This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/4aGekIs0rj3iGgyg0A0QgxMIJLQ.roa
File:                     4aGekIs0rj3iGgyg0A0QgxMIJLQ.roa (raw, json)
Hash identifier:          jSSGAV/hJOLPxPM6CPuHRQ7BVztFWzCWkaisUdui1tg=
Subject key identifier:   E1:A1:9E:90:8B:34:AE:3D:E2:1A:0C:A0:D0:0D:10:83:13:08:24:B4
Certificate issuer:       /CN=01626ffd800eafa336bdf343141f03f7c393c364
Certificate serial:       019B797E3379DA21CC2B115B2892C1DE2949
Authority key identifier: 01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/4aGekIs0rj3iGgyg0A0QgxMIJLQ.roa
Signing time:             Thu 01 Jan 2026 12:17:52 +0000
ROA not before:           Thu 01 Jan 2026 12:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47632
IP address blocks:        194.153.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:33:79:da:21:cc:2b:11:5b:28:92:c1:de:29:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01626ffd800eafa336bdf343141f03f7c393c364
        Validity
            Not Before: Jan  1 12:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e1a19e908b34ae3de21a0ca0d00d1083130824b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:e6:d1:e9:41:fe:d4:ca:ea:5e:ce:dc:ed:22:
                    10:08:8d:fd:89:08:16:be:8e:78:f0:f4:e5:23:79:
                    cd:c4:94:56:31:32:9a:8c:75:64:c4:3d:00:5c:2a:
                    07:43:81:4c:ba:48:de:7a:f1:ab:80:d6:3e:f9:77:
                    35:9f:6d:e4:42:76:4c:85:a4:aa:7d:22:45:79:ec:
                    b7:3e:2d:36:c4:d6:10:c2:2f:35:35:73:02:0f:2b:
                    f5:c9:79:60:3f:ca:1d:f1:51:71:10:92:16:7d:7b:
                    e8:59:40:9b:91:43:6f:9b:2b:2e:56:1a:0f:b3:6a:
                    ba:d1:f2:ea:fb:69:2e:9d:7c:ce:e0:3d:28:83:44:
                    85:c2:4b:9f:84:30:9b:97:e5:63:43:e6:89:50:6b:
                    7c:07:78:73:52:4d:fe:72:50:4e:f3:1f:ba:42:51:
                    0b:ab:7e:be:79:8c:1f:c3:ac:ac:ca:5b:71:ca:3e:
                    c5:90:9f:6b:03:21:78:d5:9c:03:8d:a9:b5:48:7f:
                    a5:c7:fb:b2:81:6f:bf:b0:ea:6d:60:f3:53:ed:ba:
                    18:9f:72:d3:21:c8:87:01:eb:82:42:c9:0e:87:dc:
                    2e:b4:0a:1d:d0:13:9d:c6:7e:ac:b3:92:7e:d4:80:
                    88:cb:d4:89:60:8a:bb:96:57:46:ca:5e:d7:a6:6a:
                    8b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:A1:9E:90:8B:34:AE:3D:E2:1A:0C:A0:D0:0D:10:83:13:08:24:B4
            X509v3 Authority Key Identifier:
                keyid:01:62:6F:FD:80:0E:AF:A3:36:BD:F3:43:14:1F:03:F7:C3:93:C3:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AWJv_YAOr6M2vfNDFB8D98OTw2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/4aGekIs0rj3iGgyg0A0QgxMIJLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/c4e5a0-8219-4ff9-8287-1f4bea23e4c7/1/AWJv_YAOr6M2vfNDFB8D98OTw2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.153.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:2d:13:67:83:72:ac:aa:3a:f8:73:24:03:42:94:7f:e2:7b:
         20:a8:04:30:3c:fe:63:a2:e2:2a:1c:73:06:ca:b3:e0:b5:75:
         51:82:7e:d8:6a:99:d6:66:3d:04:3b:21:a5:92:15:d1:7a:f4:
         74:a8:95:d6:c5:f8:39:f8:57:d3:52:72:db:32:6c:70:94:99:
         ee:25:b4:40:3d:06:0c:dc:fb:23:df:ca:b4:7b:54:ba:f4:68:
         6e:a5:bf:65:04:aa:bf:01:08:61:43:ec:09:d0:24:8c:50:cc:
         17:65:25:a7:04:61:4f:03:da:62:60:13:d2:92:a2:95:ff:b9:
         ab:4d:f0:ca:89:a0:28:86:0c:f5:0b:20:19:6a:d8:95:55:ba:
         8b:ef:9f:ce:50:ab:1f:0e:5a:03:61:6e:da:58:54:09:df:57:
         28:d6:e2:d7:71:cd:f0:8c:d7:50:46:c2:91:66:43:30:d4:64:
         52:0e:3f:84:d2:ce:d7:5e:fe:6b:e9:da:ab:95:46:e1:53:e1:
         05:de:a6:ea:a7:7e:cd:3a:6a:81:78:49:92:b7:af:ce:a7:78:
         d3:89:e0:16:d3:a9:ea:05:48:ca:18:8d:16:ae:4c:42:99:2b:
         e7:2d:cc:d7:8b:64:0e:df:98:bb:09:5a:b5:c9:ea:6d:eb:f6:
         24:25:e9:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fjN52iHMKxFbKJLB3ilJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNjI2ZmZkODAwZWFmYTMzNmJkZjM0MzE0MWYwM2Y3YzM5
M2MzNjQwHhcNMjYwMTAxMTIxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWExOWU5MDhiMzRhZTNkZTIxYTBjYTBkMDBkMTA4MzEzMDgyNGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+ebR6UH+1MrqXs7c7SIQCI39iQgW
vo548PTlI3nNxJRWMTKajHVkxD0AXCoHQ4FMukjeevGrgNY++Xc1n23kQnZMhaSq
fSJFeey3Pi02xNYQwi81NXMCDyv1yXlgP8od8VFxEJIWfXvoWUCbkUNvmysuVhoP
s2q60fLq+2kunXzO4D0og0SFwkufhDCbl+VjQ+aJUGt8B3hzUk3+clBO8x+6QlEL
q36+eYwfw6ysyltxyj7FkJ9rAyF41ZwDjam1SH+lx/uygW+/sOptYPNT7boYn3LT
IciHAeuCQskOh9wutAod0BOdxn6ss5J+1ICIy9SJYIq7lldGyl7XpmqL2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOGhnpCLNK494hoMoNANEIMTCCS0MB8GA1UdIwQY
MBaAFAFib/2ADq+jNr3zQxQfA/fDk8NkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODct
MWY0YmVhMjNlNGM3LzEvNGFHZWtJczByajNpR2d5ZzBBMFFneE1JSkxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jNGU1YTAtODIxOS00ZmY5LTgyODctMWY0YmVhMjNlNGM3
LzEvQVdKdl9ZQU9yNk0ydmZOREZCOEQ5OE9UdzJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwplOMA0G
CSqGSIb3DQEBCwUAA4IBAQBbLRNng3Ksqjr4cyQDQpR/4nsgqAQwPP5jouIqHHMG
yrPgtXVRgn7YapnWZj0EOyGlkhXRevR0qJXWxfg5+FfTUnLbMmxwlJnuJbRAPQYM
3Psj38q0e1S69Ghupb9lBKq/AQhhQ+wJ0CSMUMwXZSWnBGFPA9piYBPSkqKV/7mr
TfDKiaAohgz1CyAZatiVVbqL75/OUKsfDloDYW7aWFQJ31co1uLXcc3wjNdQRsKR
ZkMw1GRSDj+E0s7XXv5r6dqrlUbhU+EF3qbqp37NOmqBeEmSt6/Op3jTieAW06nq
BUjKGI0WrkxCmSvnLczXi2QO35i7CVq1yept6/YkJeno
-----END CERTIFICATE-----