This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/cbh1si2A2Ydkejw2Rg2PChEcZkI.roa
File:                     cbh1si2A2Ydkejw2Rg2PChEcZkI.roa (raw, json)
Hash identifier:          g8srghuNNX3ZtaA38+TVjTMeN5WNvR+zb2DXvokXiYM=
Subject key identifier:   71:B8:75:B2:2D:80:D9:87:64:7A:3C:36:46:0D:8F:0A:11:1C:66:42
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019B77C71B632BFF44E577258EBB5014900A
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/cbh1si2A2Ydkejw2Rg2PChEcZkI.roa
Signing time:             Thu 01 Jan 2026 04:18:15 +0000
ROA not before:           Thu 01 Jan 2026 04:18:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        103.110.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 09:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:1b:63:2b:ff:44:e5:77:25:8e:bb:50:14:90:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Jan  1 04:18:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=71b875b22d80d987647a3c36460d8f0a111c6642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0a:cf:6b:63:14:ff:c9:44:1d:ca:47:3f:90:
                    4c:58:ab:e4:8d:59:56:24:56:44:f5:da:bd:d6:a9:
                    49:18:62:17:1e:2d:1a:59:ff:f2:81:a9:08:96:e1:
                    ac:37:3a:22:36:59:7c:99:24:6f:e1:12:05:b1:c8:
                    2c:26:3b:34:ce:11:a0:7f:c2:e9:d8:3b:1d:0b:bb:
                    16:9e:d6:5d:7b:36:c1:08:96:78:f4:20:b6:84:51:
                    cd:61:8f:13:2d:bc:2a:ea:94:40:19:fd:a8:3c:ba:
                    72:af:31:97:25:a1:9a:af:bb:59:f7:8d:26:52:de:
                    3e:97:03:1d:99:d2:58:ac:97:be:8b:f8:79:f3:90:
                    e0:d9:bc:fb:3d:f2:e3:24:2b:75:48:0f:68:d2:5b:
                    69:7a:b1:a0:2f:e2:b6:ed:df:3f:75:dd:80:f8:88:
                    8f:1f:57:90:94:98:62:f7:d7:28:7f:ba:29:c0:e0:
                    12:5c:28:8a:79:dc:f4:2e:20:61:9c:e9:29:4c:0e:
                    6c:b3:c1:69:bd:11:e4:09:8a:df:be:93:63:d9:fe:
                    eb:58:47:64:d4:9c:55:95:e9:43:85:eb:e2:74:b2:
                    78:fa:8f:67:90:94:69:d3:89:ec:28:a2:9c:20:96:
                    be:3d:19:7d:2d:ea:6e:bc:29:9c:3c:98:0a:06:0e:
                    6d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:B8:75:B2:2D:80:D9:87:64:7A:3C:36:46:0D:8F:0A:11:1C:66:42
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/cbh1si2A2Ydkejw2Rg2PChEcZkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.110.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:31:11:14:e4:75:a2:32:db:79:f1:57:11:d3:6b:2e:de:b1:
         bb:85:59:12:b3:5e:c1:83:2f:9e:99:9b:07:09:7e:bf:26:98:
         42:b7:ae:ce:9c:1a:5d:0c:38:3a:c4:2f:21:9c:d6:d2:4c:4d:
         f3:43:97:89:de:f5:d8:51:2d:38:3d:44:52:0f:e9:74:6e:78:
         bb:09:a1:57:2d:f7:17:f7:e0:8d:89:0f:a2:60:46:4b:f9:02:
         6f:86:45:48:07:d9:74:0e:7b:21:10:60:0f:cf:74:63:6b:59:
         00:84:af:d8:d6:bd:d6:7c:e7:f1:c0:a4:30:19:9d:10:5f:cf:
         88:83:8f:4f:b5:aa:b2:d8:43:e6:73:42:79:98:ad:ee:c1:45:
         68:c8:10:ac:0f:23:cd:d4:a1:b4:cc:00:4e:85:38:df:37:11:
         e0:70:ca:40:e0:0a:1c:93:f1:f6:60:c9:74:d1:aa:8d:39:3f:
         bb:5a:b4:20:df:5e:4b:d8:99:f7:ad:1e:5b:7b:97:3e:ea:37:
         b7:ea:a6:c5:d0:9e:9f:4e:4c:ed:58:6c:0a:d3:d8:d6:13:c6:
         f3:fd:71:b0:e3:cd:31:c7:32:37:1f:9b:7d:f0:d6:cb:8e:b9:
         2b:85:fe:cf:6c:e8:e6:8f:74:0b:6d:8e:41:0b:e4:e3:57:d6:
         fd:47:9c:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xxtjK/9E5XcljrtQFJAKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwMTAxMDQxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWI4NzViMjJkODBkOTg3NjQ3YTNjMzY0NjBkOGYwYTExMWM2NjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwrPa2MU/8lEHcpHP5BMWKvkjVlW
JFZE9dq91qlJGGIXHi0aWf/ygakIluGsNzoiNll8mSRv4RIFscgsJjs0zhGgf8Lp
2DsdC7sWntZdezbBCJZ49CC2hFHNYY8TLbwq6pRAGf2oPLpyrzGXJaGar7tZ940m
Ut4+lwMdmdJYrJe+i/h585Dg2bz7PfLjJCt1SA9o0ltperGgL+K27d8/dd2A+IiP
H1eQlJhi99cof7opwOASXCiKedz0LiBhnOkpTA5ss8FpvRHkCYrfvpNj2f7rWEdk
1JxVlelDhevidLJ4+o9nkJRp04nsKKKcIJa+PRl9LepuvCmcPJgKBg5t7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHG4dbItgNmHZHo8NkYNjwoRHGZCMB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvY2JoMXNpMkEyWWRrZWp3MlJnMlBDaEVjWmtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ25DMA0G
CSqGSIb3DQEBCwUAA4IBAQBnMREU5HWiMtt58VcR02su3rG7hVkSs17Bgy+emZsH
CX6/JphCt67OnBpdDDg6xC8hnNbSTE3zQ5eJ3vXYUS04PURSD+l0bni7CaFXLfcX
9+CNiQ+iYEZL+QJvhkVIB9l0DnshEGAPz3Rja1kAhK/Y1r3WfOfxwKQwGZ0QX8+I
g49Ptaqy2EPmc0J5mK3uwUVoyBCsDyPN1KG0zABOhTjfNxHgcMpA4Aock/H2YMl0
0aqNOT+7WrQg315L2Jn3rR5be5c+6je36qbF0J6fTkztWGwK09jWE8bz/XGw480x
xzI3H5t98NbLjrkrhf7PbOjmj3QLbY5BC+TjV9b9R5x6
-----END CERTIFICATE-----