This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/beb97e-0957-4480-8b40-daa9f2a33baf/1/TaElX9hisZ5XrROOglyTLI-d0fw.roa
File:                     TaElX9hisZ5XrROOglyTLI-d0fw.roa (raw, json)
Hash identifier:          FeglI4bS4YwdcMyJ/Aqxz6zLx/NMHHbKBPa39hMUKnM=
Subject key identifier:   4D:A1:25:5F:D8:62:B1:9E:57:AD:13:8E:82:5C:93:2C:8F:9D:D1:FC
Certificate issuer:       /CN=4100e4b4a97882c1798c470e3abd805e325dd595
Certificate serial:       019B7D5BF9738723532C2069E3A7EFA4D694
Authority key identifier: 41:00:E4:B4:A9:78:82:C1:79:8C:47:0E:3A:BD:80:5E:32:5D:D5:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQDktKl4gsF5jEcOOr2AXjJd1ZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/beb97e-0957-4480-8b40-daa9f2a33baf/1/TaElX9hisZ5XrROOglyTLI-d0fw.roa
Signing time:             Fri 02 Jan 2026 06:18:58 +0000
ROA not before:           Fri 02 Jan 2026 06:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39700
IP address blocks:        185.72.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/beb97e-0957-4480-8b40-daa9f2a33baf/1/QQDktKl4gsF5jEcOOr2AXjJd1ZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/beb97e-0957-4480-8b40-daa9f2a33baf/1/QQDktKl4gsF5jEcOOr2AXjJd1ZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQDktKl4gsF5jEcOOr2AXjJd1ZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:f9:73:87:23:53:2c:20:69:e3:a7:ef:a4:d6:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4100e4b4a97882c1798c470e3abd805e325dd595
        Validity
            Not Before: Jan  2 06:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4da1255fd862b19e57ad138e825c932c8f9dd1fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c6:cd:f6:cd:8a:53:ff:48:d8:6a:1b:55:b1:
                    35:7f:6b:7f:62:4c:2d:15:28:74:1a:38:08:29:e2:
                    f9:c9:b2:18:18:42:e0:8b:44:90:94:11:1f:5e:99:
                    9a:97:4c:1b:66:90:6f:c2:d2:c6:40:0d:9b:71:a3:
                    a6:61:08:8f:f6:92:70:38:7d:52:fa:26:fb:ca:74:
                    46:a9:af:47:4d:5e:fe:ac:cf:29:26:11:98:20:5d:
                    a8:b7:15:01:3e:fd:e1:38:a3:11:24:8a:72:c4:3a:
                    34:60:27:1f:9b:75:e0:63:65:79:5b:a4:03:4e:13:
                    8b:3e:91:9f:fc:e8:11:f0:be:04:25:5f:11:51:67:
                    08:9d:c9:f1:e0:88:36:eb:49:4a:51:c5:0e:f6:64:
                    ba:2f:9e:18:b4:7d:86:2e:a1:40:d2:15:57:1b:e8:
                    4c:8b:f4:8c:e7:0e:4e:3a:c4:12:4e:53:75:d7:c7:
                    42:82:6d:3c:5a:d3:c2:2f:1b:84:6f:4c:2e:a0:7f:
                    bc:d7:4b:4b:4b:57:33:04:ea:76:ae:d9:8e:7c:69:
                    49:57:e8:e1:62:ee:25:70:f7:6f:00:b9:61:73:0d:
                    42:ac:95:ad:55:ff:3c:78:62:1f:97:0d:86:57:2a:
                    6f:87:31:4a:5d:4a:82:0a:b5:96:40:15:f6:67:17:
                    e4:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:A1:25:5F:D8:62:B1:9E:57:AD:13:8E:82:5C:93:2C:8F:9D:D1:FC
            X509v3 Authority Key Identifier:
                keyid:41:00:E4:B4:A9:78:82:C1:79:8C:47:0E:3A:BD:80:5E:32:5D:D5:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQDktKl4gsF5jEcOOr2AXjJd1ZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/beb97e-0957-4480-8b40-daa9f2a33baf/1/TaElX9hisZ5XrROOglyTLI-d0fw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/beb97e-0957-4480-8b40-daa9f2a33baf/1/QQDktKl4gsF5jEcOOr2AXjJd1ZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.72.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:08:71:51:1f:86:3e:2a:3c:ba:38:7f:b8:0a:b5:7d:88:83:
         33:5d:90:af:0a:df:18:55:38:f3:1a:6a:06:bd:05:af:6d:9d:
         f4:d5:59:4f:db:75:7b:73:12:3b:0d:c7:a6:ec:14:91:d6:1e:
         0d:7e:7d:a1:0e:63:33:8b:4d:a1:c9:2a:db:79:ed:f0:cc:ed:
         50:65:5d:37:bc:b4:bf:3d:79:0e:71:74:78:30:5b:09:d3:20:
         c8:aa:83:8f:01:c6:e6:da:0f:0a:5f:0c:59:1d:a9:48:c9:a8:
         b8:40:83:69:46:c5:8e:6a:75:ce:f3:37:3d:15:28:ad:b4:14:
         6f:b6:47:10:8d:ed:2c:59:ff:9c:6c:13:cb:91:97:29:a0:35:
         88:68:8f:ef:71:95:97:32:63:75:98:33:8c:8a:0b:f0:b7:0e:
         f6:51:15:51:7f:c6:b7:75:03:01:0f:38:58:9c:d2:c0:f0:99:
         57:6a:fc:ca:99:cb:6a:7f:dc:12:d8:84:86:5f:42:06:c3:6b:
         21:91:3c:c1:36:08:90:12:cf:f0:23:68:53:db:85:aa:6d:4d:
         71:e3:7b:3b:80:5a:28:cc:e1:ec:41:dc:76:07:2d:f7:b2:00:
         88:d4:c7:4e:d1:a0:db:e7:97:1b:10:af:f7:7e:7c:cd:f5:08:
         a6:84:af:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W/lzhyNTLCBp46fvpNaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDBlNGI0YTk3ODgyYzE3OThjNDcwZTNhYmQ4MDVlMzI1
ZGQ1OTUwHhcNMjYwMTAyMDYxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGExMjU1ZmQ4NjJiMTllNTdhZDEzOGU4MjVjOTMyYzhmOWRkMWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsbN9s2KU/9I2GobVbE1f2t/Ykwt
FSh0GjgIKeL5ybIYGELgi0SQlBEfXpmal0wbZpBvwtLGQA2bcaOmYQiP9pJwOH1S
+ib7ynRGqa9HTV7+rM8pJhGYIF2otxUBPv3hOKMRJIpyxDo0YCcfm3XgY2V5W6QD
ThOLPpGf/OgR8L4EJV8RUWcIncnx4Ig260lKUcUO9mS6L54YtH2GLqFA0hVXG+hM
i/SM5w5OOsQSTlN118dCgm08WtPCLxuEb0wuoH+810tLS1czBOp2rtmOfGlJV+jh
Yu4lcPdvALlhcw1CrJWtVf88eGIflw2GVypvhzFKXUqCCrWWQBX2ZxfkqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2hJV/YYrGeV60TjoJckyyPndH8MB8GA1UdIwQY
MBaAFEEA5LSpeILBeYxHDjq9gF4yXdWVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFEa3RLbDRnc0Y1akVjT09yMkFYakpkMVpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS9iZWI5N2UtMDk1Ny00NDgwLThiNDAt
ZGFhOWYyYTMzYmFmLzEvVGFFbFg5aGlzWjVYclJPT2dseVRMSS1kMGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS9iZWI5N2UtMDk1Ny00NDgwLThiNDAtZGFhOWYyYTMzYmFm
LzEvUVFEa3RLbDRnc0Y1akVjT09yMkFYakpkMVpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUiEMA0G
CSqGSIb3DQEBCwUAA4IBAQBaCHFRH4Y+Kjy6OH+4CrV9iIMzXZCvCt8YVTjzGmoG
vQWvbZ301VlP23V7cxI7Dcem7BSR1h4Nfn2hDmMzi02hySrbee3wzO1QZV03vLS/
PXkOcXR4MFsJ0yDIqoOPAcbm2g8KXwxZHalIyai4QINpRsWOanXO8zc9FSittBRv
tkcQje0sWf+cbBPLkZcpoDWIaI/vcZWXMmN1mDOMigvwtw72URVRf8a3dQMBDzhY
nNLA8JlXavzKmctqf9wS2ISGX0IGw2shkTzBNgiQEs/wI2hT24WqbU1x43s7gFoo
zOHsQdx2By33sgCI1MdO0aDb55cbEK/3fnzN9QimhK8/
-----END CERTIFICATE-----