This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/w9soDO_ycbs3bNXBaF2NHfPCejg.roa
File:                     w9soDO_ycbs3bNXBaF2NHfPCejg.roa (raw, json)
Hash identifier:          4Gp50y/g9MCQDf3Ux8glUmgQa9e4n46kLVxUlZSULCY=
Subject key identifier:   C3:DB:28:0C:EF:F2:71:BB:37:6C:D5:C1:68:5D:8D:1D:F3:C2:7A:38
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019B7CEE3DD3413992040683A34CEA4240DD
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/w9soDO_ycbs3bNXBaF2NHfPCejg.roa
Signing time:             Fri 02 Jan 2026 04:19:06 +0000
ROA not before:           Fri 02 Jan 2026 04:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203057
IP address blocks:        5.102.100.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:3d:d3:41:39:92:04:06:83:a3:4c:ea:42:40:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 04:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c3db280ceff271bb376cd5c1685d8d1df3c27a38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:6f:a8:bd:92:7e:c5:32:4c:dc:46:1e:51:53:
                    12:38:bf:36:67:99:6d:f1:79:b2:46:7c:92:df:1b:
                    7c:4b:4b:27:a0:2e:2d:9b:bf:f7:a4:7d:63:59:26:
                    92:de:ad:e1:20:8c:52:47:c9:66:6e:10:eb:44:ca:
                    15:c0:f6:52:c8:dc:2c:ea:c0:77:12:9d:ab:41:13:
                    a8:7a:75:70:45:95:77:3c:60:11:4d:eb:a8:1e:6a:
                    ab:50:85:8f:95:75:ed:ad:74:a2:b4:05:5e:41:60:
                    51:ee:f6:a0:0c:30:3b:63:ce:fe:48:54:84:53:a2:
                    d1:3a:50:b7:03:61:26:0c:7c:81:db:e0:23:72:0f:
                    3a:b7:75:74:9d:5c:a4:3e:e9:4a:aa:ca:5f:5c:a1:
                    b2:c1:c3:04:60:1e:02:11:6d:c3:fd:04:16:4f:9e:
                    0a:2a:c5:af:28:f3:75:9e:eb:2e:9a:e4:fb:da:63:
                    8f:87:85:3d:af:d3:fb:c0:d1:b3:93:69:01:c5:da:
                    df:76:80:7b:05:ff:56:a8:be:2a:79:ca:4e:ad:2a:
                    72:a5:5a:31:9f:0e:db:2d:ca:26:0a:8c:31:34:b8:
                    e2:04:5d:12:c5:07:55:03:00:85:ac:d7:e0:44:29:
                    f6:98:ae:52:17:43:23:a7:b0:21:cc:e4:9c:92:b9:
                    16:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:DB:28:0C:EF:F2:71:BB:37:6C:D5:C1:68:5D:8D:1D:F3:C2:7A:38
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/w9soDO_ycbs3bNXBaF2NHfPCejg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.102.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:43:cc:3e:4b:ce:64:bc:94:35:43:08:52:58:3e:5b:97:cc:
         11:23:65:26:bf:c5:7b:95:95:6d:4f:bd:6a:42:3f:da:10:48:
         dc:04:e2:84:9a:d1:ce:3d:9a:5b:3a:81:05:56:5b:75:c0:6d:
         63:95:d6:83:07:a2:88:b6:c6:a9:9d:1a:2f:8d:09:12:d6:73:
         87:a1:ea:d7:2c:a7:e1:86:33:b8:9e:2f:2c:4c:82:04:3f:46:
         ec:50:7c:96:8b:3f:c9:c0:69:5f:eb:38:ed:60:4c:94:24:ac:
         c9:17:10:e7:bc:28:ba:64:bb:a4:01:f6:dc:87:a4:31:24:e7:
         0d:0f:7d:08:f3:5f:02:75:4b:a9:15:e6:f2:42:c9:7f:f0:de:
         ca:ae:03:6e:a1:0b:a9:30:87:b1:97:e0:11:20:1c:69:05:05:
         e1:8c:7a:73:1e:51:c4:c2:35:d7:ca:54:d1:b4:ba:eb:18:64:
         e2:86:1c:79:10:a1:db:6e:3e:75:a4:b6:bc:2a:80:26:08:fd:
         26:bf:42:d4:4b:4a:c5:62:58:22:c6:50:15:2d:ff:11:75:b4:
         ca:c5:d1:50:3c:54:27:74:cf:0f:c1:98:af:93:cd:ef:66:1f:
         f4:29:de:3a:52:1d:a6:ac:ee:d5:33:1b:2a:02:f3:25:18:78:
         2d:eb:8c:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87j3TQTmSBAaDo0zqQkDdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjYwMTAyMDQxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2RiMjgwY2VmZjI3MWJiMzc2Y2Q1YzE2ODVkOGQxZGYzYzI3YTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32+ovZJ+xTJM3EYeUVMSOL82Z5lt
8XmyRnyS3xt8S0snoC4tm7/3pH1jWSaS3q3hIIxSR8lmbhDrRMoVwPZSyNws6sB3
Ep2rQROoenVwRZV3PGARTeuoHmqrUIWPlXXtrXSitAVeQWBR7vagDDA7Y87+SFSE
U6LROlC3A2EmDHyB2+Ajcg86t3V0nVykPulKqspfXKGywcMEYB4CEW3D/QQWT54K
KsWvKPN1nusumuT72mOPh4U9r9P7wNGzk2kBxdrfdoB7Bf9WqL4qecpOrSpypVox
nw7bLcomCowxNLjiBF0SxQdVAwCFrNfgRCn2mK5SF0Mjp7AhzOSckrkWFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMPbKAzv8nG7N2zVwWhdjR3zwno4MB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvdzlzb0RPX3ljYnMzYk5YQmFGMk5IZlBDZWpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBWZkMA0G
CSqGSIb3DQEBCwUAA4IBAQCYQ8w+S85kvJQ1QwhSWD5bl8wRI2Umv8V7lZVtT71q
Qj/aEEjcBOKEmtHOPZpbOoEFVlt1wG1jldaDB6KItsapnRovjQkS1nOHoerXLKfh
hjO4ni8sTIIEP0bsUHyWiz/JwGlf6zjtYEyUJKzJFxDnvCi6ZLukAfbch6QxJOcN
D30I818CdUupFebyQsl/8N7KrgNuoQupMIexl+ARIBxpBQXhjHpzHlHEwjXXylTR
tLrrGGTihhx5EKHbbj51pLa8KoAmCP0mv0LUS0rFYlgixlAVLf8RdbTKxdFQPFQn
dM8PwZivk83vZh/0Kd46Uh2mrO7VMxsqAvMlGHgt64zQ
-----END CERTIFICATE-----