This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/T8QJHByEv64H0gjF7HGRIrb9vjE.roa
File:                     T8QJHByEv64H0gjF7HGRIrb9vjE.roa (raw, json)
Hash identifier:          HQO3K4fGqybXPG44yT3CoGrtf4JzDzj7i8w8Wh7zPMc=
Subject key identifier:   4F:C4:09:1C:1C:84:BF:AE:07:D2:08:C5:EC:71:91:22:B6:FD:BE:31
Certificate issuer:       /CN=c1c05ece6c908ad8882513da3a25a160703bb7f6
Certificate serial:       019B78A29C3465ABB4F0938B0E4A4AC50BD1
Authority key identifier: C1:C0:5E:CE:6C:90:8A:D8:88:25:13:DA:3A:25:A1:60:70:3B:B7:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wcBezmyQitiIJRPaOiWhYHA7t_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/T8QJHByEv64H0gjF7HGRIrb9vjE.roa
Signing time:             Thu 01 Jan 2026 08:18:01 +0000
ROA not before:           Thu 01 Jan 2026 08:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        141.4.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/wcBezmyQitiIJRPaOiWhYHA7t_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/wcBezmyQitiIJRPaOiWhYHA7t_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wcBezmyQitiIJRPaOiWhYHA7t_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 05:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:9c:34:65:ab:b4:f0:93:8b:0e:4a:4a:c5:0b:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1c05ece6c908ad8882513da3a25a160703bb7f6
        Validity
            Not Before: Jan  1 08:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4fc4091c1c84bfae07d208c5ec719122b6fdbe31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:2a:3d:fe:fc:06:d6:29:34:fc:49:06:41:cc:
                    5f:84:19:54:e3:7c:0c:54:53:6f:e4:7f:57:20:51:
                    e8:06:0d:1c:bb:05:9c:0a:35:79:a5:0a:ac:d4:3d:
                    90:ff:06:2c:ab:c7:28:d5:53:68:76:44:33:88:3f:
                    a2:2e:69:fc:40:dc:e1:94:da:ec:90:86:c4:57:9c:
                    3c:62:cb:91:11:28:a9:6b:a4:b1:83:b6:9d:df:59:
                    bb:7a:a0:06:c1:38:05:e2:24:98:50:93:33:e5:fb:
                    9d:8d:bb:4f:5a:59:8d:85:21:c6:49:a6:bd:02:db:
                    b5:e0:97:97:e1:21:b4:3c:ff:bd:fd:6c:ad:3d:8c:
                    ac:ff:21:a3:0a:a9:73:7a:da:84:5d:ef:cc:66:d4:
                    8a:cd:05:82:ef:33:0a:f5:29:18:e0:1b:56:70:6a:
                    53:ff:8e:30:ee:55:1a:6c:7d:da:ac:73:58:b3:3e:
                    03:26:f9:0d:9a:e4:3b:7a:76:42:33:b8:39:e2:67:
                    f9:46:21:6d:a7:34:ec:36:bd:84:8b:0b:ee:bc:a6:
                    82:0d:6c:d9:d9:96:dc:a3:32:ed:a3:a5:8d:52:95:
                    e1:e8:bd:fa:bd:72:37:44:74:60:9f:da:ff:5b:f7:
                    d9:35:bc:07:c7:bc:18:49:e9:ab:e4:31:19:fd:b8:
                    7a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:C4:09:1C:1C:84:BF:AE:07:D2:08:C5:EC:71:91:22:B6:FD:BE:31
            X509v3 Authority Key Identifier:
                keyid:C1:C0:5E:CE:6C:90:8A:D8:88:25:13:DA:3A:25:A1:60:70:3B:B7:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wcBezmyQitiIJRPaOiWhYHA7t_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/T8QJHByEv64H0gjF7HGRIrb9vjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/37fb4a-5c96-4d17-86a0-ebb63a454a91/1/wcBezmyQitiIJRPaOiWhYHA7t_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.4.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7e:8b:c9:c0:95:6a:df:50:5d:77:af:93:31:10:20:21:a3:91:
         4a:c4:65:80:a7:3b:a4:20:62:05:56:ee:5c:35:45:21:45:49:
         67:14:6c:e7:bb:63:e5:a4:8a:20:9f:76:ed:df:e0:f2:6e:90:
         e0:b3:b3:69:a4:18:66:39:82:70:33:30:8e:e9:aa:5b:54:f9:
         77:fe:ca:e6:07:3d:92:fe:8d:be:33:63:b4:21:98:fc:78:53:
         c1:d4:81:51:53:dc:c8:7b:a8:24:18:b8:3a:de:ed:42:29:a8:
         da:94:9f:4a:27:7f:20:9a:5d:70:42:6d:92:e1:7f:07:4b:11:
         bc:ed:78:48:7b:80:99:3d:1d:81:ea:6d:08:c9:75:65:1d:1c:
         0c:3c:4b:29:e4:97:47:85:dc:58:01:4a:81:e5:9c:84:14:a3:
         15:be:e9:6d:09:97:35:7b:65:80:3f:4a:6e:d9:b3:42:eb:3e:
         c4:37:74:6f:4a:c5:ea:01:72:47:fe:52:e0:4f:7d:93:01:e6:
         f9:47:09:68:c8:0e:c0:08:13:c5:f0:f8:26:ff:5e:04:6f:28:
         51:71:9e:80:06:d3:63:3c:1a:5e:92:a6:3f:f5:ea:32:42:ec:
         07:5d:e8:8a:28:8e:bd:74:dd:c4:5a:ae:27:55:7b:c3:c6:f8:
         fb:a0:50:d6
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt4opw0Zau08JOLDkpKxQvRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYzA1ZWNlNmM5MDhhZDg4ODI1MTNkYTNhMjVhMTYwNzAz
YmI3ZjYwHhcNMjYwMTAxMDgxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmM0MDkxYzFjODRiZmFlMDdkMjA4YzVlYzcxOTEyMmI2ZmRiZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSo9/vwG1ik0/EkGQcxfhBlU43wM
VFNv5H9XIFHoBg0cuwWcCjV5pQqs1D2Q/wYsq8co1VNodkQziD+iLmn8QNzhlNrs
kIbEV5w8YsuRESipa6Sxg7ad31m7eqAGwTgF4iSYUJMz5fudjbtPWlmNhSHGSaa9
Atu14JeX4SG0PP+9/WytPYys/yGjCqlzetqEXe/MZtSKzQWC7zMK9SkY4BtWcGpT
/44w7lUabH3arHNYsz4DJvkNmuQ7enZCM7g54mf5RiFtpzTsNr2EiwvuvKaCDWzZ
2ZbcozLto6WNUpXh6L36vXI3RHRgn9r/W/fZNbwHx7wYSemr5DEZ/bh61wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFE/ECRwchL+uB9IIxexxkSK2/b4xMB8GA1UdIwQY
MBaAFMHAXs5skIrYiCUT2joloWBwO7f2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2NCZXpteVFpdGlJSlJQYU9pV2hZSEE3dF9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy8zN2ZiNGEtNWM5Ni00ZDE3LTg2YTAt
ZWJiNjNhNDU0YTkxLzEvVDhRSkhCeUV2NjRIMGdqRjdIR1JJcmI5dmpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy8zN2ZiNGEtNWM5Ni00ZDE3LTg2YTAtZWJiNjNhNDU0YTkx
LzEvd2NCZXpteVFpdGlJSlJQYU9pV2hZSEE3dF9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAjQQwDQYJ
KoZIhvcNAQELBQADggEBAH6LycCVat9QXXevkzEQICGjkUrEZYCnO6QgYgVW7lw1
RSFFSWcUbOe7Y+WkiiCfdu3f4PJukOCzs2mkGGY5gnAzMI7pqltU+Xf+yuYHPZL+
jb4zY7QhmPx4U8HUgVFT3Mh7qCQYuDre7UIpqNqUn0onfyCaXXBCbZLhfwdLEbzt
eEh7gJk9HYHqbQjJdWUdHAw8Synkl0eF3FgBSoHlnIQUoxW+6W0JlzV7ZYA/Sm7Z
s0LrPsQ3dG9KxeoBckf+UuBPfZMB5vlHCWjIDsAIE8Xw+Cb/XgRvKFFxnoAG02M8
Gl6Spj/16jJC7Add6Ioojr103cRaridVe8PG+PugUNY=
-----END CERTIFICATE-----