This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/T-5iPcnqsCezQTEheWZWzWtrA18.roa
File:                     T-5iPcnqsCezQTEheWZWzWtrA18.roa (raw, json)
Hash identifier:          IDRrVJDQTAycZw+3lmD3j1ROsNlDG2qWSW1sP/pYHrg=
Subject key identifier:   4F:EE:62:3D:C9:EA:B0:27:B3:41:31:21:79:66:56:CD:6B:6B:03:5F
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019B7D5B4D54A87EAD7590E9D410AF826F5D
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/T-5iPcnqsCezQTEheWZWzWtrA18.roa
Signing time:             Fri 02 Jan 2026 06:18:14 +0000
ROA not before:           Fri 02 Jan 2026 06:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208711
IP address blocks:        158.173.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 08:31:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:4d:54:a8:7e:ad:75:90:e9:d4:10:af:82:6f:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Jan  2 06:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4fee623dc9eab027b3413121796656cd6b6b035f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:64:c5:a6:88:84:f4:3b:06:00:15:76:26:35:
                    5c:96:50:86:7e:10:80:9b:2b:6a:a2:fa:07:98:29:
                    38:33:94:9e:de:22:5a:f7:6e:2a:bb:67:79:e8:2c:
                    db:db:ae:fe:bc:d9:73:74:a2:78:90:55:c1:31:f3:
                    e0:2e:84:ff:b8:a1:58:4e:0d:c3:6a:ec:c5:53:f3:
                    ff:b5:33:8b:11:90:34:a8:4f:91:ca:f3:a6:f0:82:
                    3b:af:74:43:fe:d9:57:d3:f1:01:3f:99:f6:52:c8:
                    7e:e0:96:e5:bf:d8:7c:3f:d8:d6:37:f5:96:e2:2f:
                    a9:03:8a:31:03:6d:a3:b5:9b:d0:0f:e3:08:b1:95:
                    34:0f:bd:3c:36:7f:67:fc:15:c8:db:ca:d6:95:75:
                    b4:da:8d:7b:d6:e9:15:14:65:74:51:2c:db:3b:f1:
                    30:51:37:7c:7b:85:dc:37:dc:52:26:7f:f0:2a:ba:
                    8d:a4:96:25:54:40:a7:7c:f3:32:d7:70:8f:8b:8f:
                    9d:41:ca:c9:6c:1e:72:24:a7:86:5b:53:e6:2e:e6:
                    75:3b:65:c1:60:0a:1f:95:39:0e:b0:b5:80:0d:b1:
                    a0:61:b9:8d:a6:ef:65:1f:8e:93:92:8d:8d:4d:5e:
                    a9:c3:e1:40:ad:dd:04:39:36:28:53:0b:fc:54:ff:
                    f5:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:EE:62:3D:C9:EA:B0:27:B3:41:31:21:79:66:56:CD:6B:6B:03:5F
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/T-5iPcnqsCezQTEheWZWzWtrA18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:5e:d6:a4:e7:4b:81:6d:53:11:95:a4:73:95:66:30:4a:02:
         f9:3f:52:37:f5:dd:8d:37:5c:da:2f:e7:da:d1:37:b7:ef:d8:
         f8:5b:19:60:f4:c0:96:c0:6a:c6:06:73:d8:73:96:d7:57:77:
         bf:2c:b1:b1:03:18:8e:5d:95:d7:b8:02:54:7b:9e:93:ac:99:
         62:64:7f:7d:00:f3:ab:97:48:84:5b:a4:31:f6:c0:75:be:97:
         84:95:71:d5:2c:e3:30:03:4b:17:fd:4e:99:9e:2c:bf:96:7f:
         f9:eb:1a:58:4f:84:6a:2c:8c:c1:d5:f5:11:84:55:b5:bf:a2:
         ce:a1:a0:6b:5f:60:04:92:fa:7b:c0:00:91:71:f2:d0:1e:ed:
         8b:32:89:29:d0:c8:ab:1f:c7:c2:21:cc:83:77:8e:74:42:f0:
         c7:fc:e2:21:35:c0:a1:8d:9c:93:04:e1:96:7b:86:50:38:0a:
         8b:a4:5f:4d:2d:9d:18:26:04:8a:4e:75:08:63:2e:9d:ac:e7:
         22:14:9d:a6:e9:bf:96:1d:0d:3c:36:92:e0:ec:b9:e4:fc:85:
         92:c9:58:e6:b6:5f:40:b2:bb:96:8b:de:7d:68:1e:41:41:73:
         49:47:06:23:9c:b3:95:48:95:9c:be:f1:82:e4:42:d5:a6:88:
         23:43:dd:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W01UqH6tdZDp1BCvgm9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMTAyMDYxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmVlNjIzZGM5ZWFiMDI3YjM0MTMxMjE3OTY2NTZjZDZiNmIwMzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmTFpoiE9DsGABV2JjVcllCGfhCA
mytqovoHmCk4M5Se3iJa924qu2d56Czb267+vNlzdKJ4kFXBMfPgLoT/uKFYTg3D
auzFU/P/tTOLEZA0qE+RyvOm8II7r3RD/tlX0/EBP5n2Ush+4Jblv9h8P9jWN/WW
4i+pA4oxA22jtZvQD+MIsZU0D708Nn9n/BXI28rWlXW02o171ukVFGV0USzbO/Ew
UTd8e4XcN9xSJn/wKrqNpJYlVECnfPMy13CPi4+dQcrJbB5yJKeGW1PmLuZ1O2XB
YAoflTkOsLWADbGgYbmNpu9lH46Tko2NTV6pw+FArd0EOTYoUwv8VP/1dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/uYj3J6rAns0ExIXlmVs1rawNfMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvVC01aVBjbnFzQ2V6UVRFaGVXWld6V3RyQTE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq0AMA0G
CSqGSIb3DQEBCwUAA4IBAQBsXtak50uBbVMRlaRzlWYwSgL5P1I39d2NN1zaL+fa
0Te379j4Wxlg9MCWwGrGBnPYc5bXV3e/LLGxAxiOXZXXuAJUe56TrJliZH99APOr
l0iEW6Qx9sB1vpeElXHVLOMwA0sX/U6Zniy/ln/56xpYT4RqLIzB1fURhFW1v6LO
oaBrX2AEkvp7wACRcfLQHu2LMokp0MirH8fCIcyDd450QvDH/OIhNcChjZyTBOGW
e4ZQOAqLpF9NLZ0YJgSKTnUIYy6drOciFJ2m6b+WHQ08NpLg7Lnk/IWSyVjmtl9A
sruWi959aB5BQXNJRwYjnLOVSJWcvvGC5ELVpogjQ91S
-----END CERTIFICATE-----