This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/TKEpPXUpLU5W_48ie-PShvubSmQ.roa
File:                     TKEpPXUpLU5W_48ie-PShvubSmQ.roa (raw, json)
Hash identifier:          bAD0eg778WJ8W8W3//5efjy9CNKIBzk/YvQ1TCKllow=
Subject key identifier:   4C:A1:29:3D:75:29:2D:4E:56:FF:8F:22:7B:E3:D2:86:FB:9B:4A:64
Certificate issuer:       /CN=e7f881401abacc88c941fdf740f1ab1536f05dba
Certificate serial:       019B7EA66545FFD7A9C217D3ACA1080D916E
Authority key identifier: E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/TKEpPXUpLU5W_48ie-PShvubSmQ.roa
Signing time:             Fri 02 Jan 2026 12:19:52 +0000
ROA not before:           Fri 02 Jan 2026 12:19:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39456
IP address blocks:        195.12.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 07:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:65:45:ff:d7:a9:c2:17:d3:ac:a1:08:0d:91:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7f881401abacc88c941fdf740f1ab1536f05dba
        Validity
            Not Before: Jan  2 12:19:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ca1293d75292d4e56ff8f227be3d286fb9b4a64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:bb:1e:71:ab:f9:c0:50:ea:67:a3:e5:b1:81:
                    ac:03:8a:de:0b:82:fc:5c:4a:5c:4a:e6:a0:36:ad:
                    8e:c9:b8:07:db:f4:c4:8d:2b:c1:4c:9e:ea:8b:05:
                    9f:d1:30:32:9f:2e:1b:5f:40:a6:e3:f0:6e:6e:c8:
                    81:2d:71:ed:62:d6:cb:3e:af:d3:fd:46:2b:f3:89:
                    4c:23:4e:09:84:c0:0f:0e:d7:0d:34:5b:2a:b5:65:
                    30:77:83:97:3f:2b:da:ec:18:70:4c:f9:f1:af:96:
                    68:74:7a:bf:d8:03:70:8a:3d:12:bd:a7:71:44:11:
                    28:a3:9b:d4:fe:e5:12:e9:50:87:6a:fc:35:5c:d1:
                    b5:af:eb:19:e9:24:07:ec:c7:4a:fd:df:29:27:9d:
                    ad:e9:c9:e1:af:db:67:38:a9:89:68:cb:36:75:7c:
                    87:1e:e5:53:15:39:19:4d:63:e4:6a:ef:38:3f:1f:
                    29:9a:c3:18:5c:1d:0d:fd:3c:31:65:af:c1:47:8e:
                    ea:0f:c5:97:b9:32:9d:e1:79:ca:92:21:34:7c:71:
                    a4:6e:41:8f:03:74:74:7d:84:c7:db:96:e5:53:c3:
                    66:93:60:10:d4:ee:2a:c8:51:c7:74:3b:37:58:1e:
                    cc:4e:73:00:5a:0c:8d:d0:21:cd:f6:75:65:b9:08:
                    30:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:A1:29:3D:75:29:2D:4E:56:FF:8F:22:7B:E3:D2:86:FB:9B:4A:64
            X509v3 Authority Key Identifier:
                keyid:E7:F8:81:40:1A:BA:CC:88:C9:41:FD:F7:40:F1:AB:15:36:F0:5D:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_iBQBq6zIjJQf33QPGrFTbwXbo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/TKEpPXUpLU5W_48ie-PShvubSmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/f5534a-a613-47be-b42b-e2fbc3a68800/1/5_iBQBq6zIjJQf33QPGrFTbwXbo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.12.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:0e:67:98:42:7d:20:77:08:13:fd:eb:12:17:34:d3:c9:97:
         08:82:e2:e7:ce:62:24:b9:97:bd:3f:a7:e8:d5:54:5b:40:04:
         a0:eb:30:cb:03:94:ea:2d:9e:05:fe:6e:ed:b8:3c:7f:7d:4a:
         5c:39:77:e7:3a:68:fb:17:33:36:98:72:7a:62:16:71:f0:28:
         c6:8b:6d:0d:94:e8:7c:2d:41:66:bc:d5:43:55:7b:e0:13:aa:
         ba:ed:cd:31:d4:97:fc:77:6a:7b:0f:b5:89:39:57:2c:03:27:
         80:54:62:c4:e0:e8:82:a6:d6:8f:93:94:f0:b5:79:31:5c:a6:
         6b:a0:49:b9:02:2b:67:79:d6:49:3f:40:d9:a1:75:03:0f:1a:
         bb:bb:0f:95:27:68:4c:85:50:cb:8e:e0:14:58:0f:c6:34:6b:
         95:ca:dd:76:75:d0:44:7a:ef:cb:a0:bf:8a:88:51:b3:21:ab:
         98:e8:0c:07:c3:2c:0c:b0:f8:c7:0f:10:02:0e:3e:15:9f:00:
         1a:d7:43:c3:d7:6e:2d:bb:9b:8b:c2:73:eb:54:3c:9e:11:c3:
         38:bd:ba:6b:1b:cf:02:51:f0:ec:9f:fe:c0:99:33:bb:95:bf:
         fe:86:71:cb:c0:d1:a5:51:69:a2:c4:1f:39:18:e1:fd:f2:72:
         96:e2:9a:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pmVF/9epwhfTrKEIDZFuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Zjg4MTQwMWFiYWNjODhjOTQxZmRmNzQwZjFhYjE1MzZm
MDVkYmEwHhcNMjYwMTAyMTIxOTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2ExMjkzZDc1MjkyZDRlNTZmZjhmMjI3YmUzZDI4NmZiOWI0YTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7secav5wFDqZ6PlsYGsA4reC4L8
XEpcSuagNq2OybgH2/TEjSvBTJ7qiwWf0TAyny4bX0Cm4/BubsiBLXHtYtbLPq/T
/UYr84lMI04JhMAPDtcNNFsqtWUwd4OXPyva7BhwTPnxr5ZodHq/2ANwij0Svadx
RBEoo5vU/uUS6VCHavw1XNG1r+sZ6SQH7MdK/d8pJ52t6cnhr9tnOKmJaMs2dXyH
HuVTFTkZTWPkau84Px8pmsMYXB0N/TwxZa/BR47qD8WXuTKd4XnKkiE0fHGkbkGP
A3R0fYTH25blU8Nmk2AQ1O4qyFHHdDs3WB7MTnMAWgyN0CHN9nVluQgwmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyhKT11KS1OVv+PInvj0ob7m0pkMB8GA1UdIwQY
MBaAFOf4gUAausyIyUH990DxqxU28F26MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmIt
ZTJmYmMzYTY4ODAwLzEvVEtFcFBYVXBMVTVXXzQ4aWUtUFNodnViU21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS9mNTUzNGEtYTYxMy00N2JlLWI0MmItZTJmYmMzYTY4ODAw
LzEvNV9pQlFCcTZ6SWpKUWYzM1FQR3JGVGJ3WGJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwyJMA0G
CSqGSIb3DQEBCwUAA4IBAQAZDmeYQn0gdwgT/esSFzTTyZcIguLnzmIkuZe9P6fo
1VRbQASg6zDLA5TqLZ4F/m7tuDx/fUpcOXfnOmj7FzM2mHJ6YhZx8CjGi20NlOh8
LUFmvNVDVXvgE6q67c0x1Jf8d2p7D7WJOVcsAyeAVGLE4OiCptaPk5TwtXkxXKZr
oEm5AitnedZJP0DZoXUDDxq7uw+VJ2hMhVDLjuAUWA/GNGuVyt12ddBEeu/LoL+K
iFGzIauY6AwHwywMsPjHDxACDj4VnwAa10PD124tu5uLwnPrVDyeEcM4vbprG88C
UfDsn/7AmTO7lb/+hnHLwNGlUWmixB85GOH98nKW4pra
-----END CERTIFICATE-----