This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/456c62-4746-41e0-8044-920599f52637/1/TmcoRu9ef8n5uSGSq8iHWL8zg0M.roa
File:                     TmcoRu9ef8n5uSGSq8iHWL8zg0M.roa (raw, json)
Hash identifier:          GDDsDyd58H/bp3P5lSRMWErs4U1SYPdz+Rlr9Gl1yps=
Subject key identifier:   4E:67:28:46:EF:5E:7F:C9:F9:B9:21:92:AB:C8:87:58:BF:33:83:43
Certificate issuer:       /CN=1821cc908dfa91110d1119a6de1ec41e3ecff346
Certificate serial:       019B7C12B9941BF6498EFC96F152BB34C8FC
Authority key identifier: 18:21:CC:90:8D:FA:91:11:0D:11:19:A6:DE:1E:C4:1E:3E:CF:F3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GCHMkI36kRENERmm3h7EHj7P80Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/456c62-4746-41e0-8044-920599f52637/1/TmcoRu9ef8n5uSGSq8iHWL8zg0M.roa
Signing time:             Fri 02 Jan 2026 00:19:20 +0000
ROA not before:           Fri 02 Jan 2026 00:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58061
IP address blocks:        91.207.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/456c62-4746-41e0-8044-920599f52637/1/GCHMkI36kRENERmm3h7EHj7P80Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/456c62-4746-41e0-8044-920599f52637/1/GCHMkI36kRENERmm3h7EHj7P80Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GCHMkI36kRENERmm3h7EHj7P80Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 15:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:b9:94:1b:f6:49:8e:fc:96:f1:52:bb:34:c8:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1821cc908dfa91110d1119a6de1ec41e3ecff346
        Validity
            Not Before: Jan  2 00:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e672846ef5e7fc9f9b92192abc88758bf338343
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:61:fe:c1:41:db:29:0a:04:13:ed:02:85:fe:
                    38:31:67:06:89:1a:41:e7:52:68:be:88:df:fb:c3:
                    90:84:49:c9:22:95:67:a8:1e:8f:fc:76:21:a7:10:
                    5c:c7:70:89:a3:14:b2:78:19:42:8e:29:50:f5:b9:
                    0d:96:2b:98:3a:4f:f1:b1:36:4d:35:77:6b:b4:bc:
                    0e:fe:99:cd:88:79:d7:18:67:a0:b8:b7:60:77:b6:
                    5d:85:b3:38:a6:22:99:b9:35:80:3f:8c:3f:5f:6e:
                    de:fb:1b:2d:6a:6e:fa:3a:b3:8d:71:d1:78:e8:3d:
                    eb:71:db:26:c9:32:00:05:3a:ed:54:3a:e5:34:3c:
                    10:09:2c:38:89:12:03:75:da:6d:f8:04:42:95:4f:
                    99:bc:e0:92:17:1b:e9:87:66:3c:b6:f2:2e:2f:2e:
                    8f:94:8c:5e:30:60:05:5e:3f:4e:bb:eb:6a:9c:34:
                    94:31:d8:a2:36:a9:6f:70:16:a1:8f:6c:f4:30:ba:
                    65:ed:25:5a:54:5a:14:96:7a:d7:9c:51:fd:bd:f1:
                    6f:43:10:1e:60:12:98:e2:5e:37:36:42:10:14:54:
                    3d:f6:52:b5:40:31:76:b5:ac:75:d5:5f:ba:c5:d6:
                    55:f1:63:20:8d:99:cb:9d:57:fe:f2:a7:59:3f:ae:
                    9f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:67:28:46:EF:5E:7F:C9:F9:B9:21:92:AB:C8:87:58:BF:33:83:43
            X509v3 Authority Key Identifier:
                keyid:18:21:CC:90:8D:FA:91:11:0D:11:19:A6:DE:1E:C4:1E:3E:CF:F3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GCHMkI36kRENERmm3h7EHj7P80Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/456c62-4746-41e0-8044-920599f52637/1/TmcoRu9ef8n5uSGSq8iHWL8zg0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/456c62-4746-41e0-8044-920599f52637/1/GCHMkI36kRENERmm3h7EHj7P80Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:17:e1:2c:28:32:67:75:c5:ee:5e:64:1f:52:34:81:27:40:
         31:58:ba:61:4d:fd:f4:d3:76:01:11:a9:12:4c:f9:72:b3:1a:
         da:d0:32:a1:33:1c:a8:f0:35:a8:28:62:47:77:31:43:95:d9:
         78:ee:60:1e:95:4f:c6:38:7b:a0:5c:0b:fc:5d:2c:c5:83:4b:
         3c:f3:85:51:b0:1d:41:a4:8d:da:2a:53:47:26:03:cf:58:3b:
         0d:da:05:b1:f9:55:22:b1:93:16:0f:57:00:b9:43:10:9c:35:
         82:e3:c9:2f:e1:1e:91:77:db:1d:b1:a7:e3:dd:bb:92:fd:ca:
         ba:83:81:ec:ab:2d:85:fa:bf:d4:22:79:dc:57:30:3f:f0:6a:
         2e:d8:e6:99:de:99:ff:e8:bf:db:49:2f:f8:cd:70:7c:4d:42:
         45:8c:52:de:ca:8c:17:b9:d5:40:c7:41:31:67:58:b8:4f:46:
         4b:a4:e8:eb:32:3d:c7:7e:05:91:aa:13:fc:95:ec:c6:e5:ca:
         15:46:59:5a:37:ba:c6:7b:f5:e3:32:d3:17:80:c6:8a:6a:b3:
         1f:b8:c1:ec:cd:07:85:eb:96:26:3b:c9:d9:cc:fc:37:ba:a7:
         cb:f1:b3:ad:81:e1:88:bf:30:16:41:f1:7a:36:4f:c6:4f:7b:
         21:5f:18:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8ErmUG/ZJjvyW8VK7NMj8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MjFjYzkwOGRmYTkxMTEwZDExMTlhNmRlMWVjNDFlM2Vj
ZmYzNDYwHhcNMjYwMTAyMDAxOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTY3Mjg0NmVmNWU3ZmM5ZjliOTIxOTJhYmM4ODc1OGJmMzM4MzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmH+wUHbKQoEE+0Chf44MWcGiRpB
51Jovojf+8OQhEnJIpVnqB6P/HYhpxBcx3CJoxSyeBlCjilQ9bkNliuYOk/xsTZN
NXdrtLwO/pnNiHnXGGeguLdgd7ZdhbM4piKZuTWAP4w/X27e+xstam76OrONcdF4
6D3rcdsmyTIABTrtVDrlNDwQCSw4iRIDddpt+ARClU+ZvOCSFxvph2Y8tvIuLy6P
lIxeMGAFXj9Ou+tqnDSUMdiiNqlvcBahj2z0MLpl7SVaVFoUlnrXnFH9vfFvQxAe
YBKY4l43NkIQFFQ99lK1QDF2tax11V+6xdZV8WMgjZnLnVf+8qdZP66fPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5nKEbvXn/J+bkhkqvIh1i/M4NDMB8GA1UdIwQY
MBaAFBghzJCN+pERDREZpt4exB4+z/NGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0NITWtJMzZrUkVORVJtbTNoN0VIajdQODBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC80NTZjNjItNDc0Ni00MWUwLTgwNDQt
OTIwNTk5ZjUyNjM3LzEvVG1jb1J1OWVmOG41dVNHU3E4aUhXTDh6ZzBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC80NTZjNjItNDc0Ni00MWUwLTgwNDQtOTIwNTk5ZjUyNjM3
LzEvR0NITWtJMzZrUkVORVJtbTNoN0VIajdQODBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW890MA0G
CSqGSIb3DQEBCwUAA4IBAQC3F+EsKDJndcXuXmQfUjSBJ0AxWLphTf3003YBEakS
TPlysxra0DKhMxyo8DWoKGJHdzFDldl47mAelU/GOHugXAv8XSzFg0s884VRsB1B
pI3aKlNHJgPPWDsN2gWx+VUisZMWD1cAuUMQnDWC48kv4R6Rd9sdsafj3buS/cq6
g4Hsqy2F+r/UInncVzA/8Gou2OaZ3pn/6L/bSS/4zXB8TUJFjFLeyowXudVAx0Ex
Z1i4T0ZLpOjrMj3HfgWRqhP8lezG5coVRllaN7rGe/XjMtMXgMaKarMfuMHszQeF
65YmO8nZzPw3uqfL8bOtgeGIvzAWQfF6Nk/GT3shXxgE
-----END CERTIFICATE-----