This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/omuRSlN3uxDC5Q-fxRiwTPk66HM.roa
File:                     omuRSlN3uxDC5Q-fxRiwTPk66HM.roa (raw, json)
Hash identifier:          GxwNrXChKZTEhS9UT+A6aKihcuWe4QoSUJOCbKFbnmw=
Subject key identifier:   A2:6B:91:4A:53:77:BB:10:C2:E5:0F:9F:C5:18:B0:4C:F9:3A:E8:73
Certificate issuer:       /CN=5753c06290a371994d7577318685f5bc4a538d47
Certificate serial:       019B7910F60CF46931E9D4DA80BC7E2244C3
Authority key identifier: 57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/omuRSlN3uxDC5Q-fxRiwTPk66HM.roa
Signing time:             Thu 01 Jan 2026 10:18:33 +0000
ROA not before:           Thu 01 Jan 2026 10:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     273888
IP address blocks:        158.172.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 19:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:f6:0c:f4:69:31:e9:d4:da:80:bc:7e:22:44:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5753c06290a371994d7577318685f5bc4a538d47
        Validity
            Not Before: Jan  1 10:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a26b914a5377bb10c2e50f9fc518b04cf93ae873
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:3a:0d:07:66:6b:0a:d6:ae:31:78:a5:b4:5a:
                    da:1a:4e:d0:c5:5e:c7:c6:cb:95:57:1e:e3:62:cb:
                    78:3b:50:cd:ff:98:c5:20:ae:2f:ea:91:36:6f:f3:
                    f8:6c:67:1e:e1:60:c1:89:93:35:27:d8:ba:99:13:
                    a1:f1:bd:6a:30:05:e2:bc:fc:41:0c:55:b3:c5:b4:
                    7b:14:6f:8e:dd:de:1f:87:f8:2c:6a:f2:2a:86:4e:
                    b9:67:3a:6f:be:f3:ce:5e:89:37:70:dd:01:7b:9d:
                    22:15:1a:c8:5e:71:d2:cd:2c:4f:1e:88:03:f3:7a:
                    46:31:f8:c0:16:54:48:98:06:8c:e8:81:05:b9:aa:
                    83:7e:f2:81:ac:50:27:c3:2f:8e:41:74:d9:e9:93:
                    34:4f:88:94:78:05:e9:e8:4e:dc:34:8c:5b:17:9c:
                    ac:b2:6f:97:17:2b:9b:22:60:48:0d:b7:31:e4:34:
                    70:cd:78:3f:7e:44:6c:de:b6:3c:1f:cf:07:51:50:
                    d2:87:e6:00:db:f2:95:fc:41:31:df:12:1d:87:ed:
                    c2:4e:08:43:3c:a3:e7:04:6b:b6:d2:45:dc:9a:88:
                    11:80:eb:5b:3f:fd:07:81:2c:27:6a:79:54:d5:13:
                    cf:a6:6f:2e:df:4b:94:32:bd:97:9d:29:78:b1:1a:
                    cb:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:6B:91:4A:53:77:BB:10:C2:E5:0F:9F:C5:18:B0:4C:F9:3A:E8:73
            X509v3 Authority Key Identifier:
                keyid:57:53:C0:62:90:A3:71:99:4D:75:77:31:86:85:F5:BC:4A:53:8D:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V1PAYpCjcZlNdXcxhoX1vEpTjUc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/omuRSlN3uxDC5Q-fxRiwTPk66HM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/b41ab6-b9f3-4b4a-9b7b-1ed10954bd96/1/V1PAYpCjcZlNdXcxhoX1vEpTjUc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.172.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:17:01:88:e6:b3:c8:41:6b:c9:6c:89:c0:e7:c5:c1:b8:c5:
         1b:f8:9b:46:8f:80:8e:87:d6:9e:73:eb:0b:e2:88:fb:c4:84:
         b7:08:38:24:6f:82:63:d3:56:f3:e7:6e:3d:bb:01:87:27:16:
         da:c7:d4:07:d6:70:f6:81:42:7a:52:bd:f8:e1:2c:06:46:19:
         f1:88:b4:93:f7:3a:47:62:55:58:5e:49:cb:8a:58:75:35:19:
         16:b0:85:90:e4:ef:02:47:39:1b:e7:a0:d7:78:9e:4a:b0:5f:
         3d:72:94:da:f6:d4:53:15:7e:78:d4:cc:aa:a9:65:c8:dc:c6:
         54:0b:72:97:93:1d:f6:24:56:08:a9:24:55:8c:9a:ed:f7:0f:
         1e:57:9a:18:84:3e:f3:23:de:6a:57:65:2d:f1:50:c2:3d:a9:
         87:f3:54:79:c6:e1:d4:a2:a1:50:bc:08:ed:e6:f2:5b:2d:83:
         f3:81:f8:73:b4:c4:ef:2a:25:40:a5:b9:7e:44:8d:73:49:12:
         45:23:db:59:b1:fb:b2:b0:cc:3d:a2:65:33:68:59:30:5a:c3:
         cf:fe:8a:b5:c6:54:96:91:28:3c:b0:28:bb:99:a6:26:0c:64:
         12:ec:73:f4:77:f0:84:22:92:c1:bf:a8:8b:c0:da:b4:99:47:
         b1:9c:e2:e7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EPYM9Gkx6dTagLx+IkTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NTNjMDYyOTBhMzcxOTk0ZDc1NzczMTg2ODVmNWJjNGE1
MzhkNDcwHhcNMjYwMTAxMTAxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjZiOTE0YTUzNzdiYjEwYzJlNTBmOWZjNTE4YjA0Y2Y5M2FlODczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjoNB2ZrCtauMXiltFraGk7QxV7H
xsuVVx7jYst4O1DN/5jFIK4v6pE2b/P4bGce4WDBiZM1J9i6mROh8b1qMAXivPxB
DFWzxbR7FG+O3d4fh/gsavIqhk65ZzpvvvPOXok3cN0Be50iFRrIXnHSzSxPHogD
83pGMfjAFlRImAaM6IEFuaqDfvKBrFAnwy+OQXTZ6ZM0T4iUeAXp6E7cNIxbF5ys
sm+XFyubImBIDbcx5DRwzXg/fkRs3rY8H88HUVDSh+YA2/KV/EEx3xIdh+3CTghD
PKPnBGu20kXcmogRgOtbP/0HgSwnanlU1RPPpm8u30uUMr2XnSl4sRrLSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJrkUpTd7sQwuUPn8UYsEz5OuhzMB8GA1UdIwQY
MBaAFFdTwGKQo3GZTXV3MYaF9bxKU41HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2It
MWVkMTA5NTRiZDk2LzEvb211UlNsTjN1eERDNVEtZnhSaXdUUGs2NkhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9iNDFhYjYtYjlmMy00YjRhLTliN2ItMWVkMTA5NTRiZDk2
LzEvVjFQQVlwQ2pjWmxOZFhjeGhvWDF2RXBUalVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnqzaMA0G
CSqGSIb3DQEBCwUAA4IBAQAAFwGI5rPIQWvJbInA58XBuMUb+JtGj4COh9aec+sL
4oj7xIS3CDgkb4Jj01bz5249uwGHJxbax9QH1nD2gUJ6Ur344SwGRhnxiLST9zpH
YlVYXknLilh1NRkWsIWQ5O8CRzkb56DXeJ5KsF89cpTa9tRTFX541MyqqWXI3MZU
C3KXkx32JFYIqSRVjJrt9w8eV5oYhD7zI95qV2Ut8VDCPamH81R5xuHUoqFQvAjt
5vJbLYPzgfhztMTvKiVApbl+RI1zSRJFI9tZsfuysMw9omUzaFkwWsPP/oq1xlSW
kSg8sCi7maYmDGQS7HP0d/CEIpLBv6iLwNq0mUexnOLn
-----END CERTIFICATE-----