This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/Tcb9LIMv15mBq9nuN_lyx7EDWvI.roa
File:                     Tcb9LIMv15mBq9nuN_lyx7EDWvI.roa (raw, json)
Hash identifier:          AVbi90aopaltK4BW7qKfcZ+tcE+N0R+vLT2QnDiHoBo=
Subject key identifier:   4D:C6:FD:2C:83:2F:D7:99:81:AB:D9:EE:37:F9:72:C7:B1:03:5A:F2
Certificate issuer:       /CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
Certificate serial:       019B7BA51B0F8D6DB55823B75E2ECDE72B31
Authority key identifier: CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/Tcb9LIMv15mBq9nuN_lyx7EDWvI.roa
Signing time:             Thu 01 Jan 2026 22:19:36 +0000
ROA not before:           Thu 01 Jan 2026 22:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206403
IP address blocks:        89.223.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:1b:0f:8d:6d:b5:58:23:b7:5e:2e:cd:e7:2b:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd8313e41e646a09cd01e2e6f4739d3bd236c4ff
        Validity
            Not Before: Jan  1 22:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4dc6fd2c832fd79981abd9ee37f972c7b1035af2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:4c:e9:d2:12:04:9f:e7:76:a8:f3:d5:20:9f:
                    e2:3f:04:d6:78:aa:18:18:1f:43:5c:eb:26:bd:d8:
                    ea:c0:14:cb:a2:b6:6e:3d:53:4f:43:3e:c6:c3:b1:
                    a9:76:5c:72:b3:d3:47:64:f2:0b:9b:b5:1d:81:d5:
                    85:51:20:ec:39:4e:39:86:ca:63:6a:13:d1:5d:02:
                    74:db:7a:af:0d:c1:b1:f8:12:f9:fa:d9:34:ea:53:
                    ef:fc:78:69:c3:7a:71:ba:84:98:c1:e3:a6:e3:88:
                    85:13:87:8f:83:e9:20:04:d1:38:41:45:e1:13:ed:
                    e6:12:15:dd:c2:1b:6f:b5:f4:09:09:aa:1b:10:c7:
                    54:54:51:b5:e3:65:1f:1d:9d:c4:5b:27:a9:66:db:
                    fe:58:d1:5d:eb:26:6d:42:3a:d6:07:a0:f9:83:e5:
                    4d:ec:41:98:67:82:16:5f:76:41:0e:f0:8c:2c:1c:
                    aa:e5:15:d4:9d:88:a0:cb:b3:8c:a8:f3:29:cb:78:
                    13:b3:68:c2:37:fd:25:fe:1a:ec:10:e5:f3:00:27:
                    6b:54:c1:15:0b:93:65:eb:61:63:7f:10:4c:32:20:
                    f5:18:4f:ba:4d:66:a5:76:c8:04:b9:5c:70:b9:c2:
                    f7:2c:4a:3a:7e:5b:b2:24:df:c6:f3:2c:31:c5:10:
                    52:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:C6:FD:2C:83:2F:D7:99:81:AB:D9:EE:37:F9:72:C7:B1:03:5A:F2
            X509v3 Authority Key Identifier:
                keyid:CD:83:13:E4:1E:64:6A:09:CD:01:E2:E6:F4:73:9D:3B:D2:36:C4:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zYMT5B5kagnNAeLm9HOdO9I2xP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/Tcb9LIMv15mBq9nuN_lyx7EDWvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/3465f3-03c2-4eaa-a674-8862b517317c/1/zYMT5B5kagnNAeLm9HOdO9I2xP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.223.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:af:f7:f8:bd:1a:a3:3e:fc:7d:49:ed:cc:6f:ca:70:91:ef:
         33:eb:46:ee:b0:3d:21:a9:d7:9d:58:92:8e:10:5b:22:c0:fd:
         f9:8b:66:e9:55:da:eb:13:6d:2b:85:57:4e:91:ca:dc:71:ee:
         22:2a:c8:07:11:8c:e0:45:26:af:9b:73:37:ee:19:cf:55:c1:
         b2:30:7d:81:de:b3:f7:7f:6a:8d:bf:e4:43:bb:86:00:c5:fc:
         af:d0:8d:9f:84:cf:fb:a2:da:e4:4b:8a:3c:ce:51:fa:8d:9f:
         f2:35:1d:a1:27:1b:d7:24:8e:3c:c9:1e:7b:e4:9b:c6:30:20:
         dc:2b:7e:51:4a:3e:37:4d:29:51:ff:8d:fa:89:28:1c:a3:8b:
         a5:32:36:4d:a2:cb:b3:b8:e9:e6:4c:97:25:b7:4c:e7:45:dd:
         24:2f:8c:48:78:46:61:1b:76:b0:b0:1d:8a:a0:06:19:f3:9d:
         ad:23:b8:0e:64:34:ac:6d:3d:31:88:00:97:d6:5a:74:ca:70:
         6b:1d:06:72:55:5a:bd:b4:2f:3a:c6:19:bc:db:24:e9:0b:b9:
         df:3d:9a:31:e2:07:27:a1:55:27:e8:d8:36:d9:6f:7e:67:4d:
         6d:f4:65:5c:9f:3a:7d:ab:85:d3:e4:81:91:a7:17:49:36:91:
         f8:be:b4:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pRsPjW21WCO3Xi7N5ysxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkODMxM2U0MWU2NDZhMDljZDAxZTJlNmY0NzM5ZDNiZDIz
NmM0ZmYwHhcNMjYwMTAxMjIxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGM2ZmQyYzgzMmZkNzk5ODFhYmQ5ZWUzN2Y5NzJjN2IxMDM1YWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA80zp0hIEn+d2qPPVIJ/iPwTWeKoY
GB9DXOsmvdjqwBTLorZuPVNPQz7Gw7Gpdlxys9NHZPILm7UdgdWFUSDsOU45hspj
ahPRXQJ023qvDcGx+BL5+tk06lPv/Hhpw3pxuoSYweOm44iFE4ePg+kgBNE4QUXh
E+3mEhXdwhtvtfQJCaobEMdUVFG142UfHZ3EWyepZtv+WNFd6yZtQjrWB6D5g+VN
7EGYZ4IWX3ZBDvCMLByq5RXUnYigy7OMqPMpy3gTs2jCN/0l/hrsEOXzACdrVMEV
C5Nl62FjfxBMMiD1GE+6TWaldsgEuVxwucL3LEo6fluyJN/G8ywxxRBSEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE3G/SyDL9eZgavZ7jf5csexA1ryMB8GA1UdIwQY
MBaAFM2DE+QeZGoJzQHi5vRznTvSNsT/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQt
ODg2MmI1MTczMTdjLzEvVGNiOUxJTXYxNW1CcTludU5fbHl4N0VEV3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8zNDY1ZjMtMDNjMi00ZWFhLWE2NzQtODg2MmI1MTczMTdj
LzEvellNVDVCNWthZ25OQWVMbTlIT2RPOUkyeFA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWd8QMA0G
CSqGSIb3DQEBCwUAA4IBAQAKr/f4vRqjPvx9Se3Mb8pwke8z60busD0hqdedWJKO
EFsiwP35i2bpVdrrE20rhVdOkcrcce4iKsgHEYzgRSavm3M37hnPVcGyMH2B3rP3
f2qNv+RDu4YAxfyv0I2fhM/7otrkS4o8zlH6jZ/yNR2hJxvXJI48yR575JvGMCDc
K35RSj43TSlR/436iSgco4ulMjZNosuzuOnmTJclt0znRd0kL4xIeEZhG3awsB2K
oAYZ852tI7gOZDSsbT0xiACX1lp0ynBrHQZyVVq9tC86xhm82yTpC7nfPZox4gcn
oVUn6Ng22W9+Z01t9GVcnzp9q4XT5IGRpxdJNpH4vrR1
-----END CERTIFICATE-----