This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/TEKfYHkotwU7_5ucl5CauD9rWBg.roa
File:                     TEKfYHkotwU7_5ucl5CauD9rWBg.roa (raw, json)
Hash identifier:          2nLll6//1iJ2CCFmRLPt+PdNzBEZUp9S5l++rLed9jU=
Subject key identifier:   4C:42:9F:60:79:28:B7:05:3B:FF:9B:9C:97:90:9A:B8:3F:6B:58:18
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019B7D5B4AA4E03C715947A167283CDE6B31
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/TEKfYHkotwU7_5ucl5CauD9rWBg.roa
Signing time:             Fri 02 Jan 2026 06:18:13 +0000
ROA not before:           Fri 02 Jan 2026 06:18:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     53107
IP address blocks:        158.173.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 08:31:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:4a:a4:e0:3c:71:59:47:a1:67:28:3c:de:6b:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Jan  2 06:18:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c429f607928b7053bff9b9c97909ab83f6b5818
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:af:b8:30:23:f7:65:19:b2:4a:14:a9:dd:03:
                    6f:5f:b3:69:7f:d5:9b:d3:93:e8:cc:b8:f1:28:24:
                    13:7a:1a:a3:45:63:f7:34:c2:55:38:7b:b2:5f:91:
                    d2:b7:cc:ff:a0:15:39:06:d0:9a:f3:b6:c9:0d:f4:
                    a4:bf:20:64:c3:52:56:b5:eb:95:f3:52:70:35:17:
                    4a:89:77:83:a5:3d:32:ae:5b:ab:89:15:21:cd:65:
                    45:b7:3e:46:88:31:33:ff:fa:8c:86:92:f3:cb:8b:
                    d9:13:58:aa:f2:4d:61:1f:84:e7:a9:d0:10:ec:c3:
                    9b:a3:1a:dd:a5:e8:04:d9:01:50:cf:c6:ec:2f:71:
                    e7:96:ff:2b:f5:63:fa:2d:af:84:df:16:5b:f1:66:
                    d8:83:95:ac:0e:89:f1:09:b0:96:e6:33:b6:00:a5:
                    00:09:d9:b7:cc:55:43:f6:fa:98:2d:d1:1b:39:fa:
                    70:bc:9b:1d:44:81:65:20:50:5d:d9:af:f1:67:7e:
                    e7:c8:4a:5c:92:21:16:6a:f2:3f:32:b2:7f:1a:48:
                    f9:a9:5a:f4:82:49:c7:50:76:9f:2d:8c:84:cd:23:
                    bf:d2:da:e6:05:68:1a:98:7b:46:2a:91:53:3c:47:
                    e4:4d:ff:b9:86:ab:20:05:75:7c:f3:d9:f2:1f:39:
                    13:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:42:9F:60:79:28:B7:05:3B:FF:9B:9C:97:90:9A:B8:3F:6B:58:18
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/TEKfYHkotwU7_5ucl5CauD9rWBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:15:48:0a:2f:2a:d3:d9:77:61:39:b8:05:79:75:c8:16:d1:
         3b:41:da:0a:d9:30:88:82:3b:30:2c:97:e1:10:a8:8e:7f:3d:
         22:0e:34:a1:94:b4:41:68:d7:d9:09:c2:a8:f0:e0:10:ac:7e:
         ad:74:d8:a0:ec:6f:f5:e3:12:6b:97:56:c5:72:da:9d:9e:19:
         02:16:66:9d:79:63:09:fd:c8:c5:fe:4b:5b:2b:ed:24:d5:d1:
         70:92:02:b5:14:82:ff:c3:d3:81:3f:93:b5:06:16:f0:4e:3b:
         28:59:8b:37:57:5b:d0:5a:17:59:c9:c9:2f:c0:bf:4b:96:60:
         4b:32:8b:6a:37:62:ca:85:70:c0:d1:26:46:23:de:3a:f2:80:
         99:2e:97:a9:66:70:cb:ce:6f:6e:76:14:ad:e9:1a:e1:46:54:
         55:b2:85:88:4e:fe:80:9d:00:aa:f2:ac:39:20:c0:f4:c5:09:
         3f:f7:92:22:20:ee:6b:ba:60:05:8d:0b:88:f0:6c:69:8a:a0:
         37:15:7f:28:86:72:46:f3:3b:03:76:32:ae:e1:c1:54:61:12:
         ed:60:65:17:3c:f4:d4:05:36:01:2e:ee:c3:78:01:5f:00:5e:
         16:86:c6:49:73:d0:ed:13:6a:45:dd:da:fb:e4:5b:ae:5a:8c:
         d1:f6:f2:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W0qk4DxxWUehZyg83msxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMTAyMDYxODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzQyOWY2MDc5MjhiNzA1M2JmZjliOWM5NzkwOWFiODNmNmI1ODE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3q+4MCP3ZRmyShSp3QNvX7Npf9Wb
05PozLjxKCQTehqjRWP3NMJVOHuyX5HSt8z/oBU5BtCa87bJDfSkvyBkw1JWteuV
81JwNRdKiXeDpT0yrluriRUhzWVFtz5GiDEz//qMhpLzy4vZE1iq8k1hH4TnqdAQ
7MOboxrdpegE2QFQz8bsL3Hnlv8r9WP6La+E3xZb8WbYg5WsDonxCbCW5jO2AKUA
Cdm3zFVD9vqYLdEbOfpwvJsdRIFlIFBd2a/xZ37nyEpckiEWavI/MrJ/Gkj5qVr0
gknHUHafLYyEzSO/0trmBWgamHtGKpFTPEfkTf+5hqsgBXV889nyHzkTVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFExCn2B5KLcFO/+bnJeQmrg/a1gYMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvVEVLZllIa290d1U3XzV1Y2w1Q2F1RDlyV0JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq0CMA0G
CSqGSIb3DQEBCwUAA4IBAQAtFUgKLyrT2XdhObgFeXXIFtE7QdoK2TCIgjswLJfh
EKiOfz0iDjShlLRBaNfZCcKo8OAQrH6tdNig7G/14xJrl1bFctqdnhkCFmadeWMJ
/cjF/ktbK+0k1dFwkgK1FIL/w9OBP5O1BhbwTjsoWYs3V1vQWhdZyckvwL9LlmBL
MotqN2LKhXDA0SZGI9468oCZLpepZnDLzm9udhSt6RrhRlRVsoWITv6AnQCq8qw5
IMD0xQk/95IiIO5rumAFjQuI8GxpiqA3FX8ohnJG8zsDdjKu4cFUYRLtYGUXPPTU
BTYBLu7DeAFfAF4WhsZJc9DtE2pF3dr75FuuWozR9vKP
-----END CERTIFICATE-----