This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lb856u7GDq_g5WhsFQLvt1-9CPc.roa
File:                     lb856u7GDq_g5WhsFQLvt1-9CPc.roa (raw, json)
Hash identifier:          p+DTVfT4MuDZm3P09TaxYWbn4dzeNEQAb6az90lfXt8=
Subject key identifier:   95:BF:39:EA:EE:C6:0E:AF:E0:E5:68:6C:15:02:EF:B7:5F:BD:08:F7
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       019B7B3560BE315A3999127BFB4344C6840A
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lb856u7GDq_g5WhsFQLvt1-9CPc.roa
Signing time:             Thu 01 Jan 2026 20:17:34 +0000
ROA not before:           Thu 01 Jan 2026 20:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20820
IP address blocks:        80.96.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:60:be:31:5a:39:99:12:7b:fb:43:44:c6:84:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 20:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95bf39eaeec60eafe0e5686c1502efb75fbd08f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:30:61:10:3a:5a:dc:96:2d:ad:46:8b:99:67:
                    bd:93:20:87:1e:be:ca:ec:ac:c2:61:17:bf:2a:ce:
                    3e:cf:1f:d9:32:83:74:91:23:ff:c7:fd:e1:10:e3:
                    e4:9d:5a:14:2d:67:9c:a9:89:d8:5b:46:a6:64:77:
                    a2:4c:06:82:79:25:28:25:64:90:f5:92:85:26:6b:
                    5b:59:af:52:ba:c0:61:2c:a9:f2:9e:a7:17:8f:3d:
                    ae:f4:b6:50:25:c9:a1:5c:b7:81:84:0e:e8:79:35:
                    f9:38:a8:0c:46:b0:e9:e8:b9:b8:9d:3c:7a:14:0c:
                    05:65:46:f5:17:6c:ff:7a:05:83:05:ea:b5:ec:8a:
                    18:c3:04:76:46:35:bf:46:12:2c:84:d7:1b:49:6b:
                    fc:99:d9:f3:eb:b7:c8:90:a7:d0:ea:4c:d4:27:3b:
                    e1:9a:2e:14:95:e1:33:67:e9:37:be:47:94:33:cb:
                    21:fb:ad:46:28:64:bd:af:d3:e7:63:5c:f4:77:2b:
                    94:08:32:c3:b6:3b:0c:54:d6:2f:f9:1d:ac:e0:50:
                    98:fc:dd:ca:11:fc:15:05:e9:59:14:e3:5d:d1:8c:
                    1e:6e:4a:5a:eb:db:f1:75:2b:62:dc:d0:dc:af:89:
                    30:49:ad:f6:4a:ae:d8:0f:f6:c3:4a:6e:89:eb:49:
                    3d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:BF:39:EA:EE:C6:0E:AF:E0:E5:68:6C:15:02:EF:B7:5F:BD:08:F7
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/lb856u7GDq_g5WhsFQLvt1-9CPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:a1:2f:1a:f7:41:d5:0d:ac:91:45:24:d8:59:9b:fa:b1:56:
         bf:37:d8:51:ac:fd:03:24:4a:e5:a4:bc:1c:a9:1c:7d:6b:81:
         31:c4:98:d7:a1:d8:94:b8:8c:31:36:e6:29:4b:56:f5:b1:40:
         10:a3:9b:1a:ff:b2:fd:7a:ad:42:87:c5:2f:48:41:13:75:e8:
         e6:6c:d3:3b:f2:5c:0e:9d:6e:2f:b6:8a:2f:86:e7:a2:d1:17:
         50:74:4c:e8:3f:48:2a:c1:63:73:17:18:48:62:81:80:c6:85:
         26:96:03:8f:63:9d:80:a0:f6:cd:2e:f5:b8:84:25:61:64:4b:
         a4:96:a4:70:40:e6:f0:aa:73:89:7b:9a:fd:89:20:97:7d:06:
         f7:87:52:42:36:5b:3f:76:94:c0:8d:89:73:01:2f:92:aa:4d:
         3d:34:ed:6d:7f:57:3d:fd:17:16:1a:6d:1f:3d:65:53:93:ef:
         7c:4f:44:36:20:1a:f5:f8:c9:f5:8a:2d:b5:ac:ca:8a:84:30:
         83:d9:ad:a6:1e:51:96:16:e8:93:58:d4:ed:4b:82:ff:c9:47:
         95:b1:f8:64:87:dc:c4:4b:ca:ba:bc:a0:a9:9a:db:80:bd:c1:
         5d:41:d1:09:28:8d:08:ac:dc:e7:bd:4a:8e:8d:6d:46:42:f1:
         31:35:7c:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NWC+MVo5mRJ7+0NExoQKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjYwMTAxMjAxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWJmMzllYWVlYzYwZWFmZTBlNTY4NmMxNTAyZWZiNzVmYmQwOGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDBhEDpa3JYtrUaLmWe9kyCHHr7K
7KzCYRe/Ks4+zx/ZMoN0kSP/x/3hEOPknVoULWecqYnYW0amZHeiTAaCeSUoJWSQ
9ZKFJmtbWa9SusBhLKnynqcXjz2u9LZQJcmhXLeBhA7oeTX5OKgMRrDp6Lm4nTx6
FAwFZUb1F2z/egWDBeq17IoYwwR2RjW/RhIshNcbSWv8mdnz67fIkKfQ6kzUJzvh
mi4UleEzZ+k3vkeUM8sh+61GKGS9r9PnY1z0dyuUCDLDtjsMVNYv+R2s4FCY/N3K
EfwVBelZFONd0Ywebkpa69vxdSti3NDcr4kwSa32Sq7YD/bDSm6J60k9AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJW/Oeruxg6v4OVobBUC77dfvQj3MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvbGI4NTZ1N0dEcV9nNVdoc0ZRTHZ0MS05Q1BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUGDfMA0G
CSqGSIb3DQEBCwUAA4IBAQCmoS8a90HVDayRRSTYWZv6sVa/N9hRrP0DJErlpLwc
qRx9a4ExxJjXodiUuIwxNuYpS1b1sUAQo5sa/7L9eq1Ch8UvSEETdejmbNM78lwO
nW4vtoovhuei0RdQdEzoP0gqwWNzFxhIYoGAxoUmlgOPY52AoPbNLvW4hCVhZEuk
lqRwQObwqnOJe5r9iSCXfQb3h1JCNls/dpTAjYlzAS+Sqk09NO1tf1c9/RcWGm0f
PWVTk+98T0Q2IBr1+Mn1ii21rMqKhDCD2a2mHlGWFuiTWNTtS4L/yUeVsfhkh9zE
S8q6vKCpmtuAvcFdQdEJKI0IrNznvUqOjW1GQvExNXyc
-----END CERTIFICATE-----