This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ygwX6A8wNiKrO_qpKOiVS7uj62E.roa
File:                     ygwX6A8wNiKrO_qpKOiVS7uj62E.roa (raw, json)
Hash identifier:          5KhzwnAaNvwDhqqXJEm8urGAyaVEHHbqQCpAcqYg9Hg=
Subject key identifier:   CA:0C:17:E8:0F:30:36:22:AB:3B:FA:A9:28:E8:95:4B:BB:A3:EB:61
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       019B7C132E072A785C87EB00787DBDB4923D
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ygwX6A8wNiKrO_qpKOiVS7uj62E.roa
Signing time:             Fri 02 Jan 2026 00:19:50 +0000
ROA not before:           Fri 02 Jan 2026 00:19:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204774
IP address blocks:        201.49.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 18:47:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:2e:07:2a:78:5c:87:eb:00:78:7d:bd:b4:92:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  2 00:19:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca0c17e80f303622ab3bfaa928e8954bbba3eb61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:86:55:d4:81:76:26:3f:69:f9:b5:24:64:81:
                    d5:c7:e9:63:0e:2f:14:56:a7:2c:d2:5c:5d:6c:13:
                    6f:06:10:90:c6:81:57:dc:b4:f1:74:d2:b4:b6:cf:
                    6a:5d:59:8a:94:76:31:57:c3:ef:a7:f7:7e:cb:b8:
                    c0:a9:3d:81:4a:5d:dd:4e:f1:dd:af:1a:42:0b:cc:
                    ed:69:39:6c:fc:18:5f:11:3a:05:38:d8:dc:53:8c:
                    00:7a:88:27:ea:2d:73:d6:67:16:6b:bf:ce:fb:0b:
                    ac:ef:d8:8e:2c:d7:38:51:e3:11:30:b0:0d:58:35:
                    4c:2f:e4:a6:59:90:fb:ed:2e:94:4f:16:eb:74:9e:
                    6c:dd:ef:5c:7a:a3:7c:23:9f:a3:ea:04:16:3e:33:
                    73:b6:59:d8:d9:60:cd:82:73:3e:81:c0:94:2e:17:
                    28:fb:96:52:cd:1c:d8:d7:4b:6b:98:c6:2a:ed:7f:
                    9e:d3:4f:69:34:c1:d9:e8:a0:d3:02:9e:30:55:cd:
                    d2:4a:2e:32:1b:d7:eb:ee:ed:90:8b:84:ec:20:21:
                    e5:3b:42:2b:90:df:b3:e8:21:1f:0f:75:ad:5f:f0:
                    30:1f:79:8e:73:f7:42:20:91:48:5e:75:30:18:ca:
                    0e:88:7f:eb:72:39:6d:2e:eb:16:58:2c:53:65:db:
                    39:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:0C:17:E8:0F:30:36:22:AB:3B:FA:A9:28:E8:95:4B:BB:A3:EB:61
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/ygwX6A8wNiKrO_qpKOiVS7uj62E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.49.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:c3:7d:70:66:45:1e:f5:e2:4e:55:6e:22:ec:9a:70:03:3a:
         f1:1c:35:9b:80:8f:fc:9a:15:37:37:f8:29:24:57:27:d9:2b:
         03:87:22:f1:1e:5a:08:a2:22:4f:06:6e:ce:a6:98:0b:6a:25:
         63:05:2c:81:0b:b4:67:02:c6:41:51:a6:14:c9:73:7c:79:0c:
         cd:1e:86:2e:7b:54:21:97:20:22:db:59:d4:60:7a:92:07:18:
         7e:55:5d:d9:d3:d7:48:02:19:4c:5c:44:8b:04:9f:1d:3b:11:
         6a:5b:86:a9:51:07:56:1a:9b:c2:53:50:cc:cc:0f:16:13:79:
         c3:eb:ce:bd:6e:fc:43:60:ed:cd:cb:60:2a:0d:9c:15:d5:1b:
         9e:42:09:23:75:d1:54:a0:dd:a1:9f:82:44:17:23:e6:54:df:
         0a:ec:e4:60:ab:a6:91:22:43:14:d7:f7:ca:eb:6c:56:10:a2:
         87:26:af:6a:52:08:08:9b:86:90:c9:08:1c:ad:42:bc:ea:90:
         3e:ed:b9:aa:77:76:95:d2:ba:0b:fb:71:83:2f:98:e5:07:34:
         0e:0d:0e:36:50:ee:ee:73:84:1e:36:eb:5c:f4:72:2e:7e:3d:
         c4:75:f8:3d:7a:46:1a:34:71:2c:9a:d6:2c:29:06:30:23:bf:
         80:07:00:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8Ey4HKnhch+sAeH29tJI9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjYwMTAyMDAxOTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTBjMTdlODBmMzAzNjIyYWIzYmZhYTkyOGU4OTU0YmJiYTNlYjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAioZV1IF2Jj9p+bUkZIHVx+ljDi8U
Vqcs0lxdbBNvBhCQxoFX3LTxdNK0ts9qXVmKlHYxV8Pvp/d+y7jAqT2BSl3dTvHd
rxpCC8ztaTls/BhfEToFONjcU4wAeogn6i1z1mcWa7/O+wus79iOLNc4UeMRMLAN
WDVML+SmWZD77S6UTxbrdJ5s3e9ceqN8I5+j6gQWPjNztlnY2WDNgnM+gcCULhco
+5ZSzRzY10trmMYq7X+e009pNMHZ6KDTAp4wVc3SSi4yG9fr7u2Qi4TsICHlO0Ir
kN+z6CEfD3WtX/AwH3mOc/dCIJFIXnUwGMoOiH/rcjltLusWWCxTZds5GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMoMF+gPMDYiqzv6qSjolUu7o+thMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEveWd3WDZBOHdOaUtyT19xcEtPaVZTN3VqNjJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAyTG+MA0G
CSqGSIb3DQEBCwUAA4IBAQABw31wZkUe9eJOVW4i7JpwAzrxHDWbgI/8mhU3N/gp
JFcn2SsDhyLxHloIoiJPBm7OppgLaiVjBSyBC7RnAsZBUaYUyXN8eQzNHoYue1Qh
lyAi21nUYHqSBxh+VV3Z09dIAhlMXESLBJ8dOxFqW4apUQdWGpvCU1DMzA8WE3nD
6869bvxDYO3Ny2AqDZwV1RueQgkjddFUoN2hn4JEFyPmVN8K7ORgq6aRIkMU1/fK
62xWEKKHJq9qUggIm4aQyQgcrUK86pA+7bmqd3aV0roL+3GDL5jlBzQODQ42UO7u
c4QeNutc9HIufj3Edfg9ekYaNHEsmtYsKQYwI7+ABwDi
-----END CERTIFICATE-----