This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/ExLhkVGO_IcP9FKIq81f0oI-oCg.roa
File:                     ExLhkVGO_IcP9FKIq81f0oI-oCg.roa (raw, json)
Hash identifier:          5HCccmMIa3ZS3Rm7UZ7dWL9/99iZ3k4KgXviDu7U84Y=
Subject key identifier:   13:12:E1:91:51:8E:FC:87:0F:F4:52:88:AB:CD:5F:D2:82:3E:A0:28
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       019B7910F3B043C8B7317B79D3A9F70F9F97
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/ExLhkVGO_IcP9FKIq81f0oI-oCg.roa
Signing time:             Thu 01 Jan 2026 10:18:32 +0000
ROA not before:           Thu 01 Jan 2026 10:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     64411
IP address blocks:        158.172.0.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 13:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:f3:b0:43:c8:b7:31:7b:79:d3:a9:f7:0f:9f:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Jan  1 10:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1312e191518efc870ff45288abcd5fd2823ea028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:13:f6:03:27:f9:31:1b:a7:0b:ed:d5:ee:35:
                    de:f9:aa:a2:56:df:61:31:bb:5f:84:16:44:68:87:
                    95:b6:1c:1e:f3:c9:49:89:8a:06:92:c1:c7:06:7b:
                    d3:a4:4e:83:41:f9:14:00:9b:1c:e0:fc:ff:36:a1:
                    79:fe:1d:fd:5f:b6:76:a9:6a:fc:7d:e4:e0:97:25:
                    6c:34:b5:ca:eb:8e:4f:09:9d:b8:b8:72:99:b5:99:
                    9e:55:70:46:21:b8:f8:25:23:31:da:e9:3e:03:2d:
                    cb:80:8f:9e:ae:77:5c:55:a1:db:0a:9e:a9:1a:09:
                    8b:c6:cd:20:8e:70:30:fa:73:24:67:c0:83:40:6d:
                    4b:b2:fe:b9:4e:47:c5:52:0d:f7:8f:8b:20:d1:b0:
                    a7:71:8b:d4:8b:cd:d3:2a:28:9e:f5:d4:38:68:a2:
                    6f:4d:54:fb:61:ac:72:7b:5c:40:c9:68:4b:76:ab:
                    24:15:89:0a:a0:f9:14:44:db:ef:a7:c0:46:c8:7f:
                    48:97:39:3f:54:94:49:d6:d7:0e:6a:a0:60:b3:0f:
                    5d:ec:1c:aa:12:d2:3b:92:b8:f1:57:17:38:dd:49:
                    aa:14:bb:dc:f7:ab:58:ed:ea:11:56:69:81:93:f8:
                    cb:fd:0d:4d:95:a8:03:84:d9:22:83:05:2e:8f:d2:
                    a3:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:12:E1:91:51:8E:FC:87:0F:F4:52:88:AB:CD:5F:D2:82:3E:A0:28
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/ExLhkVGO_IcP9FKIq81f0oI-oCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.172.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2a:6c:35:2c:3e:34:28:6b:1d:f9:27:45:8e:2e:c7:aa:a4:2a:
         c0:b7:4d:a9:66:d5:db:76:fd:be:b8:96:07:3a:84:e7:e2:d1:
         bb:a9:74:0f:96:26:da:71:b8:91:a6:c5:da:8d:ab:4f:5d:bf:
         e1:de:96:47:5a:59:ea:f3:51:99:b1:72:07:c0:d1:34:86:72:
         1d:2f:8f:12:c1:6a:b4:8e:84:f8:c7:8f:68:93:39:bf:d3:92:
         38:9b:bb:0c:62:3f:76:0c:37:1d:f4:35:dc:5e:19:12:6a:08:
         70:58:b5:ac:ac:d7:55:2f:99:01:ac:0e:7b:fb:03:fc:24:95:
         34:45:a2:36:b6:49:23:80:e0:2c:51:40:7b:f1:0e:0d:5c:3d:
         6c:e0:d4:d7:ea:e5:59:89:cf:79:b4:b2:12:54:1f:0d:25:f1:
         07:3b:56:27:77:00:8c:13:5f:8f:3b:50:ad:4b:9f:c3:db:72:
         a2:06:d7:e7:19:3a:76:21:2c:c8:28:30:f0:f1:1e:57:f4:ef:
         e9:e9:ee:2e:93:7e:69:2b:66:e1:de:6e:e1:13:87:a6:ec:2f:
         c9:1a:b5:70:88:da:87:c2:1c:69:d0:2b:9e:9c:ab:34:5e:1c:
         4f:c1:38:8f:60:01:e2:d0:da:92:59:df:b2:39:d3:eb:8c:3d:
         2f:09:6e:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EPOwQ8i3MXt506n3D5+XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjYwMTAxMTAxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzEyZTE5MTUxOGVmYzg3MGZmNDUyODhhYmNkNWZkMjgyM2VhMDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRP2Ayf5MRunC+3V7jXe+aqiVt9h
MbtfhBZEaIeVthwe88lJiYoGksHHBnvTpE6DQfkUAJsc4Pz/NqF5/h39X7Z2qWr8
feTglyVsNLXK645PCZ24uHKZtZmeVXBGIbj4JSMx2uk+Ay3LgI+erndcVaHbCp6p
GgmLxs0gjnAw+nMkZ8CDQG1Lsv65TkfFUg33j4sg0bCncYvUi83TKiie9dQ4aKJv
TVT7Yaxye1xAyWhLdqskFYkKoPkURNvvp8BGyH9Ilzk/VJRJ1tcOaqBgsw9d7Byq
EtI7krjxVxc43UmqFLvc96tY7eoRVmmBk/jL/Q1NlagDhNkigwUuj9Kj7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMS4ZFRjvyHD/RSiKvNX9KCPqAoMB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvRXhMaGtWR09fSWNQOUZLSXE4MWYwb0ktb0NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDnqwAMA0G
CSqGSIb3DQEBCwUAA4IBAQAqbDUsPjQoax35J0WOLseqpCrAt02pZtXbdv2+uJYH
OoTn4tG7qXQPlibacbiRpsXajatPXb/h3pZHWlnq81GZsXIHwNE0hnIdL48SwWq0
joT4x49okzm/05I4m7sMYj92DDcd9DXcXhkSaghwWLWsrNdVL5kBrA57+wP8JJU0
RaI2tkkjgOAsUUB78Q4NXD1s4NTX6uVZic95tLISVB8NJfEHO1YndwCME1+PO1Ct
S5/D23KiBtfnGTp2ISzIKDDw8R5X9O/p6e4uk35pK2bh3m7hE4em7C/JGrVwiNqH
whxp0CuenKs0XhxPwTiPYAHi0NqSWd+yOdPrjD0vCW4P
-----END CERTIFICATE-----