This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tKhOGSI2-O05nItPbhlJSE0Muzc.roa
File:                     tKhOGSI2-O05nItPbhlJSE0Muzc.roa (raw, json)
Hash identifier:          wEgcWDn9ANCjgq+/zj2cy+7U492r4T0XxruWn7SwiXk=
Subject key identifier:   B4:A8:4E:19:22:36:F8:ED:39:9C:8B:4F:6E:19:49:48:4D:0C:BB:37
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019B7D5D3F97B21708D8490F513FB17C0C57
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tKhOGSI2-O05nItPbhlJSE0Muzc.roa
Signing time:             Fri 02 Jan 2026 06:20:21 +0000
ROA not before:           Fri 02 Jan 2026 06:20:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44592
IP address blocks:        92.114.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:3f:97:b2:17:08:d8:49:0f:51:3f:b1:7c:0c:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  2 06:20:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4a84e192236f8ed399c8b4f6e1949484d0cbb37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a3:3d:4e:6e:45:87:e3:ca:a3:8c:6d:8e:30:
                    91:bf:ec:9a:41:fd:9d:6e:ad:25:d3:6c:c4:06:87:
                    7f:ed:de:30:62:e5:7f:9b:27:fe:3a:c6:f8:9b:12:
                    28:ad:4d:d7:4e:a3:f5:72:7a:90:fe:92:1b:75:9c:
                    f6:10:00:72:be:c1:85:d8:62:f8:38:30:e8:1d:cf:
                    a6:92:77:c3:24:ea:aa:bf:4f:68:a3:07:19:08:d6:
                    3a:db:16:f5:f7:74:bb:e9:6e:f2:e0:55:a3:f7:58:
                    57:c5:8c:46:fb:a8:7b:fa:45:29:3d:51:bb:65:5b:
                    76:55:65:a0:17:da:43:b8:13:8d:dc:3c:54:fd:38:
                    a7:89:08:2a:21:e5:48:89:b6:6c:03:53:e2:70:22:
                    af:3c:6e:98:21:8e:2c:72:52:f0:13:e0:14:b2:df:
                    ac:dc:d7:f8:0a:07:7b:d6:a1:b6:f2:25:96:bb:32:
                    67:c9:09:c1:33:10:96:b7:23:2b:e0:ba:cd:89:52:
                    50:a4:7d:7a:a3:6a:d2:64:77:95:d0:33:77:b3:e6:
                    03:bb:22:df:35:28:e0:a7:14:5b:66:b4:66:07:b8:
                    62:32:a6:ef:be:e3:a6:ed:20:1b:d7:eb:fe:28:73:
                    68:70:68:c3:7b:a3:5c:aa:22:44:dd:b3:45:67:62:
                    10:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A8:4E:19:22:36:F8:ED:39:9C:8B:4F:6E:19:49:48:4D:0C:BB:37
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/tKhOGSI2-O05nItPbhlJSE0Muzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.114.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:8c:02:c3:20:80:a3:20:43:da:2f:c1:22:e0:9d:0a:5a:21:
         8e:82:b9:2d:20:1a:81:2d:8d:97:64:38:1c:c7:47:22:c7:de:
         71:b2:c7:ab:ea:69:46:99:c8:bc:ad:8c:a1:16:ad:48:33:14:
         eb:0e:a3:c7:08:03:2a:57:73:0a:69:bc:6b:1d:8f:ee:fc:74:
         27:29:17:83:c2:d7:a4:cb:8a:44:90:33:4c:36:a8:ab:62:9d:
         32:2d:4b:be:49:9d:69:4c:99:70:b9:70:f0:db:e7:f7:df:6b:
         1f:9c:db:b8:8a:67:ed:63:0f:eb:37:0e:f6:15:7a:5e:44:ef:
         cc:bc:d7:5a:3e:c6:63:ad:38:30:cd:68:73:2b:2b:de:90:df:
         b4:11:cd:ad:35:dc:15:d6:f8:9c:9f:02:63:03:ff:9a:76:26:
         de:7e:db:bf:36:47:8d:44:42:55:7b:20:57:fa:bf:07:0c:d1:
         fd:d6:9b:06:b2:ac:c5:85:a6:e9:ef:ef:34:0b:79:94:f6:cf:
         9a:80:86:29:0d:2e:8d:b9:d9:bc:63:62:81:9e:d5:5e:0a:22:
         59:f4:ec:02:3f:22:91:48:55:c6:16:af:e4:fc:05:f8:cd:b7:
         d2:f4:44:20:13:ff:e6:72:49:ee:2e:f7:6c:dc:8e:c4:75:c0:
         66:4d:78:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XT+XshcI2EkPUT+xfAxXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMTAyMDYyMDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE4NGUxOTIyMzZmOGVkMzk5YzhiNGY2ZTE5NDk0ODRkMGNiYjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsqM9Tm5Fh+PKo4xtjjCRv+yaQf2d
bq0l02zEBod/7d4wYuV/myf+Osb4mxIorU3XTqP1cnqQ/pIbdZz2EAByvsGF2GL4
ODDoHc+mknfDJOqqv09oowcZCNY62xb193S76W7y4FWj91hXxYxG+6h7+kUpPVG7
ZVt2VWWgF9pDuBON3DxU/TiniQgqIeVIibZsA1PicCKvPG6YIY4sclLwE+AUst+s
3Nf4Cgd71qG28iWWuzJnyQnBMxCWtyMr4LrNiVJQpH16o2rSZHeV0DN3s+YDuyLf
NSjgpxRbZrRmB7hiMqbvvuOm7SAb1+v+KHNocGjDe6NcqiJE3bNFZ2IQ8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLSoThkiNvjtOZyLT24ZSUhNDLs3MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvdEtoT0dTSTItTzA1bkl0UGJobEpTRTBNdXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHJVMA0G
CSqGSIb3DQEBCwUAA4IBAQAJjALDIICjIEPaL8Ei4J0KWiGOgrktIBqBLY2XZDgc
x0cix95xsser6mlGmci8rYyhFq1IMxTrDqPHCAMqV3MKabxrHY/u/HQnKReDwtek
y4pEkDNMNqirYp0yLUu+SZ1pTJlwuXDw2+f332sfnNu4imftYw/rNw72FXpeRO/M
vNdaPsZjrTgwzWhzKyvekN+0Ec2tNdwV1vicnwJjA/+adibeftu/NkeNREJVeyBX
+r8HDNH91psGsqzFhabp7+80C3mU9s+agIYpDS6Nudm8Y2KBntVeCiJZ9OwCPyKR
SFXGFq/k/AX4zbfS9EQgE//mcknuLvds3I7EdcBmTXhO
-----END CERTIFICATE-----