This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/YufeuDiA9sVlfWq18RDz7TSxfXE.roa
File:                     YufeuDiA9sVlfWq18RDz7TSxfXE.roa (raw, json)
Hash identifier:          xtDpfGoaIqHnQ4mBeliY0FZ+RJoI7n0cB4zIAyJqT+A=
Subject key identifier:   62:E7:DE:B8:38:80:F6:C5:65:7D:6A:B5:F1:10:F3:ED:34:B1:7D:71
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019B76EAF99F56CF9A1887E22052B813BB89
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/YufeuDiA9sVlfWq18RDz7TSxfXE.roa
Signing time:             Thu 01 Jan 2026 00:17:49 +0000
ROA not before:           Thu 01 Jan 2026 00:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152704
IP address blocks:        103.25.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:f9:9f:56:cf:9a:18:87:e2:20:52:b8:13:bb:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  1 00:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=62e7deb83880f6c5657d6ab5f110f3ed34b17d71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d1:eb:f8:f0:e0:fc:32:7f:a8:44:83:9d:0b:
                    a3:82:6e:d9:66:43:84:ff:bd:16:02:ae:04:c5:7e:
                    e8:9b:64:fa:39:78:8c:f4:13:0b:8f:38:50:a4:a7:
                    41:61:40:01:1e:e7:81:1f:5e:63:77:aa:7f:cd:25:
                    8d:36:07:13:d0:db:0a:b4:d7:a8:af:ed:26:1e:6b:
                    5f:95:99:ea:23:e7:ab:54:72:6c:30:69:91:d5:8f:
                    6d:94:b1:82:b9:0b:42:b0:e6:f3:ac:31:4a:3f:91:
                    25:48:ce:36:71:96:f7:38:ca:b9:24:9e:67:4c:d3:
                    82:c1:d4:04:4f:c3:57:f1:18:29:ec:68:8a:e3:af:
                    9e:19:51:38:82:78:b7:8d:22:23:9c:92:70:a3:70:
                    03:20:27:b3:56:54:21:b5:6a:ba:9c:e9:c5:d7:ae:
                    dc:92:49:06:a5:ca:8e:6b:71:a6:14:ef:40:0c:f0:
                    86:09:d5:d8:e5:fe:f2:da:f9:07:d7:54:55:d3:a7:
                    e4:3d:bc:e4:b9:dd:a2:e1:8e:99:9a:b0:4d:6a:36:
                    45:88:c3:da:62:81:e6:f6:07:45:2a:6b:8b:86:4a:
                    e8:91:eb:48:b8:c2:e7:ae:cc:6e:75:7f:da:8d:46:
                    bd:c3:68:64:b0:1a:c7:b1:97:c4:18:8c:b8:76:f5:
                    63:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:E7:DE:B8:38:80:F6:C5:65:7D:6A:B5:F1:10:F3:ED:34:B1:7D:71
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/YufeuDiA9sVlfWq18RDz7TSxfXE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.25.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:c5:f3:c5:50:76:2a:ff:1a:a2:a4:92:8f:cd:7a:e7:5d:08:
         d1:9c:9c:50:07:04:86:b2:12:73:db:7e:a9:7e:5b:9d:17:0a:
         71:85:46:18:f2:5d:6b:32:af:75:37:6a:47:e7:0a:39:20:9b:
         eb:42:d8:42:0c:bf:22:3f:4c:2d:c7:34:42:6c:a1:2a:20:4a:
         9f:6a:63:88:d8:a3:fd:48:14:b6:aa:be:ff:99:b3:7b:71:ac:
         6a:b8:ad:13:13:ba:99:52:8b:c2:7a:0d:19:76:37:62:6f:68:
         91:de:9b:cc:cb:38:83:bd:6f:df:9d:f6:15:8c:e9:e5:23:b2:
         6e:4a:e5:f1:73:c4:3f:50:fa:12:aa:fc:72:67:1f:3e:52:ba:
         ec:ee:06:6b:a0:68:2b:78:07:8e:e4:dd:b7:9e:49:56:38:4f:
         41:3d:59:0c:f1:1f:11:f5:19:de:3f:6f:2f:92:aa:d2:d6:a3:
         07:57:58:78:0a:42:bb:8b:2b:80:2e:0c:03:f3:ff:62:e8:bd:
         3c:5a:f2:9b:33:8a:6f:65:e7:2f:0e:06:32:b6:e0:b1:e6:c6:
         d0:d8:48:d0:a7:a4:1d:1f:65:58:e0:1f:38:5b:41:ee:93:8f:
         4a:e5:fd:66:2c:45:97:97:c6:7e:d6:0b:0b:bd:8a:1b:b4:dd:
         da:c9:4b:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26vmfVs+aGIfiIFK4E7uJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwMTAxMDAxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmU3ZGViODM4ODBmNmM1NjU3ZDZhYjVmMTEwZjNlZDM0YjE3ZDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdHr+PDg/DJ/qESDnQujgm7ZZkOE
/70WAq4ExX7om2T6OXiM9BMLjzhQpKdBYUABHueBH15jd6p/zSWNNgcT0NsKtNeo
r+0mHmtflZnqI+erVHJsMGmR1Y9tlLGCuQtCsObzrDFKP5ElSM42cZb3OMq5JJ5n
TNOCwdQET8NX8Rgp7GiK46+eGVE4gni3jSIjnJJwo3ADICezVlQhtWq6nOnF167c
kkkGpcqOa3GmFO9ADPCGCdXY5f7y2vkH11RV06fkPbzkud2i4Y6ZmrBNajZFiMPa
YoHm9gdFKmuLhkroketIuMLnrsxudX/ajUa9w2hksBrHsZfEGIy4dvVjUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLn3rg4gPbFZX1qtfEQ8+00sX1xMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvWXVmZXVEaUE5c1ZsZldxMThSRHo3VFN4ZlhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBZxlWMA0G
CSqGSIb3DQEBCwUAA4IBAQBVxfPFUHYq/xqipJKPzXrnXQjRnJxQBwSGshJz236p
fludFwpxhUYY8l1rMq91N2pH5wo5IJvrQthCDL8iP0wtxzRCbKEqIEqfamOI2KP9
SBS2qr7/mbN7caxquK0TE7qZUovCeg0Zdjdib2iR3pvMyziDvW/fnfYVjOnlI7Ju
SuXxc8Q/UPoSqvxyZx8+Urrs7gZroGgreAeO5N23nklWOE9BPVkM8R8R9RneP28v
kqrS1qMHV1h4CkK7iyuALgwD8/9i6L08WvKbM4pvZecvDgYytuCx5sbQ2EjQp6Qd
H2VY4B84W0Huk49K5f1mLEWXl8Z+1gsLvYobtN3ayUsA
-----END CERTIFICATE-----