This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/OZYmRenxzws5RHeszMUB-d1Fung.roa
File:                     OZYmRenxzws5RHeszMUB-d1Fung.roa (raw, json)
Hash identifier:          FZRGbJ46ktz/zyt6seOoaLUbodNhJwoXUxII8sfP6io=
Subject key identifier:   39:96:26:45:E9:F1:CF:0B:39:44:77:AC:CC:C5:01:F9:DD:45:BA:78
Certificate issuer:       /CN=515f61a6e08ded6f1ff50511c62089696ab564a8
Certificate serial:       019B78A3780E7D481831A373CC7C8F9E8A3F
Authority key identifier: 51:5F:61:A6:E0:8D:ED:6F:1F:F5:05:11:C6:20:89:69:6A:B5:64:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UV9hpuCN7W8f9QURxiCJaWq1ZKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/OZYmRenxzws5RHeszMUB-d1Fung.roa
Signing time:             Thu 01 Jan 2026 08:18:57 +0000
ROA not before:           Thu 01 Jan 2026 08:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30849
IP address blocks:        193.23.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/UV9hpuCN7W8f9QURxiCJaWq1ZKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/UV9hpuCN7W8f9QURxiCJaWq1ZKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UV9hpuCN7W8f9QURxiCJaWq1ZKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:78:0e:7d:48:18:31:a3:73:cc:7c:8f:9e:8a:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=515f61a6e08ded6f1ff50511c62089696ab564a8
        Validity
            Not Before: Jan  1 08:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=39962645e9f1cf0b394477acccc501f9dd45ba78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:66:be:8a:3a:12:71:c4:f7:0f:12:80:de:b9:
                    26:84:8f:cd:d4:1c:f8:85:b9:99:02:fe:2f:b0:97:
                    cf:a4:8b:a1:d5:16:c3:e1:0f:46:47:31:8e:fe:d4:
                    4f:26:2d:0f:e7:48:8c:20:16:0e:f3:37:cc:9d:32:
                    b7:bc:ee:fe:e3:fd:65:50:97:fb:56:50:7c:1d:f5:
                    b1:b0:0b:1d:61:37:42:16:ba:40:f3:a5:b3:ba:79:
                    5c:ec:56:ee:98:59:f9:00:5e:87:2a:e7:0f:df:2f:
                    0c:ba:11:45:2a:1d:58:2d:58:ea:7a:6f:37:c0:26:
                    15:06:08:1d:ed:68:1b:30:10:40:2b:08:64:6c:67:
                    c2:d1:ff:a5:16:ae:94:ff:4b:d7:3c:20:9e:6d:bf:
                    03:de:ee:a4:29:31:cd:41:e9:e0:47:7a:71:b4:b7:
                    53:54:3e:31:6d:b0:ee:71:4b:a9:ef:e9:bc:a4:b7:
                    40:7e:15:0a:65:e0:7d:4c:d1:61:fd:f8:36:e7:70:
                    d4:56:2d:0e:5e:9b:94:48:6a:1a:c6:60:78:63:70:
                    33:c5:d6:38:58:af:8e:76:54:0e:24:af:1a:cd:a6:
                    01:d3:52:3b:33:e9:a7:04:ee:9e:7a:ab:a2:f5:49:
                    7e:e9:16:ce:50:4a:d2:44:2f:b2:d8:c6:a0:30:34:
                    8b:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:96:26:45:E9:F1:CF:0B:39:44:77:AC:CC:C5:01:F9:DD:45:BA:78
            X509v3 Authority Key Identifier:
                keyid:51:5F:61:A6:E0:8D:ED:6F:1F:F5:05:11:C6:20:89:69:6A:B5:64:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UV9hpuCN7W8f9QURxiCJaWq1ZKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/OZYmRenxzws5RHeszMUB-d1Fung.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/3a90f5-65b5-40b5-8ed9-98c095c07e24/1/UV9hpuCN7W8f9QURxiCJaWq1ZKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:6d:17:2a:c7:cd:d4:9a:64:35:2a:c0:8a:31:f0:ce:c3:4e:
         2c:5c:db:3f:04:1a:18:8c:8b:a6:13:bc:70:76:74:51:69:0b:
         59:9e:35:dc:1a:60:72:e1:a2:c7:18:78:5c:d4:86:84:0a:35:
         90:63:9a:a8:f4:21:81:1c:b0:f9:e4:75:ff:1d:e1:2f:6a:66:
         ce:13:67:d0:67:da:26:c3:f7:6b:33:33:fc:82:d2:63:30:90:
         9b:44:d6:6b:0e:96:13:03:45:ac:fd:36:47:7d:d2:55:87:25:
         99:09:b2:19:d9:88:36:16:c2:d3:3e:22:91:df:27:2b:8a:9a:
         e0:37:92:4c:cf:5e:d2:21:c7:4e:5d:25:84:3b:e2:ab:66:47:
         32:60:1d:49:d6:5d:5c:44:b7:00:66:0b:41:13:c5:48:16:7a:
         c0:a0:8e:94:6f:9b:50:eb:64:4a:9d:98:80:a6:42:df:5f:de:
         3b:42:c4:91:c3:40:98:20:86:c9:d3:a1:7d:0f:17:66:a6:bb:
         87:5f:95:d9:fa:6b:70:0f:ff:53:22:ea:47:80:f3:85:02:33:
         c1:61:47:ab:1d:9d:f0:50:32:fb:3b:55:b2:64:fe:56:38:a9:
         6c:ce:11:20:fa:ca:14:11:7a:4c:8a:ca:d6:1f:ab:33:28:39:
         84:58:ca:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o3gOfUgYMaNzzHyPnoo/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxNWY2MWE2ZTA4ZGVkNmYxZmY1MDUxMWM2MjA4OTY5NmFi
NTY0YTgwHhcNMjYwMTAxMDgxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTk2MjY0NWU5ZjFjZjBiMzk0NDc3YWNjY2M1MDFmOWRkNDViYTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2a+ijoSccT3DxKA3rkmhI/N1Bz4
hbmZAv4vsJfPpIuh1RbD4Q9GRzGO/tRPJi0P50iMIBYO8zfMnTK3vO7+4/1lUJf7
VlB8HfWxsAsdYTdCFrpA86Wzunlc7FbumFn5AF6HKucP3y8MuhFFKh1YLVjqem83
wCYVBggd7WgbMBBAKwhkbGfC0f+lFq6U/0vXPCCebb8D3u6kKTHNQengR3pxtLdT
VD4xbbDucUup7+m8pLdAfhUKZeB9TNFh/fg253DUVi0OXpuUSGoaxmB4Y3AzxdY4
WK+OdlQOJK8azaYB01I7M+mnBO6eequi9Ul+6RbOUErSRC+y2MagMDSL+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmWJkXp8c8LOUR3rMzFAfndRbp4MB8GA1UdIwQY
MBaAFFFfYabgje1vH/UFEcYgiWlqtWSoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVY5aHB1Q043VzhmOVFVUnhpQ0phV3ExWktnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8zYTkwZjUtNjViNS00MGI1LThlZDkt
OThjMDk1YzA3ZTI0LzEvT1pZbVJlbnh6d3M1Ukhlc3pNVUItZDFGdW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8zYTkwZjUtNjViNS00MGI1LThlZDktOThjMDk1YzA3ZTI0
LzEvVVY5aHB1Q043VzhmOVFVUnhpQ0phV3ExWktnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRedMA0G
CSqGSIb3DQEBCwUAA4IBAQAzbRcqx83UmmQ1KsCKMfDOw04sXNs/BBoYjIumE7xw
dnRRaQtZnjXcGmBy4aLHGHhc1IaECjWQY5qo9CGBHLD55HX/HeEvambOE2fQZ9om
w/drMzP8gtJjMJCbRNZrDpYTA0Ws/TZHfdJVhyWZCbIZ2Yg2FsLTPiKR3ycriprg
N5JMz17SIcdOXSWEO+KrZkcyYB1J1l1cRLcAZgtBE8VIFnrAoI6Ub5tQ62RKnZiA
pkLfX947QsSRw0CYIIbJ06F9DxdmpruHX5XZ+mtwD/9TIupHgPOFAjPBYUerHZ3w
UDL7O1WyZP5WOKlszhEg+soUEXpMisrWH6szKDmEWMqN
-----END CERTIFICATE-----