This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/y5RS8HrEJ8kED5BskhLhm_4BWLI.roa
File:                     y5RS8HrEJ8kED5BskhLhm_4BWLI.roa (raw, json)
Hash identifier:          kUt0c51YaiS0sol14q/MFCa1xF2Vh48fis+8qbFBh2w=
Subject key identifier:   CB:94:52:F0:7A:C4:27:C9:04:0F:90:6C:92:12:E1:9B:FE:01:58:B2
Certificate issuer:       /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial:       019BEB37A1F936D7F4DD9B7A251BC5EFCF3A
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/y5RS8HrEJ8kED5BskhLhm_4BWLI.roa
Signing time:             Fri 23 Jan 2026 14:17:30 +0000
ROA not before:           Fri 23 Jan 2026 14:17:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        141.98.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:eb:37:a1:f9:36:d7:f4:dd:9b:7a:25:1b:c5:ef:cf:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
        Validity
            Not Before: Jan 23 14:17:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb9452f07ac427c9040f906c9212e19bfe0158b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:d2:f0:4e:63:d8:0c:07:3f:02:57:f9:cd:ff:
                    e9:4e:c1:78:96:1b:36:19:fb:f9:31:b2:12:34:4a:
                    aa:12:ca:27:e8:19:ee:28:8a:bb:98:b2:a0:6d:ea:
                    1c:71:f1:b1:02:58:1b:e6:6a:a1:55:59:7b:82:9c:
                    7b:6d:88:77:15:30:6f:5d:0c:07:92:6f:d1:50:c4:
                    e3:5d:d2:58:36:06:97:29:d4:33:ae:1d:07:43:b3:
                    9f:92:68:eb:b1:31:d3:3a:5e:43:4e:a2:da:c4:cc:
                    61:fe:99:5b:dc:d9:88:c4:02:02:01:57:fd:1e:53:
                    df:4d:c7:73:24:fd:7f:af:77:11:25:29:69:2b:35:
                    75:6a:18:09:66:8d:74:f1:d0:5d:06:fe:e7:c9:4c:
                    25:e1:f6:da:d2:70:90:4c:d3:6b:27:6b:74:fe:6d:
                    c6:ea:52:13:c9:26:9e:f7:d3:52:0c:f0:4f:9a:4e:
                    ad:7a:6a:c8:5e:df:d9:68:93:4c:52:38:d8:08:98:
                    c5:58:86:b7:ba:31:b5:33:a2:ea:04:21:7d:13:a1:
                    d4:40:2f:d6:09:12:13:a0:1d:44:2e:47:88:0b:f1:
                    94:36:e3:d4:fa:07:79:43:80:d3:16:88:b3:ac:81:
                    5c:35:e5:67:d6:71:bd:e5:2b:47:a5:b8:ca:51:c7:
                    5c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:94:52:F0:7A:C4:27:C9:04:0F:90:6C:92:12:E1:9B:FE:01:58:B2
            X509v3 Authority Key Identifier:
                keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/y5RS8HrEJ8kED5BskhLhm_4BWLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:fd:de:c0:89:26:2f:23:b9:a2:31:9e:f8:ff:82:ce:d8:c1:
         86:fd:5b:86:64:48:56:6c:66:5b:12:8b:d1:82:ab:56:49:5b:
         95:e5:11:02:a8:e3:a6:c3:91:58:a4:53:fb:5a:d8:d8:a0:e6:
         5b:2b:1e:48:38:4b:69:b3:78:0a:c5:7d:e4:02:ed:82:9f:95:
         42:40:3f:ae:d6:a1:b1:38:7e:54:8a:f8:62:6b:3d:9c:e0:c9:
         fb:c5:fa:13:b3:c5:78:ac:92:69:a9:1d:97:64:8f:ea:4a:4c:
         4c:c8:bd:f6:e4:70:9b:ce:d3:fd:99:a6:d3:62:72:10:40:aa:
         4a:69:c7:d7:cc:d8:88:64:c3:79:a7:e3:a5:3a:39:87:1b:c4:
         c6:35:29:df:f2:63:ec:94:42:2f:dc:22:b8:8e:7c:de:67:00:
         8c:c4:12:53:ce:d8:89:a3:f7:1a:6d:23:43:ea:b3:d4:eb:cc:
         fd:7a:27:2c:91:ee:fc:ae:ff:8a:67:c9:e7:4d:03:fa:34:f8:
         17:5b:66:0d:45:40:23:48:5d:37:5e:ae:e7:27:ce:8b:98:4f:
         ec:8b:88:a3:9a:cb:05:02:b6:4f:a8:28:6b:b3:25:66:8e:fd:
         b3:9e:47:26:54:6a:f8:98:4e:1a:74:c0:25:a3:cf:9b:a9:31:
         e9:40:b3:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvrN6H5Ntf03Zt6JRvF7886MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjYwMTIzMTQxNzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjk0NTJmMDdhYzQyN2M5MDQwZjkwNmM5MjEyZTE5YmZlMDE1OGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1tLwTmPYDAc/Alf5zf/pTsF4lhs2
Gfv5MbISNEqqEson6BnuKIq7mLKgbeoccfGxAlgb5mqhVVl7gpx7bYh3FTBvXQwH
km/RUMTjXdJYNgaXKdQzrh0HQ7OfkmjrsTHTOl5DTqLaxMxh/plb3NmIxAICAVf9
HlPfTcdzJP1/r3cRJSlpKzV1ahgJZo108dBdBv7nyUwl4fba0nCQTNNrJ2t0/m3G
6lITySae99NSDPBPmk6temrIXt/ZaJNMUjjYCJjFWIa3ujG1M6LqBCF9E6HUQC/W
CRIToB1ELkeIC/GUNuPU+gd5Q4DTFoizrIFcNeVn1nG95StHpbjKUcdcRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMuUUvB6xCfJBA+QbJIS4Zv+AViyMB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEveTVSUzhIckVKOGtFRDVCc2toTGhtXzRCV0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjWKVMA0G
CSqGSIb3DQEBCwUAA4IBAQA4/d7AiSYvI7miMZ74/4LO2MGG/VuGZEhWbGZbEovR
gqtWSVuV5RECqOOmw5FYpFP7WtjYoOZbKx5IOEtps3gKxX3kAu2Cn5VCQD+u1qGx
OH5Uivhiaz2c4Mn7xfoTs8V4rJJpqR2XZI/qSkxMyL325HCbztP9mabTYnIQQKpK
acfXzNiIZMN5p+OlOjmHG8TGNSnf8mPslEIv3CK4jnzeZwCMxBJTztiJo/cabSND
6rPU68z9eicske78rv+KZ8nnTQP6NPgXW2YNRUAjSF03Xq7nJ86LmE/si4ijmssF
ArZPqChrsyVmjv2znkcmVGr4mE4adMAlo8+bqTHpQLOv
-----END CERTIFICATE-----