This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/LqtY29cqaRhBSSMLXgx1ybOuv1k.roa
File:                     LqtY29cqaRhBSSMLXgx1ybOuv1k.roa (raw, json)
Hash identifier:          QPh2eU6+Dc7UWnGXBDVN/Tlw9b87W7gP3QNQIgrdjug=
Subject key identifier:   2E:AB:58:DB:D7:2A:69:18:41:49:23:0B:5E:0C:75:C9:B3:AE:BF:59
Certificate issuer:       /CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
Certificate serial:       019B7E38E55C34DF9FCCEFF6AB111A436FE4
Authority key identifier: FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/LqtY29cqaRhBSSMLXgx1ybOuv1k.roa
Signing time:             Fri 02 Jan 2026 10:20:16 +0000
ROA not before:           Fri 02 Jan 2026 10:20:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     174
IP address blocks:        109.122.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 10:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:e5:5c:34:df:9f:cc:ef:f6:ab:11:1a:43:6f:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ffa3e55141c1a1f9f2e28811ed7e77fad378a579
        Validity
            Not Before: Jan  2 10:20:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2eab58dbd72a69184149230b5e0c75c9b3aebf59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:0c:a8:23:41:c8:c8:70:8f:cd:99:e8:f2:08:
                    5c:78:53:28:ce:46:f3:ea:6f:31:58:72:92:cc:1a:
                    77:bf:35:b4:86:97:10:5f:23:8b:f5:80:65:9c:d3:
                    20:2d:47:2f:06:c4:38:d1:69:9b:c7:7d:8c:13:e0:
                    0b:28:6e:53:94:af:c1:42:97:43:e2:2e:c1:54:a3:
                    a2:49:5f:77:3c:cf:bf:ac:e5:ed:a3:f3:43:03:a9:
                    b7:00:4f:2e:39:84:50:96:46:4b:7b:31:60:14:c5:
                    b8:19:f2:9d:77:8b:6e:94:de:46:19:e6:20:31:5d:
                    8f:58:8b:fa:9c:3c:57:05:d0:40:98:35:38:d8:57:
                    b7:96:a6:f8:58:23:78:04:c8:9b:2a:d0:f3:c7:1a:
                    e3:df:14:e8:78:2c:74:a7:35:85:57:51:db:1c:6c:
                    53:38:2e:67:03:6d:17:26:a8:67:4f:cc:b5:98:53:
                    ef:b1:62:42:eb:0e:ab:12:85:74:1e:a8:33:7a:97:
                    82:52:e7:2f:65:de:6d:b5:6d:31:e1:3f:cf:a2:97:
                    6c:5a:d4:0d:8e:90:48:14:a5:e7:86:ba:fe:5b:0c:
                    4d:c2:83:2f:d4:6a:2c:46:b8:72:60:94:0d:a4:30:
                    66:d3:35:81:6e:a8:d0:92:04:74:4a:18:c3:ca:9e:
                    e1:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:AB:58:DB:D7:2A:69:18:41:49:23:0B:5E:0C:75:C9:B3:AE:BF:59
            X509v3 Authority Key Identifier:
                keyid:FF:A3:E5:51:41:C1:A1:F9:F2:E2:88:11:ED:7E:77:FA:D3:78:A5:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_6PlUUHBofny4ogR7X53-tN4pXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/LqtY29cqaRhBSSMLXgx1ybOuv1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b263a2-0f6f-4f5d-af9e-a39ac2539fc5/1/_6PlUUHBofny4ogR7X53-tN4pXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:e1:0f:70:5a:5a:79:87:e6:01:61:34:bf:68:ec:15:7f:3e:
         2c:15:a6:0b:e3:39:e4:bb:5b:0d:8b:4b:ac:b0:a6:fd:dd:fa:
         c8:07:40:43:14:cc:99:df:84:12:7f:a4:42:03:c6:93:52:0d:
         ae:21:60:b8:e0:0d:29:72:9a:0d:80:79:17:c3:e7:67:fb:83:
         88:37:d5:e2:b2:7b:c8:47:6b:4f:e8:6f:54:00:9a:c7:9e:27:
         ac:1a:8a:73:58:db:ce:7e:02:5e:20:b3:78:e7:51:22:d1:a7:
         66:75:d4:2a:3b:69:59:73:50:7f:fb:55:45:cf:2d:69:ea:45:
         9a:8d:94:71:91:f0:da:62:7c:f7:ff:15:05:e4:08:db:c4:46:
         23:09:31:69:d1:55:81:7c:33:dd:b5:02:57:0e:43:a6:56:db:
         3d:b4:32:ba:02:ac:c1:af:a7:5b:91:e7:33:f6:f4:fc:74:fc:
         72:7d:01:be:a4:af:f4:82:ab:9d:a8:3c:d9:cf:e8:78:1e:e4:
         92:0f:b8:0a:39:22:9c:4c:34:c6:04:31:be:c0:5a:18:b8:b8:
         ea:83:7c:c9:ad:7e:a7:f3:30:66:df:6a:26:cb:7a:13:b6:0f:
         5a:97:1b:2c:9c:20:9f:35:e1:4c:6b:47:8e:62:4d:22:a9:67:
         2b:df:74:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OOVcNN+fzO/2qxEaQ2/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmYTNlNTUxNDFjMWExZjlmMmUyODgxMWVkN2U3N2ZhZDM3
OGE1NzkwHhcNMjYwMTAyMTAyMDE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWFiNThkYmQ3MmE2OTE4NDE0OTIzMGI1ZTBjNzVjOWIzYWViZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAygyoI0HIyHCPzZno8ghceFMozkbz
6m8xWHKSzBp3vzW0hpcQXyOL9YBlnNMgLUcvBsQ40Wmbx32ME+ALKG5TlK/BQpdD
4i7BVKOiSV93PM+/rOXto/NDA6m3AE8uOYRQlkZLezFgFMW4GfKdd4tulN5GGeYg
MV2PWIv6nDxXBdBAmDU42Fe3lqb4WCN4BMibKtDzxxrj3xToeCx0pzWFV1HbHGxT
OC5nA20XJqhnT8y1mFPvsWJC6w6rEoV0HqgzepeCUucvZd5ttW0x4T/PopdsWtQN
jpBIFKXnhrr+WwxNwoMv1GosRrhyYJQNpDBm0zWBbqjQkgR0ShjDyp7hSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6rWNvXKmkYQUkjC14Mdcmzrr9ZMB8GA1UdIwQY
MBaAFP+j5VFBwaH58uKIEe1+d/rTeKV5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUt
YTM5YWMyNTM5ZmM1LzEvTHF0WTI5Y3FhUmhCU1NNTFhneDF5Yk91djFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iMjYzYTItMGY2Zi00ZjVkLWFmOWUtYTM5YWMyNTM5ZmM1
LzEvXzZQbFVVSEJvZm55NG9nUjdYNTMtdE40cFhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXofMA0G
CSqGSIb3DQEBCwUAA4IBAQA04Q9wWlp5h+YBYTS/aOwVfz4sFaYL4znku1sNi0us
sKb93frIB0BDFMyZ34QSf6RCA8aTUg2uIWC44A0pcpoNgHkXw+dn+4OIN9XisnvI
R2tP6G9UAJrHniesGopzWNvOfgJeILN451Ei0admddQqO2lZc1B/+1VFzy1p6kWa
jZRxkfDaYnz3/xUF5AjbxEYjCTFp0VWBfDPdtQJXDkOmVts9tDK6AqzBr6dbkecz
9vT8dPxyfQG+pK/0gqudqDzZz+h4HuSSD7gKOSKcTDTGBDG+wFoYuLjqg3zJrX6n
8zBm32omy3oTtg9alxssnCCfNeFMa0eOYk0iqWcr33Tt
-----END CERTIFICATE-----