This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/joU_HXTTiVOD6IsZ61GejGsNyt0.roa
File:                     joU_HXTTiVOD6IsZ61GejGsNyt0.roa (raw, json)
Hash identifier:          z4ayXJYHjlMGq7mtJsZFWpLb97vbQUWnnmVC19KCvPU=
Subject key identifier:   8E:85:3F:1D:74:D3:89:53:83:E8:8B:19:EB:51:9E:8C:6B:0D:CA:DD
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019B7E37B629559077C6CA2D12EDC2CCA83C
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/joU_HXTTiVOD6IsZ61GejGsNyt0.roa
Signing time:             Fri 02 Jan 2026 10:18:58 +0000
ROA not before:           Fri 02 Jan 2026 10:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42160
IP address blocks:        158.173.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 00:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:b6:29:55:90:77:c6:ca:2d:12:ed:c2:cc:a8:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Jan  2 10:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8e853f1d74d3895383e88b19eb519e8c6b0dcadd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:3d:d9:f8:24:39:2d:86:37:20:ff:20:56:65:
                    8a:a0:65:a0:e6:53:ed:7e:f3:1d:89:e8:e1:8b:9b:
                    75:24:90:c9:62:af:ec:38:3d:05:51:db:c1:59:86:
                    e7:f6:26:99:54:a8:e2:21:91:9b:3d:c8:0b:a6:38:
                    b7:03:08:8a:a6:20:ff:2a:b9:1b:01:d9:64:67:d0:
                    75:76:bc:b6:b3:ec:e4:83:60:98:a9:0e:c8:20:5b:
                    5f:32:4f:c6:7b:59:8f:a0:8f:50:cf:25:f0:e7:0f:
                    e4:da:75:84:8b:fd:4b:df:89:a1:38:ba:80:91:a8:
                    0c:1d:e9:7b:9b:24:45:29:44:91:a5:6d:31:0f:21:
                    2b:ea:c5:98:88:66:bb:ee:57:2e:33:bf:42:d2:ab:
                    ce:20:43:f3:9e:bf:60:b7:8b:49:a3:9b:1d:86:5b:
                    b8:b0:7b:ff:0c:5d:6d:54:82:ea:c4:f5:02:85:df:
                    64:1d:23:da:b3:2a:a3:5d:70:e6:44:92:81:a3:d0:
                    20:a3:95:15:56:13:5a:17:4e:9d:17:be:bd:b3:4a:
                    2e:00:da:2b:1d:68:09:17:93:5d:1c:36:47:74:91:
                    73:9c:02:6c:6e:ce:d7:4b:77:a4:54:84:cf:74:da:
                    de:6f:d2:f5:a8:75:ea:2c:89:bf:9c:f0:0f:ca:c9:
                    cd:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:85:3F:1D:74:D3:89:53:83:E8:8B:19:EB:51:9E:8C:6B:0D:CA:DD
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/joU_HXTTiVOD6IsZ61GejGsNyt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:cc:eb:2f:36:b1:cc:3a:81:c3:e9:e6:77:90:15:1c:11:ea:
         05:49:fa:62:a6:85:1b:68:6c:7a:a9:b9:62:b2:ed:9c:75:89:
         10:e2:ba:6b:42:1c:68:67:84:0b:8f:3c:af:20:2e:32:19:fc:
         6f:7d:21:66:ba:34:4c:ba:fa:fe:04:46:4a:12:3a:e0:bf:84:
         b5:59:28:3e:ab:09:c9:5e:5a:07:bc:5c:fd:e9:32:79:fa:c1:
         30:cd:a1:dc:d6:74:1b:e2:ed:78:e9:53:ab:13:a8:f9:25:f2:
         b5:5b:a4:d2:0b:2b:03:7d:b7:ba:31:88:90:6f:3b:e0:8f:32:
         7c:98:b2:5c:c2:be:62:e9:54:55:02:e8:8a:99:17:1e:ac:55:
         ce:28:2c:9d:af:fc:16:8e:7e:83:92:9c:d0:b8:a9:be:8c:1d:
         7a:3f:23:6a:04:d5:39:25:aa:7b:e7:fa:d3:0c:e7:1e:08:4e:
         eb:2d:c8:c5:aa:9f:50:29:b4:84:89:56:1a:9a:7a:88:bd:60:
         2d:bf:94:89:96:e6:94:ee:2d:4c:73:ec:69:2c:83:a4:d9:20:
         2a:7b:aa:45:9c:ba:9f:2c:38:fd:f1:8c:a1:d4:1d:3a:23:09:
         d6:21:5d:f8:22:58:55:cb:64:4a:10:22:00:bc:ea:30:12:50:
         8f:66:19:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N7YpVZB3xsotEu3CzKg8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMTAyMTAxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTg1M2YxZDc0ZDM4OTUzODNlODhiMTllYjUxOWU4YzZiMGRjYWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqT3Z+CQ5LYY3IP8gVmWKoGWg5lPt
fvMdiejhi5t1JJDJYq/sOD0FUdvBWYbn9iaZVKjiIZGbPcgLpji3AwiKpiD/Krkb
AdlkZ9B1dry2s+zkg2CYqQ7IIFtfMk/Ge1mPoI9QzyXw5w/k2nWEi/1L34mhOLqA
kagMHel7myRFKUSRpW0xDyEr6sWYiGa77lcuM79C0qvOIEPznr9gt4tJo5sdhlu4
sHv/DF1tVILqxPUChd9kHSPasyqjXXDmRJKBo9Ago5UVVhNaF06dF769s0ouANor
HWgJF5NdHDZHdJFznAJsbs7XS3ekVITPdNreb9L1qHXqLIm/nPAPysnNcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6FPx1004lTg+iLGetRnoxrDcrdMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvam9VX0hYVFRpVk9ENklzWjYxR2VqR3NOeXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq2AMA0G
CSqGSIb3DQEBCwUAA4IBAQBHzOsvNrHMOoHD6eZ3kBUcEeoFSfpipoUbaGx6qbli
su2cdYkQ4rprQhxoZ4QLjzyvIC4yGfxvfSFmujRMuvr+BEZKEjrgv4S1WSg+qwnJ
XloHvFz96TJ5+sEwzaHc1nQb4u146VOrE6j5JfK1W6TSCysDfbe6MYiQbzvgjzJ8
mLJcwr5i6VRVAuiKmRcerFXOKCydr/wWjn6DkpzQuKm+jB16PyNqBNU5Jap75/rT
DOceCE7rLcjFqp9QKbSEiVYamnqIvWAtv5SJluaU7i1Mc+xpLIOk2SAqe6pFnLqf
LDj98Yyh1B06IwnWIV34IlhVy2RKECIAvOowElCPZhkC
-----END CERTIFICATE-----