This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/TE-zkB1WXTHRYrdiQgGmk6uSVdQ.roa
File:                     TE-zkB1WXTHRYrdiQgGmk6uSVdQ.roa (raw, json)
Hash identifier:          eRgAHRTvSReUmr1Kc9vOCDCB9vNQ0s5lkzXZyGteC2Q=
Subject key identifier:   4C:4F:B3:90:1D:56:5D:31:D1:62:B7:62:42:01:A6:93:AB:92:55:D4
Certificate issuer:       /CN=ec167bb6b061fffa629dd2a84ccf7db44c71a351
Certificate serial:       019B79EC283AB15F7CEFD9211F635131F5F5
Authority key identifier: EC:16:7B:B6:B0:61:FF:FA:62:9D:D2:A8:4C:CF:7D:B4:4C:71:A3:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/TE-zkB1WXTHRYrdiQgGmk6uSVdQ.roa
Signing time:             Thu 01 Jan 2026 14:17:58 +0000
ROA not before:           Thu 01 Jan 2026 14:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     65535
IP address blocks:        185.3.28.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:28:3a:b1:5f:7c:ef:d9:21:1f:63:51:31:f5:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec167bb6b061fffa629dd2a84ccf7db44c71a351
        Validity
            Not Before: Jan  1 14:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c4fb3901d565d31d162b7624201a693ab9255d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:38:2e:f2:b1:f0:c4:b4:a2:54:bd:ae:d6:c1:
                    88:fe:d4:c5:ce:b4:aa:9c:0a:04:85:99:04:35:2a:
                    f5:14:1f:5a:f1:86:26:88:2a:8f:ba:6e:b7:92:20:
                    83:43:4a:2f:cc:30:e6:48:17:ee:a7:69:3a:1b:96:
                    76:d8:0a:02:d7:c9:3a:e6:45:fc:ce:b4:ea:2a:94:
                    83:ef:7b:cb:c8:ac:f3:f9:b9:7d:23:e8:7c:cf:ea:
                    92:15:7e:fd:c8:f9:a9:f3:e2:bf:a6:53:6d:9f:e7:
                    a3:15:19:04:20:82:b2:61:c3:94:e4:cc:a5:6c:d2:
                    70:a8:d3:34:ca:b1:64:65:2f:93:c6:5a:bd:41:ac:
                    82:83:4a:74:db:3b:18:ad:2d:4f:99:de:67:9c:34:
                    8d:b3:8d:86:ea:f2:a2:46:1e:9e:2d:82:28:da:49:
                    ae:4d:18:2f:aa:23:b7:bc:bd:58:8a:a6:f8:00:98:
                    dc:1c:ac:c3:80:40:10:70:33:62:5d:e1:43:78:41:
                    a2:6e:a7:4d:11:ca:95:a7:30:14:48:77:cc:5e:92:
                    88:f8:b6:86:07:da:b4:d5:ef:80:0e:22:80:39:60:
                    06:ac:0c:1e:bd:1e:10:80:fb:cd:88:ab:60:16:da:
                    46:55:4c:30:4e:e6:16:dd:55:87:57:4e:bb:1c:d4:
                    79:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:4F:B3:90:1D:56:5D:31:D1:62:B7:62:42:01:A6:93:AB:92:55:D4
            X509v3 Authority Key Identifier:
                keyid:EC:16:7B:B6:B0:61:FF:FA:62:9D:D2:A8:4C:CF:7D:B4:4C:71:A3:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7BZ7trBh__pindKoTM99tExxo1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/TE-zkB1WXTHRYrdiQgGmk6uSVdQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/f55d44-5893-4c22-b0b7-c655ad594193/1/7BZ7trBh__pindKoTM99tExxo1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.3.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:0d:71:cf:aa:81:2d:65:9b:c0:31:8a:aa:57:6c:a0:f9:40:
         04:d1:b6:19:cc:23:40:f4:11:42:d7:92:d9:bf:7c:91:12:c2:
         18:e9:ed:e6:b5:0f:a6:d9:4b:a0:da:61:ab:86:5c:99:47:e1:
         b9:e0:81:0e:e6:be:09:2c:a8:8a:eb:b9:9e:a3:18:7a:a0:47:
         4e:6d:82:79:ef:ec:75:4d:d3:58:d8:3d:fc:3d:be:55:68:1c:
         f0:86:ba:e2:a0:45:f0:33:be:da:f0:98:36:6a:93:a5:06:dd:
         f1:dc:fc:87:1f:9b:17:a9:e4:6c:15:c1:97:cb:b3:cf:77:3a:
         3e:e1:a6:a0:aa:72:20:65:97:92:b6:35:94:72:dc:e2:dd:1b:
         c6:48:61:2a:71:d7:9f:4f:c6:92:50:6e:8d:0c:0b:6d:37:b7:
         e6:4f:bd:04:1f:d9:a6:c3:24:ff:f8:4e:0c:ab:82:f0:bc:c1:
         91:8e:0d:81:89:ff:c7:c1:d8:50:a9:41:a1:f4:50:db:f9:c7:
         79:fe:b0:dc:0e:94:2f:68:8f:e2:9a:43:48:9d:96:b5:b2:3f:
         af:be:c6:87:8e:6b:1e:6f:57:cb:45:2d:3e:d5:cd:3d:56:11:
         11:2a:92:12:17:a6:26:69:86:ea:6a:6c:b7:ac:29:47:e2:d5:
         22:d0:e3:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57Cg6sV9879khH2NRMfX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMTY3YmI2YjA2MWZmZmE2MjlkZDJhODRjY2Y3ZGI0NGM3
MWEzNTEwHhcNMjYwMTAxMTQxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzRmYjM5MDFkNTY1ZDMxZDE2MmI3NjI0MjAxYTY5M2FiOTI1NWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDgu8rHwxLSiVL2u1sGI/tTFzrSq
nAoEhZkENSr1FB9a8YYmiCqPum63kiCDQ0ovzDDmSBfup2k6G5Z22AoC18k65kX8
zrTqKpSD73vLyKzz+bl9I+h8z+qSFX79yPmp8+K/plNtn+ejFRkEIIKyYcOU5Myl
bNJwqNM0yrFkZS+Txlq9QayCg0p02zsYrS1Pmd5nnDSNs42G6vKiRh6eLYIo2kmu
TRgvqiO3vL1Yiqb4AJjcHKzDgEAQcDNiXeFDeEGibqdNEcqVpzAUSHfMXpKI+LaG
B9q01e+ADiKAOWAGrAwevR4QgPvNiKtgFtpGVUwwTuYW3VWHV067HNR5GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExPs5AdVl0x0WK3YkIBppOrklXUMB8GA1UdIwQY
MBaAFOwWe7awYf/6Yp3SqEzPfbRMcaNRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0JaN3RyQmhfX3BpbmRLb1RNOTl0RXh4bzFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9mNTVkNDQtNTg5My00YzIyLWIwYjct
YzY1NWFkNTk0MTkzLzEvVEUtemtCMVdYVEhSWXJkaVFnR21rNnVTVmRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9mNTVkNDQtNTg5My00YzIyLWIwYjctYzY1NWFkNTk0MTkz
LzEvN0JaN3RyQmhfX3BpbmRLb1RNOTl0RXh4bzFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuQMcMA0G
CSqGSIb3DQEBCwUAA4IBAQB+DXHPqoEtZZvAMYqqV2yg+UAE0bYZzCNA9BFC15LZ
v3yREsIY6e3mtQ+m2Uug2mGrhlyZR+G54IEO5r4JLKiK67meoxh6oEdObYJ57+x1
TdNY2D38Pb5VaBzwhrrioEXwM77a8Jg2apOlBt3x3PyHH5sXqeRsFcGXy7PPdzo+
4aagqnIgZZeStjWUctzi3RvGSGEqcdefT8aSUG6NDAttN7fmT70EH9mmwyT/+E4M
q4LwvMGRjg2Bif/HwdhQqUGh9FDb+cd5/rDcDpQvaI/imkNInZa1sj+vvsaHjmse
b1fLRS0+1c09VhERKpISF6YmaYbqamy3rClH4tUi0OMR
-----END CERTIFICATE-----