This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/sY3dVSVkXWMzR2tSbC-V9E4Evnw.roa
File:                     sY3dVSVkXWMzR2tSbC-V9E4Evnw.roa (raw, json)
Hash identifier:          1/ojrG0Km94xlnnGfoOR3tAivEqLx9zkSlszKh6hu2g=
Subject key identifier:   B1:8D:DD:55:25:64:5D:63:33:47:6B:52:6C:2F:95:F4:4E:04:BE:7C
Certificate issuer:       /CN=dbc7840920d1c709ff299aed3682c23fb432767d
Certificate serial:       019B7C7F3007D0C55AE1916B0DF452DF57D7
Authority key identifier: DB:C7:84:09:20:D1:C7:09:FF:29:9A:ED:36:82:C2:3F:B4:32:76:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/28eECSDRxwn_KZrtNoLCP7Qydn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/sY3dVSVkXWMzR2tSbC-V9E4Evnw.roa
Signing time:             Fri 02 Jan 2026 02:17:48 +0000
ROA not before:           Fri 02 Jan 2026 02:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43350
IP address blocks:        141.98.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/28eECSDRxwn_KZrtNoLCP7Qydn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/28eECSDRxwn_KZrtNoLCP7Qydn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/28eECSDRxwn_KZrtNoLCP7Qydn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 20:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:30:07:d0:c5:5a:e1:91:6b:0d:f4:52:df:57:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbc7840920d1c709ff299aed3682c23fb432767d
        Validity
            Not Before: Jan  2 02:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b18ddd5525645d6333476b526c2f95f44e04be7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:23:2c:cc:51:6a:91:4d:30:64:7c:40:5b:a4:
                    1a:91:62:30:e2:2e:6f:48:ea:8f:d3:f0:92:94:26:
                    53:23:e9:d6:83:e1:6c:11:bc:a5:45:9a:52:f6:f2:
                    54:0e:77:a5:19:d4:0e:95:35:f0:85:8f:20:d5:6b:
                    e3:c5:01:96:a6:15:16:87:af:6d:37:96:2f:61:86:
                    ad:19:1e:08:2d:c9:a7:67:b3:33:dc:de:0a:0c:59:
                    5e:d9:fd:cd:0f:cf:ec:df:68:ac:bb:1f:ab:17:f3:
                    26:5d:02:0e:91:ff:ac:ed:5e:d6:b3:93:a9:47:7f:
                    40:10:6c:85:d2:2c:1a:f9:73:d2:c1:d3:d9:da:3c:
                    00:e8:28:bc:be:4c:81:ad:40:b5:a5:16:09:5e:d8:
                    f7:49:3d:83:c9:7b:84:c5:2d:da:59:99:cc:8a:67:
                    44:b1:72:f4:a1:cb:61:71:e4:55:a8:f3:b8:f3:a9:
                    e7:fd:17:49:3d:89:20:e2:f2:d1:67:16:97:64:0a:
                    1d:b7:1b:3e:85:b0:bf:0a:e0:2b:b5:64:52:94:f9:
                    00:d1:be:a4:e6:66:b8:5c:7d:ce:d8:5c:29:91:7b:
                    44:fd:5b:95:ea:72:d2:4e:e8:f1:7f:5a:5d:59:24:
                    7e:83:f8:cb:33:39:44:65:26:95:0b:53:3f:d9:b6:
                    c3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:8D:DD:55:25:64:5D:63:33:47:6B:52:6C:2F:95:F4:4E:04:BE:7C
            X509v3 Authority Key Identifier:
                keyid:DB:C7:84:09:20:D1:C7:09:FF:29:9A:ED:36:82:C2:3F:B4:32:76:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28eECSDRxwn_KZrtNoLCP7Qydn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/sY3dVSVkXWMzR2tSbC-V9E4Evnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/28eECSDRxwn_KZrtNoLCP7Qydn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:74:af:9f:2a:5b:34:c7:7d:4d:55:01:ba:3f:25:47:66:34:
         b6:47:44:cf:1b:7a:bc:be:99:4d:d2:55:76:a5:ee:7d:f7:41:
         39:09:1d:ed:9b:5d:02:65:4f:45:eb:06:21:b8:98:b9:89:ef:
         1a:d4:53:6c:c5:8b:45:1d:49:06:1c:cc:f8:a2:9f:39:53:4a:
         6f:ee:9b:bf:85:b5:ec:6b:c1:e2:23:2a:ff:40:89:02:62:0e:
         ac:6a:b6:9d:09:d3:a5:7c:e0:ca:8d:04:51:98:9b:41:15:57:
         08:9e:be:c1:ae:57:ff:08:71:2e:bd:b2:09:a8:77:f5:32:f4:
         87:41:4c:6a:e5:d7:e4:a3:a8:54:7b:26:3c:8d:a5:fd:4b:b3:
         80:b6:fb:bb:d3:d4:82:84:b7:1f:ab:5c:cc:97:e6:c5:e2:d0:
         4c:b1:fc:59:b0:9e:5b:9b:fb:7c:9d:a1:9e:54:d0:89:07:2d:
         56:5e:bf:2e:bb:96:12:93:b8:46:cc:b4:0b:b6:6b:c8:21:8d:
         24:99:b7:26:89:08:f2:82:4f:d4:2a:f4:9b:f6:cd:bd:61:c8:
         69:21:e0:75:f7:f5:7b:f0:62:b7:19:7b:1f:bd:68:1c:c2:28:
         74:48:a2:f0:a3:28:09:0f:8c:40:1a:eb:8d:d3:a8:03:05:55:
         1e:da:0f:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8fzAH0MVa4ZFrDfRS31fXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYzc4NDA5MjBkMWM3MDlmZjI5OWFlZDM2ODJjMjNmYjQz
Mjc2N2QwHhcNMjYwMTAyMDIxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMThkZGQ1NTI1NjQ1ZDYzMzM0NzZiNTI2YzJmOTVmNDRlMDRiZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCMszFFqkU0wZHxAW6QakWIw4i5v
SOqP0/CSlCZTI+nWg+FsEbylRZpS9vJUDnelGdQOlTXwhY8g1WvjxQGWphUWh69t
N5YvYYatGR4ILcmnZ7Mz3N4KDFle2f3ND8/s32isux+rF/MmXQIOkf+s7V7Ws5Op
R39AEGyF0iwa+XPSwdPZ2jwA6Ci8vkyBrUC1pRYJXtj3ST2DyXuExS3aWZnMimdE
sXL0octhceRVqPO486nn/RdJPYkg4vLRZxaXZAodtxs+hbC/CuArtWRSlPkA0b6k
5ma4XH3O2FwpkXtE/VuV6nLSTujxf1pdWSR+g/jLMzlEZSaVC1M/2bbDPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGN3VUlZF1jM0drUmwvlfROBL58MB8GA1UdIwQY
MBaAFNvHhAkg0ccJ/yma7TaCwj+0MnZ9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjhlRUNTRFJ4d25fS1pydE5vTENQN1F5ZG4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC85NTIxZTEtNzYxMC00ZDQzLTg2ODMt
NTFiZTJmOTYwOGJjLzEvc1kzZFZTVmtYV016UjJ0U2JDLVY5RTRFdm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC85NTIxZTEtNzYxMC00ZDQzLTg2ODMtNTFiZTJmOTYwOGJj
LzEvMjhlRUNTRFJ4d25fS1pydE5vTENQN1F5ZG4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWJQMA0G
CSqGSIb3DQEBCwUAA4IBAQCedK+fKls0x31NVQG6PyVHZjS2R0TPG3q8vplN0lV2
pe5990E5CR3tm10CZU9F6wYhuJi5ie8a1FNsxYtFHUkGHMz4op85U0pv7pu/hbXs
a8HiIyr/QIkCYg6saradCdOlfODKjQRRmJtBFVcInr7Brlf/CHEuvbIJqHf1MvSH
QUxq5dfko6hUeyY8jaX9S7OAtvu709SChLcfq1zMl+bF4tBMsfxZsJ5bm/t8naGe
VNCJBy1WXr8uu5YSk7hGzLQLtmvIIY0kmbcmiQjygk/UKvSb9s29YchpIeB19/V7
8GK3GXsfvWgcwih0SKLwoygJD4xAGuuN06gDBVUe2g8p
-----END CERTIFICATE-----