This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/8ytmRdbaYIK-p0argiKofaoScHY.roa
File:                     8ytmRdbaYIK-p0argiKofaoScHY.roa (raw, json)
Hash identifier:          NzZjhETEPOV9qOe2iCOKukIBBkV+9EAmc6ndeYhO0Yg=
Subject key identifier:   F3:2B:66:45:D6:DA:60:82:BE:A7:46:AB:82:22:A8:7D:AA:12:70:76
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019B791072EFC9C0713F013A730884AD9BB7
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/8ytmRdbaYIK-p0argiKofaoScHY.roa
Signing time:             Thu 01 Jan 2026 10:17:59 +0000
ROA not before:           Thu 01 Jan 2026 10:17:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        103.136.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:72:ef:c9:c0:71:3f:01:3a:73:08:84:ad:9b:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  1 10:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f32b6645d6da6082bea746ab8222a87daa127076
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:d6:af:ff:42:1f:bd:7d:c6:f4:a0:0f:02:35:
                    ac:d5:4c:06:82:ad:5a:fa:ce:45:a2:f9:19:f9:96:
                    9d:47:06:33:ca:dd:e9:cd:af:99:5b:21:a0:dc:10:
                    2d:a4:74:bb:95:52:d0:43:5f:ca:b7:57:b3:6f:e4:
                    47:fa:fe:03:d0:dc:05:c1:92:f6:df:a4:da:2a:25:
                    4c:53:33:f7:fa:36:06:e4:23:2c:e1:4f:27:9a:b7:
                    3c:93:ae:47:42:fa:13:2d:cd:bd:8b:60:f1:c2:c4:
                    82:68:c6:a5:a3:80:57:cb:98:0d:6e:48:d2:13:4c:
                    2c:7f:ee:15:fa:74:53:b3:fe:0e:c0:69:15:76:0a:
                    c5:b1:b7:78:30:cb:5b:8f:dc:ed:ba:92:e2:01:44:
                    ec:30:71:97:ea:a3:56:2f:8c:0f:73:93:83:de:63:
                    11:13:af:00:b1:5e:fe:95:7d:35:ce:b7:c2:b8:4e:
                    d0:cb:e1:3d:ff:1f:ef:c8:9a:56:5e:1f:64:f6:95:
                    8e:29:c1:b9:d5:67:b5:de:67:47:5d:57:2e:c2:99:
                    44:df:75:9b:16:07:ae:c6:2b:13:f3:7b:81:3f:f4:
                    47:32:60:79:44:79:0b:29:91:92:ca:d2:7f:53:8d:
                    0c:63:fc:d5:a1:38:a1:38:08:0b:f3:ff:0e:7f:ae:
                    3c:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:2B:66:45:D6:DA:60:82:BE:A7:46:AB:82:22:A8:7D:AA:12:70:76
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/8ytmRdbaYIK-p0argiKofaoScHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.136.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:5e:75:54:a9:59:1f:65:3e:07:c2:23:31:d1:b2:c3:1c:7d:
         97:8b:a8:e6:81:44:d4:9c:7f:ed:07:ee:ca:ab:dd:8b:4f:48:
         f8:c5:67:af:38:0e:34:b5:e5:53:99:3b:da:d5:d3:f2:2b:f7:
         3d:33:c5:eb:61:30:b1:7c:8c:7b:a9:dd:6e:ab:64:a0:01:32:
         5c:0b:e9:16:0c:d2:41:75:68:a4:42:f7:61:64:30:34:01:95:
         b7:26:29:a1:3f:5b:bd:c6:0b:76:aa:9b:4b:d1:6b:96:ba:21:
         bb:4f:b5:61:bf:95:41:24:d5:f9:6e:74:8f:b3:b9:ac:92:89:
         f5:1f:24:d6:84:85:2b:9d:32:35:5a:d1:49:28:95:34:1f:bc:
         91:34:3a:20:3b:e9:cd:18:cb:52:2b:2d:7a:4a:3f:31:b8:b5:
         36:0f:5b:a3:90:1c:0e:b7:bf:ba:2a:13:90:81:d6:94:83:66:
         bc:8d:e2:10:b0:3a:93:29:3d:b0:52:27:7b:1e:b8:25:cd:2c:
         46:4e:a0:6e:a2:5b:00:89:ee:7a:3b:e1:8d:5f:05:d5:b5:bc:
         05:11:4c:22:98:2a:b6:d7:97:04:a0:4c:41:ac:57:30:61:b1:
         64:81:42:dc:34:d1:8f:45:73:d3:3a:66:53:dd:63:fd:9e:9c:
         1f:c8:97:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EHLvycBxPwE6cwiErZu3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwMTAxMTAxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzJiNjY0NWQ2ZGE2MDgyYmVhNzQ2YWI4MjIyYTg3ZGFhMTI3MDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAntav/0IfvX3G9KAPAjWs1UwGgq1a
+s5FovkZ+ZadRwYzyt3pza+ZWyGg3BAtpHS7lVLQQ1/Kt1ezb+RH+v4D0NwFwZL2
36TaKiVMUzP3+jYG5CMs4U8nmrc8k65HQvoTLc29i2DxwsSCaMalo4BXy5gNbkjS
E0wsf+4V+nRTs/4OwGkVdgrFsbd4MMtbj9ztupLiAUTsMHGX6qNWL4wPc5OD3mMR
E68AsV7+lX01zrfCuE7Qy+E9/x/vyJpWXh9k9pWOKcG51We13mdHXVcuwplE33Wb
FgeuxisT83uBP/RHMmB5RHkLKZGSytJ/U40MY/zVoTihOAgL8/8Of648DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPMrZkXW2mCCvqdGq4IiqH2qEnB2MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvOHl0bVJkYmFZSUstcDBhcmdpS29mYW9TY0hZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ4hGMA0G
CSqGSIb3DQEBCwUAA4IBAQB1XnVUqVkfZT4HwiMx0bLDHH2Xi6jmgUTUnH/tB+7K
q92LT0j4xWevOA40teVTmTva1dPyK/c9M8XrYTCxfIx7qd1uq2SgATJcC+kWDNJB
dWikQvdhZDA0AZW3JimhP1u9xgt2qptL0WuWuiG7T7Vhv5VBJNX5bnSPs7mskon1
HyTWhIUrnTI1WtFJKJU0H7yRNDogO+nNGMtSKy16Sj8xuLU2D1ujkBwOt7+6KhOQ
gdaUg2a8jeIQsDqTKT2wUid7HrglzSxGTqBuolsAie56O+GNXwXVtbwFEUwimCq2
15cEoExBrFcwYbFkgULcNNGPRXPTOmZT3WP9npwfyJdm
-----END CERTIFICATE-----