This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/257xP2pIg94xXFdKXs2Y4-9zQkk.roa
File:                     257xP2pIg94xXFdKXs2Y4-9zQkk.roa (raw, json)
Hash identifier:          S9WmxVm8UW66gTakLjJkCO59L5DedELFzvMSxzLHHn0=
Subject key identifier:   DB:9E:F1:3F:6A:48:83:DE:31:5C:57:4A:5E:CD:98:E3:EF:73:42:49
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       019B7C80890AEF372C02DAFBA283EE8D5429
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/257xP2pIg94xXFdKXs2Y4-9zQkk.roa
Signing time:             Fri 02 Jan 2026 02:19:17 +0000
ROA not before:           Fri 02 Jan 2026 02:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210976
IP address blocks:        103.74.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:89:0a:ef:37:2c:02:da:fb:a2:83:ee:8d:54:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jan  2 02:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db9ef13f6a4883de315c574a5ecd98e3ef734249
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:51:8a:b0:9f:3e:5b:79:5f:dd:05:2c:fd:00:
                    fd:4f:65:02:27:96:da:15:97:34:08:23:fa:86:69:
                    b1:6a:a4:61:87:70:db:10:15:03:98:dd:53:05:16:
                    14:61:3b:70:f9:5a:8a:96:db:e0:56:04:73:75:5d:
                    c6:52:f7:a9:c8:1a:a3:61:bc:4b:e5:20:3a:ab:5a:
                    37:57:80:d8:87:d6:5f:32:27:38:c8:ee:0e:59:33:
                    b8:e4:22:6e:52:c3:46:f4:09:d9:87:e1:6a:b9:e2:
                    15:53:73:07:88:dc:64:13:91:20:fe:02:cf:56:71:
                    a7:f0:59:09:a7:31:cd:0a:12:01:07:56:62:1d:c6:
                    20:1a:3e:cf:3a:f4:bb:7c:b9:00:8b:83:76:0f:f3:
                    61:5d:1d:88:93:45:4f:10:b5:3e:b5:c3:88:ad:c6:
                    c7:a9:83:c6:b5:32:78:2d:b0:b5:04:45:23:2f:33:
                    8b:4e:ce:6a:5a:73:2e:5d:91:9c:9a:5b:7b:ab:4d:
                    f8:b0:25:c0:4c:70:3f:90:fc:39:3c:17:2c:92:fb:
                    b1:83:6c:22:42:b1:67:14:19:3e:e5:fd:a5:b0:18:
                    cb:2b:75:30:7f:a3:96:05:ff:f5:56:a6:d4:9f:3e:
                    80:ec:9f:ec:1e:54:dc:f2:3d:af:c0:4e:7f:dd:8f:
                    c7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:9E:F1:3F:6A:48:83:DE:31:5C:57:4A:5E:CD:98:E3:EF:73:42:49
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/257xP2pIg94xXFdKXs2Y4-9zQkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.74.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:4a:97:92:1e:91:4d:c2:1a:9d:74:c3:65:de:5a:5b:ca:44:
         44:cc:b1:a2:c2:1a:2e:b2:aa:c7:7e:85:4a:63:3b:b3:76:6b:
         e5:3a:5e:9e:de:25:6f:3a:f3:73:ea:75:bf:0c:84:4b:4e:72:
         1d:96:f7:6b:d3:1b:2a:46:04:ab:99:96:f0:78:48:64:a8:cd:
         8d:cd:ad:5d:53:71:25:4e:b9:da:ba:c1:13:01:e1:b5:d1:42:
         36:ba:49:a6:4d:ef:8a:bb:68:4a:f4:42:06:1a:ae:ec:bb:5a:
         a0:99:71:9c:5f:42:23:77:bb:76:c6:ed:65:1b:45:4c:b8:1e:
         3c:35:23:30:fe:5e:c9:e4:84:b7:c6:7c:69:dc:6c:8d:70:2c:
         ce:cf:87:fb:67:b4:94:38:b8:16:ca:6d:71:ae:8c:2b:e8:6e:
         21:07:c9:8b:85:54:1f:91:a9:1b:cc:b7:30:18:14:9e:de:10:
         3a:5d:fc:ee:d4:52:e2:46:04:15:40:a0:75:b9:2f:ee:e0:3e:
         75:ff:78:ce:0e:c6:ec:3e:aa:62:b6:cb:a8:18:7e:5c:6e:4a:
         35:a0:71:71:68:84:64:eb:b5:a4:7a:28:8a:b7:4c:80:83:e3:
         2b:a3:32:ef:cc:96:f0:64:d8:12:52:91:36:bb:63:fc:c2:21:
         73:b6:8f:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gIkK7zcsAtr7ooPujVQpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjYwMTAyMDIxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjllZjEzZjZhNDg4M2RlMzE1YzU3NGE1ZWNkOThlM2VmNzM0MjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FGKsJ8+W3lf3QUs/QD9T2UCJ5ba
FZc0CCP6hmmxaqRhh3DbEBUDmN1TBRYUYTtw+VqKltvgVgRzdV3GUvepyBqjYbxL
5SA6q1o3V4DYh9ZfMic4yO4OWTO45CJuUsNG9AnZh+FqueIVU3MHiNxkE5Eg/gLP
VnGn8FkJpzHNChIBB1ZiHcYgGj7POvS7fLkAi4N2D/NhXR2Ik0VPELU+tcOIrcbH
qYPGtTJ4LbC1BEUjLzOLTs5qWnMuXZGcmlt7q034sCXATHA/kPw5PBcskvuxg2wi
QrFnFBk+5f2lsBjLK3Uwf6OWBf/1VqbUnz6A7J/sHlTc8j2vwE5/3Y/HnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNue8T9qSIPeMVxXSl7NmOPvc0JJMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvMjU3eFAycElnOTR4WEZkS1hzMlk0LTl6UWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0pcMA0G
CSqGSIb3DQEBCwUAA4IBAQA/SpeSHpFNwhqddMNl3lpbykREzLGiwhousqrHfoVK
YzuzdmvlOl6e3iVvOvNz6nW/DIRLTnIdlvdr0xsqRgSrmZbweEhkqM2Nza1dU3El
TrnausETAeG10UI2ukmmTe+Ku2hK9EIGGq7su1qgmXGcX0Ijd7t2xu1lG0VMuB48
NSMw/l7J5IS3xnxp3GyNcCzOz4f7Z7SUOLgWym1xrowr6G4hB8mLhVQfkakbzLcw
GBSe3hA6Xfzu1FLiRgQVQKB1uS/u4D51/3jODsbsPqpitsuoGH5cbko1oHFxaIRk
67WkeiiKt0yAg+MrozLvzJbwZNgSUpE2u2P8wiFzto9J
-----END CERTIFICATE-----