This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/621180-30c3-42c3-8f47-85a5b4cfc84f/1/taUKy4LsAIVqYECr_I6zC5-6tmA.roa
File:                     taUKy4LsAIVqYECr_I6zC5-6tmA.roa (raw, json)
Hash identifier:          XbQTe1aYMndPzhCH28pl8kMRF03Ke9lcnEs2hGBI9TQ=
Subject key identifier:   B5:A5:0A:CB:82:EC:00:85:6A:60:40:AB:FC:8E:B3:0B:9F:BA:B6:60
Certificate issuer:       /CN=427cc552ab57dbafa4621fb5dc593a45607cfb0a
Certificate serial:       019B7BA3B6B2EFC00C3A762545783173D695
Authority key identifier: 42:7C:C5:52:AB:57:DB:AF:A4:62:1F:B5:DC:59:3A:45:60:7C:FB:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QnzFUqtX26-kYh-13Fk6RWB8-wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/621180-30c3-42c3-8f47-85a5b4cfc84f/1/taUKy4LsAIVqYECr_I6zC5-6tmA.roa
Signing time:             Thu 01 Jan 2026 22:18:05 +0000
ROA not before:           Thu 01 Jan 2026 22:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42636
IP address blocks:        91.192.244.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/621180-30c3-42c3-8f47-85a5b4cfc84f/1/QnzFUqtX26-kYh-13Fk6RWB8-wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/621180-30c3-42c3-8f47-85a5b4cfc84f/1/QnzFUqtX26-kYh-13Fk6RWB8-wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QnzFUqtX26-kYh-13Fk6RWB8-wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:b6:b2:ef:c0:0c:3a:76:25:45:78:31:73:d6:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=427cc552ab57dbafa4621fb5dc593a45607cfb0a
        Validity
            Not Before: Jan  1 22:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5a50acb82ec00856a6040abfc8eb30b9fbab660
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6c:44:ea:9e:ad:a0:65:e8:bb:d0:27:53:5e:
                    97:9d:7a:c4:52:1a:f8:08:d9:2c:13:39:58:c4:fc:
                    54:eb:92:ce:66:8e:0c:f7:1f:35:7d:ce:a4:2f:bb:
                    bc:9f:ac:c3:26:f4:74:95:a9:dd:3c:30:ac:88:92:
                    19:d6:86:37:ef:54:59:1d:2d:1c:91:5e:0b:90:35:
                    c1:d4:9b:1d:1c:96:a1:da:06:fa:36:01:35:ec:6c:
                    60:fd:6b:f4:b7:26:ee:17:fd:2a:44:1a:5d:32:5b:
                    63:56:d3:78:71:5a:e2:4b:20:a5:18:32:6a:11:fb:
                    e3:98:ce:0b:ae:0c:3f:16:57:2b:04:c0:7a:7a:ca:
                    e7:5f:02:9d:ea:58:db:ec:da:c1:94:5e:ad:79:8b:
                    72:c3:c6:73:e7:f4:04:34:3e:dc:49:bc:77:f7:f3:
                    db:3d:03:55:05:1e:57:4c:c8:90:04:b4:00:7d:82:
                    95:c1:09:2e:82:da:66:63:69:d9:1a:c9:26:74:52:
                    f0:3f:b5:6e:a7:36:08:80:74:5f:63:5d:bb:97:12:
                    dc:60:e3:12:1f:53:11:a6:a2:ce:91:29:90:5e:78:
                    56:56:b0:31:ff:f2:48:3b:ea:ff:f9:fc:63:75:93:
                    a7:b2:ca:39:6a:f9:f3:d0:48:9f:87:86:4f:dc:1f:
                    cb:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:A5:0A:CB:82:EC:00:85:6A:60:40:AB:FC:8E:B3:0B:9F:BA:B6:60
            X509v3 Authority Key Identifier:
                keyid:42:7C:C5:52:AB:57:DB:AF:A4:62:1F:B5:DC:59:3A:45:60:7C:FB:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QnzFUqtX26-kYh-13Fk6RWB8-wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/621180-30c3-42c3-8f47-85a5b4cfc84f/1/taUKy4LsAIVqYECr_I6zC5-6tmA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/621180-30c3-42c3-8f47-85a5b4cfc84f/1/QnzFUqtX26-kYh-13Fk6RWB8-wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:a5:92:bd:61:61:58:96:5a:72:78:47:e9:0d:b5:99:76:83:
         20:82:3f:a7:12:87:cc:34:01:80:c2:f2:6d:24:9d:e6:0d:10:
         dd:ed:bf:a9:aa:b3:45:08:3f:3f:1f:ea:c3:f0:2b:42:2e:ab:
         db:a0:b3:f0:b6:b7:9e:0b:2d:68:62:e8:30:99:ca:c4:ef:b2:
         99:9c:e9:59:24:1c:20:ce:3d:ee:77:24:52:95:12:86:a9:71:
         f5:85:bc:f3:e6:b5:5a:6b:f9:52:d4:0d:65:13:40:3c:49:ef:
         3d:9e:0e:d3:90:50:0f:6b:b2:eb:ce:ad:96:13:36:90:17:f4:
         33:9e:28:60:22:b8:dd:2c:8f:e0:dd:83:6f:43:73:2f:ac:ed:
         14:2c:89:12:26:83:d0:25:57:0e:3b:e1:38:af:04:f6:82:c8:
         3d:77:f9:fc:63:42:e5:32:6d:80:8b:fe:d2:e8:c6:2b:cc:a8:
         91:22:2e:40:56:db:23:d1:3b:7f:b9:6c:53:a1:86:a4:f5:93:
         d0:88:ef:d2:1e:2c:d0:46:ac:34:a0:3a:4c:3c:ee:82:6e:14:
         42:cd:5c:31:39:e3:09:ce:0e:c8:88:d7:4c:96:d7:90:35:91:
         19:d4:7e:5f:a5:c1:a2:ed:1a:c2:4f:09:8f:ad:a0:3b:f2:bd:
         8b:be:fc:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o7ay78AMOnYlRXgxc9aVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyN2NjNTUyYWI1N2RiYWZhNDYyMWZiNWRjNTkzYTQ1NjA3
Y2ZiMGEwHhcNMjYwMTAxMjIxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWE1MGFjYjgyZWMwMDg1NmE2MDQwYWJmYzhlYjMwYjlmYmFiNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGxE6p6toGXou9AnU16XnXrEUhr4
CNksEzlYxPxU65LOZo4M9x81fc6kL7u8n6zDJvR0landPDCsiJIZ1oY371RZHS0c
kV4LkDXB1JsdHJah2gb6NgE17Gxg/Wv0tybuF/0qRBpdMltjVtN4cVriSyClGDJq
EfvjmM4Lrgw/FlcrBMB6esrnXwKd6ljb7NrBlF6teYtyw8Zz5/QEND7cSbx39/Pb
PQNVBR5XTMiQBLQAfYKVwQkugtpmY2nZGskmdFLwP7VupzYIgHRfY127lxLcYOMS
H1MRpqLOkSmQXnhWVrAx//JIO+r/+fxjdZOnsso5avnz0Eifh4ZP3B/LKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWlCsuC7ACFamBAq/yOswufurZgMB8GA1UdIwQY
MBaAFEJ8xVKrV9uvpGIftdxZOkVgfPsKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUW56RlVxdFgyNi1rWWgtMTNGazZSV0I4LXdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi82MjExODAtMzBjMy00MmMzLThmNDct
ODVhNWI0Y2ZjODRmLzEvdGFVS3k0THNBSVZxWUVDcl9JNnpDNS02dG1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi82MjExODAtMzBjMy00MmMzLThmNDctODVhNWI0Y2ZjODRm
LzEvUW56RlVxdFgyNi1rWWgtMTNGazZSV0I4LXdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8D0MA0G
CSqGSIb3DQEBCwUAA4IBAQAbpZK9YWFYllpyeEfpDbWZdoMggj+nEofMNAGAwvJt
JJ3mDRDd7b+pqrNFCD8/H+rD8CtCLqvboLPwtreeCy1oYugwmcrE77KZnOlZJBwg
zj3udyRSlRKGqXH1hbzz5rVaa/lS1A1lE0A8Se89ng7TkFAPa7Lrzq2WEzaQF/Qz
nihgIrjdLI/g3YNvQ3MvrO0ULIkSJoPQJVcOO+E4rwT2gsg9d/n8Y0LlMm2Ai/7S
6MYrzKiRIi5AVtsj0Tt/uWxToYak9ZPQiO/SHizQRqw0oDpMPO6CbhRCzVwxOeMJ
zg7IiNdMlteQNZEZ1H5fpcGi7RrCTwmPraA78r2LvvyT
-----END CERTIFICATE-----