This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/2b70f0-4da3-4b45-a95d-48a20e6e5d8b/1/Lw6dpIVKTrHkqnvz6_8ZfhY3LHE.roa
File:                     Lw6dpIVKTrHkqnvz6_8ZfhY3LHE.roa (raw, json)
Hash identifier:          zWKT6y6B8vxLNvJ+sCTyWUsXCNlPOrbo7d9YXIBVvAM=
Subject key identifier:   2F:0E:9D:A4:85:4A:4E:B1:E4:AA:7B:F3:EB:FF:19:7E:16:37:2C:71
Certificate issuer:       /CN=a1646d3f90758d8a3743f155f62bffff1bb6366a
Certificate serial:       019B7C7F83A3864A2AABF97683A69D3667D5
Authority key identifier: A1:64:6D:3F:90:75:8D:8A:37:43:F1:55:F6:2B:FF:FF:1B:B6:36:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oWRtP5B1jYo3Q_FV9iv__xu2Nmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/2b70f0-4da3-4b45-a95d-48a20e6e5d8b/1/Lw6dpIVKTrHkqnvz6_8ZfhY3LHE.roa
Signing time:             Fri 02 Jan 2026 02:18:10 +0000
ROA not before:           Fri 02 Jan 2026 02:18:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214680
IP address blocks:        185.209.188.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/2b70f0-4da3-4b45-a95d-48a20e6e5d8b/1/oWRtP5B1jYo3Q_FV9iv__xu2Nmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/2b70f0-4da3-4b45-a95d-48a20e6e5d8b/1/oWRtP5B1jYo3Q_FV9iv__xu2Nmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oWRtP5B1jYo3Q_FV9iv__xu2Nmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:83:a3:86:4a:2a:ab:f9:76:83:a6:9d:36:67:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1646d3f90758d8a3743f155f62bffff1bb6366a
        Validity
            Not Before: Jan  2 02:18:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f0e9da4854a4eb1e4aa7bf3ebff197e16372c71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:98:bd:ea:bc:f2:6a:ce:23:ca:d3:4a:95:3c:
                    ad:07:b3:da:46:1a:d7:bb:b6:b2:42:75:45:aa:a9:
                    c6:b4:53:73:8e:d0:66:58:7c:ce:bb:3d:d3:18:b4:
                    7e:aa:a1:5b:9b:71:5e:a5:32:2d:1e:d8:b8:9b:0d:
                    69:31:6b:d1:e5:db:93:c0:bf:77:94:ac:19:26:57:
                    ce:db:a6:a8:07:2d:ee:a2:5e:4c:3b:fa:6b:dc:60:
                    cb:ae:60:74:fd:3f:3d:98:51:ef:7a:d9:57:7c:1b:
                    1d:d8:46:88:87:fc:12:cf:23:cf:e9:9d:37:e0:2b:
                    19:43:70:58:96:dd:19:34:37:e6:58:b7:d4:75:91:
                    ac:36:99:9d:c6:fc:17:4d:f3:ea:26:56:82:84:96:
                    ce:48:5b:a6:a5:2e:2f:21:17:d7:e5:bb:1b:c8:5b:
                    4f:60:02:af:10:3e:e1:f0:64:b2:e7:09:64:f2:84:
                    88:88:57:7a:37:45:cd:d4:07:63:3a:80:34:ed:7f:
                    8c:d9:4c:dd:28:aa:7a:4c:7d:07:1f:e5:4c:d4:94:
                    01:8b:02:d5:8b:56:ec:91:b7:ca:2e:15:7b:ba:50:
                    88:69:f2:4a:f5:f0:0b:68:f0:11:db:01:d9:94:9a:
                    cf:8f:f0:4d:46:9a:f6:dd:10:93:44:12:74:16:d9:
                    76:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:0E:9D:A4:85:4A:4E:B1:E4:AA:7B:F3:EB:FF:19:7E:16:37:2C:71
            X509v3 Authority Key Identifier:
                keyid:A1:64:6D:3F:90:75:8D:8A:37:43:F1:55:F6:2B:FF:FF:1B:B6:36:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oWRtP5B1jYo3Q_FV9iv__xu2Nmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/2b70f0-4da3-4b45-a95d-48a20e6e5d8b/1/Lw6dpIVKTrHkqnvz6_8ZfhY3LHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/2b70f0-4da3-4b45-a95d-48a20e6e5d8b/1/oWRtP5B1jYo3Q_FV9iv__xu2Nmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:39:e2:26:41:64:5c:69:3b:9d:b8:9b:28:c7:de:7f:5e:0d:
         6c:95:f1:35:00:8f:a9:d9:bc:d7:10:a1:2b:37:ee:3e:60:84:
         6a:e6:47:5e:cb:b1:4b:76:a2:4c:ac:4d:2a:aa:0f:c8:3b:38:
         b9:5b:a8:7e:4b:b3:f5:80:52:69:62:0c:10:cd:92:fa:d8:fc:
         93:57:45:25:bd:5e:11:45:d8:77:e3:98:e6:5e:38:b8:a7:dd:
         2c:d4:79:2b:f7:00:f4:79:5f:95:3b:cc:24:b4:6c:f0:a6:73:
         4d:8a:43:4e:2f:e5:90:4f:af:0b:08:1e:12:07:66:b2:46:62:
         f5:f3:70:7a:dd:8f:92:bf:76:60:16:3e:38:d1:df:9a:de:05:
         b4:26:59:86:a9:f4:59:0c:51:b0:34:ad:a2:cb:5e:58:eb:a5:
         b2:f6:da:bd:28:06:a4:06:46:77:e9:43:d1:3f:0f:78:bc:81:
         18:2d:a7:9f:90:b2:39:e2:3e:51:a3:38:b7:0a:cf:fc:04:33:
         f9:58:f3:53:64:39:b2:a7:51:2c:54:9f:f0:89:4f:6d:d0:08:
         f6:96:12:9c:e2:2e:2c:f4:f9:18:c6:27:d6:b8:a5:37:f1:38:
         84:0e:6d:d0:ff:e9:b1:43:6e:15:ac:1d:e4:2e:30:f7:66:f2:
         1a:27:de:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f4Ojhkoqq/l2g6adNmfVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNjQ2ZDNmOTA3NThkOGEzNzQzZjE1NWY2MmJmZmZmMWJi
NjM2NmEwHhcNMjYwMTAyMDIxODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjBlOWRhNDg1NGE0ZWIxZTRhYTdiZjNlYmZmMTk3ZTE2MzcyYzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5i96rzyas4jytNKlTytB7PaRhrX
u7ayQnVFqqnGtFNzjtBmWHzOuz3TGLR+qqFbm3FepTItHti4mw1pMWvR5duTwL93
lKwZJlfO26aoBy3uol5MO/pr3GDLrmB0/T89mFHvetlXfBsd2EaIh/wSzyPP6Z03
4CsZQ3BYlt0ZNDfmWLfUdZGsNpmdxvwXTfPqJlaChJbOSFumpS4vIRfX5bsbyFtP
YAKvED7h8GSy5wlk8oSIiFd6N0XN1AdjOoA07X+M2UzdKKp6TH0HH+VM1JQBiwLV
i1bskbfKLhV7ulCIafJK9fALaPAR2wHZlJrPj/BNRpr23RCTRBJ0Ftl2ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8OnaSFSk6x5Kp78+v/GX4WNyxxMB8GA1UdIwQY
MBaAFKFkbT+QdY2KN0PxVfYr//8btjZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1dSdFA1QjFqWW8zUV9GVjlpdl9feHUyTm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS8yYjcwZjAtNGRhMy00YjQ1LWE5NWQt
NDhhMjBlNmU1ZDhiLzEvTHc2ZHBJVktUckhrcW52ejZfOFpmaFkzTEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS8yYjcwZjAtNGRhMy00YjQ1LWE5NWQtNDhhMjBlNmU1ZDhi
LzEvb1dSdFA1QjFqWW8zUV9GVjlpdl9feHUyTm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudG8MA0G
CSqGSIb3DQEBCwUAA4IBAQAeOeImQWRcaTuduJsox95/Xg1slfE1AI+p2bzXEKEr
N+4+YIRq5kdey7FLdqJMrE0qqg/IOzi5W6h+S7P1gFJpYgwQzZL62PyTV0UlvV4R
Rdh345jmXji4p90s1Hkr9wD0eV+VO8wktGzwpnNNikNOL+WQT68LCB4SB2ayRmL1
83B63Y+Sv3ZgFj440d+a3gW0JlmGqfRZDFGwNK2iy15Y66Wy9tq9KAakBkZ36UPR
Pw94vIEYLaefkLI54j5Rozi3Cs/8BDP5WPNTZDmyp1EsVJ/wiU9t0Aj2lhKc4i4s
9PkYxifWuKU38TiEDm3Q/+mxQ24VrB3kLjD3ZvIaJ94V
-----END CERTIFICATE-----