This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/0d57ff-5530-460d-8b53-b6656cc1bd59/1/ToOm_DRG8L881LK0bTvQrJEi9zE.roa
File:                     ToOm_DRG8L881LK0bTvQrJEi9zE.roa (raw, json)
Hash identifier:          DCNqoXRqfdwODxjtc8J2/AVxGOKRF24UDLD2fHtc4vM=
Subject key identifier:   4E:83:A6:FC:34:46:F0:BF:3C:D4:B2:B4:6D:3B:D0:AC:91:22:F7:31
Certificate issuer:       /CN=214a0f42190944ac6b45e00a24ae41a345fdcb35
Certificate serial:       019B77591718BDE01F5F322EBCD1821B2432
Authority key identifier: 21:4A:0F:42:19:09:44:AC:6B:45:E0:0A:24:AE:41:A3:45:FD:CB:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IUoPQhkJRKxrReAKJK5Bo0X9yzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/0d57ff-5530-460d-8b53-b6656cc1bd59/1/ToOm_DRG8L881LK0bTvQrJEi9zE.roa
Signing time:             Thu 01 Jan 2026 02:18:05 +0000
ROA not before:           Thu 01 Jan 2026 02:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137
IP address blocks:        193.43.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/0d57ff-5530-460d-8b53-b6656cc1bd59/1/IUoPQhkJRKxrReAKJK5Bo0X9yzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/0d57ff-5530-460d-8b53-b6656cc1bd59/1/IUoPQhkJRKxrReAKJK5Bo0X9yzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IUoPQhkJRKxrReAKJK5Bo0X9yzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:17:18:bd:e0:1f:5f:32:2e:bc:d1:82:1b:24:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=214a0f42190944ac6b45e00a24ae41a345fdcb35
        Validity
            Not Before: Jan  1 02:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e83a6fc3446f0bf3cd4b2b46d3bd0ac9122f731
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:38:00:d2:89:9e:e6:e9:ef:e1:38:4c:5c:44:
                    0d:87:97:ea:38:1a:ab:88:58:e9:24:01:c8:9b:0a:
                    64:3e:37:c2:a8:88:21:e1:ba:6c:18:df:59:8f:52:
                    96:ee:67:8e:e4:ac:cf:6a:13:34:b5:bf:4e:77:f3:
                    5a:17:fc:f5:6b:0d:fa:82:00:db:ea:7d:ed:e9:42:
                    8f:a3:1a:62:2a:b8:41:da:60:b5:11:1a:73:0d:bd:
                    a7:b2:ab:ea:f4:a0:68:86:9d:bd:47:4f:16:79:af:
                    60:37:bc:00:30:e0:f4:92:c2:f4:d2:16:a2:29:fb:
                    90:1c:87:f7:55:4d:e8:46:cd:25:d7:c0:8c:52:4a:
                    58:1e:9e:43:d6:4a:46:e0:8a:8a:90:fa:69:e1:48:
                    db:8b:52:3e:4e:3a:a9:96:45:eb:fc:05:46:c2:3e:
                    cf:86:5e:17:33:9d:c7:fa:8e:49:45:e2:14:9f:ef:
                    15:64:9d:3a:1e:9c:6d:24:46:18:ee:c5:59:b4:47:
                    85:cd:94:04:b3:38:76:7e:7f:76:bb:35:96:d7:91:
                    eb:ea:2a:f0:7b:16:ac:fc:26:1a:68:76:70:d6:c4:
                    0e:4f:d4:65:9b:a7:4b:0e:9a:32:61:9b:b9:74:c4:
                    2c:99:0e:e7:85:73:ad:7c:cc:87:21:e3:5e:fc:5c:
                    ef:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:83:A6:FC:34:46:F0:BF:3C:D4:B2:B4:6D:3B:D0:AC:91:22:F7:31
            X509v3 Authority Key Identifier:
                keyid:21:4A:0F:42:19:09:44:AC:6B:45:E0:0A:24:AE:41:A3:45:FD:CB:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IUoPQhkJRKxrReAKJK5Bo0X9yzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/0d57ff-5530-460d-8b53-b6656cc1bd59/1/ToOm_DRG8L881LK0bTvQrJEi9zE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/0d57ff-5530-460d-8b53-b6656cc1bd59/1/IUoPQhkJRKxrReAKJK5Bo0X9yzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:cd:9e:67:88:95:1e:e1:5c:94:60:50:18:51:a4:81:06:87:
         dd:46:72:40:f9:8e:04:88:f4:c4:a3:4d:87:4a:7a:da:ef:eb:
         43:4b:fa:a3:42:49:d6:41:50:63:4d:6a:05:1a:28:f1:ee:ec:
         82:7c:b0:aa:6b:40:ad:65:56:27:54:af:6b:46:ee:bd:89:35:
         46:4b:16:64:f4:20:eb:35:c4:c5:46:dc:34:8c:6b:c4:6d:97:
         d5:e0:e0:cd:a3:3f:c1:60:02:5d:6f:21:3f:05:a3:e2:f9:58:
         a3:c1:89:60:5d:93:9d:a8:28:7d:ec:28:0d:b2:b3:b9:c3:4f:
         98:1a:91:3d:c8:95:a2:8a:cb:2f:b2:8a:d0:3f:a9:49:8e:6a:
         3b:61:b3:b7:d0:27:90:32:98:db:59:6e:e9:7e:8a:11:1e:d3:
         1d:e7:5c:7b:6f:80:14:05:5b:23:a0:5c:87:b0:c5:ed:ef:66:
         37:73:5e:81:db:ac:c4:fa:01:03:6a:47:ec:85:03:a1:b8:ee:
         73:ee:29:bd:a0:0c:2c:c1:2a:d2:9c:11:43:fc:14:f6:31:c0:
         43:8e:57:fc:5e:34:29:79:99:97:c1:3a:7f:05:08:80:35:7d:
         f5:48:fd:6c:0a:28:b6:00:ad:b9:2b:7d:03:98:fc:b5:d8:ee:
         b5:5a:05:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WRcYveAfXzIuvNGCGyQyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNGEwZjQyMTkwOTQ0YWM2YjQ1ZTAwYTI0YWU0MWEzNDVm
ZGNiMzUwHhcNMjYwMTAxMDIxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTgzYTZmYzM0NDZmMGJmM2NkNGIyYjQ2ZDNiZDBhYzkxMjJmNzMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDgA0ome5unv4ThMXEQNh5fqOBqr
iFjpJAHImwpkPjfCqIgh4bpsGN9Zj1KW7meO5KzPahM0tb9Od/NaF/z1aw36ggDb
6n3t6UKPoxpiKrhB2mC1ERpzDb2nsqvq9KBohp29R08Wea9gN7wAMOD0ksL00hai
KfuQHIf3VU3oRs0l18CMUkpYHp5D1kpG4IqKkPpp4Ujbi1I+TjqplkXr/AVGwj7P
hl4XM53H+o5JReIUn+8VZJ06HpxtJEYY7sVZtEeFzZQEszh2fn92uzWW15Hr6irw
exas/CYaaHZw1sQOT9Rlm6dLDpoyYZu5dMQsmQ7nhXOtfMyHIeNe/FzvxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE6Dpvw0RvC/PNSytG070KyRIvcxMB8GA1UdIwQY
MBaAFCFKD0IZCUSsa0XgCiSuQaNF/cs1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVVvUFFoa0pSS3hyUmVBS0pLNUJvMFg5eXpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8wZDU3ZmYtNTUzMC00NjBkLThiNTMt
YjY2NTZjYzFiZDU5LzEvVG9PbV9EUkc4TDg4MUxLMGJUdlFySkVpOXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8wZDU3ZmYtNTUzMC00NjBkLThiNTMtYjY2NTZjYzFiZDU5
LzEvSVVvUFFoa0pSS3hyUmVBS0pLNUJvMFg5eXpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSuNMA0G
CSqGSIb3DQEBCwUAA4IBAQCHzZ5niJUe4VyUYFAYUaSBBofdRnJA+Y4EiPTEo02H
Snra7+tDS/qjQknWQVBjTWoFGijx7uyCfLCqa0CtZVYnVK9rRu69iTVGSxZk9CDr
NcTFRtw0jGvEbZfV4ODNoz/BYAJdbyE/BaPi+VijwYlgXZOdqCh97CgNsrO5w0+Y
GpE9yJWiissvsorQP6lJjmo7YbO30CeQMpjbWW7pfooRHtMd51x7b4AUBVsjoFyH
sMXt72Y3c16B26zE+gEDakfshQOhuO5z7im9oAwswSrSnBFD/BT2McBDjlf8XjQp
eZmXwTp/BQiANX31SP1sCii2AK25K30DmPy12O61WgUu
-----END CERTIFICATE-----