This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/lHNKO7sNNTzQ5Qf7iXFu2MykVlY.roa
File:                     lHNKO7sNNTzQ5Qf7iXFu2MykVlY.roa (raw, json)
Hash identifier:          gSBFoF7U8vP8sddt6bGyOP5IVVcu/X14ckwK7nmTGi4=
Subject key identifier:   94:73:4A:3B:BB:0D:35:3C:D0:E5:07:FB:89:71:6E:D8:CC:A4:56:56
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019B7D5A9F5D3752C7A43BED64AAFA8FB9BF
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/lHNKO7sNNTzQ5Qf7iXFu2MykVlY.roa
Signing time:             Fri 02 Jan 2026 06:17:29 +0000
ROA not before:           Fri 02 Jan 2026 06:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207957
IP address blocks:        213.176.72.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 07:45:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5a:9f:5d:37:52:c7:a4:3b:ed:64:aa:fa:8f:b9:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Jan  2 06:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94734a3bbb0d353cd0e507fb89716ed8cca45656
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:81:7f:24:3e:d8:40:44:2b:b3:79:4a:43:6e:
                    bf:ae:2b:d7:0c:c8:3f:d4:58:02:1c:c0:86:28:3d:
                    2c:60:43:45:4c:cd:5a:e2:6b:f9:72:95:38:f4:5f:
                    70:0a:9e:1c:1d:8e:ca:5d:e6:15:6e:2b:c6:20:50:
                    e8:f7:98:69:4b:78:8f:51:58:28:38:0e:a2:fc:4a:
                    43:8e:76:71:10:05:9b:40:ad:c7:19:a2:40:de:8d:
                    3c:85:3e:e2:d1:9d:0d:55:20:77:fc:52:58:7d:6e:
                    9a:80:ca:f6:05:24:8e:71:8b:b9:fa:88:ca:2b:1e:
                    95:8d:65:00:61:d3:11:bf:17:40:8a:1d:e7:c5:33:
                    e7:3c:81:f0:76:2d:bf:f1:3a:d2:67:c8:16:28:45:
                    ae:88:c5:c2:b3:2c:26:62:15:30:f6:f8:2b:5c:97:
                    ef:51:7e:cd:07:c9:19:05:3c:37:8b:f9:f7:61:a7:
                    34:39:08:1a:e4:1a:15:c5:dc:28:47:f4:11:5c:6e:
                    00:e0:37:cf:3b:cb:d8:61:60:8e:d9:d2:45:c8:d1:
                    86:5d:c7:8f:c5:3d:69:2d:13:a8:d3:b7:27:49:93:
                    8c:03:20:8d:0c:b4:4a:e3:8a:6d:0f:36:7f:c8:39:
                    af:96:84:a4:70:52:d7:c6:a0:99:4b:25:75:9c:f6:
                    94:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:73:4A:3B:BB:0D:35:3C:D0:E5:07:FB:89:71:6E:D8:CC:A4:56:56
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/lHNKO7sNNTzQ5Qf7iXFu2MykVlY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.176.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:07:17:cc:32:c9:e8:32:2b:3e:4f:67:06:99:c0:57:9a:11:
         18:3b:46:3d:0d:29:51:75:23:d5:63:2b:18:55:4c:c6:c6:85:
         6c:1d:77:82:58:51:ee:dc:ec:e7:de:b0:e3:b3:21:6a:1a:50:
         16:f4:d3:d4:2a:4c:9c:67:61:76:2b:bf:27:b5:57:07:5b:2f:
         f0:78:c9:05:99:a1:7c:72:c4:2a:be:3f:10:0e:e5:eb:5f:4b:
         19:41:5d:ab:69:ff:ad:b6:25:b4:81:9e:2d:dd:b2:f6:e2:8f:
         a2:7c:1a:cf:44:4b:01:4a:d5:f8:e4:f3:16:8f:ad:c9:e2:13:
         e9:d3:66:60:87:35:15:34:fe:97:12:80:5c:23:70:7d:70:41:
         5f:7a:0e:00:69:2e:fd:e7:8f:e2:09:8b:fa:bc:4a:c0:36:7b:
         5e:67:b5:12:34:8b:3b:ce:f7:23:09:eb:7f:53:b9:9e:24:dd:
         2f:7a:de:ba:f0:ae:3b:dc:47:8b:4e:22:55:40:44:8b:fd:64:
         76:63:56:1f:c6:df:10:df:a0:1f:7f:72:ce:d2:c2:fe:80:ca:
         16:9e:8b:d2:10:89:42:65:4b:0a:b7:44:31:6e:53:38:5d:c8:
         e1:02:22:bb:5e:00:d2:ef:73:13:86:4b:c8:e9:ab:6d:d0:6e:
         16:1c:d4:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9Wp9dN1LHpDvtZKr6j7m/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjYwMTAyMDYxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDczNGEzYmJiMGQzNTNjZDBlNTA3ZmI4OTcxNmVkOGNjYTQ1NjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA64F/JD7YQEQrs3lKQ26/rivXDMg/
1FgCHMCGKD0sYENFTM1a4mv5cpU49F9wCp4cHY7KXeYVbivGIFDo95hpS3iPUVgo
OA6i/EpDjnZxEAWbQK3HGaJA3o08hT7i0Z0NVSB3/FJYfW6agMr2BSSOcYu5+ojK
Kx6VjWUAYdMRvxdAih3nxTPnPIHwdi2/8TrSZ8gWKEWuiMXCsywmYhUw9vgrXJfv
UX7NB8kZBTw3i/n3Yac0OQga5BoVxdwoR/QRXG4A4DfPO8vYYWCO2dJFyNGGXceP
xT1pLROo07cnSZOMAyCNDLRK44ptDzZ/yDmvloSkcFLXxqCZSyV1nPaUOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRzSju7DTU80OUH+4lxbtjMpFZWMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvbEhOS083c05OVHpRNVFmN2lYRnUyTXlrVmxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1bBIMA0G
CSqGSIb3DQEBCwUAA4IBAQALBxfMMsnoMis+T2cGmcBXmhEYO0Y9DSlRdSPVYysY
VUzGxoVsHXeCWFHu3Ozn3rDjsyFqGlAW9NPUKkycZ2F2K78ntVcHWy/weMkFmaF8
csQqvj8QDuXrX0sZQV2raf+ttiW0gZ4t3bL24o+ifBrPREsBStX45PMWj63J4hPp
02ZghzUVNP6XEoBcI3B9cEFfeg4AaS7954/iCYv6vErANnteZ7USNIs7zvcjCet/
U7meJN0vet668K473EeLTiJVQESL/WR2Y1Yfxt8Q36Aff3LO0sL+gMoWnovSEIlC
ZUsKt0QxblM4XcjhAiK7XgDS73MThkvI6att0G4WHNRH
-----END CERTIFICATE-----