This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/TkjtRUiZDI-wEDa35442jkykbkU.roa
File:                     TkjtRUiZDI-wEDa35442jkykbkU.roa (raw, json)
Hash identifier:          XLUpjbReVfy+1IVUuKQRhyLtBD7gGeEYIfH84PZclYw=
Subject key identifier:   4E:48:ED:45:48:99:0C:8F:B0:10:36:B7:E7:8E:36:8E:4C:A4:6E:45
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019B77C69FF3EE75270819CB069658F07DBB
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/TkjtRUiZDI-wEDa35442jkykbkU.roa
Signing time:             Thu 01 Jan 2026 04:17:44 +0000
ROA not before:           Thu 01 Jan 2026 04:17:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51267
IP address blocks:        46.8.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:9f:f3:ee:75:27:08:19:cb:06:96:58:f0:7d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 04:17:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e48ed4548990c8fb01036b7e78e368e4ca46e45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:3e:a0:17:39:71:fc:55:90:40:ea:a8:93:c7:
                    0e:3f:f9:35:9f:18:ab:ad:16:69:52:1b:26:1a:49:
                    fc:9d:35:c9:2a:43:4f:24:f0:b4:a6:d1:43:87:4c:
                    72:3f:ae:07:11:72:98:a4:2b:aa:5c:bf:52:2f:e3:
                    84:ac:cb:ec:e5:f2:c5:b1:42:81:2a:f3:53:24:0f:
                    ee:b5:b0:37:8c:45:54:83:54:2f:8a:74:0e:64:7b:
                    ee:f0:ed:7e:c2:71:fe:b4:79:71:3a:ec:97:3b:53:
                    3c:d9:f0:63:9a:73:95:d0:97:f4:ee:22:71:7a:3f:
                    6e:ac:7d:2a:7a:6a:56:4b:cb:96:b5:82:90:2d:59:
                    fd:20:97:b4:c7:3c:17:4d:a7:99:3a:37:d3:33:d1:
                    41:f0:ad:2a:28:d2:f7:d0:4e:e9:a3:f6:93:4a:25:
                    58:8a:43:3d:4f:1f:20:37:14:24:4d:95:a8:35:97:
                    be:aa:4c:bf:50:98:a8:ca:44:5b:15:82:28:78:e5:
                    18:e9:cb:35:45:dc:14:9f:0c:ca:6f:88:1e:5f:6e:
                    eb:40:f7:c4:ad:7d:17:eb:5a:23:13:7c:9f:47:cd:
                    e6:ac:b7:b3:0a:8d:c2:3f:06:90:fb:be:b3:9e:04:
                    3f:ba:17:91:5f:ed:f2:13:65:a8:44:7d:73:df:9b:
                    1b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:48:ED:45:48:99:0C:8F:B0:10:36:B7:E7:8E:36:8E:4C:A4:6E:45
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/TkjtRUiZDI-wEDa35442jkykbkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:12:6f:1a:47:58:4a:e8:c2:ca:31:60:79:1d:5f:5e:80:7c:
         db:a4:39:e6:52:d1:a4:31:ed:eb:1a:d1:05:22:ce:a0:20:5b:
         1e:82:c9:25:b1:25:66:44:56:df:b7:4d:75:41:6f:70:39:44:
         27:b3:2e:6a:28:38:49:d6:62:e8:39:59:f5:43:78:4b:9b:1e:
         69:1b:d1:2b:66:b1:17:69:0d:84:e7:ee:f4:2e:f7:fa:ca:05:
         47:7d:94:4d:dc:bd:98:54:06:81:d3:c2:b0:f6:44:9d:18:40:
         80:1f:e7:bf:bf:b6:67:e9:5e:70:1b:3b:99:19:02:cb:c7:36:
         0d:14:4d:43:ce:53:f1:5e:b2:45:33:68:f1:d3:73:d4:01:a1:
         fb:c0:3f:a3:18:31:1e:3d:bc:ba:c4:1c:42:8d:b5:12:a1:0e:
         5e:07:c5:d7:6b:8e:c4:ce:be:33:cd:cb:53:2e:a2:bf:e1:69:
         f5:fe:14:f6:54:65:ee:18:8b:60:6b:03:28:30:a3:75:a9:e0:
         cb:ef:ed:e3:79:0e:cc:7b:8b:67:c1:e0:ee:61:d6:90:da:92:
         c5:2b:69:5f:43:20:8c:bd:bc:d1:19:6e:d1:39:4e:a7:5b:fe:
         4d:de:09:49:76:0a:d9:8c:49:6a:c5:3c:d8:1b:19:62:23:8a:
         f2:5b:5c:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xp/z7nUnCBnLBpZY8H27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMTAxMDQxNzQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTQ4ZWQ0NTQ4OTkwYzhmYjAxMDM2YjdlNzhlMzY4ZTRjYTQ2ZTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArj6gFzlx/FWQQOqok8cOP/k1nxir
rRZpUhsmGkn8nTXJKkNPJPC0ptFDh0xyP64HEXKYpCuqXL9SL+OErMvs5fLFsUKB
KvNTJA/utbA3jEVUg1QvinQOZHvu8O1+wnH+tHlxOuyXO1M82fBjmnOV0Jf07iJx
ej9urH0qempWS8uWtYKQLVn9IJe0xzwXTaeZOjfTM9FB8K0qKNL30E7po/aTSiVY
ikM9Tx8gNxQkTZWoNZe+qky/UJioykRbFYIoeOUY6cs1RdwUnwzKb4geX27rQPfE
rX0X61ojE3yfR83mrLezCo3CPwaQ+76zngQ/uheRX+3yE2WoRH1z35sbDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5I7UVImQyPsBA2t+eONo5MpG5FMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvVGtqdFJVaVpESS13RURhMzU0NDJqa3lrYmtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgjqMA0G
CSqGSIb3DQEBCwUAA4IBAQAzEm8aR1hK6MLKMWB5HV9egHzbpDnmUtGkMe3rGtEF
Is6gIFsegsklsSVmRFbft011QW9wOUQnsy5qKDhJ1mLoOVn1Q3hLmx5pG9ErZrEX
aQ2E5+70Lvf6ygVHfZRN3L2YVAaB08Kw9kSdGECAH+e/v7Zn6V5wGzuZGQLLxzYN
FE1DzlPxXrJFM2jx03PUAaH7wD+jGDEePby6xBxCjbUSoQ5eB8XXa47Ezr4zzctT
LqK/4Wn1/hT2VGXuGItgawMoMKN1qeDL7+3jeQ7Me4tnweDuYdaQ2pLFK2lfQyCM
vbzRGW7ROU6nW/5N3glJdgrZjElqxTzYGxliI4ryW1zW
-----END CERTIFICATE-----