This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YyMDOTkkZTfPmhjDmwMOQd--uNs.roa
File:                     YyMDOTkkZTfPmhjDmwMOQd--uNs.roa (raw, json)
Hash identifier:          2E2TVBUxx+umM1S/93uXtGwCn5wa9itqyu5AN69SAaI=
Subject key identifier:   63:23:03:39:39:24:65:37:CF:9A:18:C3:9B:03:0E:41:DF:BE:B8:DB
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019AB751149D534799BE085989E0352B219A
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YyMDOTkkZTfPmhjDmwMOQd--uNs.roa
Signing time:             Mon 24 Nov 2025 19:22:15 +0000
ROA not before:           Mon 24 Nov 2025 19:22:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203679
IP address blocks:        5.178.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 17:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b7:51:14:9d:53:47:99:be:08:59:89:e0:35:2b:21:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Nov 24 19:22:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6323033939246537cf9a18c39b030e41dfbeb8db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:52:b8:7a:62:18:db:ff:55:35:35:77:f0:3e:
                    e4:3c:74:49:03:4f:53:d2:dd:1b:2f:91:2f:e4:f6:
                    49:cd:00:67:86:89:f5:72:80:f8:18:51:c3:45:e5:
                    8d:79:2c:a1:9f:e4:4d:b8:3c:dc:3d:f4:8e:e4:53:
                    83:2a:99:47:a0:57:34:7e:85:5c:92:77:b4:7b:2a:
                    d0:9a:e0:45:75:96:77:18:18:2b:64:c2:5f:4c:ed:
                    eb:2a:43:d8:72:99:e3:8c:49:bf:36:26:5c:e9:0c:
                    78:5f:7e:f7:e3:35:e9:b9:db:ed:5a:46:a2:fe:63:
                    26:04:02:0a:ab:eb:6d:69:ce:01:47:27:ae:8d:eb:
                    1f:f1:b5:e0:4d:6a:fa:da:ac:4e:6f:c4:1e:c9:87:
                    5b:4c:05:a6:ae:e9:d9:86:09:68:ed:a5:86:64:e0:
                    b6:b7:08:1e:16:92:b4:d5:c7:87:a8:8d:a0:bb:0e:
                    25:da:cc:0f:37:2a:de:69:f2:8e:f9:04:21:3b:c2:
                    00:19:c2:56:d8:af:70:95:d4:91:11:52:b4:4e:79:
                    3d:58:9a:b8:5e:18:88:d7:56:0e:4c:e1:f7:ba:1b:
                    4e:86:7c:c0:6f:b2:83:7c:b1:c1:ef:9e:ca:0e:7a:
                    34:c5:a1:d4:5f:8c:f1:66:04:9d:c8:50:25:8e:16:
                    86:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:23:03:39:39:24:65:37:CF:9A:18:C3:9B:03:0E:41:DF:BE:B8:DB
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/YyMDOTkkZTfPmhjDmwMOQd--uNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.178.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:ab:73:7c:02:ba:8a:19:58:77:61:bc:0a:1e:43:a5:a4:77:
         6b:bc:5d:80:da:d0:b9:b9:f6:e1:cf:82:6f:e0:54:07:9a:1a:
         92:3f:ec:a0:2c:cd:64:05:6b:85:56:40:15:b5:78:95:0f:0d:
         8c:9f:d0:26:74:2c:61:b0:fe:b6:37:a0:5a:77:fb:29:68:a1:
         f5:0c:b2:31:60:c6:c6:7c:f1:e5:25:97:ea:1f:a5:4a:09:86:
         71:10:5e:01:7c:13:37:46:70:0e:db:ee:99:8a:e4:83:2f:6c:
         97:0d:40:04:d5:a3:05:fb:a9:3d:5a:3e:19:34:1e:67:92:a2:
         36:90:af:e1:d7:3e:cc:07:a1:06:8f:07:5e:9f:2d:87:08:0e:
         4d:f1:5a:1c:14:33:5b:aa:06:a9:bb:65:3c:aa:54:cc:34:36:
         db:31:52:c8:dc:f3:c2:1e:2c:e6:2c:83:0f:e9:d6:5d:1b:12:
         6c:04:cb:be:8f:5a:fa:8c:7b:47:20:7c:ee:69:77:86:9e:33:
         c4:c8:90:8a:f5:9a:0f:3f:41:82:b3:7d:9b:53:86:89:10:54:
         6f:d5:53:8e:b7:83:e3:2c:61:ae:7e:0b:57:fe:bf:d7:a1:4f:
         e5:e8:df:58:bc:3e:3a:9e:39:5e:44:ea:b8:68:d1:b9:60:1f:
         08:32:09:aa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq3URSdU0eZvghZieA1KyGaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjUxMTI0MTkyMjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzIzMDMzOTM5MjQ2NTM3Y2Y5YTE4YzM5YjAzMGU0MWRmYmViOGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVK4emIY2/9VNTV38D7kPHRJA09T
0t0bL5Ev5PZJzQBnhon1coD4GFHDReWNeSyhn+RNuDzcPfSO5FODKplHoFc0foVc
kne0eyrQmuBFdZZ3GBgrZMJfTO3rKkPYcpnjjEm/NiZc6Qx4X3734zXpudvtWkai
/mMmBAIKq+ttac4BRyeujesf8bXgTWr62qxOb8QeyYdbTAWmrunZhglo7aWGZOC2
twgeFpK01ceHqI2guw4l2swPNyreafKO+QQhO8IAGcJW2K9wldSREVK0Tnk9WJq4
XhiI11YOTOH3uhtOhnzAb7KDfLHB757KDno0xaHUX4zxZgSdyFAljhaG1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMjAzk5JGU3z5oYw5sDDkHfvrjbMB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvWXlNRE9Ua2taVGZQbWhqRG13TU9RZC0tdU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbJjMA0G
CSqGSIb3DQEBCwUAA4IBAQC8q3N8ArqKGVh3YbwKHkOlpHdrvF2A2tC5ufbhz4Jv
4FQHmhqSP+ygLM1kBWuFVkAVtXiVDw2Mn9AmdCxhsP62N6Bad/spaKH1DLIxYMbG
fPHlJZfqH6VKCYZxEF4BfBM3RnAO2+6ZiuSDL2yXDUAE1aMF+6k9Wj4ZNB5nkqI2
kK/h1z7MB6EGjwdeny2HCA5N8VocFDNbqgapu2U8qlTMNDbbMVLI3PPCHizmLIMP
6dZdGxJsBMu+j1r6jHtHIHzuaXeGnjPEyJCK9ZoPP0GCs32bU4aJEFRv1VOOt4Pj
LGGufgtX/r/XoU/l6N9YvD46njleROq4aNG5YB8IMgmq
-----END CERTIFICATE-----