This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/olF-cqmBWshxTUVWVkUbPRk749w.roa
File:                     olF-cqmBWshxTUVWVkUbPRk749w.roa (raw, json)
Hash identifier:          d6Z33VIcGK/j1/1oQ6IsYl5fAAA03zSUORhuXcW/d1k=
Subject key identifier:   A2:51:7E:72:A9:81:5A:C8:71:4D:45:56:56:45:1B:3D:19:3B:E3:DC
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019ABED75B40C5B24FB73F429CA86486DBFC
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/olF-cqmBWshxTUVWVkUbPRk749w.roa
Signing time:             Wed 26 Nov 2025 06:26:15 +0000
ROA not before:           Wed 26 Nov 2025 06:26:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207905
IP address blocks:        158.173.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:be:d7:5b:40:c5:b2:4f:b7:3f:42:9c:a8:64:86:db:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Nov 26 06:26:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2517e72a9815ac8714d455656451b3d193be3dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:34:07:7a:78:95:9b:d4:93:8a:3f:e9:f2:c9:
                    af:ff:22:d4:87:af:3c:34:51:4d:97:13:0a:ec:07:
                    49:a5:4f:81:6c:a8:42:60:e9:54:0f:39:31:92:51:
                    e8:56:b1:1b:ba:8b:1f:ae:f0:4f:4f:36:9e:9f:41:
                    91:d5:16:22:8e:5a:18:76:47:38:10:5f:02:a3:dd:
                    61:ff:6f:10:1a:7e:41:65:4d:74:4f:b0:49:27:f2:
                    ab:23:ea:d1:99:53:15:ec:34:77:1f:41:7f:20:15:
                    d5:70:13:d7:3b:ac:4f:82:eb:3d:a9:2d:5d:f4:8c:
                    08:3f:5e:4b:dc:2a:68:9c:6b:1f:f4:32:77:df:bb:
                    71:96:9d:62:05:89:88:fe:6f:78:55:1c:48:68:f5:
                    af:88:82:fc:27:53:6b:24:06:5f:aa:2d:27:be:90:
                    db:2e:0e:2f:ce:89:b8:ec:d8:d1:e8:07:db:ec:44:
                    0e:21:02:77:d6:a8:e1:6a:6d:83:d0:71:99:12:36:
                    7d:44:2a:5a:6f:ad:47:2f:a9:98:c9:0c:3c:1f:15:
                    f7:a0:c5:ee:9a:f0:11:6c:19:dc:6e:5f:88:dd:f9:
                    1a:5e:c6:39:2d:eb:a5:ab:ae:1b:54:1f:2c:38:74:
                    c5:7a:aa:fb:a8:a0:57:56:9f:f7:a8:94:b0:30:f1:
                    59:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:51:7E:72:A9:81:5A:C8:71:4D:45:56:56:45:1B:3D:19:3B:E3:DC
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/olF-cqmBWshxTUVWVkUbPRk749w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:93:dc:ed:11:be:98:09:8f:c3:87:d8:a3:86:b2:4c:3a:92:
         29:33:3c:88:df:91:6d:a1:60:8b:e0:e8:1a:12:ed:22:21:25:
         70:62:9a:ac:da:a8:a9:ed:e5:65:f3:e6:89:43:5d:a6:4c:25:
         0a:0d:5d:34:d6:a1:29:16:9f:62:15:ed:79:c1:73:4c:b6:da:
         c6:e0:eb:12:4e:79:20:2e:46:42:00:d3:91:c6:0c:dc:88:ce:
         5c:41:e9:c6:44:4c:95:17:68:41:70:b7:72:e1:c1:c5:3a:67:
         da:c0:e1:d0:d1:e1:26:74:99:01:f3:e4:bb:69:1e:9b:03:e7:
         82:2f:c4:9e:57:32:61:3a:be:1b:5c:0c:a6:4a:cf:22:1c:3f:
         0d:26:f9:f2:fc:91:10:e3:7b:4f:96:b0:7f:02:4e:66:c6:9a:
         5f:55:06:38:30:d0:0d:ab:14:b1:73:f1:d3:7c:8e:99:a9:eb:
         7a:41:6b:a3:46:c7:e6:19:94:c6:0e:1f:86:fc:1c:4c:11:1b:
         25:3b:e8:b0:e7:55:a9:fb:78:9e:90:3f:7b:d3:f5:ea:4f:d0:
         7e:1e:a0:08:86:f6:ab:69:9c:7b:15:8a:e2:59:79:4a:60:c8:
         f3:f1:f7:d7:a0:33:ba:2b:71:8a:98:34:35:75:d6:09:28:61:
         ef:e8:dd:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq+11tAxbJPtz9CnKhkhtv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjUxMTI2MDYyNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjUxN2U3MmE5ODE1YWM4NzE0ZDQ1NTY1NjQ1MWIzZDE5M2JlM2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDQHeniVm9STij/p8smv/yLUh688
NFFNlxMK7AdJpU+BbKhCYOlUDzkxklHoVrEbuosfrvBPTzaen0GR1RYijloYdkc4
EF8Co91h/28QGn5BZU10T7BJJ/KrI+rRmVMV7DR3H0F/IBXVcBPXO6xPgus9qS1d
9IwIP15L3CponGsf9DJ337txlp1iBYmI/m94VRxIaPWviIL8J1NrJAZfqi0nvpDb
Lg4vzom47NjR6Afb7EQOIQJ31qjham2D0HGZEjZ9RCpab61HL6mYyQw8HxX3oMXu
mvARbBncbl+I3fkaXsY5Leulq64bVB8sOHTFeqr7qKBXVp/3qJSwMPFZUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJRfnKpgVrIcU1FVlZFGz0ZO+PcMB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvb2xGLWNxbUJXc2h4VFVWV1ZrVWJQUms3NDl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq0oMA0G
CSqGSIb3DQEBCwUAA4IBAQA2k9ztEb6YCY/Dh9ijhrJMOpIpMzyI35FtoWCL4Oga
Eu0iISVwYpqs2qip7eVl8+aJQ12mTCUKDV001qEpFp9iFe15wXNMttrG4OsSTnkg
LkZCANORxgzciM5cQenGREyVF2hBcLdy4cHFOmfawOHQ0eEmdJkB8+S7aR6bA+eC
L8SeVzJhOr4bXAymSs8iHD8NJvny/JEQ43tPlrB/Ak5mxppfVQY4MNANqxSxc/HT
fI6Zqet6QWujRsfmGZTGDh+G/BxMERslO+iw51Wp+3iekD970/XqT9B+HqAIhvar
aZx7FYriWXlKYMjz8ffXoDO6K3GKmDQ1ddYJKGHv6N0R
-----END CERTIFICATE-----