This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/trDoW8Z1MRhTv9tOyYS210O7SJY.roa
File:                     trDoW8Z1MRhTv9tOyYS210O7SJY.roa (raw, json)
Hash identifier:          K9LbB6jGwB7Ef2NtyGyqBKGz0fJaUjDAkk88RRrAaWQ=
Subject key identifier:   B6:B0:E8:5B:C6:75:31:18:53:BF:DB:4E:C9:84:B6:D7:43:BB:48:96
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019B26A4BF6E998906866693A56AF7F22798
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/trDoW8Z1MRhTv9tOyYS210O7SJY.roa
Signing time:             Tue 16 Dec 2025 10:11:29 +0000
ROA not before:           Tue 16 Dec 2025 10:11:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        103.216.174.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 16:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:26:a4:bf:6e:99:89:06:86:66:93:a5:6a:f7:f2:27:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Dec 16 10:11:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6b0e85bc675311853bfdb4ec984b6d743bb4896
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:de:19:3c:fa:75:b2:82:ab:62:76:ad:3e:6f:
                    fb:1d:86:4f:ca:c7:5a:ef:75:90:95:86:c6:e4:33:
                    f3:6a:88:aa:d9:3c:72:f8:ac:3f:f6:5d:28:3b:14:
                    a6:e6:46:d4:27:85:ab:b0:09:a7:4f:bb:ba:84:2d:
                    87:93:64:72:ff:79:15:88:f3:14:bd:33:ba:82:03:
                    ee:1f:3f:6d:7b:82:ca:58:58:1a:ed:41:45:8c:8c:
                    82:ef:ca:3a:17:0a:84:bd:48:b9:a3:90:d2:be:cc:
                    29:1a:d8:02:cf:04:ad:9d:a4:4b:92:c2:8f:93:92:
                    6b:b5:a9:ed:a5:52:ce:b1:f8:a7:c3:73:08:6a:09:
                    c8:4d:8b:66:ea:c0:7d:2e:88:1d:c8:76:13:e3:bc:
                    e6:cb:69:1b:22:a8:b4:7e:ec:2b:44:c5:f9:19:fb:
                    92:ec:23:a3:f5:86:84:81:4b:7f:75:dd:3a:e7:fe:
                    02:7e:f0:68:75:d0:8b:7d:a0:c4:bc:14:d0:4d:1d:
                    15:12:fc:0f:b2:5a:57:7a:38:a4:81:4b:0f:91:da:
                    d9:48:f0:d9:a6:9d:1a:9f:89:8e:eb:59:79:83:e6:
                    e3:19:5f:51:3e:0c:18:07:e9:74:68:e0:25:78:0e:
                    16:66:91:9b:4d:03:70:8d:5c:54:06:74:ba:7b:5b:
                    fe:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:B0:E8:5B:C6:75:31:18:53:BF:DB:4E:C9:84:B6:D7:43:BB:48:96
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/trDoW8Z1MRhTv9tOyYS210O7SJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.216.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:0c:ea:fa:57:63:e0:15:58:52:ef:05:bf:13:58:c7:b8:ea:
         38:41:71:ed:b0:8c:a4:d9:a6:d8:96:ab:b6:10:5b:43:f0:fc:
         8b:a1:9d:d8:e2:7f:1d:38:54:2d:11:c4:81:d2:f0:3d:a6:07:
         ac:69:98:e4:04:89:1b:85:78:7e:bb:d2:ca:41:d7:6c:73:54:
         d8:29:3e:4c:bd:e6:45:ee:be:de:b8:e4:6f:07:2c:fa:70:fd:
         2f:8d:3d:54:b8:61:63:ff:97:94:5e:4c:f1:e9:45:51:ab:bb:
         02:50:f4:33:7c:d2:e6:7b:99:9c:3e:c7:65:88:71:ad:24:66:
         93:44:5b:7f:b0:28:0b:46:ad:c6:e2:7b:d2:5e:ab:06:50:e7:
         52:75:d0:1d:92:55:24:8b:cb:5d:0d:58:cd:dc:82:d4:7c:74:
         f8:15:2a:3c:b9:71:5c:0d:16:cf:98:95:68:32:92:57:b8:bb:
         63:95:67:a3:94:8e:07:3a:c7:99:20:ce:b6:c0:73:b2:ee:b3:
         a2:b2:53:c6:fa:df:65:ef:78:30:75:be:07:4d:7f:62:50:c9:
         7f:31:1c:ee:fd:4b:a1:4a:33:6f:74:26:ac:6a:00:de:18:d7:
         71:c0:62:c0:71:d8:6b:77:94:24:c0:bd:13:9c:38:bd:74:e9:
         e8:a5:e6:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsmpL9umYkGhmaTpWr38ieYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUxMjE2MTAxMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmIwZTg1YmM2NzUzMTE4NTNiZmRiNGVjOTg0YjZkNzQzYmI0ODk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN4ZPPp1soKrYnatPm/7HYZPysda
73WQlYbG5DPzaoiq2Txy+Kw/9l0oOxSm5kbUJ4WrsAmnT7u6hC2Hk2Ry/3kViPMU
vTO6ggPuHz9te4LKWFga7UFFjIyC78o6FwqEvUi5o5DSvswpGtgCzwStnaRLksKP
k5JrtantpVLOsfinw3MIagnITYtm6sB9LogdyHYT47zmy2kbIqi0fuwrRMX5GfuS
7COj9YaEgUt/dd065/4CfvBoddCLfaDEvBTQTR0VEvwPslpXejikgUsPkdrZSPDZ
pp0an4mO61l5g+bjGV9RPgwYB+l0aOAleA4WZpGbTQNwjVxUBnS6e1v+2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLaw6FvGdTEYU7/bTsmEttdDu0iWMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvdHJEb1c4WjFNUmhUdjl0T3lZUzIxME83U0pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ9iuMA0G
CSqGSIb3DQEBCwUAA4IBAQAODOr6V2PgFVhS7wW/E1jHuOo4QXHtsIyk2abYlqu2
EFtD8PyLoZ3Y4n8dOFQtEcSB0vA9pgesaZjkBIkbhXh+u9LKQddsc1TYKT5MveZF
7r7euORvByz6cP0vjT1UuGFj/5eUXkzx6UVRq7sCUPQzfNLme5mcPsdliHGtJGaT
RFt/sCgLRq3G4nvSXqsGUOdSddAdklUki8tdDVjN3ILUfHT4FSo8uXFcDRbPmJVo
MpJXuLtjlWejlI4HOseZIM62wHOy7rOislPG+t9l73gwdb4HTX9iUMl/MRzu/Uuh
SjNvdCasagDeGNdxwGLAcdhrd5QkwL0TnDi9dOnopeYx
-----END CERTIFICATE-----