This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/ky3yvPP74RczA2v4Ugu99TBMbsI.roa
File:                     ky3yvPP74RczA2v4Ugu99TBMbsI.roa (raw, json)
Hash identifier:          TD4XRV1oUgF9aBXbLkgWbCHcuaqMcnhfzXnHHHiQ3Ac=
Subject key identifier:   93:2D:F2:BC:F3:FB:E1:17:33:03:6B:F8:52:0B:BD:F5:30:4C:6E:C2
Certificate issuer:       /CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
Certificate serial:       019B7758EC02749D5FF07A36C52685EE5FD9
Authority key identifier: B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/ky3yvPP74RczA2v4Ugu99TBMbsI.roa
Signing time:             Thu 01 Jan 2026 02:17:54 +0000
ROA not before:           Thu 01 Jan 2026 02:17:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199839
IP address blocks:        5.180.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 14:02:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:58:ec:02:74:9d:5f:f0:7a:36:c5:26:85:ee:5f:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4253c4f233ce9847699ae68ecbf5d7514b0fadb
        Validity
            Not Before: Jan  1 02:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=932df2bcf3fbe11733036bf8520bbdf5304c6ec2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7c:0d:5d:af:a2:00:dd:86:9c:99:17:92:a4:
                    d4:f7:ab:0b:bf:b5:0e:c2:19:0b:4d:13:aa:72:29:
                    94:36:d7:12:37:3b:2c:89:7f:28:e0:5b:6e:46:de:
                    29:84:83:d7:08:83:d4:04:e4:bb:a4:f6:ce:1c:3c:
                    6d:bd:28:db:4e:9d:2b:5e:11:a9:23:8e:65:df:c6:
                    27:f7:a1:98:45:5f:a8:e7:c1:b4:b2:f6:53:c3:17:
                    28:c5:3f:fd:1a:50:79:7d:cb:70:05:a6:99:d7:8d:
                    92:e7:ec:69:35:68:0b:d4:d9:6a:d0:21:e4:7d:91:
                    55:6f:82:e7:2c:4a:6b:31:1a:86:e0:0c:4f:95:09:
                    19:e7:02:cb:c1:34:2b:fc:a5:a0:2d:b2:ae:24:2d:
                    ab:86:d9:f4:89:29:49:d4:91:2d:a4:38:7d:a4:26:
                    66:cd:58:e1:8e:6d:93:64:99:7b:26:8e:4c:9c:35:
                    c6:48:4f:4a:19:4f:2c:3a:28:78:ad:1d:8c:d1:12:
                    be:9c:42:1c:27:d2:df:05:e3:d5:1b:85:bf:6a:09:
                    9b:71:99:2f:ed:02:98:04:2a:70:db:99:3f:8e:7b:
                    04:42:66:ee:8c:8c:83:01:01:a0:7a:1d:21:a5:04:
                    37:52:29:83:33:9c:b9:fd:7f:c0:17:5f:38:03:3d:
                    e8:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:2D:F2:BC:F3:FB:E1:17:33:03:6B:F8:52:0B:BD:F5:30:4C:6E:C2
            X509v3 Authority Key Identifier:
                keyid:B4:25:3C:4F:23:3C:E9:84:76:99:AE:68:EC:BF:5D:75:14:B0:FA:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tCU8TyM86YR2ma5o7L9ddRSw-ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/ky3yvPP74RczA2v4Ugu99TBMbsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/41d6e1-5cad-40db-9773-58b38f5ac80b/1/tCU8TyM86YR2ma5o7L9ddRSw-ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:71:50:2a:1a:46:cb:75:7f:be:fa:20:27:06:22:c7:26:7c:
         7c:c9:4c:f7:e5:df:8c:24:31:78:fe:57:c7:74:38:6a:5f:16:
         51:a4:bf:58:b7:75:ca:95:d6:9c:e2:3c:55:76:fe:3a:14:fb:
         3a:37:99:2c:30:0e:93:58:01:4e:39:bc:d5:6b:e8:17:91:ab:
         d4:46:bc:58:d5:7c:dc:1d:01:9a:f6:26:d3:c5:9a:d8:20:8f:
         d0:eb:ef:54:38:95:26:a1:19:5a:9d:88:ff:fb:bb:b5:56:2f:
         65:36:fc:dd:3a:44:96:9e:5b:51:83:75:86:56:76:fb:e6:f3:
         02:e8:35:48:8b:97:3e:85:03:3b:48:f7:41:ce:fe:ff:1c:2e:
         a3:d3:3c:4a:bd:0f:6d:36:c8:a0:fa:dc:d0:d4:91:40:ff:27:
         44:8d:03:a1:23:30:3b:e4:1a:88:54:82:81:1a:97:a5:b1:8e:
         e7:6b:da:70:22:76:3f:c9:45:94:ed:e5:00:84:5e:3d:cb:5d:
         ec:b8:55:07:ab:fa:8a:15:68:61:57:66:c9:5b:45:9f:73:24:
         2a:36:c1:4a:03:f3:f2:00:60:72:b7:ee:3c:ea:88:3f:c6:49:
         92:9d:d5:2f:c1:b9:a4:c1:c3:ba:cb:1a:be:d5:fc:59:65:d1:
         84:b5:fe:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WOwCdJ1f8Ho2xSaF7l/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MjUzYzRmMjMzY2U5ODQ3Njk5YWU2OGVjYmY1ZDc1MTRi
MGZhZGIwHhcNMjYwMTAxMDIxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzJkZjJiY2YzZmJlMTE3MzMwMzZiZjg1MjBiYmRmNTMwNGM2ZWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznwNXa+iAN2GnJkXkqTU96sLv7UO
whkLTROqcimUNtcSNzssiX8o4FtuRt4phIPXCIPUBOS7pPbOHDxtvSjbTp0rXhGp
I45l38Yn96GYRV+o58G0svZTwxcoxT/9GlB5fctwBaaZ142S5+xpNWgL1Nlq0CHk
fZFVb4LnLEprMRqG4AxPlQkZ5wLLwTQr/KWgLbKuJC2rhtn0iSlJ1JEtpDh9pCZm
zVjhjm2TZJl7Jo5MnDXGSE9KGU8sOih4rR2M0RK+nEIcJ9LfBePVG4W/agmbcZkv
7QKYBCpw25k/jnsEQmbujIyDAQGgeh0hpQQ3UimDM5y5/X/AF184Az3oiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJMt8rzz++EXMwNr+FILvfUwTG7CMB8GA1UdIwQY
MBaAFLQlPE8jPOmEdpmuaOy/XXUUsPrbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMt
NThiMzhmNWFjODBiLzEva3kzeXZQUDc0UmN6QTJ2NFVndTk5VEJNYnNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80MWQ2ZTEtNWNhZC00MGRiLTk3NzMtNThiMzhmNWFjODBi
LzEvdENVOFR5TTg2WVIybWE1bzdMOWRkUlN3LXRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABbTDMA0G
CSqGSIb3DQEBCwUAA4IBAQA3cVAqGkbLdX+++iAnBiLHJnx8yUz35d+MJDF4/lfH
dDhqXxZRpL9Yt3XKldac4jxVdv46FPs6N5ksMA6TWAFOObzVa+gXkavURrxY1Xzc
HQGa9ibTxZrYII/Q6+9UOJUmoRlanYj/+7u1Vi9lNvzdOkSWnltRg3WGVnb75vMC
6DVIi5c+hQM7SPdBzv7/HC6j0zxKvQ9tNsig+tzQ1JFA/ydEjQOhIzA75BqIVIKB
GpelsY7na9pwInY/yUWU7eUAhF49y13suFUHq/qKFWhhV2bJW0WfcyQqNsFKA/Py
AGByt+486og/xkmSndUvwbmkwcO6yxq+1fxZZdGEtf6a
-----END CERTIFICATE-----