This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/nVrsmiE4mZkUHdQosAPmUQgfiN8.roa
File:                     nVrsmiE4mZkUHdQosAPmUQgfiN8.roa (raw, json)
Hash identifier:          HnvmyHFabWozXyzydQ+3XrK2DXsd/lYo1fc4nVOwXr8=
Subject key identifier:   9D:5A:EC:9A:21:38:99:99:14:1D:D4:28:B0:03:E6:51:08:1F:88:DF
Certificate issuer:       /CN=7976d7d0bbcc08516523d5df24e6882b72ca5693
Certificate serial:       019B77C66061C99D5C67FAE4EEC4C6B00CE3
Authority key identifier: 79:76:D7:D0:BB:CC:08:51:65:23:D5:DF:24:E6:88:2B:72:CA:56:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eXbX0LvMCFFlI9XfJOaIK3LKVpM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/nVrsmiE4mZkUHdQosAPmUQgfiN8.roa
Signing time:             Thu 01 Jan 2026 04:17:28 +0000
ROA not before:           Thu 01 Jan 2026 04:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        103.39.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/eXbX0LvMCFFlI9XfJOaIK3LKVpM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/eXbX0LvMCFFlI9XfJOaIK3LKVpM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eXbX0LvMCFFlI9XfJOaIK3LKVpM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:60:61:c9:9d:5c:67:fa:e4:ee:c4:c6:b0:0c:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7976d7d0bbcc08516523d5df24e6882b72ca5693
        Validity
            Not Before: Jan  1 04:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d5aec9a21389999141dd428b003e651081f88df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:9e:84:8f:f6:2f:b6:d7:d3:5b:32:98:ec:84:
                    02:13:d5:f6:2d:0d:e8:ca:9d:b7:e3:86:2d:24:f8:
                    c0:63:5e:8d:23:68:f0:74:ee:c3:57:d4:a8:70:4c:
                    14:67:05:5d:3a:4f:e2:fc:94:80:c0:63:02:89:89:
                    56:03:88:34:8e:8a:dc:87:a7:db:0e:a2:1d:f1:68:
                    ad:3c:53:ec:3c:54:18:d4:e1:8d:44:50:4f:ef:1e:
                    18:47:a8:d9:eb:57:3c:c6:14:eb:3d:ee:46:d8:e7:
                    ba:b0:80:02:48:85:e7:3b:8d:86:d2:2d:6d:cf:9e:
                    7e:ac:60:5e:30:3a:1d:2a:b3:74:42:71:c4:ee:65:
                    49:63:26:17:70:1a:f0:59:f8:9c:b2:08:3c:4a:be:
                    b8:c5:10:08:a4:8f:90:49:94:07:aa:c2:7d:84:04:
                    78:98:e1:6f:76:c5:a7:14:0b:5f:c7:b6:c9:4e:bb:
                    65:f4:ec:b5:7a:07:ab:f2:95:15:9d:49:aa:36:7f:
                    bc:0a:e5:e7:fe:9a:cb:c6:be:05:d9:9b:3e:a8:01:
                    25:06:c2:11:04:db:e8:df:2a:e4:7c:74:99:ab:3f:
                    8d:f2:9f:a0:69:67:32:88:2a:65:8e:f0:d2:25:64:
                    64:ff:73:c9:1a:91:a6:ff:1d:4e:fc:1b:e2:1f:3e:
                    67:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:5A:EC:9A:21:38:99:99:14:1D:D4:28:B0:03:E6:51:08:1F:88:DF
            X509v3 Authority Key Identifier:
                keyid:79:76:D7:D0:BB:CC:08:51:65:23:D5:DF:24:E6:88:2B:72:CA:56:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eXbX0LvMCFFlI9XfJOaIK3LKVpM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/nVrsmiE4mZkUHdQosAPmUQgfiN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/dd6943-6fce-4309-8713-854182cb06a6/1/eXbX0LvMCFFlI9XfJOaIK3LKVpM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.39.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:b2:86:15:65:06:04:00:2b:57:e3:fb:24:0e:7c:87:04:d3:
         77:5c:49:3e:e9:4a:b0:64:ad:35:3b:0a:05:9b:61:02:c8:f6:
         26:27:1a:de:4d:25:84:3f:3b:a9:2f:10:6a:fe:21:76:5d:66:
         da:94:82:bc:b0:29:1b:ea:e2:86:9e:62:8c:c3:31:f3:9a:bc:
         35:fe:b8:03:6c:66:45:8b:cb:e7:85:17:97:71:e4:8f:bb:4f:
         a7:46:34:32:7f:6c:7c:6a:0b:db:1f:e8:5c:15:08:62:ea:a2:
         ba:10:a5:36:46:1e:6b:bb:73:62:77:c6:14:df:75:a5:48:63:
         3a:5d:8b:53:3e:8f:fe:5e:1d:55:a7:d3:57:77:84:6b:f5:fe:
         74:7d:f9:48:96:4f:1a:2d:be:b0:73:31:1f:a1:6e:e7:01:64:
         c7:39:66:90:71:f0:b7:8b:de:f2:b1:11:0a:62:99:c7:ab:6f:
         03:53:99:a8:86:37:56:b7:be:95:75:53:28:57:6c:19:d8:52:
         6a:b8:6d:4a:dc:ec:05:5d:ed:c9:33:4b:c5:c4:05:ab:10:32:
         a3:87:a5:65:af:d7:fa:04:53:a6:c7:02:b4:ed:be:9a:77:2c:
         d5:e6:b9:2b:33:7d:56:51:39:cc:91:e1:e4:24:91:63:c8:e1:
         46:19:ef:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xmBhyZ1cZ/rk7sTGsAzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NzZkN2QwYmJjYzA4NTE2NTIzZDVkZjI0ZTY4ODJiNzJj
YTU2OTMwHhcNMjYwMTAxMDQxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDVhZWM5YTIxMzg5OTk5MTQxZGQ0MjhiMDAzZTY1MTA4MWY4OGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJ6Ej/YvttfTWzKY7IQCE9X2LQ3o
yp2344YtJPjAY16NI2jwdO7DV9SocEwUZwVdOk/i/JSAwGMCiYlWA4g0jorch6fb
DqId8WitPFPsPFQY1OGNRFBP7x4YR6jZ61c8xhTrPe5G2Oe6sIACSIXnO42G0i1t
z55+rGBeMDodKrN0QnHE7mVJYyYXcBrwWficsgg8Sr64xRAIpI+QSZQHqsJ9hAR4
mOFvdsWnFAtfx7bJTrtl9Oy1eger8pUVnUmqNn+8CuXn/prLxr4F2Zs+qAElBsIR
BNvo3yrkfHSZqz+N8p+gaWcyiCpljvDSJWRk/3PJGpGm/x1O/BviHz5nWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1a7JohOJmZFB3UKLAD5lEIH4jfMB8GA1UdIwQY
MBaAFHl219C7zAhRZSPV3yTmiCtyylaTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVhiWDBMdk1DRkZsSTlYZkpPYUlLM0xLVnBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kZDY5NDMtNmZjZS00MzA5LTg3MTMt
ODU0MTgyY2IwNmE2LzEvblZyc21pRTRtWmtVSGRRb3NBUG1VUWdmaU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kZDY5NDMtNmZjZS00MzA5LTg3MTMtODU0MTgyY2IwNmE2
LzEvZVhiWDBMdk1DRkZsSTlYZkpPYUlLM0xLVnBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZycoMA0G
CSqGSIb3DQEBCwUAA4IBAQAJsoYVZQYEACtX4/skDnyHBNN3XEk+6UqwZK01OwoF
m2ECyPYmJxreTSWEPzupLxBq/iF2XWbalIK8sCkb6uKGnmKMwzHzmrw1/rgDbGZF
i8vnhReXceSPu0+nRjQyf2x8agvbH+hcFQhi6qK6EKU2Rh5ru3Nid8YU33WlSGM6
XYtTPo/+Xh1Vp9NXd4Rr9f50fflIlk8aLb6wczEfoW7nAWTHOWaQcfC3i97ysREK
YpnHq28DU5mohjdWt76VdVMoV2wZ2FJquG1K3OwFXe3JM0vFxAWrEDKjh6Vlr9f6
BFOmxwK07b6adyzV5rkrM31WUTnMkeHkJJFjyOFGGe96
-----END CERTIFICATE-----