This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ZqAlJlzaXgESLP-KZ0ud_hfqmBs.roa
File:                     ZqAlJlzaXgESLP-KZ0ud_hfqmBs.roa (raw, json)
Hash identifier:          Uy7NxbxFoiKiRSVhLx/XifhLj8jSJNJ1KoRrFMrwT0o=
Subject key identifier:   66:A0:25:26:5C:DA:5E:01:12:2C:FF:8A:67:4B:9D:FE:17:EA:98:1B
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       019B7B35FE8E53ADD480A63DE3FFF817A2B6
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ZqAlJlzaXgESLP-KZ0ud_hfqmBs.roa
Signing time:             Thu 01 Jan 2026 20:18:14 +0000
ROA not before:           Thu 01 Jan 2026 20:18:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21859
IP address blocks:        103.100.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 09:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:fe:8e:53:ad:d4:80:a6:3d:e3:ff:f8:17:a2:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  1 20:18:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66a025265cda5e01122cff8a674b9dfe17ea981b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:03:0b:cc:24:60:0d:78:91:9c:3d:56:ce:41:
                    e3:25:d5:62:55:79:56:fd:a7:85:09:76:d3:07:b6:
                    3a:1b:d2:55:7c:65:38:95:56:36:03:29:b5:c6:29:
                    40:c2:c0:d4:d1:a4:ff:34:df:b6:fd:ab:94:a5:3e:
                    2a:18:84:83:e4:43:63:4c:e4:e8:7f:4e:96:c5:55:
                    15:97:03:01:cf:83:8b:57:37:ed:ed:c8:27:ce:c3:
                    b4:1a:6c:5f:54:7f:9c:55:75:1e:eb:83:4e:f5:08:
                    44:a6:4d:67:b2:6c:78:26:6e:66:5d:e8:7a:be:25:
                    00:ce:43:22:8a:ed:13:9d:22:95:22:9b:82:4b:6e:
                    2e:59:bb:93:06:45:0d:8b:84:8c:b1:8d:f4:97:37:
                    3f:43:69:b0:11:b2:ce:d6:a3:74:50:43:ec:4d:3b:
                    06:84:a5:b5:7d:79:fa:9e:0e:9f:58:1f:ff:ca:dc:
                    5e:0f:8c:96:37:aa:70:a1:3e:d1:36:f1:cd:d1:ce:
                    34:ad:26:3a:2b:c2:63:b8:91:75:b3:31:ac:9f:7c:
                    9d:97:63:55:a8:e6:e1:5d:a4:ff:46:94:51:fc:74:
                    50:5d:0d:a6:e0:2d:da:74:21:c5:12:6b:81:ac:45:
                    82:d9:42:aa:6b:91:6c:a2:15:8e:26:3d:02:5e:99:
                    da:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:A0:25:26:5C:DA:5E:01:12:2C:FF:8A:67:4B:9D:FE:17:EA:98:1B
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/ZqAlJlzaXgESLP-KZ0ud_hfqmBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.100.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:88:3e:c9:34:9f:60:2c:a7:ec:7e:07:14:52:b4:49:fc:a3:
         80:9b:88:45:e2:92:8a:80:07:a5:a2:67:a8:be:73:64:6c:20:
         7c:d3:ca:8c:87:da:db:d1:4f:13:ac:ce:3e:dd:79:da:da:ee:
         b4:23:a7:b4:bf:70:6d:d0:86:1a:fb:df:77:6a:27:96:7f:6f:
         4d:91:6c:36:64:77:cc:4c:0a:33:37:b2:21:3e:9e:99:f4:68:
         96:1d:c1:58:aa:e4:4b:b6:de:f1:b6:24:2f:03:b8:d6:27:fa:
         95:a6:54:50:72:e7:db:76:0b:1c:8a:f8:ce:f8:e2:ef:94:81:
         38:b9:02:9a:b7:4a:e1:15:08:f1:d9:ba:48:aa:d2:bf:cf:97:
         e4:d0:f8:5f:4d:f0:70:14:c9:22:fd:a0:98:b8:7a:45:f2:98:
         89:41:aa:96:8b:aa:81:a3:7f:22:bf:b3:de:8e:41:f9:7c:16:
         cf:08:e6:a1:74:e8:49:c7:01:1c:58:09:b8:19:4f:b3:65:f1:
         13:3a:90:95:fc:df:51:5e:e2:6d:14:bd:9d:48:b9:23:8e:a2:
         8d:d6:2b:8f:8b:35:92:e8:32:4f:cd:ad:36:f3:bb:5d:9e:34:
         80:ed:c5:80:94:a1:d9:52:97:95:8f:a9:30:a2:11:36:67:31:
         b8:a1:3e:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nf6OU63UgKY94//4F6K2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjYwMTAxMjAxODE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmEwMjUyNjVjZGE1ZTAxMTIyY2ZmOGE2NzRiOWRmZTE3ZWE5ODFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAMLzCRgDXiRnD1WzkHjJdViVXlW
/aeFCXbTB7Y6G9JVfGU4lVY2Aym1xilAwsDU0aT/NN+2/auUpT4qGISD5ENjTOTo
f06WxVUVlwMBz4OLVzft7cgnzsO0GmxfVH+cVXUe64NO9QhEpk1nsmx4Jm5mXeh6
viUAzkMiiu0TnSKVIpuCS24uWbuTBkUNi4SMsY30lzc/Q2mwEbLO1qN0UEPsTTsG
hKW1fXn6ng6fWB//ytxeD4yWN6pwoT7RNvHN0c40rSY6K8JjuJF1szGsn3ydl2NV
qObhXaT/RpRR/HRQXQ2m4C3adCHFEmuBrEWC2UKqa5FsohWOJj0CXpnadQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGagJSZc2l4BEiz/imdLnf4X6pgbMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvWnFBbEpsemFYZ0VTTFAtS1owdWRfaGZxbUJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ2SrMA0G
CSqGSIb3DQEBCwUAA4IBAQBaiD7JNJ9gLKfsfgcUUrRJ/KOAm4hF4pKKgAelomeo
vnNkbCB808qMh9rb0U8TrM4+3Xna2u60I6e0v3Bt0IYa+993aieWf29NkWw2ZHfM
TAozN7IhPp6Z9GiWHcFYquRLtt7xtiQvA7jWJ/qVplRQcufbdgscivjO+OLvlIE4
uQKat0rhFQjx2bpIqtK/z5fk0PhfTfBwFMki/aCYuHpF8piJQaqWi6qBo38iv7Pe
jkH5fBbPCOahdOhJxwEcWAm4GU+zZfETOpCV/N9RXuJtFL2dSLkjjqKN1iuPizWS
6DJPza0287tdnjSA7cWAlKHZUpeVj6kwohE2ZzG4oT5D
-----END CERTIFICATE-----