This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/z-53IXFcKJ6y4Mf6a0CbR1GDMyI.roa
File:                     z-53IXFcKJ6y4Mf6a0CbR1GDMyI.roa (raw, json)
Hash identifier:          7n5dh4QPCbMNxOIfvTg67aQhUq6LDc9VCW/176Z07bA=
Subject key identifier:   CF:EE:77:21:71:5C:28:9E:B2:E0:C7:FA:6B:40:9B:47:51:83:33:22
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019BE53BF4D0B59695A6E5A312E093982A71
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/z-53IXFcKJ6y4Mf6a0CbR1GDMyI.roa
Signing time:             Thu 22 Jan 2026 10:24:30 +0000
ROA not before:           Thu 22 Jan 2026 10:24:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210558
IP address blocks:        158.173.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 08:31:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e5:3b:f4:d0:b5:96:95:a6:e5:a3:12:e0:93:98:2a:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Jan 22 10:24:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cfee7721715c289eb2e0c7fa6b409b4751833322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:d0:c8:16:0d:d6:9a:35:ae:d5:10:98:0b:7c:
                    24:62:d5:94:5e:d8:db:bd:23:bb:11:2b:14:44:59:
                    80:20:02:37:87:10:42:83:a5:88:e2:56:2d:0f:c0:
                    68:4e:e1:0b:a6:82:cf:a4:19:e4:54:ab:d9:93:c8:
                    3b:d4:62:de:87:35:7f:7b:ee:de:b2:06:14:c9:ab:
                    54:d0:d6:b5:a8:0c:23:5f:2c:b4:e1:1c:88:0a:e1:
                    d5:31:73:de:83:50:7b:6d:c6:27:52:8e:05:44:54:
                    97:75:3a:3f:d9:8e:9f:0c:f2:44:8e:59:03:6b:0c:
                    76:f4:e3:08:ec:95:df:7d:9e:62:47:dd:29:0d:2d:
                    ed:f0:9d:a0:8b:14:5a:76:41:6c:e7:b0:38:f9:2b:
                    eb:29:b8:d9:fa:d4:74:b5:52:34:4d:0b:d5:72:a1:
                    9d:70:82:28:97:c2:ba:ec:f0:05:d5:e8:52:6a:58:
                    8a:85:67:2f:d5:85:06:c3:1d:bb:aa:91:69:a6:3c:
                    59:5b:41:24:57:ae:1b:ee:e4:c4:c9:b4:25:5c:4c:
                    ce:38:6e:4a:cd:50:bb:7d:83:05:15:2a:e3:1e:e5:
                    b2:41:41:9f:75:11:3d:03:c5:9b:bd:16:f2:fe:22:
                    8d:a0:11:ec:bd:ec:0c:09:5e:83:56:91:ae:d2:45:
                    a0:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:EE:77:21:71:5C:28:9E:B2:E0:C7:FA:6B:40:9B:47:51:83:33:22
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/z-53IXFcKJ6y4Mf6a0CbR1GDMyI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:b0:37:3e:e2:47:e9:e1:2e:21:97:80:b5:ed:56:02:5d:ab:
         23:0a:59:1a:55:a2:4d:81:ed:44:bb:a3:8e:5f:70:d6:80:00:
         50:c3:eb:cf:db:94:cb:05:c9:aa:b1:48:d8:b3:6b:dc:53:38:
         f8:9e:c9:98:a1:1a:ef:30:4f:a2:cf:42:38:be:ba:a0:bf:6c:
         6d:f7:fa:f0:c3:d8:53:1e:6d:65:e2:00:bb:19:60:39:4f:b5:
         14:96:ba:ab:10:e7:af:64:9f:28:aa:ce:73:cb:f2:71:ec:d5:
         e1:b5:ba:a9:f4:63:c4:e7:95:0b:71:86:e4:4d:0b:25:44:45:
         8c:04:63:ea:3a:3a:bf:71:d2:57:af:49:40:3c:ee:d1:5c:08:
         c7:4e:a1:70:71:20:77:d5:e6:69:1e:d0:af:a8:9d:e4:eb:39:
         09:f8:d1:1c:8e:f6:82:92:5b:06:d1:27:29:0e:e5:cb:82:24:
         11:95:1b:5f:be:6f:e3:55:a8:61:f4:6e:f7:81:50:c3:d0:74:
         e0:0c:c8:33:a9:88:d7:b1:26:67:a5:8e:e8:19:78:fa:c5:e2:
         ca:43:df:cd:4f:ff:d1:a9:89:87:8d:44:30:dd:b7:57:ce:12:
         c1:fd:aa:21:29:d5:a8:7c:24:56:7e:f7:c9:71:64:e6:5e:c1:
         7d:44:b4:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvlO/TQtZaVpuWjEuCTmCpxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMTIyMTAyNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmVlNzcyMTcxNWMyODllYjJlMGM3ZmE2YjQwOWI0NzUxODMzMzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy9DIFg3WmjWu1RCYC3wkYtWUXtjb
vSO7ESsURFmAIAI3hxBCg6WI4lYtD8BoTuELpoLPpBnkVKvZk8g71GLehzV/e+7e
sgYUyatU0Na1qAwjXyy04RyICuHVMXPeg1B7bcYnUo4FRFSXdTo/2Y6fDPJEjlkD
awx29OMI7JXffZ5iR90pDS3t8J2gixRadkFs57A4+SvrKbjZ+tR0tVI0TQvVcqGd
cIIol8K67PAF1ehSaliKhWcv1YUGwx27qpFppjxZW0EkV64b7uTEybQlXEzOOG5K
zVC7fYMFFSrjHuWyQUGfdRE9A8WbvRby/iKNoBHsvewMCV6DVpGu0kWg1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/udyFxXCiesuDH+mtAm0dRgzMiMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvei01M0lYRmNLSjZ5NE1mNmEwQ2JSMUdETXlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq0zMA0G
CSqGSIb3DQEBCwUAA4IBAQCZsDc+4kfp4S4hl4C17VYCXasjClkaVaJNge1Eu6OO
X3DWgABQw+vP25TLBcmqsUjYs2vcUzj4nsmYoRrvME+iz0I4vrqgv2xt9/rww9hT
Hm1l4gC7GWA5T7UUlrqrEOevZJ8oqs5zy/Jx7NXhtbqp9GPE55ULcYbkTQslREWM
BGPqOjq/cdJXr0lAPO7RXAjHTqFwcSB31eZpHtCvqJ3k6zkJ+NEcjvaCklsG0Scp
DuXLgiQRlRtfvm/jVahh9G73gVDD0HTgDMgzqYjXsSZnpY7oGXj6xeLKQ9/NT//R
qYmHjUQw3bdXzhLB/aohKdWofCRWfvfJcWTmXsF9RLTc
-----END CERTIFICATE-----