This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/Tn744T4EWJFdfoQLEyo6gZE3S-A.roa
File:                     Tn744T4EWJFdfoQLEyo6gZE3S-A.roa (raw, json)
Hash identifier:          Mz40UIAFr4lGoM5nG+hKlLJav3yujIYRyj+0/dPdn5M=
Subject key identifier:   4E:7E:F8:E1:3E:04:58:91:5D:7E:84:0B:13:2A:3A:81:91:37:4B:E0
Certificate issuer:       /CN=cc46bfff8b90e3748555ba1447fd4edecc340a13
Certificate serial:       019B7D5B8397E71B280B0A1CA685FDE235C0
Authority key identifier: CC:46:BF:FF:8B:90:E3:74:85:55:BA:14:47:FD:4E:DE:CC:34:0A:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zEa__4uQ43SFVboUR_1O3sw0ChM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/Tn744T4EWJFdfoQLEyo6gZE3S-A.roa
Signing time:             Fri 02 Jan 2026 06:18:28 +0000
ROA not before:           Fri 02 Jan 2026 06:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12586
IP address blocks:        195.162.4.0/23 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/zEa__4uQ43SFVboUR_1O3sw0ChM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/zEa__4uQ43SFVboUR_1O3sw0ChM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zEa__4uQ43SFVboUR_1O3sw0ChM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:83:97:e7:1b:28:0b:0a:1c:a6:85:fd:e2:35:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc46bfff8b90e3748555ba1447fd4edecc340a13
        Validity
            Not Before: Jan  2 06:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e7ef8e13e0458915d7e840b132a3a8191374be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:8f:1a:0e:05:35:58:7c:ab:e3:23:50:99:a0:
                    e3:5e:05:54:ab:00:f3:53:11:60:57:ee:9b:a1:8e:
                    25:8b:b6:62:97:7b:d4:56:61:c2:75:98:b3:e6:aa:
                    86:4b:d9:31:f8:f4:f3:14:4a:80:09:8f:b8:4f:c2:
                    79:ee:09:ed:74:ad:54:c2:2b:fb:de:2d:33:1f:e6:
                    00:33:be:44:7e:c5:0a:03:d2:60:12:25:dc:9b:a8:
                    84:a1:6b:28:78:7c:ba:7d:18:da:ff:61:dd:f0:64:
                    05:72:84:38:9c:e2:93:08:78:b3:8f:cb:0d:a9:0d:
                    28:4d:c7:b4:31:f6:75:2e:23:be:16:8b:99:52:0a:
                    b1:f4:b4:cb:e9:a0:d9:05:d8:81:c2:51:cf:fa:a8:
                    3d:23:7b:c4:93:5a:65:03:12:1e:26:4d:cc:88:d5:
                    f4:07:8b:38:ba:6d:15:7c:d3:d0:2f:47:4a:c3:1d:
                    bc:8c:9c:ca:7c:7d:0b:91:72:87:95:49:43:c1:4d:
                    da:06:81:98:19:0f:69:7f:13:53:5c:e2:b1:d4:13:
                    26:f6:16:ac:4f:c5:63:f4:19:71:42:76:a9:dc:5e:
                    ed:5a:39:56:2b:4a:7c:dd:e7:d5:df:1f:fc:8a:6c:
                    6d:58:38:11:08:6f:c3:ea:e3:8d:aa:ae:ed:38:1f:
                    64:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:7E:F8:E1:3E:04:58:91:5D:7E:84:0B:13:2A:3A:81:91:37:4B:E0
            X509v3 Authority Key Identifier:
                keyid:CC:46:BF:FF:8B:90:E3:74:85:55:BA:14:47:FD:4E:DE:CC:34:0A:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zEa__4uQ43SFVboUR_1O3sw0ChM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/Tn744T4EWJFdfoQLEyo6gZE3S-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/84d49c-0c84-456a-b640-4dc9bf642dd2/1/zEa__4uQ43SFVboUR_1O3sw0ChM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.162.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:48:fc:00:2d:e0:a9:ba:6f:82:6c:34:3e:a5:16:2f:79:13:
         9e:ef:78:bd:2f:f5:75:56:7a:db:d8:0b:d9:8b:7b:35:f1:e8:
         5c:a8:d0:90:e7:a2:4f:4e:2d:ce:58:d9:1d:ac:80:51:2c:1d:
         ec:c8:1c:ae:6d:20:8d:cc:3d:68:f2:3c:a6:f7:c4:cd:bf:ce:
         99:f8:93:58:42:31:97:8a:a5:79:c5:37:d0:46:2e:d9:8e:59:
         fb:61:aa:70:13:df:54:0e:a4:6b:1b:e0:fa:56:28:81:86:52:
         dd:3d:5f:1b:e1:aa:93:f8:12:7f:58:a6:9b:0e:60:f9:9c:03:
         ac:eb:1d:63:a5:4a:c7:06:f3:b9:ca:82:43:0a:6b:3b:7a:3b:
         f9:15:07:4b:c4:0d:53:d0:3a:08:33:ba:a6:d6:2d:94:12:7e:
         9f:4a:b6:bc:4d:13:a8:08:97:45:61:cf:83:e9:97:f8:4b:e5:
         d0:61:f3:02:ed:c7:24:2c:95:06:45:7e:6c:97:0e:ad:59:e2:
         41:05:f1:0d:6e:0b:90:af:4f:25:4f:09:24:24:a6:41:ec:08:
         8f:84:99:bb:0b:f9:8b:4d:1e:5d:f5:38:ee:9b:50:ce:7d:93:
         ba:ac:cd:d6:a3:01:d6:99:ab:43:34:4b:4b:3a:2f:ad:e4:58:
         64:28:a6:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W4OX5xsoCwocpoX94jXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNDZiZmZmOGI5MGUzNzQ4NTU1YmExNDQ3ZmQ0ZWRlY2Mz
NDBhMTMwHhcNMjYwMTAyMDYxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTdlZjhlMTNlMDQ1ODkxNWQ3ZTg0MGIxMzJhM2E4MTkxMzc0YmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3I8aDgU1WHyr4yNQmaDjXgVUqwDz
UxFgV+6boY4li7Zil3vUVmHCdZiz5qqGS9kx+PTzFEqACY+4T8J57gntdK1Uwiv7
3i0zH+YAM75EfsUKA9JgEiXcm6iEoWsoeHy6fRja/2Hd8GQFcoQ4nOKTCHizj8sN
qQ0oTce0MfZ1LiO+FouZUgqx9LTL6aDZBdiBwlHP+qg9I3vEk1plAxIeJk3MiNX0
B4s4um0VfNPQL0dKwx28jJzKfH0LkXKHlUlDwU3aBoGYGQ9pfxNTXOKx1BMm9has
T8Vj9BlxQnap3F7tWjlWK0p83efV3x/8imxtWDgRCG/D6uONqq7tOB9kyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5++OE+BFiRXX6ECxMqOoGRN0vgMB8GA1UdIwQY
MBaAFMxGv/+LkON0hVW6FEf9Tt7MNAoTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekVhX180dVE0M1NGVmJvVVJfMU8zc3cwQ2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS84NGQ0OWMtMGM4NC00NTZhLWI2NDAt
NGRjOWJmNjQyZGQyLzEvVG43NDRUNEVXSkZkZm9RTEV5bzZnWkUzUy1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS84NGQ0OWMtMGM4NC00NTZhLWI2NDAtNGRjOWJmNjQyZGQy
LzEvekVhX180dVE0M1NGVmJvVVJfMU8zc3cwQ2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw6IEMA0G
CSqGSIb3DQEBCwUAA4IBAQA1SPwALeCpum+CbDQ+pRYveROe73i9L/V1Vnrb2AvZ
i3s18ehcqNCQ56JPTi3OWNkdrIBRLB3syByubSCNzD1o8jym98TNv86Z+JNYQjGX
iqV5xTfQRi7Zjln7YapwE99UDqRrG+D6ViiBhlLdPV8b4aqT+BJ/WKabDmD5nAOs
6x1jpUrHBvO5yoJDCms7ejv5FQdLxA1T0DoIM7qm1i2UEn6fSra8TROoCJdFYc+D
6Zf4S+XQYfMC7cckLJUGRX5slw6tWeJBBfENbguQr08lTwkkJKZB7AiPhJm7C/mL
TR5d9Tjum1DOfZO6rM3WowHWmatDNEtLOi+t5FhkKKYg
-----END CERTIFICATE-----