bd:74:c0:c0:40:eb:9c:b7:76:
                    57:ef:6d:c3:58:70:1f:3e:ec:d8:dd:6a:99:8f:36:
                    9d:34:5a:d6:b9:ea:71:0f:90:bd:95:62:b5:3f:5e:
                    3c:f8:b6:f7:bd:38:53:38:69:d7:f2:4c:d9:a0:7a:
                    cf:7e:48:7d:25:ac:92:8d:d8:bf:9b:19:66:51:34:
                    ac:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5F:58:28:E3:8D:88:A9:35:0A:C7:02:33:DF:33:94:1F:04:24:BB
            X509v3 Authority Key Identifier:
                keyid:79:13:F8:C1:3B:A8:29:0F:60:DA:63:BA:89:E9:35:B2:75:89:3A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eRP4wTuoKQ9g2mO6iek1snWJOts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/tF9YKOONiKk1CscCM98zlB8EJLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ce1c99-0abe-4277-aca2-fe1cf308a008/1/eRP4wTuoKQ9g2mO6iek1snWJOts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.78.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         12:06:17:66:fc:77:f7:81:03:ea:f3:33:76:b9:9f:8d:17:86:
         5f:dc:67:9e:04:94:3f:62:0b:9f:5d:f0:62:5f:d2:9e:59:90:
         31:04:9a:08:83:2a:a3:57:0c:70:53:97:c9:a2:fa:96:64:5f:
         4e:57:fc:4a:90:3e:39:3b:83:92:aa:ab:11:c8:b6:f3:9c:ea:
         f0:7e:f0:22:64:97:98:b3:bd:61:40:d1:13:5c:39:6f:9e:25:
         c5:50:95:c0:c0:77:c4:9c:eb:99:1b:79:21:c0:91:fa:d9:b0:
         da:94:ae:a8:f6:db:25:02:e8:54:5e:71:dd:c0:b4:01:ac:04:
         dd:90:b4:30:d1:88:c6:07:52:e8:f7:61:b7:2b:95:38:a3:ac:
         dc:cd:76:28:f6:5f:02:18:24:42:55:c6:bb:02:ba:ce:36:a7:
         1e:ea:16:80:06:26:47:ba:d3:76:91:b5:b6:28:dc:e0:1c:41:
         d3:5a:7d:4e:3b:e3:77:5e:26:bc:c5:ab:6b:3c:e7:de:4b:2c:
         73:94:9a:96:18:af:9b:2c:2f:22:cc:42:79:2b:a5:97:e2:b2:
         6b:36:c8:63:13:ca:cf:2a:23:0d:ca:21:36:7f:c2:77:a8:c0:
         14:d1:22:8c:21:a3:95:77:e4:5d:ee:7d:f2:02:dd:35:91:f1:
         3c:bd:5d:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xqNR3c+sjRzYndBamviTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MTNmOGMxM2JhODI5MGY2MGRhNjNiYTg5ZTkzNWIyNzU4
OTNhZGIwHhcNMjYwMTAxMDQxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDVmNTgyOGUzOGQ4OGE5MzUwYWM3MDIzM2RmMzM5NDFmMDQyNGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoan8InDnLaTe6xaKgXMv6ecpM9Rt
8Syg5YEvocTCOjYhcYD6j8aTnpC/2xTpRpwwYC4jm2PICiDPHENSPGPBoEWYWd0z
1in5f/9gVeAei3rUIyzGYGlMgYvXqKognse729B/eLXOT/oEv6j4fyr8oaexns4j
yjPqG+vzrRlo2dfuMzJ7OeNLwSD/eOXI5dA7m6biH9+0V9qeyk9qquzK/+X0yFx6
i2R5wzitrNqyT2z/3M0WcRw6wnK9dMDAQOuct3ZX723DWHAfPuzY3WqZjzadNFrW
uepxD5C9lWK1P148+Lb3vThTOGnX8kzZoHrPfkh9JaySjdi/mxlmUTSsfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRfWCjjjYipNQrHAjPfM5QfBCS7MB8GA1UdIwQY
MBaAFHkT+ME7qCkPYNpjuonpNbJ1iTrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVJQNHdUdW9LUTlnMm1PNmllazFzbldKT3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jZTFjOTktMGFiZS00Mjc3LWFjYTIt
ZmUxY2YzMDhhMDA4LzEvdEY5WUtPT05pS2sxQ3NjQ005OHpsQjhFSkxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jZTFjOTktMGFiZS00Mjc3LWFjYTItZmUxY2YzMDhhMDA4
LzEvZVJQNHdUdW9LUTlnMm1PNmllazFzbldKT3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuU7IMA0G
CSqGSIb3DQEBCwUAA4IBAQASBhdm/Hf3gQPq8zN2uZ+NF4Zf3GeeBJQ/YgufXfBi
X9KeWZAxBJoIgyqjVwxwU5fJovqWZF9OV/xKkD45O4OSqqsRyLbznOrwfvAiZJeY
s71hQNETXDlvniXFUJXAwHfEnOuZG3khwJH62bDalK6o9tslAuhUXnHdwLQBrATd
kLQw0YjGB1Lo92G3K5U4o6zczXYo9l8CGCRCVca7ArrONqce6haABiZHutN2kbW2
KNzgHEHTWn1OO+N3Xia8xatrPOfeSyxzlJqWGK+bLC8izEJ5K6WX4rJrNshjE8rP
KiMNyiE2f8J3qMAU0SKMIaOVd+Rd7n3yAt01kfE8vV1Y
-----END CERTIFICATE-----