This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/dYc4QHw_MlBGkai83ebw6UpAabw.roa
File:                     dYc4QHw_MlBGkai83ebw6UpAabw.roa (raw, json)
Hash identifier:          PhHK3yJG/efNPRvamiA5Euk3gsAbVkNsvmnaGEDrJ+4=
Subject key identifier:   75:87:38:40:7C:3F:32:50:46:91:A8:BC:DD:E6:F0:E9:4A:40:69:BC
Certificate issuer:       /CN=137f3372df57c814aba8b51a907861d92b9e4f55
Certificate serial:       019B7C124C42C12461E69BFA53392F08F9DA
Authority key identifier: 13:7F:33:72:DF:57:C8:14:AB:A8:B5:1A:90:78:61:D9:2B:9E:4F:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E38zct9XyBSrqLUakHhh2SueT1U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/dYc4QHw_MlBGkai83ebw6UpAabw.roa
Signing time:             Fri 02 Jan 2026 00:18:52 +0000
ROA not before:           Fri 02 Jan 2026 00:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208006
IP address blocks:        5.253.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/E38zct9XyBSrqLUakHhh2SueT1U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/E38zct9XyBSrqLUakHhh2SueT1U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E38zct9XyBSrqLUakHhh2SueT1U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:4c:42:c1:24:61:e6:9b:fa:53:39:2f:08:f9:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137f3372df57c814aba8b51a907861d92b9e4f55
        Validity
            Not Before: Jan  2 00:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=758738407c3f32504691a8bcdde6f0e94a4069bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:75:ab:91:c9:13:be:c8:81:f2:d4:24:d7:1e:
                    47:ad:bb:f9:48:a2:45:2e:eb:5a:d2:52:d3:de:7c:
                    f7:dc:e2:4f:6c:87:35:05:ce:7f:6e:09:db:dc:78:
                    58:aa:21:93:de:71:ae:fb:f3:95:e5:ba:0e:0a:ce:
                    94:9a:90:85:68:0c:85:78:b8:75:e9:ea:f4:47:19:
                    f0:fa:de:68:0b:a8:2f:48:20:96:23:dd:3f:d2:10:
                    fd:fb:72:ef:aa:03:2d:0c:50:7f:aa:5d:7d:2d:b8:
                    6a:d4:7c:c3:b7:4d:fb:51:95:86:d5:c2:34:63:90:
                    75:f0:53:f3:de:0a:7f:86:c2:f9:6b:f6:75:aa:00:
                    fb:46:22:e7:4a:4a:9c:ce:57:b0:dd:f6:31:63:fd:
                    61:24:f1:9f:89:6a:5c:27:d4:b9:44:a0:dd:4c:8e:
                    3e:4f:dc:67:37:dd:d1:b5:2f:11:4e:6a:1d:05:45:
                    7b:a3:d2:54:fc:d2:7c:55:cf:7b:aa:89:b8:af:ab:
                    ea:91:31:dc:2f:39:bd:19:36:ee:fd:8d:86:b7:00:
                    41:18:86:06:21:6c:70:fa:2b:17:5b:54:ae:7f:25:
                    e8:f7:98:be:00:d2:1b:c9:48:29:0d:b3:69:4c:f2:
                    81:fb:62:5f:f9:e5:d0:a1:cf:60:3c:9f:83:43:33:
                    56:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:87:38:40:7C:3F:32:50:46:91:A8:BC:DD:E6:F0:E9:4A:40:69:BC
            X509v3 Authority Key Identifier:
                keyid:13:7F:33:72:DF:57:C8:14:AB:A8:B5:1A:90:78:61:D9:2B:9E:4F:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E38zct9XyBSrqLUakHhh2SueT1U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/dYc4QHw_MlBGkai83ebw6UpAabw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/8b141b-494e-466b-a22c-a224fefac218/1/E38zct9XyBSrqLUakHhh2SueT1U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.253.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0b:48:52:78:d0:d2:4a:8a:6a:92:9f:08:9f:f9:4b:25:b4:f5:
         26:9b:7a:ec:6e:37:79:19:a7:84:37:eb:06:6a:83:cb:92:7a:
         81:a5:b5:0c:7e:39:7d:ec:28:86:62:33:85:53:94:34:7d:24:
         5a:e8:dd:25:b7:9d:b9:93:c4:ff:75:d5:af:ea:a7:36:99:46:
         f9:e9:5a:2c:ab:73:9c:bb:71:fa:03:ae:82:b7:93:71:80:44:
         2a:3d:56:0f:5a:8c:f9:64:69:a3:5d:b3:e6:e1:87:f1:2d:2b:
         3c:4d:d9:c1:d9:f8:77:3f:69:3c:af:fd:29:fa:36:da:7c:5e:
         c1:c7:ad:73:36:db:ef:31:19:5a:35:96:ac:e1:98:ad:59:e4:
         2a:e4:24:f8:f7:a0:55:31:e7:f6:f7:96:bc:e9:06:78:a7:8f:
         fe:bb:5b:2f:50:59:8a:64:95:73:1e:44:9c:9f:74:d8:1a:c5:
         ec:d4:47:6a:6a:ec:ac:79:61:14:f7:01:0e:9f:52:36:8f:cd:
         69:d7:59:5d:5e:76:8e:20:e4:08:d2:da:47:75:bc:4b:5e:88:
         0b:ae:03:ca:7e:41:66:cb:34:a0:09:f8:33:6b:2a:73:22:39:
         c8:80:29:c2:ab:75:c3:65:7f:8e:e2:5a:c2:89:10:90:ba:bb:
         a6:bd:56:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EkxCwSRh5pv6UzkvCPnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2YzMzcyZGY1N2M4MTRhYmE4YjUxYTkwNzg2MWQ5MmI5
ZTRmNTUwHhcNMjYwMTAyMDAxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTg3Mzg0MDdjM2YzMjUwNDY5MWE4YmNkZGU2ZjBlOTRhNDA2OWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnXWrkckTvsiB8tQk1x5Hrbv5SKJF
Luta0lLT3nz33OJPbIc1Bc5/bgnb3HhYqiGT3nGu+/OV5boOCs6UmpCFaAyFeLh1
6er0Rxnw+t5oC6gvSCCWI90/0hD9+3LvqgMtDFB/ql19Lbhq1HzDt037UZWG1cI0
Y5B18FPz3gp/hsL5a/Z1qgD7RiLnSkqczlew3fYxY/1hJPGfiWpcJ9S5RKDdTI4+
T9xnN93RtS8RTmodBUV7o9JU/NJ8Vc97qom4r6vqkTHcLzm9GTbu/Y2GtwBBGIYG
IWxw+isXW1SufyXo95i+ANIbyUgpDbNpTPKB+2Jf+eXQoc9gPJ+DQzNWDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWHOEB8PzJQRpGovN3m8OlKQGm8MB8GA1UdIwQY
MBaAFBN/M3LfV8gUq6i1GpB4Ydkrnk9VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM4emN0OVh5QlNycUxVYWtIaGgyU3VlVDFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy84YjE0MWItNDk0ZS00NjZiLWEyMmMt
YTIyNGZlZmFjMjE4LzEvZFljNFFId19NbEJHa2FpODNlYnc2VXBBYWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy84YjE0MWItNDk0ZS00NjZiLWEyMmMtYTIyNGZlZmFjMjE4
LzEvRTM4emN0OVh5QlNycUxVYWtIaGgyU3VlVDFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBf0YMA0G
CSqGSIb3DQEBCwUAA4IBAQALSFJ40NJKimqSnwif+UsltPUmm3rsbjd5GaeEN+sG
aoPLknqBpbUMfjl97CiGYjOFU5Q0fSRa6N0lt525k8T/ddWv6qc2mUb56Vosq3Oc
u3H6A66Ct5NxgEQqPVYPWoz5ZGmjXbPm4YfxLSs8TdnB2fh3P2k8r/0p+jbafF7B
x61zNtvvMRlaNZas4ZitWeQq5CT496BVMef295a86QZ4p4/+u1svUFmKZJVzHkSc
n3TYGsXs1EdqauyseWEU9wEOn1I2j81p11ldXnaOIOQI0tpHdbxLXogLrgPKfkFm
yzSgCfgzaypzIjnIgCnCq3XDZX+O4lrCiRCQurumvVbz
-----END CERTIFICATE-----