This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/PrnecMxNHe2u3Fw2gcFyEcky08w.roa
File:                     PrnecMxNHe2u3Fw2gcFyEcky08w.roa (raw, json)
Hash identifier:          fOMHDoxW+MiL0eOBbV8PO+2eJTiyo9i2d0o+CgmUXRU=
Subject key identifier:   3E:B9:DE:70:CC:4D:1D:ED:AE:DC:5C:36:81:C1:72:11:C9:32:D3:CC
Certificate issuer:       /CN=aa5212958d8e1baa144a82a821f93a890dcba49a
Certificate serial:       019B21F73CCD072C599EE0D1B84E5E4B7734
Authority key identifier: AA:52:12:95:8D:8E:1B:AA:14:4A:82:A8:21:F9:3A:89:0D:CB:A4:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/PrnecMxNHe2u3Fw2gcFyEcky08w.roa
Signing time:             Mon 15 Dec 2025 12:23:29 +0000
ROA not before:           Mon 15 Dec 2025 12:23:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208185
IP address blocks:        43.226.225.0/24 maxlen: 24
                          43.226.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Dec 2025 14:45:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:21:f7:3c:cd:07:2c:59:9e:e0:d1:b8:4e:5e:4b:77:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa5212958d8e1baa144a82a821f93a890dcba49a
        Validity
            Not Before: Dec 15 12:23:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3eb9de70cc4d1dedaedc5c3681c17211c932d3cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:e3:49:27:15:01:1e:af:8c:64:86:2b:2b:28:
                    60:aa:0f:58:6c:1e:05:2a:0e:f1:a0:dc:09:3e:55:
                    6b:33:5b:f6:06:37:80:c9:79:73:25:43:c6:01:81:
                    34:f9:b7:a8:74:fc:03:91:79:0a:37:d2:0e:a7:35:
                    2a:b7:ab:c5:34:a2:d9:a6:c5:2a:1d:4c:e8:ff:ce:
                    36:12:22:e5:79:cb:e8:a3:9d:f0:79:b3:9b:73:49:
                    0a:a8:aa:89:c7:b1:c2:b8:a4:96:b7:8a:52:1a:8d:
                    f1:71:ec:d2:af:ee:9f:4d:03:2a:ba:ce:42:15:b0:
                    cc:1f:b1:c4:13:b8:2e:03:0a:58:01:ef:53:3b:20:
                    e5:de:da:1f:37:25:d5:be:ab:ec:cd:18:05:46:bc:
                    58:e4:5f:94:fb:ba:e0:fb:d4:9a:0e:46:a3:fb:ed:
                    50:77:32:be:75:5c:29:df:a0:f1:ab:52:66:96:33:
                    04:26:44:b8:5e:9b:1c:94:e0:1a:73:c6:eb:88:8a:
                    3a:d5:cb:11:fb:a2:91:d8:aa:62:ca:62:cc:da:89:
                    db:47:9f:52:6a:d3:f4:14:52:79:b2:61:ea:4d:75:
                    77:e0:f0:24:80:21:47:97:27:e0:27:25:fd:04:62:
                    97:ce:12:eb:21:df:28:4b:d6:6f:0c:51:b5:f5:2b:
                    f8:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B9:DE:70:CC:4D:1D:ED:AE:DC:5C:36:81:C1:72:11:C9:32:D3:CC
            X509v3 Authority Key Identifier:
                keyid:AA:52:12:95:8D:8E:1B:AA:14:4A:82:A8:21:F9:3A:89:0D:CB:A4:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qlISlY2OG6oUSoKoIfk6iQ3LpJo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/PrnecMxNHe2u3Fw2gcFyEcky08w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/d8e5e3-f897-4da2-9df6-b401a4a04492/1/qlISlY2OG6oUSoKoIfk6iQ3LpJo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.226.225.0-43.226.226.255

    Signature Algorithm: sha256WithRSAEncryption
         52:48:c5:32:30:6e:2e:79:73:32:18:73:06:26:49:31:73:1b:
         95:dd:09:9d:45:08:0b:83:ba:85:1b:64:e7:23:cf:50:8e:8a:
         46:a4:8e:d2:c7:83:0e:f8:be:a6:c6:b2:c3:c3:07:31:cf:56:
         19:de:6a:5c:b9:cc:b7:73:be:08:11:70:49:95:67:be:61:65:
         5c:ea:09:2b:ac:00:55:7b:a4:71:fc:37:c9:0e:ba:4f:ac:1f:
         bc:07:71:ab:16:ad:46:4e:0c:86:c3:09:65:d4:f3:3f:81:09:
         94:79:87:00:96:95:91:0e:d0:88:7f:03:9a:bd:47:18:61:4b:
         fe:f0:ea:b5:e3:9a:59:c5:a0:e5:6d:20:36:51:e0:0d:50:e1:
         38:7b:40:63:b4:43:83:1d:b9:c2:8b:00:5c:d3:fb:c4:c6:8a:
         ed:40:5e:fc:9f:c1:da:4f:ed:66:c9:b5:2a:3c:1b:1a:b2:29:
         5a:9e:44:a4:a7:f1:16:b0:dc:70:bc:3b:fa:10:a2:52:80:36:
         13:4a:41:8f:fc:e7:84:6b:6c:ad:22:ae:98:9f:b7:4d:02:0e:
         1e:1f:f3:52:5e:6d:25:22:13:41:e7:25:1a:1a:9f:cc:ea:ee:
         36:39:49:a1:4b:c7:cd:42:83:2d:12:03:70:db:e8:72:45:e1:
         da:36:69:3c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZsh9zzNByxZnuDRuE5eS3c0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNTIxMjk1OGQ4ZTFiYWExNDRhODJhODIxZjkzYTg5MGRj
YmE0OWEwHhcNMjUxMjE1MTIyMzI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWI5ZGU3MGNjNGQxZGVkYWVkYzVjMzY4MWMxNzIxMWM5MzJkM2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2eNJJxUBHq+MZIYrKyhgqg9YbB4F
Kg7xoNwJPlVrM1v2BjeAyXlzJUPGAYE0+beodPwDkXkKN9IOpzUqt6vFNKLZpsUq
HUzo/842EiLlecvoo53webObc0kKqKqJx7HCuKSWt4pSGo3xcezSr+6fTQMqus5C
FbDMH7HEE7guAwpYAe9TOyDl3tofNyXVvqvszRgFRrxY5F+U+7rg+9SaDkaj++1Q
dzK+dVwp36Dxq1JmljMEJkS4XpsclOAac8briIo61csR+6KR2KpiymLM2onbR59S
atP0FFJ5smHqTXV34PAkgCFHlyfgJyX9BGKXzhLrId8oS9ZvDFG19Sv49QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD653nDMTR3trtxcNoHBchHJMtPMMB8GA1UdIwQY
MBaAFKpSEpWNjhuqFEqCqCH5OokNy6SaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWxJU2xZMk9HNm9VU29Lb0lmazZpUTNMcEpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9kOGU1ZTMtZjg5Ny00ZGEyLTlkZjYt
YjQwMWE0YTA0NDkyLzEvUHJuZWNNeE5IZTJ1M0Z3MmdjRnlFY2t5MDh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9kOGU1ZTMtZjg5Ny00ZGEyLTlkZjYtYjQwMWE0YTA0NDky
LzEvcWxJU2xZMk9HNm9VU29Lb0lmazZpUTNMcEpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAr4uED
BAAr4uIwDQYJKoZIhvcNAQELBQADggEBAFJIxTIwbi55czIYcwYmSTFzG5XdCZ1F
CAuDuoUbZOcjz1COikakjtLHgw74vqbGssPDBzHPVhnealy5zLdzvggRcEmVZ75h
ZVzqCSusAFV7pHH8N8kOuk+sH7wHcasWrUZODIbDCWXU8z+BCZR5hwCWlZEO0Ih/
A5q9RxhhS/7w6rXjmlnFoOVtIDZR4A1Q4Th7QGO0Q4MducKLAFzT+8TGiu1AXvyf
wdpP7WbJtSo8GxqyKVqeRKSn8Raw3HC8O/oQolKANhNKQY/854RrbK0irpift00C
Dh4f81JebSUiE0HnJRoan8zq7jY5SaFLx81Cgy0SA3Db6HJF4do2aTw=
-----END CERTIFICATE-----