This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/ek03eEx-tiMRmZYTabZFo0C6PU0.roa
File:                     ek03eEx-tiMRmZYTabZFo0C6PU0.roa (raw, json)
Hash identifier:          sj2RgZyvgAsfcEsmldwmS7w7ZQ/PgoAo27Xm/iaeV7E=
Subject key identifier:   7A:4D:37:78:4C:7E:B6:23:11:99:96:13:69:B6:45:A3:40:BA:3D:4D
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       019B7F83AE37A8B947C0F9AD5B2C65F27EF1
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/ek03eEx-tiMRmZYTabZFo0C6PU0.roa
Signing time:             Fri 02 Jan 2026 16:21:34 +0000
ROA not before:           Fri 02 Jan 2026 16:21:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201797
IP address blocks:        178.170.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:ae:37:a8:b9:47:c0:f9:ad:5b:2c:65:f2:7e:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  2 16:21:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a4d37784c7eb6231199961369b645a340ba3d4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:24:94:2f:2b:7b:73:ff:dc:c9:20:03:20:7c:
                    b1:98:46:2d:ae:8e:69:85:d6:d3:04:ce:08:95:b3:
                    2a:df:23:dc:cb:06:4a:4c:77:d5:f5:2b:39:e4:77:
                    16:80:a0:66:ac:a7:aa:1c:13:c6:da:ce:ab:e9:95:
                    47:40:eb:bb:1f:0e:fd:08:23:59:52:f2:ee:c7:3f:
                    e2:f9:57:54:b6:28:ac:b8:01:be:43:ea:96:c8:d4:
                    f4:05:35:5b:e4:f5:42:08:3b:b5:91:77:e1:2f:70:
                    42:c9:c0:9c:36:9c:9b:c0:e5:90:0e:ae:2a:85:02:
                    7b:64:70:30:f3:0a:f3:43:6a:18:b2:93:a6:85:5b:
                    24:54:35:81:b6:c2:e6:c0:47:bd:1f:63:46:30:a7:
                    3b:2a:1f:22:3d:1d:7d:9d:1c:78:8d:aa:c6:7e:7f:
                    9e:9b:1d:ff:09:c5:62:af:6a:d5:bd:fa:d8:fb:b0:
                    d2:84:3a:e0:b3:e3:74:5e:df:24:52:ed:5b:f3:c9:
                    42:59:09:23:c9:83:93:fa:e2:ee:c3:18:09:41:df:
                    f3:29:fd:d3:da:ed:61:c8:0f:9a:c3:ab:81:87:4c:
                    d3:8a:1a:c5:46:10:b2:ea:d0:2c:0a:4f:6e:4c:f6:
                    6e:b3:2d:42:e5:50:28:c3:e3:b8:25:36:22:eb:8f:
                    a9:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:4D:37:78:4C:7E:B6:23:11:99:96:13:69:B6:45:A3:40:BA:3D:4D
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/ek03eEx-tiMRmZYTabZFo0C6PU0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.170.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:f8:76:a2:aa:7a:43:40:50:c0:f3:73:50:53:c8:25:af:8d:
         a1:fe:82:ee:d1:00:1b:f7:87:c5:3b:63:ff:b4:de:6c:04:52:
         2c:c1:db:93:e7:ca:85:61:62:00:a7:8b:3c:04:98:cc:5c:3e:
         86:e5:d3:e8:7a:53:a3:1a:c0:fd:fa:3a:a2:98:7b:66:d8:3b:
         29:55:bb:75:58:c3:55:ec:be:44:ce:24:5e:61:47:b5:4d:6c:
         51:cb:2f:25:89:d3:1e:cd:e2:d3:3a:1c:70:e0:55:c7:44:0c:
         93:ee:64:d7:ac:69:65:1d:b1:1c:af:e1:da:49:78:01:44:91:
         9e:0e:ab:51:00:d4:ca:63:fe:aa:6c:39:ee:e4:b7:45:2c:2a:
         4b:9a:77:d4:74:ac:dc:24:05:55:ce:c4:46:b4:98:5d:80:1b:
         8b:8c:b0:21:4b:be:f2:25:6b:d4:93:12:79:6f:73:f8:ad:b2:
         6f:97:df:ce:fd:51:f6:a3:37:ea:ca:a7:5d:6e:d8:56:4d:e1:
         ae:f4:2f:a0:40:57:75:15:f9:54:37:38:c5:1a:b0:8c:c8:bb:
         44:0a:66:95:e3:28:6a:c7:d7:b5:51:5b:3b:69:41:3d:e2:9c:
         2b:f6:48:d1:61:74:18:7f:ac:0f:7c:a2:ae:6a:08:87:34:cc:
         76:01:05:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g643qLlHwPmtWyxl8n7xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjYwMTAyMTYyMTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTRkMzc3ODRjN2ViNjIzMTE5OTk2MTM2OWI2NDVhMzQwYmEzZDRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ySULyt7c//cySADIHyxmEYtro5p
hdbTBM4IlbMq3yPcywZKTHfV9Ss55HcWgKBmrKeqHBPG2s6r6ZVHQOu7Hw79CCNZ
UvLuxz/i+VdUtiisuAG+Q+qWyNT0BTVb5PVCCDu1kXfhL3BCycCcNpybwOWQDq4q
hQJ7ZHAw8wrzQ2oYspOmhVskVDWBtsLmwEe9H2NGMKc7Kh8iPR19nRx4jarGfn+e
mx3/CcVir2rVvfrY+7DShDrgs+N0Xt8kUu1b88lCWQkjyYOT+uLuwxgJQd/zKf3T
2u1hyA+aw6uBh0zTihrFRhCy6tAsCk9uTPZusy1C5VAow+O4JTYi64+prwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpNN3hMfrYjEZmWE2m2RaNAuj1NMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvZWswM2VFeC10aU1SbVpZVGFiWkZvMEM2UFUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsqrmMA0G
CSqGSIb3DQEBCwUAA4IBAQBE+HaiqnpDQFDA83NQU8glr42h/oLu0QAb94fFO2P/
tN5sBFIswduT58qFYWIAp4s8BJjMXD6G5dPoelOjGsD9+jqimHtm2DspVbt1WMNV
7L5EziReYUe1TWxRyy8lidMezeLTOhxw4FXHRAyT7mTXrGllHbEcr+HaSXgBRJGe
DqtRANTKY/6qbDnu5LdFLCpLmnfUdKzcJAVVzsRGtJhdgBuLjLAhS77yJWvUkxJ5
b3P4rbJvl9/O/VH2ozfqyqddbthWTeGu9C+gQFd1FflUNzjFGrCMyLtECmaV4yhq
x9e1UVs7aUE94pwr9kjRYXQYf6wPfKKuagiHNMx2AQWv
-----END CERTIFICATE-----