This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/E3X5DvCSlkdtfxAadUSESD3eJrk.roa
File:                     E3X5DvCSlkdtfxAadUSESD3eJrk.roa (raw, json)
Hash identifier:          kCGyuLKDilqRCLENtFOYzrUVWzlMBuvjueB/aZz2GHM=
Subject key identifier:   13:75:F9:0E:F0:92:96:47:6D:7F:10:1A:75:44:84:48:3D:DE:26:B9
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019BBBBB16F2FFC6C632D634C0F795FDD330
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/E3X5DvCSlkdtfxAadUSESD3eJrk.roa
Signing time:             Wed 14 Jan 2026 08:59:19 +0000
ROA not before:           Wed 14 Jan 2026 08:59:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42708
IP address blocks:        158.173.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:bb:bb:16:f2:ff:c6:c6:32:d6:34:c0:f7:95:fd:d3:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Jan 14 08:59:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1375f90ef09296476d7f101a754484483dde26b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:01:ac:e0:25:7d:95:92:73:8e:6c:50:48:32:
                    a8:6a:f2:a2:d0:15:ac:9b:6b:20:ca:57:36:af:55:
                    20:77:47:18:95:e1:46:cf:a7:66:bf:36:8e:90:0d:
                    18:ba:53:57:97:43:37:fd:53:27:b0:84:ea:36:3f:
                    d1:90:40:28:73:99:74:37:7b:7b:84:6c:4e:31:20:
                    6e:0f:97:16:69:99:c4:dd:93:87:c7:68:86:96:e0:
                    0d:f4:cf:dd:bd:64:f7:d6:68:2e:9f:86:05:bf:98:
                    04:df:02:17:8e:c9:9b:ff:4e:9c:27:39:65:d6:a7:
                    bb:03:80:a7:06:6c:f0:9f:ed:14:82:e1:0a:43:46:
                    78:23:04:c8:9f:e3:b1:00:84:12:63:9d:69:88:97:
                    20:3f:d5:55:93:97:06:49:f4:09:3e:44:33:16:cf:
                    cd:27:ea:39:39:77:ae:9f:12:8b:10:0a:8e:bd:34:
                    2d:ad:06:f4:42:ad:9d:7d:e5:cb:32:88:22:c6:e2:
                    43:37:4d:f9:a6:bb:f6:27:cb:2e:42:61:7e:60:a5:
                    58:fa:07:9f:59:3e:98:31:4e:b4:93:44:87:20:c8:
                    87:40:f4:8e:b2:0f:16:ec:ea:de:41:21:2e:a4:07:
                    2f:01:df:e8:29:8c:03:ae:ea:80:81:19:22:29:49:
                    16:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:75:F9:0E:F0:92:96:47:6D:7F:10:1A:75:44:84:48:3D:DE:26:B9
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/E3X5DvCSlkdtfxAadUSESD3eJrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:21:a1:28:01:d0:9e:e7:78:7e:e8:ae:3d:49:5e:c3:46:72:
         cc:a8:55:ea:a4:3f:9c:2a:85:b1:64:12:3d:f4:a6:f7:16:94:
         5b:90:51:24:13:e1:1e:cb:40:5d:5c:16:cd:82:b9:9b:1f:94:
         c6:fc:1d:69:35:a6:76:c0:11:4d:fd:62:97:f5:60:f7:f4:20:
         31:78:fc:7b:87:ca:1a:95:41:e8:df:4e:cb:21:f8:f9:90:9a:
         ee:66:8d:c1:dc:6e:87:b4:9f:4e:ac:29:57:e5:97:90:30:f9:
         b0:5e:cf:c1:d7:f5:ce:3f:1a:30:de:60:a7:be:de:aa:9f:09:
         0f:83:a1:b8:4d:f8:18:91:76:f9:00:22:0f:ac:b6:21:64:df:
         60:68:5d:1d:62:c7:79:65:87:f5:38:e3:05:7c:7c:06:d8:11:
         d6:73:4e:e9:fd:db:61:a7:a9:f2:6b:08:f5:7a:74:6e:90:17:
         38:d7:38:34:27:9e:d1:f9:3d:f3:05:46:6f:56:c0:68:3c:50:
         c2:4c:96:ee:1d:cf:63:ec:d1:e5:81:92:83:9d:2c:c8:66:2c:
         db:61:f9:52:5b:07:55:cd:7f:55:6c:ce:e6:1d:92:5a:0e:ef:
         e6:53:43:80:58:f6:72:3f:65:00:14:0e:4e:ba:84:f7:dd:20:
         8f:41:b1:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZu7uxby/8bGMtY0wPeV/dMwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjYwMTE0MDg1OTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzc1ZjkwZWYwOTI5NjQ3NmQ3ZjEwMWE3NTQ0ODQ0ODNkZGUyNmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQGs4CV9lZJzjmxQSDKoavKi0BWs
m2sgylc2r1Ugd0cYleFGz6dmvzaOkA0YulNXl0M3/VMnsITqNj/RkEAoc5l0N3t7
hGxOMSBuD5cWaZnE3ZOHx2iGluAN9M/dvWT31mgun4YFv5gE3wIXjsmb/06cJzll
1qe7A4CnBmzwn+0UguEKQ0Z4IwTIn+OxAIQSY51piJcgP9VVk5cGSfQJPkQzFs/N
J+o5OXeunxKLEAqOvTQtrQb0Qq2dfeXLMogixuJDN035prv2J8suQmF+YKVY+gef
WT6YMU60k0SHIMiHQPSOsg8W7OreQSEupAcvAd/oKYwDruqAgRkiKUkWkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBN1+Q7wkpZHbX8QGnVEhEg93ia5MB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvRTNYNUR2Q1Nsa2R0ZnhBYWRVU0VTRDNlSnJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq0xMA0G
CSqGSIb3DQEBCwUAA4IBAQBpIaEoAdCe53h+6K49SV7DRnLMqFXqpD+cKoWxZBI9
9Kb3FpRbkFEkE+Eey0BdXBbNgrmbH5TG/B1pNaZ2wBFN/WKX9WD39CAxePx7h8oa
lUHo307LIfj5kJruZo3B3G6HtJ9OrClX5ZeQMPmwXs/B1/XOPxow3mCnvt6qnwkP
g6G4TfgYkXb5ACIPrLYhZN9gaF0dYsd5ZYf1OOMFfHwG2BHWc07p/dthp6nyawj1
enRukBc41zg0J57R+T3zBUZvVsBoPFDCTJbuHc9j7NHlgZKDnSzIZizbYflSWwdV
zX9VbM7mHZJaDu/mU0OAWPZyP2UAFA5OuoT33SCPQbF5
-----END CERTIFICATE-----