This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/ESthSZtxPiTKHLF_RbKMrDbOe-Q.roa
File:                     ESthSZtxPiTKHLF_RbKMrDbOe-Q.roa (raw, json)
Hash identifier:          dIbh8TfwS7S2uYBff8Ic7aOyQ8MQBSDNQTSA81/8m50=
Subject key identifier:   11:2B:61:49:9B:71:3E:24:CA:1C:B1:7F:45:B2:8C:AC:36:CE:7B:E4
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       019B78A36DC900BD3B758C34DB02154D1DD2
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/ESthSZtxPiTKHLF_RbKMrDbOe-Q.roa
Signing time:             Thu 01 Jan 2026 08:18:54 +0000
ROA not before:           Thu 01 Jan 2026 08:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25560
IP address blocks:        2a03:f85::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 08:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:6d:c9:00:bd:3b:75:8c:34:db:02:15:4d:1d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 08:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=112b61499b713e24ca1cb17f45b28cac36ce7be4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:16:4d:c4:44:37:8e:b4:7b:dc:ca:b4:43:9b:
                    97:47:74:80:ff:bf:5c:7f:5b:4c:31:83:76:73:91:
                    f7:44:56:53:3d:b5:a5:0e:d3:b5:01:b6:6f:11:78:
                    4a:34:96:d7:5a:11:e0:3d:07:72:b1:51:31:93:31:
                    dd:56:e4:fd:86:71:87:f1:d7:d3:05:93:f7:3b:de:
                    71:45:cd:ea:7d:46:bd:9b:ab:39:9e:34:7f:e5:78:
                    ad:1e:18:28:b3:63:6b:cb:ac:07:b8:74:15:96:6b:
                    c3:fd:df:04:c5:39:ac:b8:63:af:9c:1c:82:3a:97:
                    4f:f4:80:e9:a9:f6:62:93:ba:fd:f8:cd:10:bb:ff:
                    c8:c3:fb:71:e5:12:43:42:96:f5:82:f2:0a:10:f0:
                    33:06:d5:26:53:3b:cd:d9:2e:0d:a4:42:16:3f:cf:
                    74:cd:b1:89:87:2b:71:a2:24:6b:0c:13:3e:01:02:
                    50:75:13:48:45:2b:75:b6:90:b8:ef:33:34:23:8c:
                    5b:3b:d2:e8:0c:64:f3:0e:27:8f:c2:03:f4:a7:95:
                    70:ca:bf:df:e7:97:1c:b3:4d:77:68:69:3b:66:58:
                    87:76:d0:4d:54:38:b7:64:2f:33:4d:6b:03:d7:c7:
                    ab:4f:6c:8e:bb:8e:f2:49:d7:cf:8f:dc:d2:fa:26:
                    9b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:2B:61:49:9B:71:3E:24:CA:1C:B1:7F:45:B2:8C:AC:36:CE:7B:E4
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/ESthSZtxPiTKHLF_RbKMrDbOe-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:f85::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:2f:88:47:da:62:02:cc:93:c2:97:fc:58:79:3e:7a:9e:5d:
         c2:7f:59:6c:13:fc:68:b3:45:3f:ce:15:a9:c0:6b:c2:ce:6f:
         c9:d4:1c:81:c2:bc:c8:80:ab:0d:61:12:7f:c8:51:c2:f6:2f:
         64:62:bd:90:0a:75:6c:1a:da:4a:94:12:60:48:15:e1:49:40:
         ef:78:25:0a:a5:28:03:69:2b:0d:34:e7:9c:6d:74:d7:99:6e:
         07:00:52:74:a7:f7:5b:dc:4c:d1:e7:56:ff:84:24:c6:d9:85:
         42:21:d8:45:fa:41:1e:79:d7:42:e3:9c:06:63:a4:bf:43:6d:
         28:86:16:b6:16:65:9e:5c:34:a1:03:97:58:1a:58:00:ef:29:
         24:10:26:36:b0:2a:80:c4:39:d0:c8:07:a8:3c:05:92:92:80:
         5f:1a:cd:13:c8:ef:b6:6b:79:cb:d0:54:cd:33:25:02:d7:81:
         99:78:1f:95:aa:bf:56:57:56:ef:c9:4b:63:73:82:5a:42:6c:
         4b:9f:19:d3:76:08:cb:7e:3f:89:70:37:75:38:cd:25:44:81:
         6f:fc:e1:ff:c3:06:2e:88:8e:ac:d6:e7:49:cc:3d:a5:fe:f6:
         55:92:20:5b:97:98:a4:7e:a3:d3:ee:43:01:a4:de:37:0d:8b:
         15:c2:2f:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4o23JAL07dYw02wIVTR3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjYwMTAxMDgxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTJiNjE0OTliNzEzZTI0Y2ExY2IxN2Y0NWIyOGNhYzM2Y2U3YmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRZNxEQ3jrR73Mq0Q5uXR3SA/79c
f1tMMYN2c5H3RFZTPbWlDtO1AbZvEXhKNJbXWhHgPQdysVExkzHdVuT9hnGH8dfT
BZP3O95xRc3qfUa9m6s5njR/5XitHhgos2Nry6wHuHQVlmvD/d8ExTmsuGOvnByC
OpdP9IDpqfZik7r9+M0Qu//Iw/tx5RJDQpb1gvIKEPAzBtUmUzvN2S4NpEIWP890
zbGJhytxoiRrDBM+AQJQdRNIRSt1tpC47zM0I4xbO9LoDGTzDiePwgP0p5Vwyr/f
55ccs013aGk7ZliHdtBNVDi3ZC8zTWsD18erT2yOu47ySdfPj9zS+iabywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBErYUmbcT4kyhyxf0WyjKw2znvkMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvRVN0aFNadHhQaVRLSExGX1JiS01yRGJPZS1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMPhQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAiL4hH2mICzJPCl/xYeT56nl3Cf1lsE/xos0U/
zhWpwGvCzm/J1ByBwrzIgKsNYRJ/yFHC9i9kYr2QCnVsGtpKlBJgSBXhSUDveCUK
pSgDaSsNNOecbXTXmW4HAFJ0p/db3EzR51b/hCTG2YVCIdhF+kEeeddC45wGY6S/
Q20ohha2FmWeXDShA5dYGlgA7ykkECY2sCqAxDnQyAeoPAWSkoBfGs0TyO+2a3nL
0FTNMyUC14GZeB+Vqr9WV1bvyUtjc4JaQmxLnxnTdgjLfj+JcDd1OM0lRIFv/OH/
wwYuiI6s1udJzD2l/vZVkiBbl5ikfqPT7kMBpN43DYsVwi9e
-----END CERTIFICATE-----