This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/4wCH1xXH2AmEqNEibg1P7FM72SE.roa
File:                     4wCH1xXH2AmEqNEibg1P7FM72SE.roa (raw, json)
Hash identifier:          1jaXMinq6qu7nzoECfPCDfNYeYpFgouOjB2jk7Nl0Sw=
Subject key identifier:   E3:00:87:D7:15:C7:D8:09:84:A8:D1:22:6E:0D:4F:EC:53:3B:D9:21
Certificate issuer:       /CN=3993d54e639080a46c3fe3d58aa87e305db69ad1
Certificate serial:       019B79ECEF5205D55A5E4DDE292E6B9AB995
Authority key identifier: 39:93:D5:4E:63:90:80:A4:6C:3F:E3:D5:8A:A8:7E:30:5D:B6:9A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OZPVTmOQgKRsP-PViqh-MF22mtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/4wCH1xXH2AmEqNEibg1P7FM72SE.roa
Signing time:             Thu 01 Jan 2026 14:18:49 +0000
ROA not before:           Thu 01 Jan 2026 14:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212424
IP address blocks:        192.159.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/OZPVTmOQgKRsP-PViqh-MF22mtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/OZPVTmOQgKRsP-PViqh-MF22mtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OZPVTmOQgKRsP-PViqh-MF22mtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 14:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:ef:52:05:d5:5a:5e:4d:de:29:2e:6b:9a:b9:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3993d54e639080a46c3fe3d58aa87e305db69ad1
        Validity
            Not Before: Jan  1 14:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e30087d715c7d80984a8d1226e0d4fec533bd921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:6c:98:a2:c2:99:c9:c6:7a:7c:4b:25:17:c9:
                    a9:bc:35:ec:47:16:49:9a:63:5b:c4:28:18:54:10:
                    e5:89:44:c6:4e:ab:4f:a9:d4:2c:76:e9:c3:0a:7d:
                    c9:e4:e3:8c:2a:97:c7:dd:b6:fc:7b:cc:cc:31:0e:
                    17:0f:0a:88:ce:0a:18:4f:16:a7:fc:30:d4:06:e9:
                    d5:f9:42:5e:54:28:4d:c3:ed:99:37:3f:c1:1c:fb:
                    d3:4a:d6:94:84:ad:4a:65:2a:51:38:44:ae:09:92:
                    78:a5:e3:dd:b6:4b:6c:7f:87:32:52:a0:0b:7d:24:
                    06:e3:e7:34:7c:bf:1d:d4:14:bc:11:55:06:76:ef:
                    70:ac:63:95:c5:5f:74:62:30:df:5e:32:1e:f1:e4:
                    8e:8e:a0:5e:77:50:72:48:70:98:20:57:27:11:ac:
                    1c:9e:4d:d1:7a:69:20:5b:84:bd:e8:83:e5:03:8a:
                    ff:0b:9d:06:26:02:47:13:55:a6:49:fd:f2:71:24:
                    4f:39:40:40:c1:84:09:a1:0d:e9:fe:98:bb:bb:a5:
                    9d:82:4d:a1:c1:14:3d:77:70:e0:31:ca:c6:15:a7:
                    c9:2a:b5:29:f2:4c:e2:7b:31:7a:00:62:4b:d6:a6:
                    78:c8:47:88:50:16:02:78:a0:f6:61:df:2e:b1:4b:
                    3d:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:00:87:D7:15:C7:D8:09:84:A8:D1:22:6E:0D:4F:EC:53:3B:D9:21
            X509v3 Authority Key Identifier:
                keyid:39:93:D5:4E:63:90:80:A4:6C:3F:E3:D5:8A:A8:7E:30:5D:B6:9A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OZPVTmOQgKRsP-PViqh-MF22mtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/4wCH1xXH2AmEqNEibg1P7FM72SE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/80959d-f5c4-4ac9-ad13-d48fbc1a243b/1/OZPVTmOQgKRsP-PViqh-MF22mtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.159.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:91:30:2c:01:c7:fa:45:a1:b2:dc:c9:a5:07:b8:3a:21:26:
         c6:80:2d:79:7f:69:56:1e:a5:bd:4e:8c:f2:a6:96:9e:28:be:
         46:9a:64:be:c4:02:01:22:34:e1:58:f1:75:11:ed:6e:50:32:
         e3:f5:b1:d3:ea:9d:0e:79:f3:3c:6a:7b:39:5c:c6:8f:63:64:
         2b:11:33:b4:d0:f2:e7:d3:0a:95:e9:82:8c:9f:df:65:b5:9d:
         da:f3:1a:4e:9e:16:13:36:46:40:9f:44:91:c5:49:ec:57:d2:
         8c:9a:84:67:d6:5f:3d:3e:cb:f0:6b:a7:c4:e9:30:3d:1c:9d:
         a4:0a:2e:0d:b6:a0:70:c3:42:0f:6f:51:c1:31:65:2b:bc:4a:
         a8:cd:58:f8:08:d2:bd:a0:89:8a:b6:89:15:45:25:a8:1e:96:
         3f:98:5f:16:a0:54:f9:dc:d6:7f:09:98:c5:06:78:53:30:76:
         6c:81:b5:af:6d:6b:15:ec:40:c0:57:a8:6f:8a:01:f9:18:f2:
         9c:8e:53:c9:33:64:a4:ba:8a:de:f6:8c:14:d5:6f:7a:16:45:
         f3:7b:c1:b4:ce:d4:b3:62:88:83:b0:79:9a:92:86:03:1f:36:
         89:d1:8d:f4:7e:6d:a6:ab:fb:61:67:29:1c:1d:70:6e:db:4b:
         af:01:fe:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57O9SBdVaXk3eKS5rmrmVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5OTNkNTRlNjM5MDgwYTQ2YzNmZTNkNThhYTg3ZTMwNWRi
NjlhZDEwHhcNMjYwMTAxMTQxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzAwODdkNzE1YzdkODA5ODRhOGQxMjI2ZTBkNGZlYzUzM2JkOTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmyYosKZycZ6fEslF8mpvDXsRxZJ
mmNbxCgYVBDliUTGTqtPqdQsdunDCn3J5OOMKpfH3bb8e8zMMQ4XDwqIzgoYTxan
/DDUBunV+UJeVChNw+2ZNz/BHPvTStaUhK1KZSpROESuCZJ4pePdtktsf4cyUqAL
fSQG4+c0fL8d1BS8EVUGdu9wrGOVxV90YjDfXjIe8eSOjqBed1BySHCYIFcnEawc
nk3RemkgW4S96IPlA4r/C50GJgJHE1WmSf3ycSRPOUBAwYQJoQ3p/pi7u6Wdgk2h
wRQ9d3DgMcrGFafJKrUp8kziezF6AGJL1qZ4yEeIUBYCeKD2Yd8usUs9NQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOMAh9cVx9gJhKjRIm4NT+xTO9khMB8GA1UdIwQY
MBaAFDmT1U5jkICkbD/j1YqofjBdtprRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1pQVlRtT1FnS1JzUC1QVmlxaC1NRjIybXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS84MDk1OWQtZjVjNC00YWM5LWFkMTMt
ZDQ4ZmJjMWEyNDNiLzEvNHdDSDF4WEgyQW1FcU5FaWJnMVA3Rk03MlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS84MDk1OWQtZjVjNC00YWM5LWFkMTMtZDQ4ZmJjMWEyNDNi
LzEvT1pQVlRtT1FnS1JzUC1QVmlxaC1NRjIybXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJ95MA0G
CSqGSIb3DQEBCwUAA4IBAQBpkTAsAcf6RaGy3MmlB7g6ISbGgC15f2lWHqW9Tozy
ppaeKL5GmmS+xAIBIjThWPF1Ee1uUDLj9bHT6p0OefM8ans5XMaPY2QrETO00PLn
0wqV6YKMn99ltZ3a8xpOnhYTNkZAn0SRxUnsV9KMmoRn1l89Psvwa6fE6TA9HJ2k
Ci4NtqBww0IPb1HBMWUrvEqozVj4CNK9oImKtokVRSWoHpY/mF8WoFT53NZ/CZjF
BnhTMHZsgbWvbWsV7EDAV6hvigH5GPKcjlPJM2Skuore9owU1W96FkXze8G0ztSz
YoiDsHmakoYDHzaJ0Y30fm2mq/thZykcHXBu20uvAf4B
-----END CERTIFICATE-----