This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cHQt26FXvMHdG1omdfOySKwQ0Ko.roa
File:                     cHQt26FXvMHdG1omdfOySKwQ0Ko.roa (raw, json)
Hash identifier:          rW0RnaCRI/tJTn9BbfpZvg1RzMBQ9DRXak0TeY85obA=
Subject key identifier:   70:74:2D:DB:A1:57:BC:C1:DD:1B:5A:26:75:F3:B2:48:AC:10:D0:AA
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019B7E37AC05AEED1505E8FCC97F56BFE081
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cHQt26FXvMHdG1omdfOySKwQ0Ko.roa
Signing time:             Fri 02 Jan 2026 10:18:56 +0000
ROA not before:           Fri 02 Jan 2026 10:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8151
IP address blocks:        158.173.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 00:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:ac:05:ae:ed:15:05:e8:fc:c9:7f:56:bf:e0:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jan  2 10:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70742ddba157bcc1dd1b5a2675f3b248ac10d0aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:3b:0e:70:6e:ff:b6:a2:98:d9:24:b8:7d:ab:
                    74:af:06:64:fa:dc:97:f6:c3:7e:7c:c9:44:6e:c3:
                    3f:a8:d4:5e:fe:f2:94:20:7f:67:7a:52:16:86:c4:
                    ae:4c:09:12:62:51:57:db:ce:75:1e:b8:5b:87:d9:
                    59:9d:75:44:3f:22:7c:96:22:87:95:ce:cf:96:6d:
                    b4:7e:9e:ab:b5:9f:71:56:86:ca:55:65:c8:14:74:
                    1c:a8:a4:3b:f0:bd:91:72:d0:ef:08:45:e1:7f:98:
                    ee:bf:2f:03:40:b6:ec:f6:c8:ac:69:03:67:ae:d9:
                    47:80:38:f4:bf:e0:bf:82:27:1e:cc:80:12:8f:84:
                    c5:43:3c:40:b7:22:fc:1a:85:3b:ea:70:33:52:be:
                    7b:7d:e3:cd:62:0f:39:bd:e6:db:4d:7a:19:4b:9e:
                    7c:f0:dd:4d:37:20:45:c6:1c:33:3e:77:e6:bd:1f:
                    68:d9:9f:f0:90:76:a8:77:6b:51:9b:e9:03:ab:34:
                    b4:75:92:a6:0c:fc:ce:79:cd:12:fe:ee:d4:53:8b:
                    09:63:88:55:c8:8e:7d:ac:f5:2c:c3:16:a1:e0:35:
                    db:ca:33:65:87:73:57:6a:dc:91:cb:91:52:73:74:
                    00:7b:5c:21:1a:ca:6f:05:28:7c:cb:e8:22:5c:73:
                    31:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:74:2D:DB:A1:57:BC:C1:DD:1B:5A:26:75:F3:B2:48:AC:10:D0:AA
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/cHQt26FXvMHdG1omdfOySKwQ0Ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:32:30:3e:d1:9f:fc:d0:ab:60:4e:36:bd:03:77:32:4c:2b:
         d4:5c:ea:7a:e6:e0:a0:d3:73:11:6f:aa:d3:b8:fd:3e:d3:eb:
         08:49:6b:aa:cb:ea:5c:8e:fb:20:00:98:fc:b2:30:90:83:59:
         02:27:c6:05:9f:13:47:26:d3:88:b0:68:52:a7:f2:f8:42:9e:
         0a:a5:ae:84:4e:4a:6d:de:77:ff:c2:81:e3:59:65:ae:c5:15:
         fc:42:3a:24:3a:7c:93:54:1a:6f:b0:02:8d:41:83:ff:96:67:
         4e:38:18:1b:03:db:3f:4a:89:ec:5a:eb:d6:a7:34:77:d2:25:
         44:24:63:cc:f7:d8:ba:c4:dc:fe:c5:61:7d:cb:cc:97:a2:97:
         8b:f0:a0:9f:2b:e6:91:05:b2:f4:ab:5d:26:de:cc:d7:18:f2:
         cf:de:7d:41:4b:a1:fc:bb:aa:8f:55:02:dc:bd:3a:36:6a:37:
         5a:42:25:6d:db:eb:49:3d:38:22:06:73:71:fa:17:90:19:3c:
         e0:6c:3d:f4:ec:8f:b9:d1:b8:84:5b:06:ae:5e:7b:47:b9:93:
         8d:39:64:23:9d:e9:88:c3:f2:2f:a7:dc:a4:68:a8:3a:2f:1d:
         e2:bd:e8:67:7b:a7:55:24:01:f3:f6:23:34:47:b6:42:9a:a8:
         f5:0f:85:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N6wFru0VBej8yX9Wv+CBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMTAyMTAxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDc0MmRkYmExNTdiY2MxZGQxYjVhMjY3NWYzYjI0OGFjMTBkMGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TsOcG7/tqKY2SS4fat0rwZk+tyX
9sN+fMlEbsM/qNRe/vKUIH9nelIWhsSuTAkSYlFX2851Hrhbh9lZnXVEPyJ8liKH
lc7Plm20fp6rtZ9xVobKVWXIFHQcqKQ78L2RctDvCEXhf5juvy8DQLbs9sisaQNn
rtlHgDj0v+C/gicezIASj4TFQzxAtyL8GoU76nAzUr57fePNYg85vebbTXoZS558
8N1NNyBFxhwzPnfmvR9o2Z/wkHaod2tRm+kDqzS0dZKmDPzOec0S/u7UU4sJY4hV
yI59rPUswxah4DXbyjNlh3NXatyRy5FSc3QAe1whGspvBSh8y+giXHMxLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHB0LduhV7zB3RtaJnXzskisENCqMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvY0hRdDI2Rlh2TUhkRzFvbWRmT3lTS3dRMEtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq2FMA0G
CSqGSIb3DQEBCwUAA4IBAQCAMjA+0Z/80KtgTja9A3cyTCvUXOp65uCg03MRb6rT
uP0+0+sISWuqy+pcjvsgAJj8sjCQg1kCJ8YFnxNHJtOIsGhSp/L4Qp4Kpa6ETkpt
3nf/woHjWWWuxRX8QjokOnyTVBpvsAKNQYP/lmdOOBgbA9s/SonsWuvWpzR30iVE
JGPM99i6xNz+xWF9y8yXopeL8KCfK+aRBbL0q10m3szXGPLP3n1BS6H8u6qPVQLc
vTo2ajdaQiVt2+tJPTgiBnNx+heQGTzgbD307I+50biEWwauXntHuZONOWQjnemI
w/Ivp9ykaKg6Lx3ivehne6dVJAHz9iM0R7ZCmqj1D4X+
-----END CERTIFICATE-----