This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/yjp0F1DNzleK6-vCRsNxWVIlBNw.roa
File:                     yjp0F1DNzleK6-vCRsNxWVIlBNw.roa (raw, json)
Hash identifier:          3j9dCEuG9ERZFB+WenZiPdRjdEvmFVjCWNLAT55vJ+I=
Subject key identifier:   CA:3A:74:17:50:CD:CE:57:8A:EB:EB:C2:46:C3:71:59:52:25:04:DC
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019B7D5B4EB6798893FEA06BBEB82CBDBDDD
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/yjp0F1DNzleK6-vCRsNxWVIlBNw.roa
Signing time:             Fri 02 Jan 2026 06:18:14 +0000
ROA not before:           Fri 02 Jan 2026 06:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     268624
IP address blocks:        158.173.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 08:31:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:4e:b6:79:88:93:fe:a0:6b:be:b8:2c:bd:bd:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Jan  2 06:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca3a741750cdce578aebebc246c37159522504dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:24:75:e1:f2:cb:a0:37:f4:0c:b0:a9:a7:fc:
                    32:83:a4:82:57:b0:3e:95:79:c9:64:93:bf:ab:25:
                    bb:72:26:44:57:eb:e3:9f:b3:1e:16:32:42:6c:e8:
                    f7:2f:5d:b3:fb:4f:c3:7d:cc:93:18:57:d0:60:9b:
                    1f:8a:ac:d1:d4:44:b5:74:1e:f6:88:2a:73:5c:06:
                    b7:3d:2c:54:50:af:a1:27:fe:ef:e8:19:c6:1a:73:
                    74:2b:04:52:66:86:e8:bb:ad:17:2a:4e:2e:04:a0:
                    b3:94:22:dc:bc:f1:9a:b8:04:59:3a:f8:c0:21:a4:
                    4e:ac:e1:9c:0a:0f:2b:b6:fb:86:a7:dd:d2:90:c3:
                    fb:f6:80:b9:bf:42:77:05:b5:d0:53:5d:4c:82:a5:
                    52:3a:5c:bf:3d:a8:bf:e7:ae:2b:a9:f0:0a:89:81:
                    4d:c3:8d:4f:e5:16:8e:fb:37:3d:64:fa:6c:9a:a1:
                    53:fa:23:4a:cc:d8:de:88:03:87:f8:26:b7:f6:68:
                    85:e5:a6:10:eb:36:93:c5:4a:17:91:69:89:28:ab:
                    1a:b1:75:61:af:4b:da:9f:8c:9b:6b:37:c0:d8:9a:
                    c4:3d:66:1e:67:91:c6:f1:26:5a:cf:c3:f1:f7:48:
                    fa:34:25:26:e5:97:25:27:b4:ce:3a:18:62:36:66:
                    89:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:3A:74:17:50:CD:CE:57:8A:EB:EB:C2:46:C3:71:59:52:25:04:DC
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/yjp0F1DNzleK6-vCRsNxWVIlBNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:aa:de:7e:d2:b1:20:21:b5:0e:ac:fc:cb:1d:e0:a4:07:1d:
         0f:5e:59:b2:af:55:ae:1b:21:02:25:7f:fe:92:4f:50:3d:c5:
         92:da:de:33:e0:21:b1:82:0e:31:83:17:5d:ab:7c:c9:ba:f7:
         61:c7:78:b5:8c:36:aa:a7:aa:66:8c:71:4e:91:23:c3:bf:1e:
         30:e9:06:8e:93:f4:0e:39:85:68:76:eb:47:0c:6d:f5:20:83:
         ac:9e:a0:91:2c:be:48:41:41:88:3b:4a:56:41:a2:23:6a:d5:
         db:c7:aa:18:66:00:d3:82:ef:d3:cc:cf:5a:f5:9e:f5:e4:c8:
         d6:55:03:d6:97:7c:3b:c9:ae:0a:4c:b9:ce:f0:89:e2:2c:f4:
         af:f7:28:00:0e:6c:f6:86:16:a5:e7:53:30:3a:1f:04:51:08:
         03:92:a7:51:49:7a:4e:38:56:1f:32:24:2f:05:61:c1:2b:d7:
         44:39:a4:dd:90:f5:d6:2d:fe:07:f0:66:2c:e6:60:97:60:90:
         8e:78:9c:df:6c:a0:6e:fd:7b:79:1b:be:8c:57:f9:7d:a3:4b:
         fb:c9:c3:ff:ae:bf:db:da:65:3d:3a:aa:b5:f0:8f:da:68:0e:
         ee:88:d8:bd:c2:e0:d0:2c:b5:ed:87:fe:b9:d3:ab:3d:d9:2e:
         12:19:f6:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W062eYiT/qBrvrgsvb3dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMTAyMDYxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTNhNzQxNzUwY2RjZTU3OGFlYmViYzI0NmMzNzE1OTUyMjUwNGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmCR14fLLoDf0DLCpp/wyg6SCV7A+
lXnJZJO/qyW7ciZEV+vjn7MeFjJCbOj3L12z+0/DfcyTGFfQYJsfiqzR1ES1dB72
iCpzXAa3PSxUUK+hJ/7v6BnGGnN0KwRSZobou60XKk4uBKCzlCLcvPGauARZOvjA
IaROrOGcCg8rtvuGp93SkMP79oC5v0J3BbXQU11MgqVSOly/Pai/564rqfAKiYFN
w41P5RaO+zc9ZPpsmqFT+iNKzNjeiAOH+Ca39miF5aYQ6zaTxUoXkWmJKKsasXVh
r0van4ybazfA2JrEPWYeZ5HG8SZaz8Px90j6NCUm5ZclJ7TOOhhiNmaJOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMo6dBdQzc5XiuvrwkbDcVlSJQTcMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEveWpwMEYxRE56bGVLNi12Q1JzTnhXVklsQk53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq0lMA0G
CSqGSIb3DQEBCwUAA4IBAQBbqt5+0rEgIbUOrPzLHeCkBx0PXlmyr1WuGyECJX/+
kk9QPcWS2t4z4CGxgg4xgxddq3zJuvdhx3i1jDaqp6pmjHFOkSPDvx4w6QaOk/QO
OYVodutHDG31IIOsnqCRLL5IQUGIO0pWQaIjatXbx6oYZgDTgu/TzM9a9Z715MjW
VQPWl3w7ya4KTLnO8IniLPSv9ygADmz2hhal51MwOh8EUQgDkqdRSXpOOFYfMiQv
BWHBK9dEOaTdkPXWLf4H8GYs5mCXYJCOeJzfbKBu/Xt5G76MV/l9o0v7ycP/rr/b
2mU9Oqq18I/aaA7uiNi9wuDQLLXth/6506s92S4SGfY2
-----END CERTIFICATE-----