This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/esa-e2_ZumGHcALoczTsyHzmEYc.roa
File:                     esa-e2_ZumGHcALoczTsyHzmEYc.roa (raw, json)
Hash identifier:          0Sc9Ya9xIXI/5dUo53/YmD633O0hCGXZms0LttwuNg4=
Subject key identifier:   7A:C6:BE:7B:6F:D9:BA:61:87:70:02:E8:73:34:EC:C8:7C:E6:11:87
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019B7AC7BCADB16381A773318F4D4A02171E
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/esa-e2_ZumGHcALoczTsyHzmEYc.roa
Signing time:             Thu 01 Jan 2026 18:17:48 +0000
ROA not before:           Thu 01 Jan 2026 18:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     996
IP address blocks:        159.148.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:55:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c7:bc:ad:b1:63:81:a7:73:31:8f:4d:4a:02:17:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  1 18:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ac6be7b6fd9ba61877002e87334ecc87ce61187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b9:c5:f2:a2:20:2b:2c:1e:c0:b8:54:23:12:
                    76:c0:13:c1:26:1a:19:01:8e:3c:bc:dc:e4:6f:99:
                    f4:ab:7a:37:60:af:aa:b9:c5:9a:0e:3f:f5:5a:22:
                    26:70:a3:92:ac:1c:2f:fe:4b:90:96:42:67:f8:07:
                    80:4b:b6:61:47:cc:de:ce:e7:67:a5:3a:a9:1a:3a:
                    68:ff:cd:8a:c2:f1:af:93:f9:78:15:af:5b:15:05:
                    3a:9f:b3:cf:2a:08:89:d8:2b:62:fb:ac:7b:2e:79:
                    41:04:57:3f:ae:36:f9:2a:d6:da:2f:0f:47:43:7d:
                    cb:90:8f:02:1c:72:e6:4f:0d:34:74:73:1e:f5:7f:
                    6a:d0:37:4d:da:fd:30:50:fe:71:9b:38:85:82:9f:
                    76:b0:8d:cf:fe:29:ab:10:9e:c2:8e:bf:10:74:3d:
                    2d:17:59:97:25:a6:16:3a:44:1c:10:85:ca:56:5d:
                    26:27:37:c8:00:f6:a8:f7:cc:bd:c2:72:1a:01:73:
                    ca:c6:52:b9:29:3e:3a:45:f2:63:d2:4b:2a:0d:d6:
                    0d:14:17:ad:7f:14:a2:c9:3a:15:49:ab:6b:fc:56:
                    69:f3:06:1f:09:89:90:94:c0:1d:fb:d1:3c:1e:de:
                    4b:f8:24:2f:90:d1:cb:f4:62:83:6e:bc:01:5f:74:
                    af:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:C6:BE:7B:6F:D9:BA:61:87:70:02:E8:73:34:EC:C8:7C:E6:11:87
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/esa-e2_ZumGHcALoczTsyHzmEYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  159.148.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:3e:a4:70:c0:55:f2:30:93:6c:8b:3f:f1:13:eb:58:85:69:
         a9:c9:d6:96:f9:e2:75:cb:1b:ca:d7:6f:68:f0:91:e8:74:6a:
         83:ba:b6:80:9a:52:2c:87:a1:3c:f7:cc:f4:f4:d1:b2:23:14:
         68:1c:3c:bc:a5:5f:fc:aa:e5:f7:42:b4:03:6e:17:f5:98:cc:
         b6:f3:95:62:97:6c:ce:4e:fe:23:67:fc:b3:ba:4d:64:aa:b9:
         da:b2:8d:9a:dc:04:cd:26:c9:ea:b8:c1:62:fc:57:13:cc:5f:
         fe:f9:4d:ee:d6:4e:86:86:ef:47:de:56:9e:c3:80:9d:2d:43:
         4a:a9:f9:2a:87:8c:d1:6a:87:38:8b:65:16:5c:f0:a8:68:91:
         89:63:c9:a3:ac:92:46:54:41:6f:5f:eb:03:30:1a:3c:d7:22:
         c6:6b:5d:3e:0d:7a:ca:5c:c6:ea:64:e3:b3:8e:4e:48:7a:d0:
         f7:77:7d:0d:e1:88:c5:e9:14:e8:9d:98:35:79:0a:2d:81:6f:
         64:06:0a:ea:44:90:e9:2e:e0:80:36:64:ca:f9:59:d2:f2:27:
         02:ba:ac:f7:c6:0f:46:b5:ce:d8:e9:6b:87:78:c5:f5:09:54:
         af:ef:b8:b2:63:52:c3:d9:40:5b:42:4a:71:5a:13:e4:52:91:
         9c:f7:83:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6x7ytsWOBp3Mxj01KAhceMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjYwMTAxMTgxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWM2YmU3YjZmZDliYTYxODc3MDAyZTg3MzM0ZWNjODdjZTYxMTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbnF8qIgKywewLhUIxJ2wBPBJhoZ
AY48vNzkb5n0q3o3YK+qucWaDj/1WiImcKOSrBwv/kuQlkJn+AeAS7ZhR8zezudn
pTqpGjpo/82KwvGvk/l4Fa9bFQU6n7PPKgiJ2Cti+6x7LnlBBFc/rjb5KtbaLw9H
Q33LkI8CHHLmTw00dHMe9X9q0DdN2v0wUP5xmziFgp92sI3P/imrEJ7Cjr8QdD0t
F1mXJaYWOkQcEIXKVl0mJzfIAPao98y9wnIaAXPKxlK5KT46RfJj0ksqDdYNFBet
fxSiyToVSatr/FZp8wYfCYmQlMAd+9E8Ht5L+CQvkNHL9GKDbrwBX3SvpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrGvntv2bphh3AC6HM07Mh85hGHMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvZXNhLWUyX1p1bUdIY0FMb2N6VHN5SHptRVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAn5T1MA0G
CSqGSIb3DQEBCwUAA4IBAQBHPqRwwFXyMJNsiz/xE+tYhWmpydaW+eJ1yxvK129o
8JHodGqDuraAmlIsh6E898z09NGyIxRoHDy8pV/8quX3QrQDbhf1mMy285Vil2zO
Tv4jZ/yzuk1kqrnaso2a3ATNJsnquMFi/FcTzF/++U3u1k6Ghu9H3laew4CdLUNK
qfkqh4zRaoc4i2UWXPCoaJGJY8mjrJJGVEFvX+sDMBo81yLGa10+DXrKXMbqZOOz
jk5IetD3d30N4YjF6RTonZg1eQotgW9kBgrqRJDpLuCANmTK+VnS8icCuqz3xg9G
tc7Y6WuHeMX1CVSv77iyY1LD2UBbQkpxWhPkUpGc94O6
-----END CERTIFICATE-----