This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/4lIeViGYyAArH6xFgAXuF1KY8oo.roa
File:                     4lIeViGYyAArH6xFgAXuF1KY8oo.roa (raw, json)
Hash identifier:          3sNxRj68ViMu808j4OAwb7vp2hEV9aYGZZ0Iae+xOYY=
Subject key identifier:   E2:52:1E:56:21:98:C8:00:2B:1F:AC:45:80:05:EE:17:52:98:F2:8A
Certificate issuer:       /CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
Certificate serial:       019B77C6727DB1433B2585BF743B8ABFC4A5
Authority key identifier: A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/4lIeViGYyAArH6xFgAXuF1KY8oo.roa
Signing time:             Thu 01 Jan 2026 04:17:32 +0000
ROA not before:           Thu 01 Jan 2026 04:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203062
IP address blocks:        217.9.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:72:7d:b1:43:3b:25:85:bf:74:3b:8a:bf:c4:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7ee182d9c43a5ce7068dfd9ba7aa8ed90e5e0ba
        Validity
            Not Before: Jan  1 04:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2521e562198c8002b1fac458005ee175298f28a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:14:ae:f7:c9:79:2f:6a:82:c3:64:a3:18:e2:
                    c6:92:a0:d8:1a:7e:13:6f:fd:73:bd:7e:9b:01:88:
                    df:26:1e:6f:f8:a5:56:5e:56:6d:10:b3:3f:85:fc:
                    02:ec:2d:42:94:50:8c:2a:92:8b:b3:93:9d:99:5f:
                    9a:3f:ea:d4:03:bd:50:6f:4a:19:e3:b5:1d:ff:9a:
                    1c:e0:be:49:9e:ce:8a:5c:9c:8d:45:3e:46:c4:67:
                    69:01:22:94:a3:a7:17:ef:3c:97:24:87:31:a7:36:
                    2f:34:1b:7a:14:25:c5:5f:83:93:c8:11:6d:60:38:
                    bc:16:fe:30:b4:22:5c:36:6c:fe:b6:ed:71:b9:5e:
                    95:79:50:37:1c:77:69:57:0f:fb:aa:dc:8f:2a:ce:
                    ec:2f:d3:c5:26:44:b2:ca:b7:cc:ad:6c:e3:9a:46:
                    dc:97:18:e5:ff:10:fc:d9:a0:7b:92:b8:1f:bc:61:
                    e9:72:b9:95:23:aa:6c:fd:77:ef:25:05:dd:45:63:
                    12:93:47:a9:97:84:ec:2e:03:60:b2:fe:8f:d1:86:
                    e2:38:7b:1f:7c:9a:fa:3f:ed:1d:a0:c3:12:27:ad:
                    f4:c2:cc:40:4d:a3:15:67:1e:af:fa:f9:ec:fc:b6:
                    d0:9d:0a:b5:1e:b8:63:83:33:66:7c:82:1b:b7:23:
                    3b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:52:1E:56:21:98:C8:00:2B:1F:AC:45:80:05:EE:17:52:98:F2:8A
            X509v3 Authority Key Identifier:
                keyid:A7:EE:18:2D:9C:43:A5:CE:70:68:DF:D9:BA:7A:A8:ED:90:E5:E0:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/4lIeViGYyAArH6xFgAXuF1KY8oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/dab420-0de3-4321-9c09-6b5f68522a7d/1/p-4YLZxDpc5waN_Zunqo7ZDl4Lo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.9.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:17:80:c1:0a:23:f4:08:a8:24:eb:e7:96:b2:d4:93:fe:65:
         0a:02:60:a7:7e:a6:82:22:24:34:ec:06:7b:5c:a1:8a:27:5f:
         c8:cd:c4:c5:76:aa:da:f1:ab:84:10:30:50:38:0d:93:6b:ec:
         f3:80:25:76:70:1d:27:f2:23:5b:9f:e0:57:3d:1f:46:cc:fb:
         02:18:0b:08:61:aa:4c:6b:cb:0e:2b:93:f6:ca:aa:cb:cd:51:
         10:d9:0e:d7:6c:26:ec:ee:6b:fc:5d:13:f0:8d:e4:e8:1e:00:
         b0:3f:46:b6:d6:d9:9e:b4:06:6e:f4:1d:6f:f5:cb:19:dc:ef:
         26:89:6e:d8:90:8e:66:b8:f7:da:e9:48:7d:34:47:b4:ca:aa:
         2b:ab:4e:c6:68:f1:5d:16:45:39:88:d8:ca:d3:59:43:2b:b3:
         b0:62:be:f5:f7:09:85:2f:4f:fd:08:9c:fd:0c:cc:cc:3b:19:
         b9:c9:b4:0c:24:76:a6:60:8c:30:ec:15:ed:30:d1:4c:33:4d:
         b6:aa:c0:36:d6:26:34:76:04:30:d0:5b:b6:7a:e9:57:61:d2:
         32:b9:c0:4f:10:2b:8a:04:48:43:0a:cb:c6:fc:b8:73:f4:8c:
         13:ce:4b:dd:59:9c:88:fb:35:40:97:9b:01:5e:75:02:ff:4e:
         ce:c4:8b:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xnJ9sUM7JYW/dDuKv8SlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZWUxODJkOWM0M2E1Y2U3MDY4ZGZkOWJhN2FhOGVkOTBl
NWUwYmEwHhcNMjYwMTAxMDQxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjUyMWU1NjIxOThjODAwMmIxZmFjNDU4MDA1ZWUxNzUyOThmMjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1xSu98l5L2qCw2SjGOLGkqDYGn4T
b/1zvX6bAYjfJh5v+KVWXlZtELM/hfwC7C1ClFCMKpKLs5OdmV+aP+rUA71Qb0oZ
47Ud/5oc4L5Jns6KXJyNRT5GxGdpASKUo6cX7zyXJIcxpzYvNBt6FCXFX4OTyBFt
YDi8Fv4wtCJcNmz+tu1xuV6VeVA3HHdpVw/7qtyPKs7sL9PFJkSyyrfMrWzjmkbc
lxjl/xD82aB7krgfvGHpcrmVI6ps/XfvJQXdRWMSk0epl4TsLgNgsv6P0YbiOHsf
fJr6P+0doMMSJ630wsxATaMVZx6v+vns/LbQnQq1HrhjgzNmfIIbtyM70QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOJSHlYhmMgAKx+sRYAF7hdSmPKKMB8GA1UdIwQY
MBaAFKfuGC2cQ6XOcGjf2bp6qO2Q5eC6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDkt
NmI1ZjY4NTIyYTdkLzEvNGxJZVZpR1l5QUFySDZ4RmdBWHVGMUtZOG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9kYWI0MjAtMGRlMy00MzIxLTljMDktNmI1ZjY4NTIyYTdk
LzEvcC00WUxaeERwYzV3YU5fWnVucW83WkRsNExvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2QkKMA0G
CSqGSIb3DQEBCwUAA4IBAQBBF4DBCiP0CKgk6+eWstST/mUKAmCnfqaCIiQ07AZ7
XKGKJ1/IzcTFdqra8auEEDBQOA2Ta+zzgCV2cB0n8iNbn+BXPR9GzPsCGAsIYapM
a8sOK5P2yqrLzVEQ2Q7XbCbs7mv8XRPwjeToHgCwP0a21tmetAZu9B1v9csZ3O8m
iW7YkI5muPfa6Uh9NEe0yqorq07GaPFdFkU5iNjK01lDK7OwYr719wmFL0/9CJz9
DMzMOxm5ybQMJHamYIww7BXtMNFMM022qsA21iY0dgQw0Fu2eulXYdIyucBPECuK
BEhDCsvG/Lhz9IwTzkvdWZyI+zVAl5sBXnUC/07OxIt9
-----END CERTIFICATE-----