This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/ke3AA36gIwZ-Hle0kzmdnrfdgp0.roa
File:                     ke3AA36gIwZ-Hle0kzmdnrfdgp0.roa (raw, json)
Hash identifier:          kOHFP5ZE+sQXFYEi/KahfKUDgSTisOr7mMMPXL+4AnU=
Subject key identifier:   91:ED:C0:03:7E:A0:23:06:7E:1E:57:B4:93:39:9D:9E:B7:DD:82:9D
Certificate issuer:       /CN=e5da8e9cfc8b160ec59b540f39d8973d4218312a
Certificate serial:       019B7DCA669420611F8DD1CCC66499679AEE
Authority key identifier: E5:DA:8E:9C:FC:8B:16:0E:C5:9B:54:0F:39:D8:97:3D:42:18:31:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/ke3AA36gIwZ-Hle0kzmdnrfdgp0.roa
Signing time:             Fri 02 Jan 2026 08:19:35 +0000
ROA not before:           Fri 02 Jan 2026 08:19:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        2a10:4780:a4::/46 maxlen: 46
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:66:94:20:61:1f:8d:d1:cc:c6:64:99:67:9a:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5da8e9cfc8b160ec59b540f39d8973d4218312a
        Validity
            Not Before: Jan  2 08:19:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91edc0037ea023067e1e57b493399d9eb7dd829d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c2:b5:a3:eb:53:d6:8e:c3:6d:11:e9:de:78:
                    f2:63:03:40:de:07:d6:5a:da:0d:e5:07:ef:74:b0:
                    3d:21:fb:f3:82:c6:f9:a0:ad:2d:75:8e:48:9a:6a:
                    b6:b2:99:e0:c3:27:86:fa:8d:a9:e6:97:51:a1:e0:
                    b4:67:7e:4d:1f:ca:65:98:68:a6:ce:d9:4c:8d:11:
                    32:cf:e0:34:55:49:e7:98:49:66:9a:6b:44:8e:61:
                    e7:f6:ee:9e:c1:4a:f9:47:1d:10:a6:2c:ab:c1:3b:
                    66:a7:1d:86:cf:8e:e6:97:40:3b:21:27:fb:0e:98:
                    ce:50:be:57:56:44:b3:88:22:1d:77:4d:b7:e4:b3:
                    1f:0e:4b:9b:4f:c4:ef:91:e6:13:4f:f0:c4:8d:d4:
                    76:52:4b:88:7f:96:36:8a:44:be:41:3b:c5:20:15:
                    bf:af:95:fc:34:6d:af:fb:95:10:a5:87:18:f8:8d:
                    8b:fa:c5:7d:b1:fa:51:4e:ab:cb:03:48:e3:fb:82:
                    c3:58:1e:63:15:9f:33:b3:b3:32:f0:93:07:e7:eb:
                    fd:6e:f2:68:6a:53:1c:fd:eb:d7:72:c7:a1:d4:e1:
                    3e:1d:3b:9e:e1:42:7f:19:c6:f8:41:72:ff:3f:f3:
                    eb:8c:9d:83:f3:42:38:35:c6:bd:92:77:f0:9d:96:
                    a0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:ED:C0:03:7E:A0:23:06:7E:1E:57:B4:93:39:9D:9E:B7:DD:82:9D
            X509v3 Authority Key Identifier:
                keyid:E5:DA:8E:9C:FC:8B:16:0E:C5:9B:54:0F:39:D8:97:3D:42:18:31:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/ke3AA36gIwZ-Hle0kzmdnrfdgp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/003ca9-c390-4274-8fc6-7c504703bb02/1/5dqOnPyLFg7Fm1QPOdiXPUIYMSo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4780:a4::/46

    Signature Algorithm: sha256WithRSAEncryption
         9d:2c:b6:09:e6:76:55:65:63:2c:34:4c:24:65:56:cb:2e:97:
         6e:1c:6a:39:7f:15:2e:6d:2e:ad:c4:11:22:7c:66:a6:55:ea:
         ee:2e:95:d3:b7:4f:03:8d:de:09:9a:4d:07:19:f8:77:ae:ee:
         28:73:9d:29:6f:0c:5a:aa:ff:cd:61:a6:23:10:2d:b9:ac:c6:
         fe:d5:75:1c:cf:5a:03:5e:76:72:c6:82:cc:87:7b:3f:60:7c:
         59:e4:0c:e6:db:29:cb:4a:6a:59:b8:c1:15:31:8d:8b:15:27:
         c5:5f:2d:ac:08:76:2b:bd:b7:9e:bc:0f:a9:53:ed:f1:f9:e0:
         36:ff:da:7e:20:88:1f:3f:0f:68:59:27:7a:42:55:aa:03:1c:
         e3:72:9a:24:c3:f0:e3:d4:32:26:f9:79:3f:8c:ee:36:b3:6a:
         25:1c:fb:50:bc:99:84:64:88:0e:67:67:a1:ae:5d:5f:d9:06:
         e9:8c:2f:f4:a2:30:24:69:9d:ea:01:b7:9c:82:38:76:09:84:
         34:a8:5c:06:ee:45:65:b8:05:e3:b4:18:59:88:c2:b9:a9:b2:
         32:c4:87:f4:be:60:8d:5f:46:58:5b:cf:ce:08:b6:9a:c4:96:
         fc:0e:5e:75:6e:48:f5:dd:1c:d5:be:a6:9d:92:b6:70:32:54:
         ac:d6:f2:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9ymaUIGEfjdHMxmSZZ5ruMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1ZGE4ZTljZmM4YjE2MGVjNTliNTQwZjM5ZDg5NzNkNDIx
ODMxMmEwHhcNMjYwMTAyMDgxOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWVkYzAwMzdlYTAyMzA2N2UxZTU3YjQ5MzM5OWQ5ZWI3ZGQ4MjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy8K1o+tT1o7DbRHp3njyYwNA3gfW
WtoN5QfvdLA9Ifvzgsb5oK0tdY5Immq2spngwyeG+o2p5pdRoeC0Z35NH8plmGim
ztlMjREyz+A0VUnnmElmmmtEjmHn9u6ewUr5Rx0QpiyrwTtmpx2Gz47ml0A7ISf7
DpjOUL5XVkSziCIdd0235LMfDkubT8TvkeYTT/DEjdR2UkuIf5Y2ikS+QTvFIBW/
r5X8NG2v+5UQpYcY+I2L+sV9sfpRTqvLA0jj+4LDWB5jFZ8zs7My8JMH5+v9bvJo
alMc/evXcseh1OE+HTue4UJ/Gcb4QXL/P/PrjJ2D80I4Nca9knfwnZagLwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJHtwAN+oCMGfh5XtJM5nZ633YKdMB8GA1UdIwQY
MBaAFOXajpz8ixYOxZtUDznYlz1CGDEqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWRxT25QeUxGZzdGbTFRUE9kaVhQVUlZTVNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC8wMDNjYTktYzM5MC00Mjc0LThmYzYt
N2M1MDQ3MDNiYjAyLzEva2UzQUEzNmdJd1otSGxlMGt6bWRucmZkZ3AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC8wMDNjYTktYzM5MC00Mjc0LThmYzYtN2M1MDQ3MDNiYjAy
LzEvNWRxT25QeUxGZzdGbTFRUE9kaVhQVUlZTVNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhBHgACk
MA0GCSqGSIb3DQEBCwUAA4IBAQCdLLYJ5nZVZWMsNEwkZVbLLpduHGo5fxUubS6t
xBEifGamVeruLpXTt08Djd4Jmk0HGfh3ru4oc50pbwxaqv/NYaYjEC25rMb+1XUc
z1oDXnZyxoLMh3s/YHxZ5Azm2ynLSmpZuMEVMY2LFSfFXy2sCHYrvbeevA+pU+3x
+eA2/9p+IIgfPw9oWSd6QlWqAxzjcpokw/Dj1DIm+Xk/jO42s2olHPtQvJmEZIgO
Z2ehrl1f2QbpjC/0ojAkaZ3qAbecgjh2CYQ0qFwG7kVluAXjtBhZiMK5qbIyxIf0
vmCNX0ZYW8/OCLaaxJb8Dl51bkj13RzVvqadkrZwMlSs1vJy
-----END CERTIFICATE-----