This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/TM2a_AtbHtu62DfJsvptScTKk4s.roa
File:                     TM2a_AtbHtu62DfJsvptScTKk4s.roa (raw, json)
Hash identifier:          Pmun9G4KM00LP9UCnH4fI3onhtXKKZDUrch2QtVQaDk=
Subject key identifier:   4C:CD:9A:FC:0B:5B:1E:DB:BA:D8:37:C9:B2:FA:6D:49:C4:CA:93:8B
Certificate issuer:       /CN=b9b87b3b09ccb69a6de20468e90ecbb18f5ecbb6
Certificate serial:       019B7F1332F2DD00C5D156B1B76E022FFE66
Authority key identifier: B9:B8:7B:3B:09:CC:B6:9A:6D:E2:04:68:E9:0E:CB:B1:8F:5E:CB:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/TM2a_AtbHtu62DfJsvptScTKk4s.roa
Signing time:             Fri 02 Jan 2026 14:18:43 +0000
ROA not before:           Fri 02 Jan 2026 14:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62081
IP address blocks:        185.48.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:32:f2:dd:00:c5:d1:56:b1:b7:6e:02:2f:fe:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9b87b3b09ccb69a6de20468e90ecbb18f5ecbb6
        Validity
            Not Before: Jan  2 14:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ccd9afc0b5b1edbbad837c9b2fa6d49c4ca938b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:be:df:05:59:31:5c:2e:d4:30:6d:c9:35:b0:
                    b2:b8:bd:4c:f7:a6:66:65:30:ea:9a:54:a3:db:af:
                    15:aa:6d:65:21:32:b8:2c:24:23:2a:ec:3e:e7:6b:
                    d7:cc:52:50:19:58:62:7a:6a:6f:b6:b3:97:3d:5c:
                    bd:f2:89:84:9f:b7:37:bd:20:b1:0d:25:88:37:2a:
                    a5:ce:f5:46:59:6f:bf:4c:f6:25:60:3e:d5:91:1a:
                    1b:f5:eb:c6:4b:a4:7e:b2:d2:8b:fb:20:87:10:52:
                    cf:29:a9:0b:b0:e1:6a:03:2f:b8:27:73:3b:3d:10:
                    aa:a7:c3:d0:d1:44:55:3a:04:64:77:a8:97:f8:fd:
                    24:a5:3b:a1:62:69:cd:91:8a:cc:f0:0c:a5:e5:18:
                    3d:5a:55:1a:4a:c2:68:e5:2b:f8:15:b9:f6:25:91:
                    32:25:c2:5c:87:e1:ed:e3:d1:b1:30:4c:eb:1f:6e:
                    dc:55:49:74:cf:27:4d:cc:2d:01:48:f2:00:31:5b:
                    d1:b0:d5:f7:42:64:79:bc:fc:45:d0:a9:47:3c:36:
                    9c:3c:9f:b8:73:ff:1c:5b:03:64:ca:ab:eb:97:a3:
                    2b:12:ee:93:76:f4:46:50:28:2a:42:1b:83:a7:02:
                    d7:21:92:06:46:bf:d1:d9:a8:ab:a4:4e:17:1b:bd:
                    14:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:CD:9A:FC:0B:5B:1E:DB:BA:D8:37:C9:B2:FA:6D:49:C4:CA:93:8B
            X509v3 Authority Key Identifier:
                keyid:B9:B8:7B:3B:09:CC:B6:9A:6D:E2:04:68:E9:0E:CB:B1:8F:5E:CB:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/TM2a_AtbHtu62DfJsvptScTKk4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/00ddaf-3be5-420d-919f-3b4cb975a9bc/1/ubh7OwnMtppt4gRo6Q7LsY9ey7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:33:0c:e9:fb:a3:c2:eb:e8:48:ed:88:2b:b9:0d:e6:1b:c7:
         dd:8e:ab:13:01:9e:c5:71:34:74:a3:4d:78:1a:c8:99:32:70:
         01:86:b9:e9:46:18:8b:08:e8:39:9b:ab:48:1e:bd:d8:8a:06:
         79:09:82:5c:0c:8c:41:e2:2c:87:f7:4e:07:6e:28:76:40:3a:
         12:59:22:99:7d:fa:7e:e0:ba:a1:d2:27:79:bf:75:0e:b5:42:
         b9:1d:6f:a8:ff:c7:e0:c8:73:ae:bc:74:f9:b2:3e:75:fc:a5:
         bb:34:4e:f7:bb:51:b9:12:75:77:f6:73:8b:e7:b5:e4:9e:cb:
         6e:5b:61:f4:ba:a8:41:a9:e3:45:9b:97:8a:d5:9c:80:61:cc:
         a0:cb:04:f0:aa:50:9c:c9:1a:4c:45:ab:93:9d:f0:4d:47:84:
         7d:8e:65:46:ea:f6:98:8e:c4:f3:b3:ee:51:46:79:ac:57:1f:
         9e:78:08:62:9a:73:43:98:bf:4c:db:30:47:54:1b:03:79:03:
         ad:ef:c2:9f:7b:ff:c9:ea:80:b0:fa:8f:e8:10:86:51:b7:d2:
         59:e7:0a:d5:38:dd:60:0a:a8:b0:db:42:00:08:2c:d1:71:dc:
         6b:b1:63:80:e8:94:bc:0d:bd:c6:b0:e2:f5:db:f3:79:3c:2b:
         09:78:e1:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/EzLy3QDF0Vaxt24CL/5mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5Yjg3YjNiMDljY2I2OWE2ZGUyMDQ2OGU5MGVjYmIxOGY1
ZWNiYjYwHhcNMjYwMTAyMTQxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2NkOWFmYzBiNWIxZWRiYmFkODM3YzliMmZhNmQ0OWM0Y2E5MzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA377fBVkxXC7UMG3JNbCyuL1M96Zm
ZTDqmlSj268Vqm1lITK4LCQjKuw+52vXzFJQGVhiempvtrOXPVy98omEn7c3vSCx
DSWINyqlzvVGWW+/TPYlYD7VkRob9evGS6R+stKL+yCHEFLPKakLsOFqAy+4J3M7
PRCqp8PQ0URVOgRkd6iX+P0kpTuhYmnNkYrM8Ayl5Rg9WlUaSsJo5Sv4Fbn2JZEy
JcJch+Ht49GxMEzrH27cVUl0zydNzC0BSPIAMVvRsNX3QmR5vPxF0KlHPDacPJ+4
c/8cWwNkyqvrl6MrEu6TdvRGUCgqQhuDpwLXIZIGRr/R2airpE4XG70UswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzNmvwLWx7butg3ybL6bUnEypOLMB8GA1UdIwQY
MBaAFLm4ezsJzLaabeIEaOkOy7GPXsu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWJoN093bk10cHB0NGdSbzZRN0xzWTlleTdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC8wMGRkYWYtM2JlNS00MjBkLTkxOWYt
M2I0Y2I5NzVhOWJjLzEvVE0yYV9BdGJIdHU2MkRmSnN2cHRTY1RLazRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC8wMGRkYWYtM2JlNS00MjBkLTkxOWYtM2I0Y2I5NzVhOWJj
LzEvdWJoN093bk10cHB0NGdSbzZRN0xzWTlleTdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTAIMA0G
CSqGSIb3DQEBCwUAA4IBAQBBMwzp+6PC6+hI7YgruQ3mG8fdjqsTAZ7FcTR0o014
GsiZMnABhrnpRhiLCOg5m6tIHr3YigZ5CYJcDIxB4iyH904Hbih2QDoSWSKZffp+
4Lqh0id5v3UOtUK5HW+o/8fgyHOuvHT5sj51/KW7NE73u1G5EnV39nOL57Xknstu
W2H0uqhBqeNFm5eK1ZyAYcygywTwqlCcyRpMRauTnfBNR4R9jmVG6vaYjsTzs+5R
RnmsVx+eeAhimnNDmL9M2zBHVBsDeQOt78Kfe//J6oCw+o/oEIZRt9JZ5wrVON1g
Cqiw20IACCzRcdxrsWOA6JS8Db3GsOL12/N5PCsJeOHT
-----END CERTIFICATE-----