This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/4jDuY8VO0qUXF7q46qoMV9gLKuM.roa
File:                     4jDuY8VO0qUXF7q46qoMV9gLKuM.roa (raw, json)
Hash identifier:          viGMatLEXcz0cMUCHgF1aDM1PbJJdZT8heBBxrGwjjQ=
Subject key identifier:   E2:30:EE:63:C5:4E:D2:A5:17:17:BA:B8:EA:AA:0C:57:D8:0B:2A:E3
Certificate issuer:       /CN=4986c73994d02d91fc97d916e9809a6d981e6b17
Certificate serial:       019BE049FFB21CCF434500132119F6441224
Authority key identifier: 49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/4jDuY8VO0qUXF7q46qoMV9gLKuM.roa
Signing time:             Wed 21 Jan 2026 11:21:44 +0000
ROA not before:           Wed 21 Jan 2026 11:21:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396073
IP address blocks:        109.234.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e0:49:ff:b2:1c:cf:43:45:00:13:21:19:f6:44:12:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4986c73994d02d91fc97d916e9809a6d981e6b17
        Validity
            Not Before: Jan 21 11:21:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e230ee63c54ed2a51717bab8eaaa0c57d80b2ae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:ce:f5:27:51:e4:00:49:65:fa:da:c7:ff:27:
                    77:ef:c9:af:c9:76:35:16:a4:7b:78:8e:37:b7:39:
                    83:f1:94:58:ee:54:55:06:2e:83:fc:de:5f:cd:04:
                    15:d7:7b:37:83:34:de:e0:69:8e:55:9c:45:9a:bb:
                    ae:29:a4:87:4e:d2:b4:36:81:a6:e7:e5:e2:df:95:
                    e1:70:4a:37:44:ff:5e:24:0c:08:bd:89:1d:2a:de:
                    0a:0c:ca:1f:dc:31:f5:1c:34:a2:3b:ba:87:05:49:
                    60:80:2b:b9:da:bb:30:f6:2e:98:8d:2b:b9:f0:14:
                    0b:1c:31:8d:86:60:e6:09:57:f8:df:be:86:38:8b:
                    7a:4f:d7:0e:40:8a:1e:6b:ec:d6:3a:80:7b:78:86:
                    42:28:f9:ea:80:78:fa:c2:13:a4:6a:ad:3d:12:4f:
                    23:65:72:f3:39:66:84:09:b5:35:9b:9b:d8:8d:fe:
                    64:70:9c:66:62:c8:45:a9:4e:91:35:47:81:68:5d:
                    52:36:79:80:af:31:0b:3d:f1:2f:cf:53:b8:99:8f:
                    b7:0e:25:ba:77:e9:10:f9:46:e6:af:1d:fb:72:a5:
                    00:eb:45:3d:66:c8:8f:fa:ce:00:0d:18:cb:fd:16:
                    c4:5c:8e:46:f9:19:26:aa:76:86:25:b4:15:b2:db:
                    50:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:30:EE:63:C5:4E:D2:A5:17:17:BA:B8:EA:AA:0C:57:D8:0B:2A:E3
            X509v3 Authority Key Identifier:
                keyid:49:86:C7:39:94:D0:2D:91:FC:97:D9:16:E9:80:9A:6D:98:1E:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SYbHOZTQLZH8l9kW6YCabZgeaxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/4jDuY8VO0qUXF7q46qoMV9gLKuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/457e13-41d3-40ef-b572-9e895d0ef8d2/1/SYbHOZTQLZH8l9kW6YCabZgeaxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.234.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:33:59:85:74:66:d7:0e:47:e5:80:24:2a:45:4f:c1:35:65:
         7c:11:d2:3c:33:98:6d:31:e2:14:a7:9d:56:08:fb:3b:a9:6d:
         28:6d:2f:83:74:a9:80:4d:f2:38:e9:c3:66:fd:79:76:3f:71:
         69:9e:fb:d2:23:ad:c5:81:15:e6:84:da:79:35:fb:b5:25:c2:
         bc:a4:49:f6:bd:c7:37:cc:0f:ec:71:b8:3d:01:15:e9:2f:1d:
         d2:af:05:41:d9:55:a6:f9:30:5b:3d:fd:d5:be:4f:c0:32:4d:
         2a:e9:f6:5f:62:7e:05:34:05:2d:69:10:33:da:0b:22:94:e7:
         0b:69:dc:75:de:56:7b:59:d2:45:9d:99:76:f0:41:49:b5:bb:
         25:08:3a:7c:e7:46:12:51:a5:8a:c5:5a:dc:03:2f:72:7b:d4:
         09:f1:ef:69:b2:87:d6:a6:4b:32:e1:25:27:b6:40:c2:f2:09:
         d7:44:2f:79:c0:15:fe:04:3e:4a:9c:5f:10:a9:b8:70:3a:08:
         35:23:a2:c3:0b:3f:7a:bb:c9:b8:c0:81:49:c8:54:fc:ca:73:
         ae:2b:52:b9:22:e2:16:c9:0e:50:09:71:8d:22:88:82:1d:c2:
         ff:fc:92:f2:14:19:ab:a2:97:fd:d6:2e:24:5b:1d:a8:77:cf:
         7e:66:77:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvgSf+yHM9DRQATIRn2RBIkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ODZjNzM5OTRkMDJkOTFmYzk3ZDkxNmU5ODA5YTZkOTgx
ZTZiMTcwHhcNMjYwMTIxMTEyMTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjMwZWU2M2M1NGVkMmE1MTcxN2JhYjhlYWFhMGM1N2Q4MGIyYWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+M71J1HkAEll+trH/yd378mvyXY1
FqR7eI43tzmD8ZRY7lRVBi6D/N5fzQQV13s3gzTe4GmOVZxFmruuKaSHTtK0NoGm
5+Xi35XhcEo3RP9eJAwIvYkdKt4KDMof3DH1HDSiO7qHBUlggCu52rsw9i6YjSu5
8BQLHDGNhmDmCVf4376GOIt6T9cOQIoea+zWOoB7eIZCKPnqgHj6whOkaq09Ek8j
ZXLzOWaECbU1m5vYjf5kcJxmYshFqU6RNUeBaF1SNnmArzELPfEvz1O4mY+3DiW6
d+kQ+Ubmrx37cqUA60U9ZsiP+s4ADRjL/RbEXI5G+RkmqnaGJbQVsttQdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIw7mPFTtKlFxe6uOqqDFfYCyrjMB8GA1UdIwQY
MBaAFEmGxzmU0C2R/JfZFumAmm2YHmsXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzIt
OWU4OTVkMGVmOGQyLzEvNGpEdVk4Vk8wcVVYRjdxNDZxb01WOWdMS3VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS80NTdlMTMtNDFkMy00MGVmLWI1NzItOWU4OTVkMGVmOGQy
LzEvU1liSE9aVFFMWkg4bDlrVzZZQ2FiWmdlYXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbepKMA0G
CSqGSIb3DQEBCwUAA4IBAQBMM1mFdGbXDkflgCQqRU/BNWV8EdI8M5htMeIUp51W
CPs7qW0obS+DdKmATfI46cNm/Xl2P3FpnvvSI63FgRXmhNp5Nfu1JcK8pEn2vcc3
zA/scbg9ARXpLx3SrwVB2VWm+TBbPf3Vvk/AMk0q6fZfYn4FNAUtaRAz2gsilOcL
adx13lZ7WdJFnZl28EFJtbslCDp850YSUaWKxVrcAy9ye9QJ8e9psofWpksy4SUn
tkDC8gnXRC95wBX+BD5KnF8QqbhwOgg1I6LDCz96u8m4wIFJyFT8ynOuK1K5IuIW
yQ5QCXGNIoiCHcL//JLyFBmropf91i4kWx2od89+Zne6
-----END CERTIFICATE-----
Generated at Sun Jan 25 10:20:08 2026 by rpki-client