This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/da9c62-8e16-46df-be2b-06b9ed99f16c/1/TLFiEoQRGLVMCGc46Mn0G99fC5U.roa
File:                     TLFiEoQRGLVMCGc46Mn0G99fC5U.roa (raw, json)
Hash identifier:          gDFtNWXwzA45vosk76KSuCgqR0QSeN+bVcyur4756BI=
Subject key identifier:   4C:B1:62:12:84:11:18:B5:4C:08:67:38:E8:C9:F4:1B:DF:5F:0B:95
Certificate issuer:       /CN=3d94df65a3bdddfb55609f1850e149f82bea78f7
Certificate serial:       019B7CED08F63E05A13FB2023A836DD0A8C4
Authority key identifier: 3D:94:DF:65:A3:BD:DD:FB:55:60:9F:18:50:E1:49:F8:2B:EA:78:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PZTfZaO93ftVYJ8YUOFJ-CvqePc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/da9c62-8e16-46df-be2b-06b9ed99f16c/1/TLFiEoQRGLVMCGc46Mn0G99fC5U.roa
Signing time:             Fri 02 Jan 2026 04:17:47 +0000
ROA not before:           Fri 02 Jan 2026 04:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51048
IP address blocks:        185.83.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/da9c62-8e16-46df-be2b-06b9ed99f16c/1/PZTfZaO93ftVYJ8YUOFJ-CvqePc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/da9c62-8e16-46df-be2b-06b9ed99f16c/1/PZTfZaO93ftVYJ8YUOFJ-CvqePc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PZTfZaO93ftVYJ8YUOFJ-CvqePc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:08:f6:3e:05:a1:3f:b2:02:3a:83:6d:d0:a8:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d94df65a3bdddfb55609f1850e149f82bea78f7
        Validity
            Not Before: Jan  2 04:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4cb16212841118b54c086738e8c9f41bdf5f0b95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:19:6c:16:e6:21:0e:a9:7d:6c:04:e3:08:59:
                    da:e4:92:6f:72:46:c7:8e:f3:63:be:2d:82:9b:30:
                    a0:98:76:9e:2c:3f:2d:2b:7c:c9:3f:52:d5:af:7b:
                    02:1e:04:8f:7c:c4:ad:88:f8:51:ac:0c:09:3a:db:
                    c1:24:4a:09:45:6c:9f:95:bd:77:c0:b8:cd:70:33:
                    c7:65:77:90:71:3e:69:92:b2:43:16:84:b9:75:fe:
                    a1:ef:22:c4:ca:d1:14:1b:b1:21:ce:48:b8:5d:50:
                    84:e7:00:0e:b3:c6:b1:de:3e:e3:d4:b6:27:9e:ad:
                    af:03:d9:be:48:94:c1:42:5a:70:c1:4f:f1:77:0d:
                    22:7a:60:84:f4:bc:f6:52:30:60:dd:72:f7:7b:49:
                    ad:2a:a7:6c:c7:93:9b:d0:a8:15:9d:c0:82:06:47:
                    2b:bd:55:f9:3b:e1:1f:55:57:03:4c:d0:da:51:c8:
                    2b:86:a0:dd:c1:30:a9:14:e2:37:7b:2f:77:66:7b:
                    23:56:82:1f:e3:45:08:3b:b5:36:dc:99:90:e7:ff:
                    b4:cf:a7:c4:8a:f1:61:bc:bf:a9:5f:b3:09:a3:7c:
                    6a:22:5b:d7:4b:3d:a0:7c:94:d6:51:52:78:f7:c6:
                    a4:ec:39:ac:8f:66:4d:18:6b:ea:66:41:49:8e:53:
                    6f:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:B1:62:12:84:11:18:B5:4C:08:67:38:E8:C9:F4:1B:DF:5F:0B:95
            X509v3 Authority Key Identifier:
                keyid:3D:94:DF:65:A3:BD:DD:FB:55:60:9F:18:50:E1:49:F8:2B:EA:78:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PZTfZaO93ftVYJ8YUOFJ-CvqePc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/da9c62-8e16-46df-be2b-06b9ed99f16c/1/TLFiEoQRGLVMCGc46Mn0G99fC5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/da9c62-8e16-46df-be2b-06b9ed99f16c/1/PZTfZaO93ftVYJ8YUOFJ-CvqePc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:23:18:58:09:2a:d1:16:b7:29:a6:83:2e:b9:00:55:28:90:
         a0:78:3b:65:89:cd:58:4a:16:46:1c:bc:0e:a4:09:fc:c4:db:
         4a:24:4e:89:c1:c9:40:5d:ae:6e:b2:c4:fe:c1:af:cd:d9:91:
         33:06:ef:bf:75:39:ef:54:0d:c4:1b:e2:16:17:da:12:09:7b:
         cd:0d:0a:88:32:f3:78:3f:25:6f:22:d3:a1:23:9e:59:e6:5c:
         7d:2b:49:85:e9:29:e3:cb:dc:76:9d:b6:d4:8b:aa:c8:f6:34:
         08:31:d2:22:11:6c:c9:5b:15:0e:cb:63:28:55:43:8e:87:1f:
         d7:6f:45:ec:d3:2e:48:24:bc:d8:49:5c:d8:cf:4c:fb:c0:c9:
         e0:a9:1b:52:96:12:6e:12:43:a2:fd:e6:82:7c:99:f3:01:93:
         aa:ae:b2:e5:5d:b5:97:a2:aa:12:88:11:f3:5d:89:d8:0d:56:
         2a:3a:6d:27:50:75:57:34:c8:4c:e6:7c:33:e1:0d:ac:f4:94:
         fc:92:82:17:4a:92:d6:85:77:47:d5:01:ab:9b:b8:fe:e7:91:
         97:86:2a:5b:60:c1:10:7b:d8:27:dd:ef:83:06:cd:b9:93:17:
         6e:d9:7e:df:86:20:6b:ea:96:cc:0a:9a:ef:a7:2b:23:6a:d0:
         a1:87:99:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87Qj2PgWhP7ICOoNt0KjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkOTRkZjY1YTNiZGRkZmI1NTYwOWYxODUwZTE0OWY4MmJl
YTc4ZjcwHhcNMjYwMTAyMDQxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2IxNjIxMjg0MTExOGI1NGMwODY3MzhlOGM5ZjQxYmRmNWYwYjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBlsFuYhDql9bATjCFna5JJvckbH
jvNjvi2CmzCgmHaeLD8tK3zJP1LVr3sCHgSPfMStiPhRrAwJOtvBJEoJRWyflb13
wLjNcDPHZXeQcT5pkrJDFoS5df6h7yLEytEUG7Ehzki4XVCE5wAOs8ax3j7j1LYn
nq2vA9m+SJTBQlpwwU/xdw0iemCE9Lz2UjBg3XL3e0mtKqdsx5Ob0KgVncCCBkcr
vVX5O+EfVVcDTNDaUcgrhqDdwTCpFOI3ey93ZnsjVoIf40UIO7U23JmQ5/+0z6fE
ivFhvL+pX7MJo3xqIlvXSz2gfJTWUVJ498ak7Dmsj2ZNGGvqZkFJjlNv1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyxYhKEERi1TAhnOOjJ9BvfXwuVMB8GA1UdIwQY
MBaAFD2U32Wjvd37VWCfGFDhSfgr6nj3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFpUZlphTzkzZnRWWUo4WVVPRkotQ3ZxZVBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9kYTljNjItOGUxNi00NmRmLWJlMmIt
MDZiOWVkOTlmMTZjLzEvVExGaUVvUVJHTFZNQ0djNDZNbjBHOTlmQzVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC9kYTljNjItOGUxNi00NmRmLWJlMmItMDZiOWVkOTlmMTZj
LzEvUFpUZlphTzkzZnRWWUo4WVVPRkotQ3ZxZVBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuVOoMA0G
CSqGSIb3DQEBCwUAA4IBAQAAIxhYCSrRFrcppoMuuQBVKJCgeDtlic1YShZGHLwO
pAn8xNtKJE6JwclAXa5ussT+wa/N2ZEzBu+/dTnvVA3EG+IWF9oSCXvNDQqIMvN4
PyVvItOhI55Z5lx9K0mF6Snjy9x2nbbUi6rI9jQIMdIiEWzJWxUOy2MoVUOOhx/X
b0Xs0y5IJLzYSVzYz0z7wMngqRtSlhJuEkOi/eaCfJnzAZOqrrLlXbWXoqoSiBHz
XYnYDVYqOm0nUHVXNMhM5nwz4Q2s9JT8koIXSpLWhXdH1QGrm7j+55GXhipbYMEQ
e9gn3e+DBs25kxdu2X7fhiBr6pbMCprvpysjatChh5lh
-----END CERTIFICATE-----