This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/04b23b-9c13-4dd2-bda8-2f22a76996d9/1/TF0dSC0QLLTkTEwt9luFemTVApI.roa
File:                     TF0dSC0QLLTkTEwt9luFemTVApI.roa (raw, json)
Hash identifier:          diyfKwUJkYthuVIKND7w8w0AKfmlP8CVwmqLuMhQpO4=
Subject key identifier:   4C:5D:1D:48:2D:10:2C:B4:E4:4C:4C:2D:F6:5B:85:7A:64:D5:02:92
Certificate issuer:       /CN=1a0439448b628cd0ba4232ea5dc39a968da9696e
Certificate serial:       019B7C1257FF7FFA5A62F9D2DA932A73C812
Authority key identifier: 1A:04:39:44:8B:62:8C:D0:BA:42:32:EA:5D:C3:9A:96:8D:A9:69:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GgQ5RItijNC6QjLqXcOalo2paW4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/04b23b-9c13-4dd2-bda8-2f22a76996d9/1/TF0dSC0QLLTkTEwt9luFemTVApI.roa
Signing time:             Fri 02 Jan 2026 00:18:55 +0000
ROA not before:           Fri 02 Jan 2026 00:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197207
IP address blocks:        185.131.56.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/04b23b-9c13-4dd2-bda8-2f22a76996d9/1/GgQ5RItijNC6QjLqXcOalo2paW4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/04b23b-9c13-4dd2-bda8-2f22a76996d9/1/GgQ5RItijNC6QjLqXcOalo2paW4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GgQ5RItijNC6QjLqXcOalo2paW4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:57:ff:7f:fa:5a:62:f9:d2:da:93:2a:73:c8:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a0439448b628cd0ba4232ea5dc39a968da9696e
        Validity
            Not Before: Jan  2 00:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c5d1d482d102cb4e44c4c2df65b857a64d50292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:31:97:8f:d7:ed:42:37:97:10:77:84:1d:52:
                    03:0a:d8:e9:79:58:f5:51:b0:47:b8:9c:21:28:98:
                    f7:aa:f4:cb:31:db:15:a5:95:9f:d4:14:00:2d:f9:
                    02:bb:5b:54:12:aa:5e:9a:79:53:d6:6f:8b:74:47:
                    d0:3e:5b:64:fe:0f:b9:63:48:ac:8e:e2:43:45:aa:
                    6d:b1:f1:98:ef:0b:21:85:f4:96:0f:75:48:e3:ed:
                    00:ec:30:fc:58:87:59:ff:c9:7d:34:aa:61:36:79:
                    fa:d7:67:1a:77:e9:6d:c2:01:7f:0c:33:d5:fa:48:
                    2c:87:29:9d:21:bc:e1:69:85:ab:f0:ea:26:30:3e:
                    11:15:b4:8d:3b:e6:68:f1:a9:96:1c:98:4e:9d:26:
                    6d:3d:04:9c:46:19:0f:4d:7e:f9:b8:2e:8e:5a:e0:
                    73:b8:e9:74:26:af:03:30:d1:c4:ff:2b:02:de:34:
                    41:36:3b:88:b8:3e:76:85:b8:6e:64:8b:7b:41:3c:
                    5d:6a:9a:52:ef:8c:fc:88:a3:ee:af:0a:42:9f:dd:
                    60:cd:43:5b:7c:f0:4b:55:93:7f:24:f3:e3:43:ed:
                    6e:e2:0e:0d:df:b2:a3:6f:c1:42:e9:45:22:54:10:
                    3a:d2:17:d2:8d:c3:7c:b5:52:35:4f:2d:bc:a0:95:
                    66:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:5D:1D:48:2D:10:2C:B4:E4:4C:4C:2D:F6:5B:85:7A:64:D5:02:92
            X509v3 Authority Key Identifier:
                keyid:1A:04:39:44:8B:62:8C:D0:BA:42:32:EA:5D:C3:9A:96:8D:A9:69:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GgQ5RItijNC6QjLqXcOalo2paW4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/04b23b-9c13-4dd2-bda8-2f22a76996d9/1/TF0dSC0QLLTkTEwt9luFemTVApI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/04b23b-9c13-4dd2-bda8-2f22a76996d9/1/GgQ5RItijNC6QjLqXcOalo2paW4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.131.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:3d:01:d8:c6:42:25:cf:c5:7d:ec:40:93:72:e5:ed:5a:b8:
         f3:6a:6c:fb:94:9a:27:27:26:c9:c3:f0:1d:70:69:c7:9f:58:
         19:a3:8e:fa:3b:61:91:4f:1b:d7:ab:16:6c:1d:87:0a:1b:24:
         d7:29:3b:f5:df:76:64:e4:ef:1e:1f:d7:4b:47:be:bd:92:0a:
         00:3b:14:8b:cd:4c:11:ff:2c:45:42:9a:57:09:67:46:f6:02:
         7e:e9:77:ab:98:74:9e:ea:17:87:a5:0e:27:13:3e:97:50:7f:
         59:df:bd:0e:c8:73:8f:a7:d9:dd:be:72:17:90:9a:08:a8:21:
         13:13:c9:84:34:34:45:0b:16:8b:de:45:08:0d:b2:ca:95:06:
         46:74:15:18:60:37:a7:38:8e:8e:bc:b3:6d:d3:e5:9e:25:29:
         7f:7b:21:4a:91:0d:07:62:d8:8c:f7:7b:d0:87:ce:91:0c:46:
         76:19:f7:85:3a:4f:9f:8f:92:a1:7a:0f:6b:0f:7a:e2:a9:09:
         92:b0:ad:73:8b:86:29:69:60:b2:35:59:55:f6:f7:df:f6:e2:
         41:ff:94:37:fe:85:29:c2:bf:6e:96:58:7d:bb:60:93:69:ca:
         69:3e:37:af:fe:1e:dc:92:a6:7e:f7:31:da:ce:0e:79:bc:ec:
         33:06:7e:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Elf/f/paYvnS2pMqc8gSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMDQzOTQ0OGI2MjhjZDBiYTQyMzJlYTVkYzM5YTk2OGRh
OTY5NmUwHhcNMjYwMTAyMDAxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzVkMWQ0ODJkMTAyY2I0ZTQ0YzRjMmRmNjViODU3YTY0ZDUwMjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApTGXj9ftQjeXEHeEHVIDCtjpeVj1
UbBHuJwhKJj3qvTLMdsVpZWf1BQALfkCu1tUEqpemnlT1m+LdEfQPltk/g+5Y0is
juJDRaptsfGY7wshhfSWD3VI4+0A7DD8WIdZ/8l9NKphNnn612cad+ltwgF/DDPV
+kgshymdIbzhaYWr8OomMD4RFbSNO+Zo8amWHJhOnSZtPQScRhkPTX75uC6OWuBz
uOl0Jq8DMNHE/ysC3jRBNjuIuD52hbhuZIt7QTxdappS74z8iKPurwpCn91gzUNb
fPBLVZN/JPPjQ+1u4g4N37Kjb8FC6UUiVBA60hfSjcN8tVI1Ty28oJVmnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExdHUgtECy05ExMLfZbhXpk1QKSMB8GA1UdIwQY
MBaAFBoEOUSLYozQukIy6l3DmpaNqWluMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2dRNVJJdGlqTkM2UWpMcVhjT2FsbzJwYVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8wNGIyM2ItOWMxMy00ZGQyLWJkYTgt
MmYyMmE3Njk5NmQ5LzEvVEYwZFNDMFFMTFRrVEV3dDlsdUZlbVRWQXBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8wNGIyM2ItOWMxMy00ZGQyLWJkYTgtMmYyMmE3Njk5NmQ5
LzEvR2dRNVJJdGlqTkM2UWpMcVhjT2FsbzJwYVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYM4MA0G
CSqGSIb3DQEBCwUAA4IBAQCyPQHYxkIlz8V97ECTcuXtWrjzamz7lJonJybJw/Ad
cGnHn1gZo476O2GRTxvXqxZsHYcKGyTXKTv133Zk5O8eH9dLR769kgoAOxSLzUwR
/yxFQppXCWdG9gJ+6XermHSe6heHpQ4nEz6XUH9Z370OyHOPp9ndvnIXkJoIqCET
E8mENDRFCxaL3kUIDbLKlQZGdBUYYDenOI6OvLNt0+WeJSl/eyFKkQ0HYtiM93vQ
h86RDEZ2GfeFOk+fj5Kheg9rD3riqQmSsK1zi4YpaWCyNVlV9vff9uJB/5Q3/oUp
wr9ullh9u2CTacppPjev/h7ckqZ+9zHazg55vOwzBn55
-----END CERTIFICATE-----