This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/ADpHV81oLRNww3UPkZ2ylbeVYyQ.roa
File:                     ADpHV81oLRNww3UPkZ2ylbeVYyQ.roa (raw, json)
Hash identifier:          iE6K3Xh2IcBpnGljqbTHKAlsyrSy/6CD1qKuMNW47GQ=
Subject key identifier:   00:3A:47:57:CD:68:2D:13:70:C3:75:0F:91:9D:B2:95:B7:95:63:24
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019BE9FADCDD93B797FFF52170E0D97699DD
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/ADpHV81oLRNww3UPkZ2ylbeVYyQ.roa
Signing time:             Fri 23 Jan 2026 08:31:30 +0000
ROA not before:           Fri 23 Jan 2026 08:31:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197731
IP address blocks:        158.173.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 08:31:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e9:fa:dc:dd:93:b7:97:ff:f5:21:70:e0:d9:76:99:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Jan 23 08:31:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=003a4757cd682d1370c3750f919db295b7956324
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c4:5d:a2:8a:de:f4:22:8e:87:30:8a:44:d3:
                    8a:a8:50:ec:57:2b:86:5c:38:47:07:29:ac:b7:89:
                    68:93:9c:21:74:13:f4:d3:54:1b:5e:57:de:0c:c4:
                    16:23:47:37:19:35:7c:00:52:69:d8:0e:82:08:ef:
                    85:d0:56:19:8a:27:41:b0:5a:94:d8:3c:7f:a5:2e:
                    b8:8f:ee:fa:15:67:3a:a4:29:54:54:7d:59:d0:1c:
                    47:16:40:86:1e:6f:14:f4:2b:85:87:56:ff:fe:a8:
                    34:32:1d:87:ac:da:11:b4:d4:3f:0e:56:6e:98:17:
                    61:19:80:ec:b5:74:02:59:1f:63:6b:f9:f2:df:20:
                    46:d4:4c:3b:fa:0a:8b:ec:dd:ba:56:90:6e:db:39:
                    f4:e0:ec:78:56:30:33:a8:e3:48:6e:4b:e8:a0:51:
                    63:dc:ce:03:48:e2:cd:0f:b8:e2:b7:1c:0f:83:11:
                    cd:01:46:d3:9c:fc:51:f4:e6:33:ba:7c:a2:4f:fc:
                    ff:b1:ad:79:a0:eb:9a:16:5e:63:9a:c0:1e:ea:56:
                    66:ab:29:c7:76:a5:c5:16:f9:cf:3d:3f:d3:9b:49:
                    d8:fc:74:9e:34:6a:22:cd:4b:0e:d1:1d:27:1c:26:
                    5d:f8:ea:03:c4:dd:49:da:da:1b:21:ee:ed:df:d3:
                    bb:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:3A:47:57:CD:68:2D:13:70:C3:75:0F:91:9D:B2:95:B7:95:63:24
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/ADpHV81oLRNww3UPkZ2ylbeVYyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         30:2b:da:55:9c:41:70:47:48:47:09:49:22:53:f5:ab:a0:1b:
         87:dc:2e:64:ba:8e:0c:33:eb:44:49:2c:0d:c7:e8:9d:81:df:
         1a:9a:b8:28:5c:87:ba:98:40:aa:07:31:39:47:76:7c:30:4b:
         9f:8f:76:4b:43:8b:f5:cd:18:75:18:26:e0:9f:79:21:8a:89:
         11:52:05:ba:b1:dd:18:6b:c4:69:c3:57:fa:b8:87:3a:e7:69:
         a8:41:ff:59:67:99:59:9e:9d:63:e5:be:09:9c:e0:af:91:9e:
         ff:e4:c2:b0:1b:cd:47:a3:dd:b4:79:b4:3b:8a:29:d3:d6:21:
         32:b8:0d:2e:8a:fb:10:1d:e0:e7:0a:0b:ec:67:9a:de:fd:5e:
         79:73:08:32:e3:ef:f3:17:31:95:b0:6f:70:e0:7f:83:4e:86:
         c1:40:1f:14:d7:c3:1b:9a:d6:9d:fe:e4:b7:5f:ee:ac:27:fb:
         9b:f6:0a:6b:fb:22:cc:81:ec:3b:7c:3b:66:7e:cf:b5:0c:2c:
         17:e8:e1:62:f7:fb:16:9b:39:bd:f2:f3:d5:db:ff:97:46:be:
         c1:e1:63:38:c0:d3:a3:40:84:7c:fe:6f:b3:1d:99:57:62:d9:
         28:db:97:8d:1b:8e:82:d2:ab:0d:76:67:63:7f:e2:dd:c8:1c:
         65:10:bc:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvp+tzdk7eX//UhcODZdpndMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMTIzMDgzMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDNhNDc1N2NkNjgyZDEzNzBjMzc1MGY5MTlkYjI5NWI3OTU2MzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8Rdoore9CKOhzCKRNOKqFDsVyuG
XDhHBymst4lok5whdBP001QbXlfeDMQWI0c3GTV8AFJp2A6CCO+F0FYZiidBsFqU
2Dx/pS64j+76FWc6pClUVH1Z0BxHFkCGHm8U9CuFh1b//qg0Mh2HrNoRtNQ/DlZu
mBdhGYDstXQCWR9ja/ny3yBG1Ew7+gqL7N26VpBu2zn04Ox4VjAzqONIbkvooFFj
3M4DSOLND7jitxwPgxHNAUbTnPxR9OYzunyiT/z/sa15oOuaFl5jmsAe6lZmqynH
dqXFFvnPPT/Tm0nY/HSeNGoizUsO0R0nHCZd+OoDxN1J2tobIe7t39O7ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAA6R1fNaC0TcMN1D5GdspW3lWMkMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvQURwSFY4MW9MUk53dzNVUGtaMnlsYmVWWXlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnq04MA0G
CSqGSIb3DQEBCwUAA4IBAQAwK9pVnEFwR0hHCUkiU/WroBuH3C5kuo4MM+tESSwN
x+idgd8amrgoXIe6mECqBzE5R3Z8MEufj3ZLQ4v1zRh1GCbgn3khiokRUgW6sd0Y
a8Rpw1f6uIc652moQf9ZZ5lZnp1j5b4JnOCvkZ7/5MKwG81Ho920ebQ7iinT1iEy
uA0uivsQHeDnCgvsZ5re/V55cwgy4+/zFzGVsG9w4H+DTobBQB8U18Mbmtad/uS3
X+6sJ/ub9gpr+yLMgew7fDtmfs+1DCwX6OFi9/sWmzm98vPV2/+XRr7B4WM4wNOj
QIR8/m+zHZlXYtko25eNG46C0qsNdmdjf+LdyBxlELz6
-----END CERTIFICATE-----