This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/tpwdEfzMyWWx6VArR0hVjMo-3q8.roa
File:                     tpwdEfzMyWWx6VArR0hVjMo-3q8.roa (raw, json)
Hash identifier:          UHSQrSMMwMC/F3MwzFHNY7G8M39N7oYGsjXC+3amyxw=
Subject key identifier:   B6:9C:1D:11:FC:CC:C9:65:B1:E9:50:2B:47:48:55:8C:CA:3E:DE:AF
Certificate issuer:       /CN=da0b33cddb799b7bcf5d3dce004fdba8c3e864ff
Certificate serial:       019B79EC584F27DA53AF80F1398945FCC0CD
Authority key identifier: DA:0B:33:CD:DB:79:9B:7B:CF:5D:3D:CE:00:4F:DB:A8:C3:E8:64:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/tpwdEfzMyWWx6VArR0hVjMo-3q8.roa
Signing time:             Thu 01 Jan 2026 14:18:10 +0000
ROA not before:           Thu 01 Jan 2026 14:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215273
IP address blocks:        85.194.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:58:4f:27:da:53:af:80:f1:39:89:45:fc:c0:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da0b33cddb799b7bcf5d3dce004fdba8c3e864ff
        Validity
            Not Before: Jan  1 14:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b69c1d11fcccc965b1e9502b4748558cca3edeaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c2:1f:b2:fa:ae:02:90:76:7c:52:52:10:13:
                    28:2b:a6:f8:35:90:ca:03:97:43:91:ce:6b:6b:cd:
                    77:2e:a4:78:76:73:71:32:0d:fd:f8:8d:55:d8:44:
                    33:78:28:2f:4b:00:42:1b:d3:8a:c0:31:b0:96:10:
                    7f:8e:1f:b0:05:46:c1:dc:d8:af:44:3b:94:32:91:
                    f7:88:4a:5c:10:17:2d:b6:a0:09:7e:0a:7a:a7:53:
                    04:d0:36:54:76:b6:a5:f4:ca:2a:b7:07:99:d5:d1:
                    f8:68:e1:90:81:b0:7e:92:0e:7f:6d:29:d5:26:f4:
                    6f:4b:ec:ed:06:08:ac:ec:47:88:f1:40:59:00:f1:
                    aa:47:c2:c9:69:dc:90:0b:12:cd:d7:71:fe:55:a8:
                    01:3a:74:b5:95:e6:b2:98:03:c6:62:a7:c5:12:8c:
                    d9:21:9e:1b:77:29:4c:a9:6d:07:96:30:8f:4d:1d:
                    b6:8d:09:88:42:b4:39:24:7c:c0:5b:da:cd:10:ea:
                    93:59:a6:32:04:a6:4f:1a:37:53:76:f9:0b:f2:48:
                    89:af:e1:f3:86:bb:02:c2:2d:c9:7e:01:f4:a6:58:
                    a2:b8:60:95:af:ed:a2:c8:5f:a4:f2:f0:cf:f3:9b:
                    a6:76:fe:c8:dd:da:65:2b:06:0a:54:fe:b0:38:70:
                    50:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:9C:1D:11:FC:CC:C9:65:B1:E9:50:2B:47:48:55:8C:CA:3E:DE:AF
            X509v3 Authority Key Identifier:
                keyid:DA:0B:33:CD:DB:79:9B:7B:CF:5D:3D:CE:00:4F:DB:A8:C3:E8:64:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gszzdt5m3vPXT3OAE_bqMPoZP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/tpwdEfzMyWWx6VArR0hVjMo-3q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/032d8b-4881-46fa-b674-7733bd888e28/1/2gszzdt5m3vPXT3OAE_bqMPoZP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.194.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:89:56:d3:c1:1e:05:13:c5:df:ec:ea:6c:39:c6:f0:a6:fd:
         70:01:61:a4:be:ae:30:1a:99:00:af:73:e3:06:90:11:cf:6a:
         1f:8e:46:a1:cd:ad:68:68:6d:fd:28:97:16:b4:26:ee:06:c8:
         36:ce:93:cf:8a:51:30:2a:61:06:79:2a:28:d0:d0:c7:c1:ee:
         ae:ff:f4:ca:39:aa:b8:5d:01:b3:ba:75:b4:80:1d:96:29:20:
         43:5b:a2:8a:94:ab:cf:2e:b3:c9:b6:30:e3:1c:51:35:9b:3f:
         29:57:a5:44:f7:e7:37:48:d2:37:40:03:85:de:d7:a4:aa:33:
         25:db:c8:e7:64:20:89:cc:2d:22:5b:fa:72:74:46:55:f4:d0:
         56:c4:29:eb:16:c6:15:6d:98:f5:c4:66:5e:7f:d7:55:bc:53:
         36:7b:11:40:2b:45:65:37:b3:31:88:10:33:d3:21:a3:dd:0a:
         ae:86:ed:02:dd:f9:09:dc:19:69:91:96:21:1a:0b:14:63:ba:
         fb:38:0c:29:ff:f2:24:9f:7c:b8:6d:b8:e1:5d:05:5f:b6:ac:
         33:68:f2:ef:77:d5:23:5b:7b:dc:9d:13:44:77:11:72:32:b4:
         4a:c7:79:2f:ce:87:d5:02:e2:84:a3:41:03:cd:b3:b2:82:56:
         dc:c3:fc:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57FhPJ9pTr4DxOYlF/MDNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMGIzM2NkZGI3OTliN2JjZjVkM2RjZTAwNGZkYmE4YzNl
ODY0ZmYwHhcNMjYwMTAxMTQxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjljMWQxMWZjY2NjOTY1YjFlOTUwMmI0NzQ4NTU4Y2NhM2VkZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMIfsvquApB2fFJSEBMoK6b4NZDK
A5dDkc5ra813LqR4dnNxMg39+I1V2EQzeCgvSwBCG9OKwDGwlhB/jh+wBUbB3Niv
RDuUMpH3iEpcEBcttqAJfgp6p1ME0DZUdral9MoqtweZ1dH4aOGQgbB+kg5/bSnV
JvRvS+ztBgis7EeI8UBZAPGqR8LJadyQCxLN13H+VagBOnS1leaymAPGYqfFEozZ
IZ4bdylMqW0HljCPTR22jQmIQrQ5JHzAW9rNEOqTWaYyBKZPGjdTdvkL8kiJr+Hz
hrsCwi3JfgH0pliiuGCVr+2iyF+k8vDP85umdv7I3dplKwYKVP6wOHBQTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLacHRH8zMllselQK0dIVYzKPt6vMB8GA1UdIwQY
MBaAFNoLM83beZt7z109zgBP26jD6GT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdzenpkdDVtM3ZQWFQzT0FFX2JxTVBvWlA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8wMzJkOGItNDg4MS00NmZhLWI2NzQt
NzczM2JkODg4ZTI4LzEvdHB3ZEVmek15V1d4NlZBclIwaFZqTW8tM3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8wMzJkOGItNDg4MS00NmZhLWI2NzQtNzczM2JkODg4ZTI4
LzEvMmdzenpkdDVtM3ZQWFQzT0FFX2JxTVBvWlA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcKJMA0G
CSqGSIb3DQEBCwUAA4IBAQBEiVbTwR4FE8Xf7OpsOcbwpv1wAWGkvq4wGpkAr3Pj
BpARz2ofjkahza1oaG39KJcWtCbuBsg2zpPPilEwKmEGeSoo0NDHwe6u//TKOaq4
XQGzunW0gB2WKSBDW6KKlKvPLrPJtjDjHFE1mz8pV6VE9+c3SNI3QAOF3tekqjMl
28jnZCCJzC0iW/pydEZV9NBWxCnrFsYVbZj1xGZef9dVvFM2exFAK0VlN7MxiBAz
0yGj3Qquhu0C3fkJ3BlpkZYhGgsUY7r7OAwp//Ikn3y4bbjhXQVftqwzaPLvd9Uj
W3vcnRNEdxFyMrRKx3kvzofVAuKEo0EDzbOyglbcw/zl
-----END CERTIFICATE-----