This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/TIwiSG3SZJO9cgM-NFojwrWmCjg.roa
File:                     TIwiSG3SZJO9cgM-NFojwrWmCjg.roa (raw, json)
Hash identifier:          aGI8Zo4K9271la27XJcpbk36NlmUSX5++U6ehpboAto=
Subject key identifier:   4C:8C:22:48:6D:D2:64:93:BD:72:03:3E:34:5A:23:C2:B5:A6:0A:38
Certificate issuer:       /CN=8bce4281a994d52166ef3ff17728bae218855fc4
Certificate serial:       019B7A5A1A11808EF9F1A691E9E9E6876632
Authority key identifier: 8B:CE:42:81:A9:94:D5:21:66:EF:3F:F1:77:28:BA:E2:18:85:5F:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i85CgamU1SFm7z_xdyi64hiFX8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/TIwiSG3SZJO9cgM-NFojwrWmCjg.roa
Signing time:             Thu 01 Jan 2026 16:18:03 +0000
ROA not before:           Thu 01 Jan 2026 16:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15600
IP address blocks:        193.8.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/i85CgamU1SFm7z_xdyi64hiFX8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/i85CgamU1SFm7z_xdyi64hiFX8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i85CgamU1SFm7z_xdyi64hiFX8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:1a:11:80:8e:f9:f1:a6:91:e9:e9:e6:87:66:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bce4281a994d52166ef3ff17728bae218855fc4
        Validity
            Not Before: Jan  1 16:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c8c22486dd26493bd72033e345a23c2b5a60a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:21:43:e3:01:7e:87:2f:08:f5:0b:37:7d:8e:
                    6e:a8:8c:6d:cf:4e:0c:f2:18:d6:f5:9d:b9:d0:6e:
                    e8:2d:1b:a6:fb:2b:18:c6:1c:ec:a9:80:4d:34:2d:
                    d8:81:70:47:b5:ee:fe:b9:4a:c7:eb:84:a1:7c:74:
                    3b:0b:62:07:af:d2:a1:dd:1a:dd:0f:32:25:86:2e:
                    be:bb:ce:b5:f7:1e:2b:63:53:1f:a8:44:e5:6c:be:
                    34:c1:f5:72:68:b8:94:0a:e4:74:b6:10:56:09:1c:
                    a1:19:d7:1b:08:6f:58:7e:29:00:d8:6a:96:c4:8c:
                    0d:40:f8:7e:b6:fc:92:12:0d:e8:10:01:6b:3d:6d:
                    28:af:ba:dd:4a:56:32:51:9b:17:be:ca:cb:b0:8d:
                    6a:29:6c:32:95:56:dd:58:d7:a6:64:49:46:33:8e:
                    3d:fc:71:36:53:a8:ef:10:45:af:bf:fa:f2:26:c0:
                    a1:1e:5e:52:69:7b:b3:76:59:b8:4d:23:5d:fa:e7:
                    42:06:e1:0e:c8:a5:35:9c:b7:2a:95:c0:d5:0f:e8:
                    5f:19:d3:47:9c:17:d5:46:95:3f:57:54:66:bd:fc:
                    55:49:c5:94:4e:c6:5c:ef:35:cf:39:54:ec:da:44:
                    f1:30:27:28:2c:a9:a2:cb:c4:ce:e3:f8:11:90:e2:
                    ba:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:8C:22:48:6D:D2:64:93:BD:72:03:3E:34:5A:23:C2:B5:A6:0A:38
            X509v3 Authority Key Identifier:
                keyid:8B:CE:42:81:A9:94:D5:21:66:EF:3F:F1:77:28:BA:E2:18:85:5F:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i85CgamU1SFm7z_xdyi64hiFX8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/TIwiSG3SZJO9cgM-NFojwrWmCjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/ffc448-8e19-47aa-9665-a1e01c63343a/1/i85CgamU1SFm7z_xdyi64hiFX8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:58:93:e6:f6:cc:6a:74:1e:8e:06:eb:75:1a:01:21:f0:8e:
         a1:2e:cc:15:a6:27:74:32:ee:4a:d8:49:c7:f5:38:4c:e6:dd:
         60:c5:3e:4a:c0:db:7f:10:aa:90:54:67:0a:8b:83:0b:de:13:
         79:1a:16:c2:b8:b9:16:2e:c9:d2:57:1a:89:af:d2:b0:e1:2e:
         24:fb:50:dc:9b:34:a0:a8:a6:72:1d:59:5d:c4:a9:9a:a8:fa:
         ac:e0:36:1f:d6:66:e0:9b:6e:89:cb:49:6c:f3:ba:e2:b4:eb:
         aa:73:10:af:a1:d8:ca:ad:41:9e:85:e8:fc:7b:b5:12:0e:a0:
         f0:e1:49:5e:1e:c8:f0:8c:d8:2e:58:99:c1:a4:82:ca:dd:01:
         19:f9:94:d6:3a:6c:62:2c:33:ab:d5:96:e7:79:3a:02:24:d1:
         44:ab:19:35:ef:af:33:91:0c:3b:ab:40:48:45:15:92:9c:31:
         2c:2d:be:36:47:7e:8b:11:25:3e:43:99:ff:b6:65:06:f4:d4:
         7a:99:1a:57:10:3a:f8:5c:32:cb:2b:b3:68:23:47:dc:2b:d5:
         f4:57:e8:d9:fc:39:a2:46:f4:83:e3:2a:54:bf:b8:72:35:33:
         4a:c9:0f:14:f7:c5:87:ee:a6:e8:fd:69:00:9f:23:e6:55:80:
         63:95:1e:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WhoRgI758aaR6enmh2YyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiY2U0MjgxYTk5NGQ1MjE2NmVmM2ZmMTc3MjhiYWUyMTg4
NTVmYzQwHhcNMjYwMTAxMTYxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzhjMjI0ODZkZDI2NDkzYmQ3MjAzM2UzNDVhMjNjMmI1YTYwYTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSFD4wF+hy8I9Qs3fY5uqIxtz04M
8hjW9Z250G7oLRum+ysYxhzsqYBNNC3YgXBHte7+uUrH64ShfHQ7C2IHr9Kh3Rrd
DzIlhi6+u8619x4rY1MfqETlbL40wfVyaLiUCuR0thBWCRyhGdcbCG9YfikA2GqW
xIwNQPh+tvySEg3oEAFrPW0or7rdSlYyUZsXvsrLsI1qKWwylVbdWNemZElGM449
/HE2U6jvEEWvv/ryJsChHl5SaXuzdlm4TSNd+udCBuEOyKU1nLcqlcDVD+hfGdNH
nBfVRpU/V1RmvfxVScWUTsZc7zXPOVTs2kTxMCcoLKmiy8TO4/gRkOK6KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyMIkht0mSTvXIDPjRaI8K1pgo4MB8GA1UdIwQY
MBaAFIvOQoGplNUhZu8/8XcouuIYhV/EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTg1Q2dhbVUxU0ZtN3pfeGR5aTY0aGlGWDhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mZmM0NDgtOGUxOS00N2FhLTk2NjUt
YTFlMDFjNjMzNDNhLzEvVEl3aVNHM1NaSk85Y2dNLU5Gb2p3cldtQ2pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mZmM0NDgtOGUxOS00N2FhLTk2NjUtYTFlMDFjNjMzNDNh
LzEvaTg1Q2dhbVUxU0ZtN3pfeGR5aTY0aGlGWDhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQilMA0G
CSqGSIb3DQEBCwUAA4IBAQASWJPm9sxqdB6OBut1GgEh8I6hLswVpid0Mu5K2EnH
9ThM5t1gxT5KwNt/EKqQVGcKi4ML3hN5GhbCuLkWLsnSVxqJr9Kw4S4k+1DcmzSg
qKZyHVldxKmaqPqs4DYf1mbgm26Jy0ls87ritOuqcxCvodjKrUGehej8e7USDqDw
4UleHsjwjNguWJnBpILK3QEZ+ZTWOmxiLDOr1ZbneToCJNFEqxk1768zkQw7q0BI
RRWSnDEsLb42R36LESU+Q5n/tmUG9NR6mRpXEDr4XDLLK7NoI0fcK9X0V+jZ/Dmi
RvSD4ypUv7hyNTNKyQ8U98WH7qbo/WkAnyPmVYBjlR4D
-----END CERTIFICATE-----