This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/s9NMGO4NnBmDHbPg3Y4t_DuO0H0.roa
File:                     s9NMGO4NnBmDHbPg3Y4t_DuO0H0.roa (raw, json)
Hash identifier:          dqEHxUq6rfLAdzd3SRNeSYKHWS4OFv+3ukke9X8s7mg=
Subject key identifier:   B3:D3:4C:18:EE:0D:9C:19:83:1D:B3:E0:DD:8E:2D:FC:3B:8E:D0:7D
Certificate issuer:       /CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
Certificate serial:       019B07ED49876B015BB50777DA1D4B5C98AD
Authority key identifier: 62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/s9NMGO4NnBmDHbPg3Y4t_DuO0H0.roa
Signing time:             Wed 10 Dec 2025 11:02:29 +0000
ROA not before:           Wed 10 Dec 2025 11:02:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60068
IP address blocks:        158.173.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 20:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:07:ed:49:87:6b:01:5b:b5:07:77:da:1d:4b:5c:98:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626a28b7c63ef6ab214a52cfa7c3e78db9a40823
        Validity
            Not Before: Dec 10 11:02:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3d34c18ee0d9c19831db3e0dd8e2dfc3b8ed07d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fa:e2:6d:16:f2:fc:0e:31:c5:5a:b5:8e:f4:
                    e4:5a:57:7a:1c:9e:20:e2:ac:a7:51:81:79:d9:52:
                    b6:10:19:36:3f:ca:ce:fc:c4:80:00:9e:d0:79:07:
                    0f:7f:b9:fc:15:d8:08:30:78:e3:2b:02:49:39:18:
                    35:9a:96:f4:d5:aa:78:3b:89:b1:e1:c2:e8:19:b6:
                    db:a5:1e:b9:66:c3:63:5f:a4:aa:fa:8d:b6:65:dd:
                    a1:c1:a4:de:da:c2:68:3b:f5:2c:9e:d0:1f:41:2e:
                    82:af:2f:40:c9:f6:96:a5:4c:c6:4e:81:a5:42:79:
                    37:7b:8f:76:ca:28:7f:21:c5:e6:77:c2:2a:f7:85:
                    72:ce:c2:f4:4e:68:dc:0d:ec:81:c0:b0:25:58:72:
                    c5:c5:f6:62:fd:91:5d:5d:b6:69:42:92:2f:f0:76:
                    a2:cd:8d:a3:d5:8e:df:c5:3a:d1:bf:29:73:94:5f:
                    19:06:6a:5c:f2:57:91:ad:7e:4b:32:35:bd:35:10:
                    dc:1d:27:97:c4:19:de:17:e3:d8:60:33:61:a8:4e:
                    19:75:5d:e7:00:fb:ef:40:80:84:c3:59:71:a4:b5:
                    cc:2a:f1:d0:49:a6:12:b5:05:18:c1:23:66:ba:1a:
                    05:62:ef:82:50:18:26:54:1d:c1:6d:45:9a:89:ff:
                    b7:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:D3:4C:18:EE:0D:9C:19:83:1D:B3:E0:DD:8E:2D:FC:3B:8E:D0:7D
            X509v3 Authority Key Identifier:
                keyid:62:6A:28:B7:C6:3E:F6:AB:21:4A:52:CF:A7:C3:E7:8D:B9:A4:08:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ymoot8Y-9qshSlLPp8PnjbmkCCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/s9NMGO4NnBmDHbPg3Y4t_DuO0H0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/3c0785-b273-4072-a635-d2cd26b69df1/1/Ymoot8Y-9qshSlLPp8PnjbmkCCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.173.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:33:61:39:80:97:7e:fe:2b:d9:20:ee:cb:09:15:42:08:b7:
         eb:8d:48:52:92:93:ac:cc:a8:43:2b:6b:32:b2:92:3d:21:74:
         bd:20:9e:a6:11:d5:b9:df:3d:a1:3b:9e:af:4e:5c:6f:e1:4a:
         b8:22:b2:4b:05:19:bb:14:50:27:58:6d:b6:20:6f:af:7b:e9:
         a3:51:94:c0:33:c5:6f:80:cc:90:7e:56:92:75:22:ac:e3:99:
         84:df:33:61:72:74:ea:bd:df:cf:20:5f:14:e1:24:ee:17:19:
         13:be:2f:0f:1e:00:f3:bb:56:ea:93:b7:fb:7b:b7:44:f0:58:
         90:d5:aa:b9:66:52:ee:7d:69:e0:3d:3c:4c:d6:68:d0:c3:99:
         2c:68:c1:fb:26:93:e6:60:61:75:2f:a9:54:23:3d:24:cc:09:
         c0:1d:40:49:f4:9d:73:dd:25:ab:bf:31:a8:59:ec:24:90:79:
         e6:c4:8b:b0:30:32:de:3b:0e:83:55:89:47:1f:44:da:c6:a5:
         d5:14:a0:8b:16:44:ea:69:74:d2:21:aa:8a:1a:33:6e:56:c1:
         09:33:a9:63:6a:67:3e:a7:9c:da:55:e9:72:5a:48:f3:cc:c2:
         4c:19:e2:f2:90:eb:41:83:89:36:d8:85:ec:d0:d8:4d:c4:97:
         48:bf:28:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsH7UmHawFbtQd32h1LXJitMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmEyOGI3YzYzZWY2YWIyMTRhNTJjZmE3YzNlNzhkYjlh
NDA4MjMwHhcNMjUxMjEwMTEwMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2QzNGMxOGVlMGQ5YzE5ODMxZGIzZTBkZDhlMmRmYzNiOGVkMDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkfribRby/A4xxVq1jvTkWld6HJ4g
4qynUYF52VK2EBk2P8rO/MSAAJ7QeQcPf7n8FdgIMHjjKwJJORg1mpb01ap4O4mx
4cLoGbbbpR65ZsNjX6Sq+o22Zd2hwaTe2sJoO/UsntAfQS6Cry9AyfaWpUzGToGl
Qnk3e492yih/IcXmd8Iq94VyzsL0TmjcDeyBwLAlWHLFxfZi/ZFdXbZpQpIv8Hai
zY2j1Y7fxTrRvylzlF8ZBmpc8leRrX5LMjW9NRDcHSeXxBneF+PYYDNhqE4ZdV3n
APvvQICEw1lxpLXMKvHQSaYStQUYwSNmuhoFYu+CUBgmVB3BbUWaif+3GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPTTBjuDZwZgx2z4N2OLfw7jtB9MB8GA1UdIwQY
MBaAFGJqKLfGPvarIUpSz6fD5425pAgjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUt
ZDJjZDI2YjY5ZGYxLzEvczlOTUdPNE5uQm1ESGJQZzNZNHRfRHVPMEgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zYzA3ODUtYjI3My00MDcyLWE2MzUtZDJjZDI2YjY5ZGYx
LzEvWW1vb3Q4WS05cXNoU2xMUHA4UG5qYm1rQ0NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnq0pMA0G
CSqGSIb3DQEBCwUAA4IBAQAPM2E5gJd+/ivZIO7LCRVCCLfrjUhSkpOszKhDK2sy
spI9IXS9IJ6mEdW53z2hO56vTlxv4Uq4IrJLBRm7FFAnWG22IG+ve+mjUZTAM8Vv
gMyQflaSdSKs45mE3zNhcnTqvd/PIF8U4STuFxkTvi8PHgDzu1bqk7f7e7dE8FiQ
1aq5ZlLufWngPTxM1mjQw5ksaMH7JpPmYGF1L6lUIz0kzAnAHUBJ9J1z3SWrvzGo
WewkkHnmxIuwMDLeOw6DVYlHH0TaxqXVFKCLFkTqaXTSIaqKGjNuVsEJM6ljamc+
p5zaVelyWkjzzMJMGeLykOtBg4k22IXs0NhNxJdIvygS
-----END CERTIFICATE-----