This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/TN_g4sfmmPrHK_oZ30J7gNWtpIY.roa
File:                     TN_g4sfmmPrHK_oZ30J7gNWtpIY.roa (raw, json)
Hash identifier:          m5dgi6YlmiEMbhGuQK1tT2ie/bg//bcOLn6xqpAH6Zs=
Subject key identifier:   4C:DF:E0:E2:C7:E6:98:FA:C7:2B:FA:19:DF:42:7B:80:D5:AD:A4:86
Certificate issuer:       /CN=25e4aed3ef72bee3141660d1149e16d079205f3c
Certificate serial:       019B7F8365240E4594652BE55710A1F0BAC1
Authority key identifier: 25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/TN_g4sfmmPrHK_oZ30J7gNWtpIY.roa
Signing time:             Fri 02 Jan 2026 16:21:15 +0000
ROA not before:           Fri 02 Jan 2026 16:21:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213637
IP address blocks:        89.252.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 10:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:65:24:0e:45:94:65:2b:e5:57:10:a1:f0:ba:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Validity
            Not Before: Jan  2 16:21:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4cdfe0e2c7e698fac72bfa19df427b80d5ada486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:46:68:30:1e:07:b0:47:4e:d2:ac:89:33:c8:
                    32:65:f3:d0:51:2b:1e:3d:e2:27:d1:20:b1:77:a3:
                    9d:ba:6c:c2:17:f6:51:bd:95:1f:9e:6f:f9:b4:f7:
                    c3:0d:d2:8c:6b:81:e1:ad:d8:fb:53:6c:07:4d:fb:
                    d5:17:06:1b:13:10:66:94:fd:72:29:ef:4a:be:ea:
                    d4:70:53:2a:0e:a1:9d:1b:ff:e0:fa:fd:4b:93:9e:
                    87:12:85:e2:0a:9c:f5:f5:13:fc:3a:e2:b6:c5:7c:
                    1a:99:41:79:1a:f1:93:94:75:48:0a:1d:7f:5c:aa:
                    38:2e:b8:db:2a:04:26:05:85:fa:24:b4:15:e9:79:
                    cc:10:78:ae:77:a9:3c:f9:c3:e6:de:95:6e:d7:2a:
                    76:60:df:97:25:7e:61:63:cc:ae:3c:5e:29:c9:25:
                    a8:9e:34:08:d2:97:7b:1f:5a:d7:0c:f9:b4:d3:26:
                    ad:65:ee:41:92:93:24:07:bb:34:68:d3:fc:20:db:
                    68:9b:17:33:42:a5:97:23:59:92:50:7e:e1:af:58:
                    7b:c7:ea:d4:04:80:70:c4:2d:98:d0:e0:af:b0:73:
                    ae:08:04:78:da:e7:5e:2e:84:03:ce:1c:7b:2b:55:
                    2e:24:a1:d4:85:2f:6a:b7:d5:05:0a:3c:97:87:8a:
                    da:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:DF:E0:E2:C7:E6:98:FA:C7:2B:FA:19:DF:42:7B:80:D5:AD:A4:86
            X509v3 Authority Key Identifier:
                keyid:25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/TN_g4sfmmPrHK_oZ30J7gNWtpIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.252.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:7e:60:7d:73:52:e5:46:53:5a:b6:6d:8a:fb:e7:eb:d4:7f:
         05:68:31:7d:6c:2e:df:9a:53:9b:98:c2:4e:84:84:eb:22:dd:
         1d:f0:5f:f6:93:04:2a:b8:18:42:53:4a:15:2d:9e:57:61:e4:
         a3:52:fc:ee:6f:86:53:98:97:b7:2d:0e:fb:92:64:60:e4:9c:
         48:5c:14:70:f7:21:2f:55:fc:2d:23:d9:36:58:35:3d:26:ec:
         17:1a:89:da:30:03:38:51:94:7e:a1:91:4f:e6:e4:bd:58:bb:
         02:cf:99:7b:58:09:9e:fb:f9:92:1c:52:60:b3:ed:e2:c7:67:
         e4:94:f3:cb:0d:c4:9d:f3:79:e6:3b:b5:28:bd:52:c8:ec:6a:
         f7:43:e4:3c:fe:cf:79:41:24:d1:c9:ca:4f:59:88:dc:dc:48:
         10:9e:1a:e8:37:26:b1:32:9e:b3:fd:43:c2:4e:a5:34:54:1e:
         63:ee:95:df:96:fe:b4:19:84:10:aa:07:dd:35:42:6e:35:63:
         4e:6b:da:d1:4a:52:18:69:0d:b5:72:da:e1:96:f7:f8:e8:e5:
         e7:19:d5:f4:95:4a:a2:38:b6:26:08:9c:48:0b:fd:c8:23:4d:
         10:a3:78:7c:2f:2f:3c:a4:9f:ee:51:3c:eb:b4:2f:87:a8:cd:
         48:65:a0:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g2UkDkWUZSvlVxCh8LrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1ZTRhZWQzZWY3MmJlZTMxNDE2NjBkMTE0OWUxNmQwNzky
MDVmM2MwHhcNMjYwMTAyMTYyMTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2RmZTBlMmM3ZTY5OGZhYzcyYmZhMTlkZjQyN2I4MGQ1YWRhNDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw0ZoMB4HsEdO0qyJM8gyZfPQUSse
PeIn0SCxd6OdumzCF/ZRvZUfnm/5tPfDDdKMa4Hhrdj7U2wHTfvVFwYbExBmlP1y
Ke9KvurUcFMqDqGdG//g+v1Lk56HEoXiCpz19RP8OuK2xXwamUF5GvGTlHVICh1/
XKo4LrjbKgQmBYX6JLQV6XnMEHiud6k8+cPm3pVu1yp2YN+XJX5hY8yuPF4pySWo
njQI0pd7H1rXDPm00yatZe5BkpMkB7s0aNP8INtomxczQqWXI1mSUH7hr1h7x+rU
BIBwxC2Y0OCvsHOuCAR42udeLoQDzhx7K1UuJKHUhS9qt9UFCjyXh4raewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzf4OLH5pj6xyv6Gd9Ce4DVraSGMB8GA1UdIwQY
MBaAFCXkrtPvcr7jFBZg0RSeFtB5IF88MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEt
ZWQzZTM4Zjk1NzdmLzEvVE5fZzRzZm1tUHJIS19vWjMwSjdnTld0cElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS82MzM2ZDAtOTQ5NC00NmQzLTk4NjEtZWQzZTM4Zjk1Nzdm
LzEvSmVTdTAtOXl2dU1VRm1EUkZKNFcwSGtnWHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfyVMA0G
CSqGSIb3DQEBCwUAA4IBAQCcfmB9c1LlRlNatm2K++fr1H8FaDF9bC7fmlObmMJO
hITrIt0d8F/2kwQquBhCU0oVLZ5XYeSjUvzub4ZTmJe3LQ77kmRg5JxIXBRw9yEv
VfwtI9k2WDU9JuwXGonaMAM4UZR+oZFP5uS9WLsCz5l7WAme+/mSHFJgs+3ix2fk
lPPLDcSd83nmO7UovVLI7Gr3Q+Q8/s95QSTRycpPWYjc3EgQnhroNyaxMp6z/UPC
TqU0VB5j7pXflv60GYQQqgfdNUJuNWNOa9rRSlIYaQ21ctrhlvf46OXnGdX0lUqi
OLYmCJxIC/3II00Qo3h8Ly88pJ/uUTzrtC+HqM1IZaAO
-----END CERTIFICATE-----