This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/TkwlaSAb-t_A_q6mMAipvEs0zSk.roa
File:                     TkwlaSAb-t_A_q6mMAipvEs0zSk.roa (raw, json)
Hash identifier:          TpY0AjBJFQQt2MYHF/hCiOfKQkRoDC5zt7ciJI8H/SA=
Subject key identifier:   4E:4C:25:69:20:1B:FA:DF:C0:FE:AE:A6:30:08:A9:BC:4B:34:CD:29
Certificate issuer:       /CN=38f9c54f19193e06548163f895c3a46b9f8bfbb5
Certificate serial:       019B7834A132996CAA885FA1F693D4B04FB7
Authority key identifier: 38:F9:C5:4F:19:19:3E:06:54:81:63:F8:95:C3:A4:6B:9F:8B:FB:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/TkwlaSAb-t_A_q6mMAipvEs0zSk.roa
Signing time:             Thu 01 Jan 2026 06:17:53 +0000
ROA not before:           Thu 01 Jan 2026 06:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5408
IP address blocks:        193.218.96.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:a1:32:99:6c:aa:88:5f:a1:f6:93:d4:b0:4f:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38f9c54f19193e06548163f895c3a46b9f8bfbb5
        Validity
            Not Before: Jan  1 06:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e4c2569201bfadfc0feaea63008a9bc4b34cd29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:55:28:e9:e0:cc:54:b8:d8:87:3e:e6:34:52:
                    b6:30:de:89:ac:59:0f:73:39:ad:60:0e:93:7d:8d:
                    13:cb:6a:b6:1c:e2:ec:c8:27:81:6b:15:1f:b1:53:
                    8c:6d:eb:c9:7a:c3:07:28:ec:fd:d8:85:6e:f5:a6:
                    76:79:43:6b:09:8f:69:bb:94:58:09:1d:a2:7a:df:
                    2f:d9:a8:22:6e:4f:28:27:ab:f5:c4:6d:38:37:5e:
                    b6:a0:50:33:22:ba:d8:dd:be:25:e2:23:ca:e2:a2:
                    4e:bd:45:bd:fb:d5:f3:04:e2:39:33:3a:2a:2f:80:
                    a8:3b:45:d8:26:94:0b:05:60:4f:ef:b7:8b:d9:92:
                    12:b0:5c:2d:f1:fd:5a:b2:bc:8a:73:e7:d6:8e:0e:
                    8b:31:98:3e:10:52:d1:bb:07:f3:42:d7:58:31:34:
                    16:c1:15:52:92:1a:d6:db:d2:b0:df:f5:e3:2e:3e:
                    af:78:3f:74:9d:0c:83:e9:6f:f0:1c:df:03:a7:b7:
                    7f:8e:ff:27:b0:dc:dc:ef:bd:40:0b:53:a5:3d:f5:
                    a4:5b:b7:dc:2a:f8:dd:8c:da:c5:7a:ed:5e:c9:52:
                    3b:80:e2:80:66:2f:16:43:b4:68:64:3c:23:d8:d2:
                    ea:34:50:9a:71:48:3d:19:51:3b:e8:60:37:fc:82:
                    80:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:4C:25:69:20:1B:FA:DF:C0:FE:AE:A6:30:08:A9:BC:4B:34:CD:29
            X509v3 Authority Key Identifier:
                keyid:38:F9:C5:4F:19:19:3E:06:54:81:63:F8:95:C3:A4:6B:9F:8B:FB:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OPnFTxkZPgZUgWP4lcOka5-L-7U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/TkwlaSAb-t_A_q6mMAipvEs0zSk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/f0b6ba-8675-491c-8593-724949b460e9/1/OPnFTxkZPgZUgWP4lcOka5-L-7U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.218.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2a:67:c4:6a:44:4e:4f:6c:f7:51:0f:2c:3b:e4:aa:6b:a4:92:
         f0:93:47:4b:31:e8:09:74:98:d0:11:23:a9:b9:fa:32:00:d1:
         04:d7:00:5b:c2:96:97:f7:e7:d3:47:26:a1:6a:b2:d6:e4:f0:
         3b:a7:d5:46:09:4f:1c:84:72:b7:8d:df:8b:96:64:f4:46:37:
         34:75:63:e5:85:25:ac:53:2f:33:78:65:0b:1d:73:65:26:2f:
         23:d4:62:f7:2d:2b:52:23:d9:1c:ef:12:8b:9c:7b:b8:e6:54:
         f3:a6:b4:5b:81:43:fa:85:2a:75:ea:25:d7:ba:96:67:6f:8e:
         c0:f0:5e:7f:31:89:25:99:67:d1:ea:90:e2:a5:24:3b:e0:11:
         44:ee:25:c5:f5:c6:fb:51:dc:12:7d:3f:58:91:67:10:93:77:
         97:87:ca:b5:c2:36:c2:bf:27:f6:c0:a8:e7:cf:dd:e7:87:cb:
         52:3f:15:d2:72:78:55:a7:a3:0a:dd:a8:7f:79:53:66:6e:b5:
         a3:82:f2:03:2f:b7:9b:7d:cc:c3:66:0f:d9:74:6e:d4:b9:10:
         86:55:7b:ce:57:02:c8:0a:c3:63:0d:a4:bc:d4:57:26:41:44:
         6e:56:be:99:74:a7:bf:17:50:fe:5e:87:c8:ce:21:55:98:cf:
         bd:d8:51:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NKEymWyqiF+h9pPUsE+3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ZjljNTRmMTkxOTNlMDY1NDgxNjNmODk1YzNhNDZiOWY4
YmZiYjUwHhcNMjYwMTAxMDYxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTRjMjU2OTIwMWJmYWRmYzBmZWFlYTYzMDA4YTliYzRiMzRjZDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01Uo6eDMVLjYhz7mNFK2MN6JrFkP
czmtYA6TfY0Ty2q2HOLsyCeBaxUfsVOMbevJesMHKOz92IVu9aZ2eUNrCY9pu5RY
CR2iet8v2agibk8oJ6v1xG04N162oFAzIrrY3b4l4iPK4qJOvUW9+9XzBOI5Mzoq
L4CoO0XYJpQLBWBP77eL2ZISsFwt8f1asryKc+fWjg6LMZg+EFLRuwfzQtdYMTQW
wRVSkhrW29Kw3/XjLj6veD90nQyD6W/wHN8Dp7d/jv8nsNzc771AC1OlPfWkW7fc
KvjdjNrFeu1eyVI7gOKAZi8WQ7RoZDwj2NLqNFCacUg9GVE76GA3/IKA/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE5MJWkgG/rfwP6upjAIqbxLNM0pMB8GA1UdIwQY
MBaAFDj5xU8ZGT4GVIFj+JXDpGufi/u1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1BuRlR4a1pQZ1pVZ1dQNGxjT2thNS1MLTdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9mMGI2YmEtODY3NS00OTFjLTg1OTMt
NzI0OTQ5YjQ2MGU5LzEvVGt3bGFTQWItdF9BX3E2bU1BaXB2RXMwelNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9mMGI2YmEtODY3NS00OTFjLTg1OTMtNzI0OTQ5YjQ2MGU5
LzEvT1BuRlR4a1pQZ1pVZ1dQNGxjT2thNS1MLTdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwdpgMA0G
CSqGSIb3DQEBCwUAA4IBAQAqZ8RqRE5PbPdRDyw75KprpJLwk0dLMegJdJjQESOp
ufoyANEE1wBbwpaX9+fTRyaharLW5PA7p9VGCU8chHK3jd+LlmT0Rjc0dWPlhSWs
Uy8zeGULHXNlJi8j1GL3LStSI9kc7xKLnHu45lTzprRbgUP6hSp16iXXupZnb47A
8F5/MYklmWfR6pDipSQ74BFE7iXF9cb7UdwSfT9YkWcQk3eXh8q1wjbCvyf2wKjn
z93nh8tSPxXScnhVp6MK3ah/eVNmbrWjgvIDL7ebfczDZg/ZdG7UuRCGVXvOVwLI
CsNjDaS81FcmQURuVr6ZdKe/F1D+XofIziFVmM+92FHf
-----END CERTIFICATE-----