This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/lb5DcqEFRwrMAT2_kkTH2mwl8gI.roa
File:                     lb5DcqEFRwrMAT2_kkTH2mwl8gI.roa (raw, json)
Hash identifier:          OzayzWLZ/M0YmXUVDkXJYSKpwP2l6PU71E/iwL2Zf58=
Subject key identifier:   95:BE:43:72:A1:05:47:0A:CC:01:3D:BF:92:44:C7:DA:6C:25:F2:02
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       019B797ED044E7B51F047B4379EDB5AC4D27
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/lb5DcqEFRwrMAT2_kkTH2mwl8gI.roa
Signing time:             Thu 01 Jan 2026 12:18:32 +0000
ROA not before:           Thu 01 Jan 2026 12:18:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200458
IP address blocks:        78.83.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:d0:44:e7:b5:1f:04:7b:43:79:ed:b5:ac:4d:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  1 12:18:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95be4372a105470acc013dbf9244c7da6c25f202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c0:ee:6d:0b:1e:ee:3d:aa:8d:70:33:93:c9:
                    38:8a:05:a4:94:55:89:3d:1a:21:77:f4:14:33:dd:
                    a9:68:44:bf:e3:3a:03:ff:72:93:6e:87:ae:63:ae:
                    32:00:12:dc:87:91:97:9c:09:88:88:a3:42:b4:de:
                    36:fc:89:02:65:06:b2:3d:f3:e4:f2:4b:8b:68:ce:
                    11:d8:98:dd:02:63:ed:5d:41:62:91:47:03:a8:50:
                    13:47:e5:1c:d2:5c:33:3e:45:c2:04:e2:22:a7:97:
                    f4:f5:68:49:aa:dc:92:f9:f2:93:2b:b5:ca:88:3a:
                    6f:48:82:8c:fa:df:50:26:d7:16:90:99:df:db:b4:
                    6f:3c:86:67:49:d7:dc:05:8a:32:f6:1e:60:e4:2d:
                    6b:07:b9:e5:b3:6a:07:72:f0:0a:f0:ec:bb:03:6d:
                    26:e2:0c:ba:3d:8c:02:1d:07:eb:87:03:9e:f5:3e:
                    7b:a7:14:50:d8:5f:32:d9:a1:8f:94:e0:ed:b9:15:
                    8b:df:11:06:b0:e0:37:b6:6b:db:e1:48:e2:52:87:
                    2b:76:67:58:5c:47:8a:3e:1a:47:f8:53:68:1b:b4:
                    d1:3b:1b:6b:78:2b:7d:69:33:75:06:94:0e:31:4f:
                    cb:43:41:93:82:f3:57:c4:8f:ac:c0:d1:e1:14:44:
                    f0:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:BE:43:72:A1:05:47:0A:CC:01:3D:BF:92:44:C7:DA:6C:25:F2:02
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/lb5DcqEFRwrMAT2_kkTH2mwl8gI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.83.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:91:42:77:eb:34:44:99:50:ef:1e:23:06:c6:c8:24:eb:89:
         ab:a6:a7:54:f4:29:5d:c1:6c:2b:7a:4a:d8:a8:2b:20:07:47:
         0e:98:d3:ec:8b:ed:f8:68:78:3f:85:ae:69:b8:b5:e8:86:7f:
         83:e6:82:50:d2:fa:fb:c5:eb:36:25:3f:ea:c1:79:fb:74:3e:
         e2:db:b1:cb:71:50:56:26:5c:1d:07:8f:94:8a:49:97:db:a2:
         5d:c8:5c:17:bf:94:96:97:ab:42:ab:65:22:78:d6:38:58:a8:
         15:63:2b:80:33:bd:1d:13:1c:fe:29:9a:fe:54:5f:c7:3a:e4:
         75:d8:3f:ba:6b:91:2c:a0:ef:8c:f4:9a:a2:6c:cc:e5:58:14:
         8b:ca:0d:89:8c:e1:8b:5b:02:a9:c1:cf:57:94:e2:74:b7:fc:
         a5:64:9e:22:66:0e:24:33:65:bc:37:93:e9:c2:ae:a0:37:e0:
         c2:ec:ec:3e:1f:d7:37:c2:86:90:a0:43:8f:26:61:10:0a:91:
         a8:09:cf:f1:fc:d2:b7:f5:cc:4c:12:1d:25:0e:cf:51:e5:83:
         c4:0d:b6:c6:e0:65:cd:4d:d5:76:a1:f7:86:07:15:87:04:9a:
         95:02:2a:3f:15:0a:ce:5e:a7:15:62:14:01:96:99:97:67:51:
         29:fe:44:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ftBE57UfBHtDee21rE0nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjYwMTAxMTIxODMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWJlNDM3MmExMDU0NzBhY2MwMTNkYmY5MjQ0YzdkYTZjMjVmMjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsDubQse7j2qjXAzk8k4igWklFWJ
PRohd/QUM92paES/4zoD/3KTboeuY64yABLch5GXnAmIiKNCtN42/IkCZQayPfPk
8kuLaM4R2JjdAmPtXUFikUcDqFATR+Uc0lwzPkXCBOIip5f09WhJqtyS+fKTK7XK
iDpvSIKM+t9QJtcWkJnf27RvPIZnSdfcBYoy9h5g5C1rB7nls2oHcvAK8Oy7A20m
4gy6PYwCHQfrhwOe9T57pxRQ2F8y2aGPlODtuRWL3xEGsOA3tmvb4UjiUocrdmdY
XEeKPhpH+FNoG7TROxtreCt9aTN1BpQOMU/LQ0GTgvNXxI+swNHhFETw4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJW+Q3KhBUcKzAE9v5JEx9psJfICMB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvbGI1RGNxRUZSd3JNQVQyX2trVEgybXdsOGdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATlPrMA0G
CSqGSIb3DQEBCwUAA4IBAQCZkUJ36zREmVDvHiMGxsgk64mrpqdU9CldwWwrekrY
qCsgB0cOmNPsi+34aHg/ha5puLXohn+D5oJQ0vr7xes2JT/qwXn7dD7i27HLcVBW
JlwdB4+UikmX26JdyFwXv5SWl6tCq2UieNY4WKgVYyuAM70dExz+KZr+VF/HOuR1
2D+6a5EsoO+M9JqibMzlWBSLyg2JjOGLWwKpwc9XlOJ0t/ylZJ4iZg4kM2W8N5Pp
wq6gN+DC7Ow+H9c3woaQoEOPJmEQCpGoCc/x/NK39cxMEh0lDs9R5YPEDbbG4GXN
TdV2ofeGBxWHBJqVAio/FQrOXqcVYhQBlpmXZ1Ep/kQh
-----END CERTIFICATE-----