This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Tsl9Xjwn1J8K3mg6ZgiCKiLRPXM.roa
File:                     Tsl9Xjwn1J8K3mg6ZgiCKiLRPXM.roa (raw, json)
Hash identifier:          sHp9nLZobs+6RbnJ4njWa80VMOXna/8+5D6h4CeE7uo=
Subject key identifier:   4E:C9:7D:5E:3C:27:D4:9F:0A:DE:68:3A:66:08:82:2A:22:D1:3D:73
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019B7910BF64CC213E7100F9620CCCAA305E
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Tsl9Xjwn1J8K3mg6ZgiCKiLRPXM.roa
Signing time:             Thu 01 Jan 2026 10:18:19 +0000
ROA not before:           Thu 01 Jan 2026 10:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215680
IP address blocks:        2a12:bec0:650::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:bf:64:cc:21:3e:71:00:f9:62:0c:cc:aa:30:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jan  1 10:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ec97d5e3c27d49f0ade683a6608822a22d13d73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:38:61:5c:cb:20:e7:9f:b0:03:98:c1:e0:15:
                    f9:ee:dd:65:68:1d:f4:1a:49:7a:49:2c:e5:88:6e:
                    5b:37:cb:bb:1f:53:f2:bd:08:17:b6:1c:c0:df:03:
                    24:ed:b1:27:6b:c0:20:c6:8b:8a:79:c5:97:62:4f:
                    00:29:a7:53:de:9d:66:49:35:fe:73:94:df:92:d1:
                    b0:c8:e4:db:0b:2d:ab:b4:32:3a:63:cb:a7:bd:cb:
                    5d:bf:ae:aa:77:c1:39:35:f8:71:29:a6:c6:72:a6:
                    42:26:83:8b:b3:d3:3f:25:00:91:86:5e:e9:00:49:
                    35:39:c7:63:10:5d:5d:22:9f:f8:62:bb:cb:69:ba:
                    21:97:f0:ea:f7:6c:29:f6:d3:75:b7:de:dc:41:34:
                    e2:c6:c9:13:77:2d:ec:64:c9:c8:c0:93:3b:25:28:
                    4d:14:69:3e:15:02:bc:eb:c6:dc:f1:4b:67:90:3b:
                    ac:53:89:70:2e:06:f5:1e:a6:b1:e2:44:ea:1b:24:
                    ec:bf:06:68:fb:62:12:14:fd:13:0c:79:e3:a9:8c:
                    53:76:06:2d:70:61:36:43:67:1b:98:4e:9c:2f:33:
                    6a:59:ff:6f:3d:5f:1c:ed:46:44:df:4e:d0:99:f2:
                    db:3e:c0:c5:97:b7:06:3e:0e:02:5a:19:1a:67:b3:
                    ad:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:C9:7D:5E:3C:27:D4:9F:0A:DE:68:3A:66:08:82:2A:22:D1:3D:73
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Tsl9Xjwn1J8K3mg6ZgiCKiLRPXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec0:650::/44

    Signature Algorithm: sha256WithRSAEncryption
         3c:31:9e:c6:81:7a:6e:d4:47:23:7f:4b:c7:82:6e:ac:a1:84:
         ca:48:ce:20:d8:14:22:45:b0:5e:44:39:3c:84:ce:f1:4f:47:
         9b:22:e6:ec:d8:0b:b9:9e:b7:b6:4b:46:19:ba:e2:5e:cf:4d:
         38:ed:fb:09:80:b2:9f:cf:90:24:f6:86:a3:83:0d:aa:18:f9:
         7e:70:b8:b4:09:64:3e:35:da:e0:b8:ae:cb:0d:5a:9d:0b:fb:
         95:19:2b:12:b6:da:16:4d:4a:86:6e:c1:76:0e:ff:d6:cc:9f:
         8c:9c:95:77:63:78:05:77:64:8e:36:ff:91:73:80:4b:13:2b:
         3f:06:46:24:4a:a2:01:ad:99:23:0b:7a:58:9b:07:99:c0:ea:
         46:5f:6a:fb:fc:9f:50:2a:64:bd:80:a7:3b:d7:08:12:1f:04:
         d7:81:37:fb:e6:f7:39:d5:b4:70:cf:98:91:5e:04:f4:23:1e:
         d5:f8:1f:b0:b7:cf:b2:5a:4f:37:50:27:c4:47:f9:17:d0:c6:
         ea:09:20:01:86:14:fb:72:73:6e:fc:1e:4f:5c:e2:b9:36:39:
         ed:36:2d:e1:82:70:34:5e:7c:d4:aa:13:cf:dc:e7:10:c8:85:
         ae:27:4f:06:0a:54:59:46:51:d0:6c:2c:9d:f0:84:3d:91:6e:
         e4:35:e8:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5EL9kzCE+cQD5YgzMqjBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwMTAxMTAxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWM5N2Q1ZTNjMjdkNDlmMGFkZTY4M2E2NjA4ODIyYTIyZDEzZDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjhhXMsg55+wA5jB4BX57t1laB30
Gkl6SSzliG5bN8u7H1PyvQgXthzA3wMk7bEna8AgxouKecWXYk8AKadT3p1mSTX+
c5TfktGwyOTbCy2rtDI6Y8unvctdv66qd8E5NfhxKabGcqZCJoOLs9M/JQCRhl7p
AEk1OcdjEF1dIp/4YrvLabohl/Dq92wp9tN1t97cQTTixskTdy3sZMnIwJM7JShN
FGk+FQK868bc8UtnkDusU4lwLgb1Hqax4kTqGyTsvwZo+2ISFP0TDHnjqYxTdgYt
cGE2Q2cbmE6cLzNqWf9vPV8c7UZE307QmfLbPsDFl7cGPg4CWhkaZ7OtKQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE7JfV48J9SfCt5oOmYIgioi0T1zMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvVHNsOVhqd24xSjhLM21nNlpnaUNLaUxSUFhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+wAZQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA8MZ7GgXpu1Ecjf0vHgm6soYTKSM4g2BQiRbBe
RDk8hM7xT0ebIubs2Au5nre2S0YZuuJez0047fsJgLKfz5Ak9oajgw2qGPl+cLi0
CWQ+NdrguK7LDVqdC/uVGSsSttoWTUqGbsF2Dv/WzJ+MnJV3Y3gFd2SONv+Rc4BL
Eys/BkYkSqIBrZkjC3pYmweZwOpGX2r7/J9QKmS9gKc71wgSHwTXgTf75vc51bRw
z5iRXgT0Ix7V+B+wt8+yWk83UCfER/kX0MbqCSABhhT7cnNu/B5PXOK5NjntNi3h
gnA0XnzUqhPP3OcQyIWuJ08GClRZRlHQbCyd8IQ9kW7kNeiK
-----END CERTIFICATE-----