This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/20b3fe-eebf-42ff-b012-7a3e394c0493/1/po54B6DcG4NNjfbOaiSiD07LWNY.roa
File:                     po54B6DcG4NNjfbOaiSiD07LWNY.roa (raw, json)
Hash identifier:          F6tAS7XR1ayK/65ME6r1XZa5gTXikXeH7j2JEQzHRCQ=
Subject key identifier:   A6:8E:78:07:A0:DC:1B:83:4D:8D:F6:CE:6A:24:A2:0F:4E:CB:58:D6
Certificate issuer:       /CN=97f19047f3f1e0593d1c317997bede2890aa0ffb
Certificate serial:       019B78A3779D28666F257C1D6CD08A139362
Authority key identifier: 97:F1:90:47:F3:F1:E0:59:3D:1C:31:79:97:BE:DE:28:90:AA:0F:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l_GQR_Px4Fk9HDF5l77eKJCqD_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/20b3fe-eebf-42ff-b012-7a3e394c0493/1/po54B6DcG4NNjfbOaiSiD07LWNY.roa
Signing time:             Thu 01 Jan 2026 08:18:57 +0000
ROA not before:           Thu 01 Jan 2026 08:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     131613
IP address blocks:        103.156.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/20b3fe-eebf-42ff-b012-7a3e394c0493/1/l_GQR_Px4Fk9HDF5l77eKJCqD_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/20b3fe-eebf-42ff-b012-7a3e394c0493/1/l_GQR_Px4Fk9HDF5l77eKJCqD_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l_GQR_Px4Fk9HDF5l77eKJCqD_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:77:9d:28:66:6f:25:7c:1d:6c:d0:8a:13:93:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97f19047f3f1e0593d1c317997bede2890aa0ffb
        Validity
            Not Before: Jan  1 08:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a68e7807a0dc1b834d8df6ce6a24a20f4ecb58d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:32:62:d8:a5:0a:f6:e3:63:8b:5a:37:cd:d7:
                    2f:53:37:c4:22:04:52:c0:e9:94:1b:12:9f:44:6f:
                    c7:c2:73:5d:46:bd:4e:10:16:a2:33:49:c6:4c:bc:
                    8d:dd:8f:e3:9b:4d:8b:b8:3e:7a:cb:e7:ba:86:31:
                    c4:08:d7:66:0b:fc:f3:3f:f2:e9:5b:77:ad:30:96:
                    86:82:d7:a9:92:bd:28:2a:6d:3e:a8:57:9f:91:4a:
                    f2:c5:53:48:59:e5:f3:31:5a:3e:ec:36:26:67:20:
                    77:96:12:95:45:4f:27:c0:99:55:e9:df:50:df:2b:
                    80:bd:91:43:b9:f8:d5:5c:dc:8f:1b:07:43:b4:02:
                    c4:11:af:fa:9c:67:cb:93:73:c3:b3:d6:0e:7c:b3:
                    d1:57:94:7a:d5:b0:33:a2:14:b9:c3:31:0e:f5:3b:
                    2d:a8:ff:de:46:0b:b4:2b:00:52:c1:01:c1:d7:e8:
                    6e:b2:ba:30:44:11:e8:7e:c4:31:77:e0:f1:50:16:
                    bd:eb:4b:6d:da:4f:e6:44:56:f2:af:d9:60:b9:a6:
                    ee:ff:66:83:8b:64:29:79:37:92:0d:27:b3:c8:80:
                    03:53:24:60:ea:3e:b0:33:68:77:9d:9a:1c:ee:e2:
                    60:d3:fc:1c:85:c4:0b:76:ed:8d:0f:7d:e7:68:ae:
                    2e:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:8E:78:07:A0:DC:1B:83:4D:8D:F6:CE:6A:24:A2:0F:4E:CB:58:D6
            X509v3 Authority Key Identifier:
                keyid:97:F1:90:47:F3:F1:E0:59:3D:1C:31:79:97:BE:DE:28:90:AA:0F:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l_GQR_Px4Fk9HDF5l77eKJCqD_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/20b3fe-eebf-42ff-b012-7a3e394c0493/1/po54B6DcG4NNjfbOaiSiD07LWNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/20b3fe-eebf-42ff-b012-7a3e394c0493/1/l_GQR_Px4Fk9HDF5l77eKJCqD_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.156.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:4f:db:e7:90:dd:64:26:69:d1:f3:f3:03:b7:af:cb:c0:a3:
         31:c5:0a:41:30:22:b2:3f:2b:0e:04:c8:e9:0a:55:4e:ca:0d:
         6a:ca:b7:47:20:2a:0b:f6:95:c7:6b:11:3e:e2:4e:4e:c8:cd:
         95:11:0c:5f:f7:f6:b9:6c:53:fb:3d:1a:66:ad:8d:30:75:81:
         66:e5:7a:f2:8d:e0:06:85:0a:e1:85:12:4c:42:88:f3:80:0e:
         a6:b1:89:2d:6a:30:f1:92:ff:4c:3a:ed:1b:30:e6:c2:aa:61:
         33:88:91:8c:a7:61:1e:98:54:d8:ba:12:ff:dc:53:ec:de:2b:
         fb:84:27:6a:77:fb:f4:00:ff:63:22:5c:97:06:86:c5:71:15:
         c1:b4:67:02:7e:55:6a:8c:04:1f:92:b7:aa:20:4e:0c:7d:20:
         cc:ca:40:d3:09:7b:fc:e7:26:76:c6:82:59:ac:ff:8a:52:54:
         17:cf:17:9b:dc:7e:f0:47:70:23:0a:90:17:fd:18:01:71:d3:
         f2:8d:17:31:c4:9b:43:8b:b2:ea:25:a7:28:4b:8f:43:7b:7e:
         08:d3:e9:a1:74:5e:f8:40:02:96:4b:36:f4:f7:01:29:c7:0c:
         93:95:b2:9e:0c:60:83:43:8d:8f:1f:62:37:67:9d:b7:fb:5d:
         d8:8c:ab:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o3edKGZvJXwdbNCKE5NiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3ZjE5MDQ3ZjNmMWUwNTkzZDFjMzE3OTk3YmVkZTI4OTBh
YTBmZmIwHhcNMjYwMTAxMDgxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjhlNzgwN2EwZGMxYjgzNGQ4ZGY2Y2U2YTI0YTIwZjRlY2I1OGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjJi2KUK9uNji1o3zdcvUzfEIgRS
wOmUGxKfRG/HwnNdRr1OEBaiM0nGTLyN3Y/jm02LuD56y+e6hjHECNdmC/zzP/Lp
W3etMJaGgtepkr0oKm0+qFefkUryxVNIWeXzMVo+7DYmZyB3lhKVRU8nwJlV6d9Q
3yuAvZFDufjVXNyPGwdDtALEEa/6nGfLk3PDs9YOfLPRV5R61bAzohS5wzEO9Tst
qP/eRgu0KwBSwQHB1+husrowRBHofsQxd+DxUBa960tt2k/mRFbyr9lguabu/2aD
i2QpeTeSDSezyIADUyRg6j6wM2h3nZoc7uJg0/wchcQLdu2ND33naK4ujwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKaOeAeg3BuDTY32zmokog9Oy1jWMB8GA1UdIwQY
MBaAFJfxkEfz8eBZPRwxeZe+3iiQqg/7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbF9HUVJfUHg0Rms5SERGNWw3N2VLSkNxRF9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8yMGIzZmUtZWViZi00MmZmLWIwMTIt
N2EzZTM5NGMwNDkzLzEvcG81NEI2RGNHNE5OamZiT2FpU2lEMDdMV05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8yMGIzZmUtZWViZi00MmZmLWIwMTItN2EzZTM5NGMwNDkz
LzEvbF9HUVJfUHg0Rms5SERGNWw3N2VLSkNxRF9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ5y5MA0G
CSqGSIb3DQEBCwUAA4IBAQCUT9vnkN1kJmnR8/MDt6/LwKMxxQpBMCKyPysOBMjp
ClVOyg1qyrdHICoL9pXHaxE+4k5OyM2VEQxf9/a5bFP7PRpmrY0wdYFm5XryjeAG
hQrhhRJMQojzgA6msYktajDxkv9MOu0bMObCqmEziJGMp2EemFTYuhL/3FPs3iv7
hCdqd/v0AP9jIlyXBobFcRXBtGcCflVqjAQfkreqIE4MfSDMykDTCXv85yZ2xoJZ
rP+KUlQXzxeb3H7wR3AjCpAX/RgBcdPyjRcxxJtDi7LqJacoS49De34I0+mhdF74
QAKWSzb09wEpxwyTlbKeDGCDQ42PH2I3Z523+13YjKuM
-----END CERTIFICATE-----