This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/c5427b-5990-42ac-bc54-c740e2fe30d3/1/42mOJ3kHdwuFCzoSOI3N3ulVxfY.roa
File:                     42mOJ3kHdwuFCzoSOI3N3ulVxfY.roa (raw, json)
Hash identifier:          eqCYV3DSa0ilBw3MnAd/50LEsSGMdE5H8gvqRFLf8cs=
Subject key identifier:   E3:69:8E:27:79:07:77:0B:85:0B:3A:12:38:8D:CD:DE:E9:55:C5:F6
Certificate issuer:       /CN=457aa1c78f6ccabc47b55121a35ff30d99827ee9
Certificate serial:       019B77C67527FC2F96453E8E7314A7CA3425
Authority key identifier: 45:7A:A1:C7:8F:6C:CA:BC:47:B5:51:21:A3:5F:F3:0D:99:82:7E:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RXqhx49syrxHtVEho1_zDZmCfuk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/c5427b-5990-42ac-bc54-c740e2fe30d3/1/42mOJ3kHdwuFCzoSOI3N3ulVxfY.roa
Signing time:             Thu 01 Jan 2026 04:17:33 +0000
ROA not before:           Thu 01 Jan 2026 04:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44599
IP address blocks:        193.242.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/c5427b-5990-42ac-bc54-c740e2fe30d3/1/RXqhx49syrxHtVEho1_zDZmCfuk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/c5427b-5990-42ac-bc54-c740e2fe30d3/1/RXqhx49syrxHtVEho1_zDZmCfuk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RXqhx49syrxHtVEho1_zDZmCfuk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:75:27:fc:2f:96:45:3e:8e:73:14:a7:ca:34:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=457aa1c78f6ccabc47b55121a35ff30d99827ee9
        Validity
            Not Before: Jan  1 04:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3698e277907770b850b3a12388dcddee955c5f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e6:a8:54:09:a3:e7:d7:39:8a:2c:d1:ec:aa:
                    0b:e4:e8:96:1e:e5:9b:86:5a:53:da:23:c8:0c:8b:
                    bc:75:b6:32:df:55:c3:b3:07:55:92:cd:5f:a7:db:
                    4c:b2:47:34:dc:79:3a:98:6a:c4:d5:cb:7a:67:7f:
                    fa:6e:21:1f:5a:7b:0c:3d:3e:f8:1a:a9:b3:83:3f:
                    5f:7d:b2:aa:9e:e4:84:46:ee:a5:80:e3:af:dd:17:
                    28:bc:5a:0d:40:9a:34:0c:5b:cd:21:b6:a8:24:f2:
                    f0:2a:82:9f:5c:3f:12:a1:d7:2e:0c:ff:92:23:a7:
                    df:32:c4:f1:8b:17:d9:26:e1:ad:e8:e0:0b:2b:40:
                    d8:4c:3f:7b:5b:00:76:fd:55:25:2b:cf:54:e6:d9:
                    26:d8:03:38:96:3c:37:66:88:e0:74:3f:1c:0e:71:
                    38:6f:30:95:46:00:33:f6:1d:44:a8:19:73:a9:ad:
                    e5:a6:4a:06:95:40:29:a9:59:5c:82:11:07:6f:f3:
                    e5:14:92:0f:70:f7:03:b3:ad:8b:45:5d:bd:ef:0b:
                    7f:da:c9:ec:c3:82:44:3c:70:5e:4d:27:10:0a:6d:
                    59:82:61:e7:02:af:73:69:f9:68:1a:6b:cf:95:8b:
                    09:20:91:39:06:6d:a2:0b:91:d2:8b:44:e0:62:00:
                    98:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:69:8E:27:79:07:77:0B:85:0B:3A:12:38:8D:CD:DE:E9:55:C5:F6
            X509v3 Authority Key Identifier:
                keyid:45:7A:A1:C7:8F:6C:CA:BC:47:B5:51:21:A3:5F:F3:0D:99:82:7E:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RXqhx49syrxHtVEho1_zDZmCfuk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/c5427b-5990-42ac-bc54-c740e2fe30d3/1/42mOJ3kHdwuFCzoSOI3N3ulVxfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/c5427b-5990-42ac-bc54-c740e2fe30d3/1/RXqhx49syrxHtVEho1_zDZmCfuk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.242.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:9e:8f:26:f7:4e:ee:c6:fc:2a:a4:5b:ef:67:d5:49:e8:07:
         ff:0d:d2:18:d4:51:8c:a6:8b:71:01:d4:a4:d8:cf:af:0f:3d:
         f2:a0:74:ee:d1:f8:14:cc:e8:e6:88:7a:7a:0a:9d:0d:3a:f9:
         ea:c9:0f:6e:0c:9a:55:31:c3:78:23:6f:72:cf:dd:d1:26:9d:
         cf:b8:4e:9f:11:d6:85:e1:c5:15:95:97:51:8f:6d:e5:16:91:
         0c:dd:08:75:a5:e7:78:09:f8:49:3c:33:90:c4:c8:b0:31:1c:
         72:75:fd:30:34:04:f4:31:74:f6:0c:ee:cc:8a:bf:ac:54:52:
         68:38:c7:3a:84:31:8f:2b:d7:3c:42:ec:07:2c:19:90:23:68:
         89:ab:6f:ad:33:d4:8e:61:fd:b7:4d:31:2b:1a:9b:df:37:ba:
         f5:ea:0d:a5:1e:87:75:16:60:dd:fa:77:8f:59:3a:ed:d8:ad:
         35:97:a1:c3:16:fa:2f:95:e0:7b:26:f5:66:a9:21:94:ed:62:
         d4:fb:cf:9f:e7:d2:7f:e9:74:dc:d9:98:0b:e1:77:aa:02:20:
         5f:8e:c5:88:9c:d4:7b:cc:e1:0e:3e:96:81:71:23:55:3e:98:
         37:c0:1b:69:3a:de:96:20:aa:d8:fe:8b:2f:bb:b5:6e:e0:1f:
         c3:ff:fd:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xnUn/C+WRT6OcxSnyjQlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1N2FhMWM3OGY2Y2NhYmM0N2I1NTEyMWEzNWZmMzBkOTk4
MjdlZTkwHhcNMjYwMTAxMDQxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzY5OGUyNzc5MDc3NzBiODUwYjNhMTIzODhkY2RkZWU5NTVjNWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeaoVAmj59c5iizR7KoL5OiWHuWb
hlpT2iPIDIu8dbYy31XDswdVks1fp9tMskc03Hk6mGrE1ct6Z3/6biEfWnsMPT74
Gqmzgz9ffbKqnuSERu6lgOOv3RcovFoNQJo0DFvNIbaoJPLwKoKfXD8SodcuDP+S
I6ffMsTxixfZJuGt6OALK0DYTD97WwB2/VUlK89U5tkm2AM4ljw3ZojgdD8cDnE4
bzCVRgAz9h1EqBlzqa3lpkoGlUApqVlcghEHb/PlFJIPcPcDs62LRV297wt/2sns
w4JEPHBeTScQCm1ZgmHnAq9zafloGmvPlYsJIJE5Bm2iC5HSi0TgYgCY4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONpjid5B3cLhQs6EjiNzd7pVcX2MB8GA1UdIwQY
MBaAFEV6ocePbMq8R7VRIaNf8w2Zgn7pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlhxaHg0OXN5cnhIdFZFaG8xX3pEWm1DZnVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9jNTQyN2ItNTk5MC00MmFjLWJjNTQt
Yzc0MGUyZmUzMGQzLzEvNDJtT0oza0hkd3VGQ3pvU09JM04zdWxWeGZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9jNTQyN2ItNTk5MC00MmFjLWJjNTQtYzc0MGUyZmUzMGQz
LzEvUlhxaHg0OXN5cnhIdFZFaG8xX3pEWm1DZnVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwfK1MA0G
CSqGSIb3DQEBCwUAA4IBAQBjno8m907uxvwqpFvvZ9VJ6Af/DdIY1FGMpotxAdSk
2M+vDz3yoHTu0fgUzOjmiHp6Cp0NOvnqyQ9uDJpVMcN4I29yz93RJp3PuE6fEdaF
4cUVlZdRj23lFpEM3Qh1ped4CfhJPDOQxMiwMRxydf0wNAT0MXT2DO7Mir+sVFJo
OMc6hDGPK9c8QuwHLBmQI2iJq2+tM9SOYf23TTErGpvfN7r16g2lHod1FmDd+neP
WTrt2K01l6HDFvovleB7JvVmqSGU7WLU+8+f59J/6XTc2ZgL4XeqAiBfjsWInNR7
zOEOPpaBcSNVPpg3wBtpOt6WIKrY/osvu7Vu4B/D//0z
-----END CERTIFICATE-----