This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/4H3kqbZKgvCRJ41TW2E8J1NDC88.roa
File:                     4H3kqbZKgvCRJ41TW2E8J1NDC88.roa (raw, json)
Hash identifier:          ah0Wo037A9MM/sUCKBiJ/BqofxWUcKYL1Cq5STwAUy8=
Subject key identifier:   E0:7D:E4:A9:B6:4A:82:F0:91:27:8D:53:5B:61:3C:27:53:43:0B:CF
Certificate issuer:       /CN=fd74deb4184426fa62225b6120c36706f737b8e2
Certificate serial:       019B7C7F95494C5E665F2035755C06512A44
Authority key identifier: FD:74:DE:B4:18:44:26:FA:62:22:5B:61:20:C3:67:06:F7:37:B8:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_XTetBhEJvpiIlthIMNnBvc3uOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/4H3kqbZKgvCRJ41TW2E8J1NDC88.roa
Signing time:             Fri 02 Jan 2026 02:18:14 +0000
ROA not before:           Fri 02 Jan 2026 02:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47616
IP address blocks:        160.40.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/_XTetBhEJvpiIlthIMNnBvc3uOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/_XTetBhEJvpiIlthIMNnBvc3uOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_XTetBhEJvpiIlthIMNnBvc3uOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 05:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:95:49:4c:5e:66:5f:20:35:75:5c:06:51:2a:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd74deb4184426fa62225b6120c36706f737b8e2
        Validity
            Not Before: Jan  2 02:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e07de4a9b64a82f091278d535b613c2753430bcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ae:c6:96:dc:cf:63:6b:bc:d7:12:ae:d2:4b:
                    e1:d8:6c:0d:83:d1:b7:f3:46:90:68:10:09:88:3e:
                    23:63:7e:91:f9:9c:bc:37:3d:cc:25:cb:87:dd:75:
                    b4:e8:fb:65:11:af:4d:36:95:52:a4:59:1b:27:d9:
                    f1:b4:a9:0f:19:0c:7f:25:83:7c:e1:c4:1d:c9:7f:
                    59:86:68:b6:3c:19:41:67:b9:14:a6:ae:f0:3a:6d:
                    cb:dc:61:75:6c:6c:3c:d9:71:1e:f7:fb:05:15:61:
                    8d:e9:a9:c5:1f:db:88:0e:94:67:e6:3e:13:c7:4b:
                    80:03:30:55:b7:c2:32:4c:1e:8f:4c:f6:93:2f:46:
                    80:0b:ad:d4:24:e2:04:1c:42:1c:9c:a9:23:dc:f0:
                    c8:4b:66:52:ff:5f:78:db:bc:ce:6b:4b:cf:c8:7b:
                    5e:b9:bd:0f:05:d4:a0:bb:99:f8:25:f2:4b:7c:91:
                    19:27:8c:07:21:cc:89:5a:33:25:de:a0:d1:c0:3c:
                    3f:33:a4:fa:df:c1:97:4b:ff:31:81:d4:fa:1b:c3:
                    2d:c5:ca:14:68:ee:65:98:f0:a1:6c:46:09:21:24:
                    b4:5c:4e:3f:43:7d:4b:12:1c:38:21:ec:d6:97:a5:
                    a6:d3:b3:0c:33:b1:ff:50:7b:81:78:c7:49:da:27:
                    8c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:7D:E4:A9:B6:4A:82:F0:91:27:8D:53:5B:61:3C:27:53:43:0B:CF
            X509v3 Authority Key Identifier:
                keyid:FD:74:DE:B4:18:44:26:FA:62:22:5B:61:20:C3:67:06:F7:37:B8:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_XTetBhEJvpiIlthIMNnBvc3uOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/4H3kqbZKgvCRJ41TW2E8J1NDC88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/18491f-b04d-4b0d-907b-d5705ae37014/1/_XTetBhEJvpiIlthIMNnBvc3uOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.40.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         11:66:11:f4:13:ea:74:e3:fa:7e:c4:05:14:b3:f5:62:fd:cb:
         a4:a7:2f:93:95:b3:b3:15:3b:f3:1a:8c:08:ed:15:95:64:9d:
         52:9f:85:40:da:5e:d6:f3:66:32:e2:0e:24:c9:3b:58:74:80:
         26:aa:9d:ad:62:e6:f2:a1:10:0e:35:dd:17:04:6f:59:a9:5f:
         38:03:6f:96:ec:57:cf:be:c6:28:f2:7e:e4:56:d5:dd:98:9b:
         fc:50:72:30:2b:01:a3:e4:21:37:b2:dd:d7:e8:4e:98:a0:64:
         82:3f:a4:f2:1b:ab:8e:bb:b3:72:65:8c:ae:38:9b:5b:7b:8a:
         ca:64:d8:d4:8d:c5:16:cd:95:5f:c8:a3:89:82:a2:c5:9c:be:
         4b:35:90:33:84:eb:44:64:ac:7e:06:73:d5:92:55:74:1a:89:
         5d:04:98:25:3c:1f:ec:54:74:bb:0d:50:60:75:c8:13:2d:ee:
         a1:7a:ba:16:e8:1f:74:cc:32:de:a2:31:f1:b2:1c:78:ab:b1:
         fc:27:2f:26:37:de:d5:87:6f:ff:43:97:9b:70:24:0b:08:2b:
         10:64:70:33:c9:a7:a4:8c:4a:8a:02:48:a8:e4:93:a4:97:f4:
         55:ea:1c:f9:da:d3:d3:81:6d:48:ca:63:48:69:ed:88:97:4c:
         d4:52:f9:fa
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt8f5VJTF5mXyA1dVwGUSpEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkNzRkZWI0MTg0NDI2ZmE2MjIyNWI2MTIwYzM2NzA2Zjcz
N2I4ZTIwHhcNMjYwMTAyMDIxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDdkZTRhOWI2NGE4MmYwOTEyNzhkNTM1YjYxM2MyNzUzNDMwYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAza7GltzPY2u81xKu0kvh2GwNg9G3
80aQaBAJiD4jY36R+Zy8Nz3MJcuH3XW06PtlEa9NNpVSpFkbJ9nxtKkPGQx/JYN8
4cQdyX9Zhmi2PBlBZ7kUpq7wOm3L3GF1bGw82XEe9/sFFWGN6anFH9uIDpRn5j4T
x0uAAzBVt8IyTB6PTPaTL0aAC63UJOIEHEIcnKkj3PDIS2ZS/19427zOa0vPyHte
ub0PBdSgu5n4JfJLfJEZJ4wHIcyJWjMl3qDRwDw/M6T638GXS/8xgdT6G8MtxcoU
aO5lmPChbEYJISS0XE4/Q31LEhw4IezWl6Wm07MMM7H/UHuBeMdJ2ieMhwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFOB95Km2SoLwkSeNU1thPCdTQwvPMB8GA1UdIwQY
MBaAFP103rQYRCb6YiJbYSDDZwb3N7jiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1hUZXRCaEVKdnBpSWx0aElNTm5CdmMzdU9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi8xODQ5MWYtYjA0ZC00YjBkLTkwN2It
ZDU3MDVhZTM3MDE0LzEvNEgza3FiWktndkNSSjQxVFcyRThKMU5EQzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi8xODQ5MWYtYjA0ZC00YjBkLTkwN2ItZDU3MDVhZTM3MDE0
LzEvX1hUZXRCaEVKdnBpSWx0aElNTm5CdmMzdU9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAoCgwDQYJ
KoZIhvcNAQELBQADggEBABFmEfQT6nTj+n7EBRSz9WL9y6SnL5OVs7MVO/MajAjt
FZVknVKfhUDaXtbzZjLiDiTJO1h0gCaqna1i5vKhEA413RcEb1mpXzgDb5bsV8++
xijyfuRW1d2Ym/xQcjArAaPkITey3dfoTpigZII/pPIbq467s3JljK44m1t7ispk
2NSNxRbNlV/Io4mCosWcvks1kDOE60RkrH4Gc9WSVXQaiV0EmCU8H+xUdLsNUGB1
yBMt7qF6uhboH3TMMt6iMfGyHHirsfwnLyY33tWHb/9Dl5twJAsIKxBkcDPJp6SM
SooCSKjkk6SX9FXqHPna09OBbUjKY0hp7YiXTNRS+fo=
-----END CERTIFICATE-----