This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/lXLif39D5KxldHNZbTu-0rsSDYY.roa
File:                     lXLif39D5KxldHNZbTu-0rsSDYY.roa (raw, json)
Hash identifier:          mVxFtPQntFOFsnZXkQ8/rUjDQRMlvViyOfc1fE3bjpY=
Subject key identifier:   95:72:E2:7F:7F:43:E4:AC:65:74:73:59:6D:3B:BE:D2:BB:12:0D:86
Certificate issuer:       /CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
Certificate serial:       019B797DFCF2AF987F40139C2D2337602EED
Authority key identifier: B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/lXLif39D5KxldHNZbTu-0rsSDYY.roa
Signing time:             Thu 01 Jan 2026 12:17:38 +0000
ROA not before:           Thu 01 Jan 2026 12:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60231
IP address blocks:        93.189.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 12:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:fc:f2:af:98:7f:40:13:9c:2d:23:37:60:2e:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b343514630dc17f3fe9b51dd434184d0b62b03c0
        Validity
            Not Before: Jan  1 12:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9572e27f7f43e4ac657473596d3bbed2bb120d86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7a:f1:99:41:d0:0f:42:32:60:30:57:84:1a:
                    0c:68:93:ff:ce:03:73:3e:7c:ca:89:d7:3b:16:02:
                    c8:d2:34:c2:69:80:06:9f:b1:29:93:c1:2f:d6:59:
                    aa:9d:bf:01:51:26:f2:df:74:cd:cb:82:c8:fb:5e:
                    08:a5:a0:8b:a8:49:d2:21:bf:38:1c:b0:a7:f1:c0:
                    ec:8f:d5:4b:ea:e2:ca:93:82:36:77:a7:70:60:82:
                    c2:8e:29:76:67:60:1e:eb:32:c9:92:c9:3f:fd:b1:
                    72:eb:8e:c0:4c:84:2c:51:17:24:58:b6:a5:56:9a:
                    cd:13:f7:e8:ee:46:32:96:09:b0:58:5d:df:69:95:
                    d4:56:2d:11:bc:d3:1f:c3:97:d4:50:ec:a8:2b:4a:
                    2f:a8:30:39:c0:5f:a8:c9:a5:ef:a8:9a:b7:60:32:
                    d3:48:32:b2:d6:1e:c3:60:3b:60:2b:45:fa:67:40:
                    59:cb:48:4b:87:0f:9c:46:8e:a1:67:c8:3b:d4:f0:
                    c2:4b:09:92:00:be:d9:6d:5b:fb:27:85:a5:98:b2:
                    e1:18:8a:fb:af:5e:dc:0f:bf:7d:fd:92:5f:3e:59:
                    82:7b:2d:d7:ff:18:33:2d:a5:93:66:71:1a:0b:bf:
                    3f:54:2b:e3:a5:da:72:25:3c:29:53:87:73:d5:e8:
                    b9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:72:E2:7F:7F:43:E4:AC:65:74:73:59:6D:3B:BE:D2:BB:12:0D:86
            X509v3 Authority Key Identifier:
                keyid:B3:43:51:46:30:DC:17:F3:FE:9B:51:DD:43:41:84:D0:B6:2B:03:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/lXLif39D5KxldHNZbTu-0rsSDYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/138046-7be0-4017-a98b-a7247e9d5f3a/1/s0NRRjDcF_P-m1HdQ0GE0LYrA8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.189.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:e9:1f:9d:b8:70:c7:f3:57:b6:63:5a:0c:af:c2:96:af:21:
         52:5e:85:dd:bf:49:d3:3b:2c:ee:de:27:f5:3d:f4:01:12:91:
         51:3d:6b:43:39:d6:89:68:18:b0:87:8a:16:f9:7a:72:d8:b8:
         8d:2a:93:ed:cb:03:03:c3:99:84:87:5c:ea:e4:5b:ea:d5:ba:
         45:81:2c:75:4d:dc:5d:44:68:c6:89:8f:66:48:2e:41:9d:40:
         ad:47:ab:92:a4:94:48:9a:80:c2:ba:9d:a9:2c:50:a0:00:9e:
         1a:27:1f:2b:83:72:1d:71:7a:5e:a1:f0:0d:69:0c:f7:8a:82:
         5b:03:b0:9d:ad:37:cb:ce:57:e4:d9:bd:c4:9f:86:03:03:99:
         97:e3:16:1a:8c:ba:f1:62:2f:76:ca:71:1c:9d:36:b1:cc:ed:
         41:c1:e7:0f:c9:4b:f0:a1:f5:21:c9:bc:42:81:ad:ed:cd:ae:
         3a:b7:21:ac:3b:6b:fe:bc:df:e9:30:54:25:a9:05:db:99:7a:
         ad:97:a2:89:01:ae:27:0e:f8:b4:92:72:66:24:8d:19:15:b3:
         25:73:b6:1e:28:52:b3:49:84:9f:0b:60:3a:42:cd:c1:63:e4:
         9f:fe:bc:76:23:65:92:79:0b:db:ac:b7:b2:85:80:6f:4b:e5:
         5b:7f:57:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5ffzyr5h/QBOcLSM3YC7tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzNDM1MTQ2MzBkYzE3ZjNmZTliNTFkZDQzNDE4NGQwYjYy
YjAzYzAwHhcNMjYwMTAxMTIxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTcyZTI3ZjdmNDNlNGFjNjU3NDczNTk2ZDNiYmVkMmJiMTIwZDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3rxmUHQD0IyYDBXhBoMaJP/zgNz
PnzKidc7FgLI0jTCaYAGn7Epk8Ev1lmqnb8BUSby33TNy4LI+14IpaCLqEnSIb84
HLCn8cDsj9VL6uLKk4I2d6dwYILCjil2Z2Ae6zLJksk//bFy647ATIQsURckWLal
VprNE/fo7kYylgmwWF3faZXUVi0RvNMfw5fUUOyoK0ovqDA5wF+oyaXvqJq3YDLT
SDKy1h7DYDtgK0X6Z0BZy0hLhw+cRo6hZ8g71PDCSwmSAL7ZbVv7J4WlmLLhGIr7
r17cD799/ZJfPlmCey3X/xgzLaWTZnEaC78/VCvjpdpyJTwpU4dz1ei5KQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVy4n9/Q+SsZXRzWW07vtK7Eg2GMB8GA1UdIwQY
MBaAFLNDUUYw3Bfz/ptR3UNBhNC2KwPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGIt
YTcyNDdlOWQ1ZjNhLzEvbFhMaWYzOUQ1S3hsZEhOWmJUdS0wcnNTRFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xMzgwNDYtN2JlMC00MDE3LWE5OGItYTcyNDdlOWQ1ZjNh
LzEvczBOUlJqRGNGX1AtbTFIZFEwR0UwTFlyQThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXb2UMA0G
CSqGSIb3DQEBCwUAA4IBAQBU6R+duHDH81e2Y1oMr8KWryFSXoXdv0nTOyzu3if1
PfQBEpFRPWtDOdaJaBiwh4oW+Xpy2LiNKpPtywMDw5mEh1zq5Fvq1bpFgSx1Tdxd
RGjGiY9mSC5BnUCtR6uSpJRImoDCup2pLFCgAJ4aJx8rg3IdcXpeofANaQz3ioJb
A7CdrTfLzlfk2b3En4YDA5mX4xYajLrxYi92ynEcnTaxzO1BwecPyUvwofUhybxC
ga3tza46tyGsO2v+vN/pMFQlqQXbmXqtl6KJAa4nDvi0knJmJI0ZFbMlc7YeKFKz
SYSfC2A6Qs3BY+Sf/rx2I2WSeQvbrLeyhYBvS+Vbf1cl
-----END CERTIFICATE-----