This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/tkclVERCXkY2GXQMN0O1KswMjIk.roa
File:                     tkclVERCXkY2GXQMN0O1KswMjIk.roa (raw, json)
Hash identifier:          UFtbEmcPRmzUr4HkpsgJMfjtRHHdZhSje6jPNyYykIM=
Subject key identifier:   B6:47:25:54:44:42:5E:46:36:19:74:0C:37:43:B5:2A:CC:0C:8C:89
Certificate issuer:       /CN=9194b857c037a7d7cb0575e35823e5e28032bda3
Certificate serial:       019B7D5B1E2A0AB6E381A57AF1A56C87D8B1
Authority key identifier: 91:94:B8:57:C0:37:A7:D7:CB:05:75:E3:58:23:E5:E2:80:32:BD:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kZS4V8A3p9fLBXXjWCPl4oAyvaM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/tkclVERCXkY2GXQMN0O1KswMjIk.roa
Signing time:             Fri 02 Jan 2026 06:18:01 +0000
ROA not before:           Fri 02 Jan 2026 06:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200977
IP address blocks:        185.90.240.0/24 maxlen: 24
                          185.90.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/kZS4V8A3p9fLBXXjWCPl4oAyvaM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/kZS4V8A3p9fLBXXjWCPl4oAyvaM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kZS4V8A3p9fLBXXjWCPl4oAyvaM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:1e:2a:0a:b6:e3:81:a5:7a:f1:a5:6c:87:d8:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9194b857c037a7d7cb0575e35823e5e28032bda3
        Validity
            Not Before: Jan  2 06:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b647255444425e463619740c3743b52acc0c8c89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:cd:61:ed:14:0c:16:c9:fe:6d:b0:00:9b:2f:
                    95:3a:88:89:b0:45:22:0e:48:09:01:8c:bd:16:b7:
                    2a:d0:de:11:43:88:de:2a:cb:2d:3c:f0:5c:10:a1:
                    15:7e:aa:ca:0c:d3:fe:fe:5c:a9:ab:04:30:35:fe:
                    b5:75:ea:15:89:f8:42:ad:fc:a8:17:c1:5b:d9:f1:
                    11:bf:62:97:ed:4b:e5:6b:04:41:e7:b8:5c:55:5e:
                    0b:c4:0d:5c:e1:1b:72:88:04:d9:ea:df:1d:de:e6:
                    1b:b3:3c:d9:74:18:e4:8e:a6:5d:2a:ae:79:6d:64:
                    9b:f2:c6:7e:1f:ab:df:05:76:5e:dc:d7:ac:2f:0e:
                    df:eb:f4:ad:23:cc:b6:f3:8c:35:eb:db:76:5e:12:
                    13:28:f7:3f:0b:4b:55:5c:fe:a3:f5:98:98:76:d9:
                    ae:a0:85:80:8b:b0:3c:54:5c:4a:ae:98:66:64:d4:
                    a4:00:ac:08:3e:ac:fe:c0:45:2e:89:2f:98:f3:3f:
                    04:b0:60:c3:2e:b7:85:d4:7d:24:09:c9:7b:e5:e5:
                    ec:f5:37:c4:24:a9:f9:e1:a0:19:6b:b4:41:6f:35:
                    ba:36:8f:ea:d6:fc:cc:f4:12:e8:90:ea:fc:51:ac:
                    d6:c9:77:ba:d0:30:41:46:60:0f:22:1d:79:03:b5:
                    2f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:47:25:54:44:42:5E:46:36:19:74:0C:37:43:B5:2A:CC:0C:8C:89
            X509v3 Authority Key Identifier:
                keyid:91:94:B8:57:C0:37:A7:D7:CB:05:75:E3:58:23:E5:E2:80:32:BD:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kZS4V8A3p9fLBXXjWCPl4oAyvaM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/tkclVERCXkY2GXQMN0O1KswMjIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/37ac59-8529-4ac9-ba4e-3bf7d77749ab/1/kZS4V8A3p9fLBXXjWCPl4oAyvaM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.90.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:9e:fd:32:cf:35:ba:85:2c:d0:54:67:02:d9:d7:f3:1d:bd:
         3b:25:59:d4:8d:49:04:ee:70:e6:65:cf:9c:49:56:da:55:05:
         e5:e7:19:44:6a:96:6b:8b:25:17:2c:00:67:a8:41:80:b4:0c:
         c8:f8:58:ca:0e:f4:ad:7a:ee:99:c4:89:34:1e:0c:56:42:09:
         ec:78:03:96:b7:bb:10:89:b3:98:1d:dd:9b:47:43:dc:93:4f:
         6a:1c:8e:da:5a:16:bc:f0:6d:79:99:8c:ee:70:ce:9d:f5:19:
         62:c9:f0:aa:2d:60:0f:9e:09:bc:1d:a7:08:f9:8e:0e:5b:9e:
         de:ad:6e:0b:23:11:81:44:f4:f9:46:32:70:79:ef:46:12:b2:
         44:cf:fd:d9:f3:1c:77:59:06:9f:cd:5f:42:b1:ea:ef:46:f4:
         b4:f5:09:29:28:fa:3f:29:39:97:0c:fc:79:13:f3:81:87:b6:
         24:d1:5d:58:e1:c0:fa:25:41:a9:70:d8:81:42:ee:4a:1f:0c:
         27:e3:90:c3:1f:f1:4b:53:74:bf:a2:87:59:a8:8d:73:45:75:
         22:2c:62:d4:5a:f7:72:e2:1f:24:20:f7:c4:85:81:47:4c:29:
         6c:85:f0:45:6a:71:15:84:b7:99:c9:18:51:8d:84:9a:a5:5c:
         66:00:ed:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9Wx4qCrbjgaV68aVsh9ixMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxOTRiODU3YzAzN2E3ZDdjYjA1NzVlMzU4MjNlNWUyODAz
MmJkYTMwHhcNMjYwMTAyMDYxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjQ3MjU1NDQ0NDI1ZTQ2MzYxOTc0MGMzNzQzYjUyYWNjMGM4Yzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkc1h7RQMFsn+bbAAmy+VOoiJsEUi
DkgJAYy9Frcq0N4RQ4jeKsstPPBcEKEVfqrKDNP+/lypqwQwNf61deoVifhCrfyo
F8Fb2fERv2KX7UvlawRB57hcVV4LxA1c4RtyiATZ6t8d3uYbszzZdBjkjqZdKq55
bWSb8sZ+H6vfBXZe3NesLw7f6/StI8y284w169t2XhITKPc/C0tVXP6j9ZiYdtmu
oIWAi7A8VFxKrphmZNSkAKwIPqz+wEUuiS+Y8z8EsGDDLreF1H0kCcl75eXs9TfE
JKn54aAZa7RBbzW6No/q1vzM9BLokOr8UazWyXe60DBBRmAPIh15A7UvUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZHJVREQl5GNhl0DDdDtSrMDIyJMB8GA1UdIwQY
MBaAFJGUuFfAN6fXywV141gj5eKAMr2jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1pTNFY4QTNwOWZMQlhYaldDUGw0b0F5dmFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC8zN2FjNTktODUyOS00YWM5LWJhNGUt
M2JmN2Q3Nzc0OWFiLzEvdGtjbFZFUkNYa1kyR1hRTU4wTzFLc3dNaklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC8zN2FjNTktODUyOS00YWM5LWJhNGUtM2JmN2Q3Nzc0OWFi
LzEva1pTNFY4QTNwOWZMQlhYaldDUGw0b0F5dmFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVrwMA0G
CSqGSIb3DQEBCwUAA4IBAQAPnv0yzzW6hSzQVGcC2dfzHb07JVnUjUkE7nDmZc+c
SVbaVQXl5xlEapZriyUXLABnqEGAtAzI+FjKDvSteu6ZxIk0HgxWQgnseAOWt7sQ
ibOYHd2bR0Pck09qHI7aWha88G15mYzucM6d9RliyfCqLWAPngm8HacI+Y4OW57e
rW4LIxGBRPT5RjJwee9GErJEz/3Z8xx3WQafzV9CservRvS09QkpKPo/KTmXDPx5
E/OBh7Yk0V1Y4cD6JUGpcNiBQu5KHwwn45DDH/FLU3S/oodZqI1zRXUiLGLUWvdy
4h8kIPfEhYFHTClshfBFanEVhLeZyRhRjYSapVxmAO2n
-----END CERTIFICATE-----