This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/yAB3xEovQhU4BT-CkuPOwNc3ifk.roa
File:                     yAB3xEovQhU4BT-CkuPOwNc3ifk.roa (raw, json)
Hash identifier:          bSwjFn2h1mcnZNwDOQ6bVaQJcahnaCuV1gAns3SXaW8=
Subject key identifier:   C8:00:77:C4:4A:2F:42:15:38:05:3F:82:92:E3:CE:C0:D7:37:89:F9
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019B7E38246EF37BA337B96208D3EBDFCBE2
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/yAB3xEovQhU4BT-CkuPOwNc3ifk.roa
Signing time:             Fri 02 Jan 2026 10:19:27 +0000
ROA not before:           Fri 02 Jan 2026 10:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50113
IP address blocks:        5.101.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 20:29:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:24:6e:f3:7b:a3:37:b9:62:08:d3:eb:df:cb:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 10:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c80077c44a2f421538053f8292e3cec0d73789f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:7a:aa:66:86:84:6e:49:ea:aa:a1:22:31:d5:
                    8e:86:e1:73:a1:31:23:19:26:a3:da:0d:03:5b:8e:
                    2c:3f:40:0f:20:8c:bc:de:5c:08:90:5b:bc:66:5e:
                    fb:25:a2:62:cd:0d:fd:c5:6e:e8:20:06:82:dd:64:
                    95:59:f1:96:e7:7a:51:d4:9c:7a:46:33:d8:4b:f2:
                    b0:8f:05:0d:2d:e8:0b:21:a7:6c:33:d1:dc:9a:b7:
                    a6:72:f1:fd:eb:64:3a:0d:e2:d5:8c:31:ba:9a:90:
                    9e:aa:6a:2d:43:d6:59:da:e5:42:c3:ee:ab:b9:93:
                    86:49:e4:3b:41:dc:4c:c6:39:46:68:99:8d:02:a3:
                    84:80:ec:bf:3b:cd:9e:20:a4:79:6b:60:f3:bc:83:
                    f4:49:94:a2:fa:58:39:f3:8e:a5:48:ba:43:5a:14:
                    c8:3b:be:00:b3:a5:9d:e6:20:1c:da:e2:20:de:88:
                    71:0c:06:55:24:56:3f:21:0b:1a:0b:48:f2:ce:a7:
                    4b:0b:e8:31:28:92:9c:5c:3d:7c:66:4c:9d:d4:ea:
                    0d:86:a8:e4:66:cd:f2:34:4b:7d:6c:79:14:32:19:
                    8d:bc:9c:e1:e5:f0:55:3d:3a:b7:bb:9a:82:84:b9:
                    45:5d:62:71:03:e7:7c:45:e9:47:cb:4b:a1:cf:f4:
                    13:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:00:77:C4:4A:2F:42:15:38:05:3F:82:92:E3:CE:C0:D7:37:89:F9
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/yAB3xEovQhU4BT-CkuPOwNc3ifk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.101.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:44:f1:c9:08:4d:c4:db:c9:54:f9:48:bc:5c:af:5f:57:f7:
         b7:db:27:c6:e6:2b:7f:0b:03:58:33:41:96:0d:fb:34:dd:37:
         ea:91:d6:38:72:40:7a:3a:e9:84:de:26:1c:49:68:47:8e:e2:
         12:9d:40:23:12:68:65:1b:e9:f4:5c:51:36:87:aa:c4:a3:6e:
         be:e1:2e:bf:a4:4a:c8:19:d4:a3:87:25:75:77:44:57:80:ac:
         fe:02:86:0c:dc:30:ca:9d:2b:40:08:59:a9:71:90:c6:6e:61:
         30:9d:7e:a4:a2:4e:1e:b2:da:b7:6d:a7:cc:7b:8a:4a:b6:e6:
         e6:ab:6b:45:21:6e:48:4e:0b:12:8a:21:97:60:c3:76:dc:b6:
         fc:d3:3b:f5:eb:f1:20:85:01:25:a1:f1:49:60:34:65:3d:fe:
         de:ed:51:bb:15:54:12:e3:88:12:28:35:4a:66:b3:15:4f:3e:
         2a:2d:fd:45:7a:38:a8:97:75:43:7f:39:fc:6c:29:bd:a1:64:
         c7:ff:ec:f0:63:c4:ae:9f:71:be:04:d5:62:9f:01:e5:3f:5d:
         df:ad:2e:60:73:0f:fc:de:71:95:00:24:59:20:c9:cb:f9:43:
         4c:c7:cb:9e:e3:f8:cc:1c:04:2c:96:a3:d7:0e:12:8f:66:aa:
         1c:21:00:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OCRu83ujN7liCNPr38viMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjYwMTAyMTAxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODAwNzdjNDRhMmY0MjE1MzgwNTNmODI5MmUzY2VjMGQ3Mzc4OWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmHqqZoaEbknqqqEiMdWOhuFzoTEj
GSaj2g0DW44sP0APIIy83lwIkFu8Zl77JaJizQ39xW7oIAaC3WSVWfGW53pR1Jx6
RjPYS/KwjwUNLegLIadsM9HcmremcvH962Q6DeLVjDG6mpCeqmotQ9ZZ2uVCw+6r
uZOGSeQ7QdxMxjlGaJmNAqOEgOy/O82eIKR5a2DzvIP0SZSi+lg5846lSLpDWhTI
O74As6Wd5iAc2uIg3ohxDAZVJFY/IQsaC0jyzqdLC+gxKJKcXD18Zkyd1OoNhqjk
Zs3yNEt9bHkUMhmNvJzh5fBVPTq3u5qChLlFXWJxA+d8RelHy0uhz/QTRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgAd8RKL0IVOAU/gpLjzsDXN4n5MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEveUFCM3hFb3ZRaFU0QlQtQ2t1UE93TmMzaWZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABWVYMA0G
CSqGSIb3DQEBCwUAA4IBAQCERPHJCE3E28lU+Ui8XK9fV/e32yfG5it/CwNYM0GW
Dfs03TfqkdY4ckB6OumE3iYcSWhHjuISnUAjEmhlG+n0XFE2h6rEo26+4S6/pErI
GdSjhyV1d0RXgKz+AoYM3DDKnStACFmpcZDGbmEwnX6kok4estq3bafMe4pKtubm
q2tFIW5ITgsSiiGXYMN23Lb80zv16/EghQElofFJYDRlPf7e7VG7FVQS44gSKDVK
ZrMVTz4qLf1Fejiol3VDfzn8bCm9oWTH/+zwY8Sun3G+BNVinwHlP13frS5gcw/8
3nGVACRZIMnL+UNMx8ue4/jMHAQslqPXDhKPZqocIQCb
-----END CERTIFICATE-----