This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/2ZPAoDVMpQcEFj6ZwF6t3pvmnvE.roa
File:                     2ZPAoDVMpQcEFj6ZwF6t3pvmnvE.roa (raw, json)
Hash identifier:          1rHNnFMhQDvJllSq2QAXfLYw1Y4xr+/L6lecMSt4yzM=
Subject key identifier:   D9:93:C0:A0:35:4C:A5:07:04:16:3E:99:C0:5E:AD:DE:9B:E6:9E:F1
Certificate issuer:       /CN=538dd18b1692d8a3e7712d3e6b928b09aa0ae66c
Certificate serial:       019B7F6F470FCB775924E6903403B8805DEA
Authority key identifier: 53:8D:D1:8B:16:92:D8:A3:E7:71:2D:3E:6B:92:8B:09:AA:0A:E6:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U43RixaS2KPncS0-a5KLCaoK5mw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/2ZPAoDVMpQcEFj6ZwF6t3pvmnvE.roa
Signing time:             Fri 02 Jan 2026 15:59:17 +0000
ROA not before:           Fri 02 Jan 2026 15:59:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213871
IP address blocks:        103.76.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/U43RixaS2KPncS0-a5KLCaoK5mw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/U43RixaS2KPncS0-a5KLCaoK5mw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U43RixaS2KPncS0-a5KLCaoK5mw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:6f:47:0f:cb:77:59:24:e6:90:34:03:b8:80:5d:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=538dd18b1692d8a3e7712d3e6b928b09aa0ae66c
        Validity
            Not Before: Jan  2 15:59:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d993c0a0354ca50704163e99c05eadde9be69ef1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:85:a1:96:3f:9e:3c:8f:d8:4f:01:c6:11:2a:
                    36:09:31:7a:25:18:ec:2b:21:c2:fd:ba:cd:61:87:
                    40:ff:6e:15:1c:34:ec:09:e9:85:65:06:eb:d6:ed:
                    5b:83:2b:31:e5:ed:c9:f8:16:62:9b:7c:b5:07:b1:
                    6c:dc:85:55:4e:6e:02:60:85:0e:96:6f:3c:72:5e:
                    ab:a0:a2:79:f1:ef:20:54:b2:ef:a3:3f:6c:53:a1:
                    c0:68:eb:78:18:ba:10:11:4e:8b:b5:55:c2:b2:39:
                    a4:d0:08:00:f8:5a:15:d0:68:92:cd:e9:39:62:25:
                    fd:b0:ed:ad:4b:fe:c7:1d:e2:4a:cd:25:6c:41:21:
                    53:01:67:99:02:61:80:03:c4:24:80:6d:42:be:85:
                    e2:be:71:79:d9:a8:5e:aa:d0:b2:d2:43:d0:45:dd:
                    86:70:74:d7:dc:a6:d2:3e:5b:06:c9:bd:a0:ba:71:
                    18:77:70:32:e1:51:2b:90:ec:70:8a:a5:86:b6:9e:
                    78:10:6a:e8:d8:51:cf:d2:8d:e2:96:40:4a:86:0c:
                    3a:b6:b0:30:10:3d:08:cd:e1:5a:bb:09:7b:b3:15:
                    32:11:5f:9c:5e:73:a9:3b:fb:be:c1:73:08:5d:e0:
                    d9:cf:4a:cd:c0:fb:df:a5:31:4d:5c:82:2f:d6:bd:
                    84:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:93:C0:A0:35:4C:A5:07:04:16:3E:99:C0:5E:AD:DE:9B:E6:9E:F1
            X509v3 Authority Key Identifier:
                keyid:53:8D:D1:8B:16:92:D8:A3:E7:71:2D:3E:6B:92:8B:09:AA:0A:E6:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U43RixaS2KPncS0-a5KLCaoK5mw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/2ZPAoDVMpQcEFj6ZwF6t3pvmnvE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/U43RixaS2KPncS0-a5KLCaoK5mw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:96:a8:46:a2:3a:f4:11:52:ef:9f:42:b0:79:e2:27:30:06:
         e2:3c:de:ac:bc:d4:15:b1:ea:10:97:91:ba:da:84:5e:0e:5b:
         61:a7:60:4a:c5:65:fd:85:ea:18:e7:d1:db:c0:5d:4d:a2:c1:
         7b:49:4a:d7:c3:a8:d2:ec:75:57:c2:65:10:8f:8c:83:42:b4:
         cc:76:2c:77:78:83:66:28:de:68:5e:35:88:36:8c:82:ee:51:
         f4:70:d2:00:33:7d:8c:fb:8f:3e:80:33:6b:ba:fc:a3:0b:19:
         b8:56:cd:66:aa:f1:5b:f7:de:19:58:ee:da:db:8e:ee:9b:54:
         d4:40:14:5f:95:63:aa:8e:58:fa:f0:4b:ff:e2:a7:a1:81:70:
         9b:31:e2:e6:a4:25:1f:e3:02:8c:57:c9:e9:b6:d7:9e:47:50:
         49:f5:37:48:59:74:9e:f7:db:9f:a7:fb:3c:c2:d5:d4:fb:a1:
         39:de:2e:0e:ee:20:1a:4f:5b:80:b1:33:6d:f7:4b:d8:6f:97:
         db:cf:5d:b4:ad:62:46:a1:3d:9f:d3:cf:dc:99:7c:8a:42:fb:
         f6:06:27:31:ff:85:b3:02:5b:b8:05:f3:e0:fe:04:77:f6:f4:
         c2:dd:20:92:69:c7:e2:de:4d:c4:4f:60:8d:92:da:0b:d5:cd:
         ca:34:fc:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/b0cPy3dZJOaQNAO4gF3qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzOGRkMThiMTY5MmQ4YTNlNzcxMmQzZTZiOTI4YjA5YWEw
YWU2NmMwHhcNMjYwMTAyMTU1OTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTkzYzBhMDM1NGNhNTA3MDQxNjNlOTljMDVlYWRkZTliZTY5ZWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIWhlj+ePI/YTwHGESo2CTF6JRjs
KyHC/brNYYdA/24VHDTsCemFZQbr1u1bgysx5e3J+BZim3y1B7Fs3IVVTm4CYIUO
lm88cl6roKJ58e8gVLLvoz9sU6HAaOt4GLoQEU6LtVXCsjmk0AgA+FoV0GiSzek5
YiX9sO2tS/7HHeJKzSVsQSFTAWeZAmGAA8QkgG1CvoXivnF52aheqtCy0kPQRd2G
cHTX3KbSPlsGyb2gunEYd3Ay4VErkOxwiqWGtp54EGro2FHP0o3ilkBKhgw6trAw
ED0IzeFauwl7sxUyEV+cXnOpO/u+wXMIXeDZz0rNwPvfpTFNXIIv1r2EQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNmTwKA1TKUHBBY+mcBerd6b5p7xMB8GA1UdIwQY
MBaAFFON0YsWktij53EtPmuSiwmqCuZsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTQzUml4YVMyS1BuY1MwLWE1S0xDYW9LNW13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85Y2IwZTktNTM3ZC00ZjZlLWI5OGUt
MmViNzBhMzYwMmU5LzEvMlpQQW9EVk1wUWNFRmo2WndGNnQzcHZtbnZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85Y2IwZTktNTM3ZC00ZjZlLWI5OGUtMmViNzBhMzYwMmU5
LzEvVTQzUml4YVMyS1BuY1MwLWE1S0xDYW9LNW13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0yCMA0G
CSqGSIb3DQEBCwUAA4IBAQBQlqhGojr0EVLvn0KweeInMAbiPN6svNQVseoQl5G6
2oReDlthp2BKxWX9heoY59HbwF1NosF7SUrXw6jS7HVXwmUQj4yDQrTMdix3eINm
KN5oXjWINoyC7lH0cNIAM32M+48+gDNruvyjCxm4Vs1mqvFb994ZWO7a247um1TU
QBRflWOqjlj68Ev/4qehgXCbMeLmpCUf4wKMV8nptteeR1BJ9TdIWXSe99ufp/s8
wtXU+6E53i4O7iAaT1uAsTNt90vYb5fbz120rWJGoT2f08/cmXyKQvv2Bicx/4Wz
Alu4BfPg/gR39vTC3SCSacfi3k3ET2CNktoL1c3KNPxv
-----END CERTIFICATE-----