This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/TkHWb7A0dCU6pE1AWMAvWtYjFGQ.roa
File:                     TkHWb7A0dCU6pE1AWMAvWtYjFGQ.roa (raw, json)
Hash identifier:          SNUkFMiS55HofBAwrMgQasrnX+p3nqcULIOMMHj9Bv4=
Subject key identifier:   4E:41:D6:6F:B0:34:74:25:3A:A4:4D:40:58:C0:2F:5A:D6:23:14:64
Certificate issuer:       /CN=052005bb6c3d6865b89c10f33b0b994b74af963b
Certificate serial:       019B790FF606B3AD2067E9338017CCB85282
Authority key identifier: 05:20:05:BB:6C:3D:68:65:B8:9C:10:F3:3B:0B:99:4B:74:AF:96:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BSAFu2w9aGW4nBDzOwuZS3Svljs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/TkHWb7A0dCU6pE1AWMAvWtYjFGQ.roa
Signing time:             Thu 01 Jan 2026 10:17:27 +0000
ROA not before:           Thu 01 Jan 2026 10:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198089
IP address blocks:        185.98.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/BSAFu2w9aGW4nBDzOwuZS3Svljs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/BSAFu2w9aGW4nBDzOwuZS3Svljs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BSAFu2w9aGW4nBDzOwuZS3Svljs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:0f:f6:06:b3:ad:20:67:e9:33:80:17:cc:b8:52:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=052005bb6c3d6865b89c10f33b0b994b74af963b
        Validity
            Not Before: Jan  1 10:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e41d66fb03474253aa44d4058c02f5ad6231464
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:11:cc:3f:32:e0:09:19:7d:b1:b1:b3:ec:ba:
                    d6:5c:3d:79:24:91:8b:b7:91:bb:41:48:08:28:01:
                    bd:94:a3:af:b0:84:9b:e0:16:86:7c:3c:fb:df:de:
                    b1:05:1e:b7:17:ae:42:e7:6e:40:00:01:8b:bd:2d:
                    1a:1b:03:d2:86:2a:c7:1f:70:cc:63:93:00:d2:1a:
                    dc:50:e7:a0:1e:f4:8d:76:79:a9:e3:61:60:db:1f:
                    8a:c8:b8:11:51:5c:42:13:2e:8e:5d:f1:79:dc:5a:
                    96:2e:85:0c:73:d0:d6:07:c9:35:1f:17:51:c4:b7:
                    dd:af:e2:96:14:41:89:09:e3:c4:80:db:23:42:49:
                    f7:a4:b1:ad:5b:d5:4f:d3:58:ca:9f:72:ad:5e:38:
                    dc:3c:20:f3:45:39:53:5c:ab:ff:53:7b:11:39:5a:
                    f6:22:9c:d0:ac:87:e4:60:90:0c:f3:62:22:a2:07:
                    f6:c8:ce:37:27:34:65:76:4c:6d:73:e1:90:a7:c9:
                    c3:1d:ca:78:61:fe:31:b1:7e:82:b6:ad:1e:d5:77:
                    bf:7b:8b:5b:d2:74:dc:6e:77:9a:8c:fd:e5:0a:ce:
                    92:47:24:d3:b4:e7:19:df:f6:5a:4d:d4:73:1e:23:
                    3b:7e:50:02:3f:de:e3:20:c0:70:9d:b3:c1:62:4a:
                    8e:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:41:D6:6F:B0:34:74:25:3A:A4:4D:40:58:C0:2F:5A:D6:23:14:64
            X509v3 Authority Key Identifier:
                keyid:05:20:05:BB:6C:3D:68:65:B8:9C:10:F3:3B:0B:99:4B:74:AF:96:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BSAFu2w9aGW4nBDzOwuZS3Svljs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/TkHWb7A0dCU6pE1AWMAvWtYjFGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/83eb09-3a14-455b-8895-ba0a76f43704/1/BSAFu2w9aGW4nBDzOwuZS3Svljs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:de:3b:6e:bc:f5:28:54:d1:7b:05:80:c7:38:50:66:1f:f9:
         15:6c:72:2e:b2:a5:53:cd:61:87:b1:1f:43:f6:12:66:38:a1:
         e5:45:5b:87:07:68:73:11:9d:62:5f:2f:ba:83:98:81:c8:5a:
         5b:1c:aa:03:76:d8:0f:d1:1d:12:f6:e9:b1:ff:c9:a8:7a:d7:
         14:f7:d1:bf:f2:b7:95:dc:05:45:2d:fb:95:d4:d1:46:b0:3f:
         cd:47:21:12:c0:91:7c:9f:39:c7:9c:70:c0:47:fa:c5:f3:e7:
         ec:6f:26:b5:29:26:15:b6:fb:61:4a:8a:d8:df:8d:86:5c:04:
         bb:57:62:55:ec:c4:e4:66:6f:db:d9:39:14:6e:b5:53:67:1a:
         78:67:66:dc:bc:61:f3:9a:ab:18:cd:36:35:d8:8e:52:40:e8:
         c6:17:a4:4d:30:07:4b:61:fc:d4:6b:3d:d9:8c:0b:02:24:34:
         90:af:b7:9b:ea:7f:36:86:67:06:dc:29:c4:f4:07:36:85:4f:
         fa:ad:04:b2:43:98:4d:83:af:23:6a:e6:2f:5b:dd:e0:4e:72:
         be:33:83:87:78:45:8e:87:ef:a6:0d:4a:fc:2f:51:72:fc:3d:
         12:38:cf:8d:46:0f:2b:4f:03:aa:93:7a:d5:6c:c7:48:1d:52:
         0e:fe:8f:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5D/YGs60gZ+kzgBfMuFKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MjAwNWJiNmMzZDY4NjViODljMTBmMzNiMGI5OTRiNzRh
Zjk2M2IwHhcNMjYwMTAxMTAxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQxZDY2ZmIwMzQ3NDI1M2FhNDRkNDA1OGMwMmY1YWQ2MjMxNDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBHMPzLgCRl9sbGz7LrWXD15JJGL
t5G7QUgIKAG9lKOvsISb4BaGfDz7396xBR63F65C525AAAGLvS0aGwPShirHH3DM
Y5MA0hrcUOegHvSNdnmp42Fg2x+KyLgRUVxCEy6OXfF53FqWLoUMc9DWB8k1HxdR
xLfdr+KWFEGJCePEgNsjQkn3pLGtW9VP01jKn3KtXjjcPCDzRTlTXKv/U3sROVr2
IpzQrIfkYJAM82Iiogf2yM43JzRldkxtc+GQp8nDHcp4Yf4xsX6Ctq0e1Xe/e4tb
0nTcbneajP3lCs6SRyTTtOcZ3/ZaTdRzHiM7flACP97jIMBwnbPBYkqOCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5B1m+wNHQlOqRNQFjAL1rWIxRkMB8GA1UdIwQY
MBaAFAUgBbtsPWhluJwQ8zsLmUt0r5Y7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlNBRnUydzlhR1c0bkJEek93dVpTM1N2bGpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi84M2ViMDktM2ExNC00NTViLTg4OTUt
YmEwYTc2ZjQzNzA0LzEvVGtIV2I3QTBkQ1U2cEUxQVdNQXZXdFlqRkdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi84M2ViMDktM2ExNC00NTViLTg4OTUtYmEwYTc2ZjQzNzA0
LzEvQlNBRnUydzlhR1c0bkJEek93dVpTM1N2bGpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWJ+MA0G
CSqGSIb3DQEBCwUAA4IBAQAm3jtuvPUoVNF7BYDHOFBmH/kVbHIusqVTzWGHsR9D
9hJmOKHlRVuHB2hzEZ1iXy+6g5iByFpbHKoDdtgP0R0S9umx/8moetcU99G/8reV
3AVFLfuV1NFGsD/NRyESwJF8nznHnHDAR/rF8+fsbya1KSYVtvthSorY342GXAS7
V2JV7MTkZm/b2TkUbrVTZxp4Z2bcvGHzmqsYzTY12I5SQOjGF6RNMAdLYfzUaz3Z
jAsCJDSQr7eb6n82hmcG3CnE9Ac2hU/6rQSyQ5hNg68jauYvW93gTnK+M4OHeEWO
h++mDUr8L1Fy/D0SOM+NRg8rTwOqk3rVbMdIHVIO/o8J
-----END CERTIFICATE-----