This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/TCIlW-BlRgj9qm8sFvnqA1D_U0w.roa
File:                     TCIlW-BlRgj9qm8sFvnqA1D_U0w.roa (raw, json)
Hash identifier:          3xQeUcgzW7NvDJ0rSLhKBh5bLuiyyVyOLX9rka6WNDc=
Subject key identifier:   4C:22:25:5B:E0:65:46:08:FD:AA:6F:2C:16:F9:EA:03:50:FF:53:4C
Certificate issuer:       /CN=f6de346b5805327bbc9df5e49b16c997ea3a1254
Certificate serial:       019B797E3B9A1BA6865949D449893BD73AC1
Authority key identifier: F6:DE:34:6B:58:05:32:7B:BC:9D:F5:E4:9B:16:C9:97:EA:3A:12:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/TCIlW-BlRgj9qm8sFvnqA1D_U0w.roa
Signing time:             Thu 01 Jan 2026 12:17:54 +0000
ROA not before:           Thu 01 Jan 2026 12:17:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.195.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:3b:9a:1b:a6:86:59:49:d4:49:89:3b:d7:3a:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6de346b5805327bbc9df5e49b16c997ea3a1254
        Validity
            Not Before: Jan  1 12:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c22255be0654608fdaa6f2c16f9ea0350ff534c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:dd:5b:e3:13:ab:2a:0e:ef:85:6c:46:22:62:
                    27:c5:80:a6:8c:42:3a:83:03:09:05:af:9a:b4:7e:
                    5f:e0:d9:d7:20:58:7b:01:f8:c1:b6:55:8d:b4:34:
                    c8:18:02:a8:db:f7:39:46:af:b0:d8:4c:42:05:3f:
                    cc:a0:12:6e:23:89:48:ba:23:6c:49:10:69:d4:f6:
                    90:83:32:9d:5c:f1:1f:41:79:a2:44:a4:00:b5:b7:
                    45:e8:4f:04:4f:d9:e5:95:6d:a5:46:eb:02:e1:b6:
                    11:ca:ac:13:73:8a:e5:3e:72:6e:21:96:4b:e3:13:
                    44:96:74:2d:5b:95:88:5d:fc:e4:11:1c:20:00:bc:
                    9f:39:79:ee:6d:9a:2a:b1:95:19:c6:92:00:e1:cb:
                    e9:bf:0b:85:ce:9e:35:1b:6c:a4:a2:74:d4:75:e7:
                    10:54:3c:62:7c:3a:10:7a:1b:52:8c:ef:ff:53:5b:
                    da:75:c3:e7:93:a7:ac:01:1a:40:09:f2:a8:fe:e3:
                    af:54:6a:3c:cb:1b:4e:8d:07:76:fe:c4:fe:ef:72:
                    56:60:e5:df:c4:24:34:b4:32:28:27:c8:44:72:19:
                    2b:1e:e8:47:36:c6:bb:6a:7e:69:21:a8:c5:84:b9:
                    5b:9e:bf:6d:df:ab:dc:06:1b:f9:15:95:26:e2:8e:
                    d0:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:22:25:5B:E0:65:46:08:FD:AA:6F:2C:16:F9:EA:03:50:FF:53:4C
            X509v3 Authority Key Identifier:
                keyid:F6:DE:34:6B:58:05:32:7B:BC:9D:F5:E4:9B:16:C9:97:EA:3A:12:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9t40a1gFMnu8nfXkmxbJl-o6ElQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/TCIlW-BlRgj9qm8sFvnqA1D_U0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/3a8464-0727-4d1c-8925-73ab8564b9ca/1/9t40a1gFMnu8nfXkmxbJl-o6ElQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.195.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:83:4b:b5:0a:0c:11:57:f8:12:f8:57:29:0a:c0:d1:db:81:
         57:46:2d:95:fa:7e:86:8e:ef:1f:4e:24:bb:0b:d7:3b:26:a3:
         10:3c:4e:5e:58:7a:80:5a:4b:87:7c:2d:9a:e3:dd:2b:9b:7b:
         4f:04:00:c2:fd:c0:f9:ef:e7:a8:fb:b3:1d:0d:d0:de:9f:eb:
         75:a7:93:fa:08:5f:cd:19:a8:b9:d6:64:2f:05:40:15:9e:d7:
         e3:38:9b:82:a9:22:b0:39:8e:31:59:e9:be:ba:ee:51:96:85:
         c4:62:dd:11:c4:8f:5b:0e:ca:51:aa:93:80:bd:83:bf:c9:7d:
         dc:a6:d6:cd:f5:b9:f1:ad:0d:17:c8:65:d1:45:b8:67:04:6d:
         cf:95:3f:06:cf:ec:b2:a4:ed:1f:4d:9a:56:2b:eb:6c:06:91:
         ef:c9:ed:46:f0:7e:30:5d:a0:4d:9a:82:4d:43:40:83:dd:29:
         67:16:cb:e6:3d:03:aa:25:34:3d:8e:f1:65:48:38:52:1a:0a:
         d4:59:3c:be:28:4a:ca:30:27:97:d8:7c:f3:40:6b:b2:08:89:
         27:d0:25:50:93:d3:cc:a7:ad:c8:4d:42:74:c7:fc:62:23:01:
         39:16:6b:35:17:33:99:fd:0c:33:c1:d4:ca:7f:d5:89:00:2d:
         d4:ee:92:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fjuaG6aGWUnUSYk71zrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2ZGUzNDZiNTgwNTMyN2JiYzlkZjVlNDliMTZjOTk3ZWEz
YTEyNTQwHhcNMjYwMTAxMTIxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzIyMjU1YmUwNjU0NjA4ZmRhYTZmMmMxNmY5ZWEwMzUwZmY1MzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd1b4xOrKg7vhWxGImInxYCmjEI6
gwMJBa+atH5f4NnXIFh7AfjBtlWNtDTIGAKo2/c5Rq+w2ExCBT/MoBJuI4lIuiNs
SRBp1PaQgzKdXPEfQXmiRKQAtbdF6E8ET9nllW2lRusC4bYRyqwTc4rlPnJuIZZL
4xNElnQtW5WIXfzkERwgALyfOXnubZoqsZUZxpIA4cvpvwuFzp41G2ykonTUdecQ
VDxifDoQehtSjO//U1vadcPnk6esARpACfKo/uOvVGo8yxtOjQd2/sT+73JWYOXf
xCQ0tDIoJ8hEchkrHuhHNsa7an5pIajFhLlbnr9t36vcBhv5FZUm4o7QFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEwiJVvgZUYI/apvLBb56gNQ/1NMMB8GA1UdIwQY
MBaAFPbeNGtYBTJ7vJ315JsWyZfqOhJUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXQ0MGExZ0ZNbnU4bmZYa214YkpsLW82RWxRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8zYTg0NjQtMDcyNy00ZDFjLTg5MjUt
NzNhYjg1NjRiOWNhLzEvVENJbFctQmxSZ2o5cW04c0Z2bnFBMURfVTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8zYTg0NjQtMDcyNy00ZDFjLTg5MjUtNzNhYjg1NjRiOWNh
LzEvOXQ0MGExZ0ZNbnU4bmZYa214YkpsLW82RWxRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucOUMA0G
CSqGSIb3DQEBCwUAA4IBAQA6g0u1CgwRV/gS+FcpCsDR24FXRi2V+n6Gju8fTiS7
C9c7JqMQPE5eWHqAWkuHfC2a490rm3tPBADC/cD57+eo+7MdDdDen+t1p5P6CF/N
Gai51mQvBUAVntfjOJuCqSKwOY4xWem+uu5RloXEYt0RxI9bDspRqpOAvYO/yX3c
ptbN9bnxrQ0XyGXRRbhnBG3PlT8Gz+yypO0fTZpWK+tsBpHvye1G8H4wXaBNmoJN
Q0CD3SlnFsvmPQOqJTQ9jvFlSDhSGgrUWTy+KErKMCeX2HzzQGuyCIkn0CVQk9PM
p63ITUJ0x/xiIwE5Fms1FzOZ/QwzwdTKf9WJAC3U7pJg
-----END CERTIFICATE-----