This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/ymE5Pc8e6QWHOxlrawdscg3hba0.roa
File:                     ymE5Pc8e6QWHOxlrawdscg3hba0.roa (raw, json)
Hash identifier:          FR/m/K23gzt9WTvqKJ25/MJlgHD/0x10UFRx1gKHX48=
Subject key identifier:   CA:61:39:3D:CF:1E:E9:05:87:3B:19:6B:6B:07:6C:72:0D:E1:6D:AD
Certificate issuer:       /CN=3d6abe5c48aecebd4a237e153c3684f30608d444
Certificate serial:       019B77C7087772A12FE3D3D202418C09847E
Authority key identifier: 3D:6A:BE:5C:48:AE:CE:BD:4A:23:7E:15:3C:36:84:F3:06:08:D4:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PWq-XEiuzr1KI34VPDaE8wYI1EQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/ymE5Pc8e6QWHOxlrawdscg3hba0.roa
Signing time:             Thu 01 Jan 2026 04:18:10 +0000
ROA not before:           Thu 01 Jan 2026 04:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49556
IP address blocks:        193.24.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/PWq-XEiuzr1KI34VPDaE8wYI1EQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/PWq-XEiuzr1KI34VPDaE8wYI1EQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PWq-XEiuzr1KI34VPDaE8wYI1EQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:08:77:72:a1:2f:e3:d3:d2:02:41:8c:09:84:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d6abe5c48aecebd4a237e153c3684f30608d444
        Validity
            Not Before: Jan  1 04:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca61393dcf1ee905873b196b6b076c720de16dad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:8e:88:70:8a:e6:1e:03:9b:3f:2a:9b:96:52:
                    2b:17:b3:c7:4a:e5:ce:10:5d:8d:28:8d:ba:c1:17:
                    9b:b9:12:fa:29:90:22:ca:39:29:25:5d:b2:34:d7:
                    7e:cc:40:da:46:7f:28:22:37:c4:89:03:8c:e4:6c:
                    b6:3f:0c:4d:b5:96:73:01:88:c1:cd:52:59:34:db:
                    09:d1:2e:69:07:c8:c7:ba:eb:09:b1:c1:2d:b6:32:
                    0e:ce:ec:3b:f1:e7:86:04:76:73:42:39:86:87:18:
                    92:f2:5a:50:87:b9:5a:f8:da:b9:30:52:07:ba:24:
                    bb:23:19:62:24:93:28:1a:9e:05:93:4b:94:0e:f5:
                    af:d2:32:87:0b:36:87:7c:e7:7b:9b:cf:9c:9f:30:
                    b4:7b:e0:a6:5a:a5:bd:74:25:78:db:ee:fc:5f:39:
                    53:0c:db:c7:64:cc:e9:0f:5e:f2:d7:4a:38:8f:2a:
                    85:88:3f:15:2b:80:2b:c2:7d:8b:41:e0:f8:83:96:
                    ad:fa:41:18:71:f0:6e:17:6d:e0:f6:36:6f:94:44:
                    0f:2a:57:33:17:14:36:33:10:0b:88:99:fd:0a:53:
                    d6:a5:0a:e9:51:76:9d:1e:23:b0:0f:ff:bf:3a:4b:
                    de:e8:2c:ae:6e:22:06:ff:20:81:5c:4e:ad:f0:4e:
                    6c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:61:39:3D:CF:1E:E9:05:87:3B:19:6B:6B:07:6C:72:0D:E1:6D:AD
            X509v3 Authority Key Identifier:
                keyid:3D:6A:BE:5C:48:AE:CE:BD:4A:23:7E:15:3C:36:84:F3:06:08:D4:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PWq-XEiuzr1KI34VPDaE8wYI1EQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/ymE5Pc8e6QWHOxlrawdscg3hba0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/5fb803-4333-4175-90df-aec14ea17ebf/1/PWq-XEiuzr1KI34VPDaE8wYI1EQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.24.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:16:aa:2a:95:8b:9c:dd:d0:1f:89:7b:8f:e4:74:ab:de:2b:
         e7:5a:28:af:fd:be:25:a6:2c:af:30:1d:4f:10:f2:df:9b:be:
         d3:e1:94:13:52:51:a8:87:0d:36:df:d7:c4:c8:c1:37:b5:4e:
         d1:f1:53:e6:ad:9a:0a:32:95:82:0c:dc:2c:45:9c:e6:b7:2d:
         24:f6:d5:b3:34:6d:f0:89:75:97:81:e7:d8:50:cc:42:6e:1f:
         04:76:ed:f0:f1:3b:6a:c5:b3:76:bb:e7:b5:2f:7b:98:89:3f:
         54:ab:10:a8:ce:23:dc:56:86:e4:14:f0:e3:93:5a:8c:78:7c:
         8c:9f:7e:f3:21:40:0f:84:ea:72:26:cf:ca:29:10:8e:d3:8c:
         a7:e7:c7:6d:b2:34:35:fc:c4:d7:0d:5a:1c:99:5c:4b:fc:57:
         7d:39:44:62:cc:05:05:92:e8:bc:e8:60:17:19:e5:45:47:c2:
         59:f9:d5:b6:6d:6b:fb:2c:b5:80:e9:d0:34:cb:db:2d:97:84:
         7f:73:87:57:40:3c:8a:dc:f7:ee:86:d3:07:f6:d2:e1:52:14:
         e2:67:fd:1e:56:89:bb:6a:80:82:11:e5:a9:fe:d5:68:fd:40:
         f0:c2:a0:fc:fa:77:70:5d:12:d2:c9:ed:af:57:81:d4:b9:16:
         ff:73:2d:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xwh3cqEv49PSAkGMCYR+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNmFiZTVjNDhhZWNlYmQ0YTIzN2UxNTNjMzY4NGYzMDYw
OGQ0NDQwHhcNMjYwMTAxMDQxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTYxMzkzZGNmMWVlOTA1ODczYjE5NmI2YjA3NmM3MjBkZTE2ZGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1I6IcIrmHgObPyqbllIrF7PHSuXO
EF2NKI26wRebuRL6KZAiyjkpJV2yNNd+zEDaRn8oIjfEiQOM5Gy2PwxNtZZzAYjB
zVJZNNsJ0S5pB8jHuusJscEttjIOzuw78eeGBHZzQjmGhxiS8lpQh7la+Nq5MFIH
uiS7IxliJJMoGp4Fk0uUDvWv0jKHCzaHfOd7m8+cnzC0e+CmWqW9dCV42+78XzlT
DNvHZMzpD17y10o4jyqFiD8VK4Arwn2LQeD4g5at+kEYcfBuF23g9jZvlEQPKlcz
FxQ2MxALiJn9ClPWpQrpUXadHiOwD/+/Okve6CyubiIG/yCBXE6t8E5sSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMphOT3PHukFhzsZa2sHbHIN4W2tMB8GA1UdIwQY
MBaAFD1qvlxIrs69SiN+FTw2hPMGCNREMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFdxLVhFaXV6cjFLSTM0VlBEYUU4d1lJMUVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC81ZmI4MDMtNDMzMy00MTc1LTkwZGYt
YWVjMTRlYTE3ZWJmLzEveW1FNVBjOGU2UVdIT3hscmF3ZHNjZzNoYmEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC81ZmI4MDMtNDMzMy00MTc1LTkwZGYtYWVjMTRlYTE3ZWJm
LzEvUFdxLVhFaXV6cjFLSTM0VlBEYUU4d1lJMUVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRhnMA0G
CSqGSIb3DQEBCwUAA4IBAQDaFqoqlYuc3dAfiXuP5HSr3ivnWiiv/b4lpiyvMB1P
EPLfm77T4ZQTUlGohw0239fEyME3tU7R8VPmrZoKMpWCDNwsRZzmty0k9tWzNG3w
iXWXgefYUMxCbh8Edu3w8TtqxbN2u+e1L3uYiT9UqxCoziPcVobkFPDjk1qMeHyM
n37zIUAPhOpyJs/KKRCO04yn58dtsjQ1/MTXDVocmVxL/Fd9OURizAUFkui86GAX
GeVFR8JZ+dW2bWv7LLWA6dA0y9stl4R/c4dXQDyK3PfuhtMH9tLhUhTiZ/0eVom7
aoCCEeWp/tVo/UDwwqD8+ndwXRLSye2vV4HUuRb/cy1c
-----END CERTIFICATE-----