This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/YEsCxALVppakBn4QJm3DkHuw-gI.roa
File:                     YEsCxALVppakBn4QJm3DkHuw-gI.roa (raw, json)
Hash identifier:          XPZXf23VQCCL6V3vjOuVYTjPIxQJua8QVGLS+OOW6lo=
Subject key identifier:   60:4B:02:C4:02:D5:A6:96:A4:06:7E:10:26:6D:C3:90:7B:B0:FA:02
Certificate issuer:       /CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
Certificate serial:       019AB53142234644D54A604FE3314342EFBD
Authority key identifier: 51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/YEsCxALVppakBn4QJm3DkHuw-gI.roa
Signing time:             Mon 24 Nov 2025 09:28:15 +0000
ROA not before:           Mon 24 Nov 2025 09:28:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214025
IP address blocks:        212.100.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 12:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b5:31:42:23:46:44:d5:4a:60:4f:e3:31:43:42:ef:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51b49ba0dd8615128618d50159cb0f3b5e9ee626
        Validity
            Not Before: Nov 24 09:28:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=604b02c402d5a696a4067e10266dc3907bb0fa02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:50:92:d7:78:65:c6:94:1e:72:5b:50:6c:bd:
                    60:70:be:d2:44:5c:b7:f6:0d:2c:39:c1:cf:55:fb:
                    78:8f:08:a1:08:0a:2b:3a:6a:8e:95:66:03:be:7e:
                    ad:a9:82:2c:87:b3:32:a1:bc:b6:5c:6d:3d:f3:c1:
                    d1:18:88:40:f5:7d:aa:e2:56:e8:50:27:4e:a7:f5:
                    23:26:b8:4d:d2:8b:f2:5c:e1:e9:26:98:b0:25:20:
                    85:bb:98:3a:5d:25:23:08:e9:b7:21:27:9d:ff:8a:
                    71:5e:31:5c:5a:ef:17:4b:d5:9c:d9:54:77:99:3e:
                    45:61:c2:af:e8:a1:21:91:ca:33:3f:f6:ad:4e:a4:
                    47:54:e9:67:97:7f:19:82:7c:c5:a8:87:f6:b5:fb:
                    51:f6:74:ee:74:2d:3b:bd:8b:3e:5c:c5:f8:83:fe:
                    68:74:ae:01:76:f3:af:d9:37:35:86:ce:3a:f8:c5:
                    02:f4:d7:2a:15:9b:2f:d3:d8:23:b4:75:d0:31:8d:
                    f7:54:50:c5:7f:37:70:bf:eb:75:d1:46:5c:2c:74:
                    7b:c8:e6:7d:54:d1:41:8a:67:b0:9f:ad:21:49:82:
                    de:3d:bf:13:fe:53:7c:ad:53:a1:a4:54:e1:76:a6:
                    d3:48:f2:73:c7:9a:1f:2d:d9:8a:fa:3c:0c:01:9e:
                    15:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:4B:02:C4:02:D5:A6:96:A4:06:7E:10:26:6D:C3:90:7B:B0:FA:02
            X509v3 Authority Key Identifier:
                keyid:51:B4:9B:A0:DD:86:15:12:86:18:D5:01:59:CB:0F:3B:5E:9E:E6:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UbSboN2GFRKGGNUBWcsPO16e5iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/YEsCxALVppakBn4QJm3DkHuw-gI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/26c049-47ee-4886-9844-4ab9e8aa3262/1/UbSboN2GFRKGGNUBWcsPO16e5iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.100.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:b2:fd:6a:8e:65:50:91:63:cd:e8:b0:3c:5f:26:7a:2e:d4:
         77:09:6a:09:01:29:66:30:78:17:86:bf:88:ac:16:35:7e:69:
         41:1a:cc:4f:53:90:dc:40:79:fb:fa:69:03:05:cb:13:08:1c:
         66:c8:1b:c0:a2:b6:36:a1:e3:72:57:13:75:c3:c4:5c:53:0c:
         5d:11:a9:90:39:38:b9:49:95:04:f2:0f:61:01:fb:30:b1:ce:
         3c:1f:cb:05:3a:cb:ea:7c:13:67:96:4e:91:d1:98:c6:b3:ed:
         39:f1:4a:ea:3e:da:27:2d:e2:6b:42:ea:2d:7b:9c:67:4c:a3:
         c9:87:f2:84:4c:a4:d8:4b:90:a6:71:bf:f1:11:ce:7b:d7:dd:
         01:3b:f5:44:5b:38:47:da:70:a4:a9:05:ff:d7:ce:31:06:95:
         e1:b4:3b:a1:ba:d5:db:0b:75:a2:58:99:35:d3:ff:38:6d:09:
         af:92:62:5c:eb:ff:7f:cf:dd:e7:55:97:ba:31:ee:5d:39:31:
         26:15:20:f9:0a:b2:ff:f9:f6:a3:48:39:d3:d6:56:45:5f:8d:
         ec:24:dc:64:99:53:53:82:b0:c9:9c:32:15:de:16:1f:8d:30:
         7d:52:ee:c8:75:12:76:ef:71:d6:06:d7:22:ce:1d:e3:b4:58:
         07:d2:cf:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq1MUIjRkTVSmBP4zFDQu+9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYjQ5YmEwZGQ4NjE1MTI4NjE4ZDUwMTU5Y2IwZjNiNWU5
ZWU2MjYwHhcNMjUxMTI0MDkyODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDRiMDJjNDAyZDVhNjk2YTQwNjdlMTAyNjZkYzM5MDdiYjBmYTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA81CS13hlxpQecltQbL1gcL7SRFy3
9g0sOcHPVft4jwihCAorOmqOlWYDvn6tqYIsh7Myoby2XG0988HRGIhA9X2q4lbo
UCdOp/UjJrhN0ovyXOHpJpiwJSCFu5g6XSUjCOm3ISed/4pxXjFcWu8XS9Wc2VR3
mT5FYcKv6KEhkcozP/atTqRHVOlnl38ZgnzFqIf2tftR9nTudC07vYs+XMX4g/5o
dK4BdvOv2Tc1hs46+MUC9NcqFZsv09gjtHXQMY33VFDFfzdwv+t10UZcLHR7yOZ9
VNFBimewn60hSYLePb8T/lN8rVOhpFThdqbTSPJzx5ofLdmK+jwMAZ4VbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBLAsQC1aaWpAZ+ECZtw5B7sPoCMB8GA1UdIwQY
MBaAFFG0m6DdhhUShhjVAVnLDztenuYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQt
NGFiOWU4YWEzMjYyLzEvWUVzQ3hBTFZwcGFrQm40UUptM0RrSHV3LWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8yNmMwNDktNDdlZS00ODg2LTk4NDQtNGFiOWU4YWEzMjYy
LzEvVWJTYm9OMkdGUktHR05VQldjc1BPMTZlNWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GS9MA0G
CSqGSIb3DQEBCwUAA4IBAQAbsv1qjmVQkWPN6LA8XyZ6LtR3CWoJASlmMHgXhr+I
rBY1fmlBGsxPU5DcQHn7+mkDBcsTCBxmyBvAorY2oeNyVxN1w8RcUwxdEamQOTi5
SZUE8g9hAfswsc48H8sFOsvqfBNnlk6R0ZjGs+058UrqPtonLeJrQuote5xnTKPJ
h/KETKTYS5Cmcb/xEc57190BO/VEWzhH2nCkqQX/184xBpXhtDuhutXbC3WiWJk1
0/84bQmvkmJc6/9/z93nVZe6Me5dOTEmFSD5CrL/+fajSDnT1lZFX43sJNxkmVNT
grDJnDIV3hYfjTB9Uu7IdRJ273HWBtcizh3jtFgH0s8c
-----END CERTIFICATE-----