This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/lb9dWd03BfnM72HsEUOqMfSXM5c.roa
File:                     lb9dWd03BfnM72HsEUOqMfSXM5c.roa (raw, json)
Hash identifier:          RJsPG6DuVrowjWLhY1jcZaBG3s9HD98PpDetQPQtNn0=
Subject key identifier:   95:BF:5D:59:DD:37:05:F9:CC:EF:61:EC:11:43:AA:31:F4:97:33:97
Certificate issuer:       /CN=bf239c7790fc3d577626d5bbf1861e59c9b470ae
Certificate serial:       019B7E3906094AC32E127A34862607E81906
Authority key identifier: BF:23:9C:77:90:FC:3D:57:76:26:D5:BB:F1:86:1E:59:C9:B4:70:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vyOcd5D8PVd2JtW78YYeWcm0cK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/lb9dWd03BfnM72HsEUOqMfSXM5c.roa
Signing time:             Fri 02 Jan 2026 10:20:24 +0000
ROA not before:           Fri 02 Jan 2026 10:20:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        93.174.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/vyOcd5D8PVd2JtW78YYeWcm0cK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/vyOcd5D8PVd2JtW78YYeWcm0cK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vyOcd5D8PVd2JtW78YYeWcm0cK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 10:21:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:06:09:4a:c3:2e:12:7a:34:86:26:07:e8:19:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf239c7790fc3d577626d5bbf1861e59c9b470ae
        Validity
            Not Before: Jan  2 10:20:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95bf5d59dd3705f9ccef61ec1143aa31f4973397
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:93:32:ad:bb:23:76:a1:5c:c5:ce:57:18:70:
                    d1:9f:f4:26:81:ce:3f:28:15:06:72:39:c4:d5:2b:
                    d8:a9:64:e1:d9:04:db:62:fe:ea:04:cb:83:5e:51:
                    e5:30:6f:7c:4b:69:a8:f5:38:23:80:e3:bb:cc:4b:
                    1c:fd:06:5b:fd:a4:3d:f4:ef:4c:73:37:40:fd:ea:
                    2c:af:18:d4:d1:bd:46:74:a0:8b:b3:d8:a2:1e:0e:
                    8f:ee:fa:48:95:20:12:90:d5:f3:6b:28:18:84:f4:
                    65:7c:69:af:29:fb:ef:22:b8:f4:cc:c5:ec:98:ff:
                    40:68:d2:a6:b6:20:10:d9:13:fa:bf:32:17:f8:35:
                    4c:fb:c8:66:eb:f9:f3:90:24:03:6d:24:c3:ca:71:
                    bb:71:19:4b:82:2a:c7:1e:fb:25:4f:43:5c:4f:37:
                    4b:c2:60:09:28:64:d6:c4:9a:7a:82:e0:b1:e7:a1:
                    a2:fe:88:1a:34:88:30:96:8d:72:44:4e:b0:59:d9:
                    3e:5e:a5:00:fa:b8:d2:5e:02:52:e0:4f:d4:c4:f4:
                    dd:db:b6:d6:23:74:90:fb:45:16:6c:94:70:4a:85:
                    82:52:1f:97:44:33:09:32:68:7b:9a:03:bb:09:fd:
                    3e:68:35:7b:51:76:ba:3a:95:af:73:8f:04:d2:f9:
                    d7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:BF:5D:59:DD:37:05:F9:CC:EF:61:EC:11:43:AA:31:F4:97:33:97
            X509v3 Authority Key Identifier:
                keyid:BF:23:9C:77:90:FC:3D:57:76:26:D5:BB:F1:86:1E:59:C9:B4:70:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vyOcd5D8PVd2JtW78YYeWcm0cK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/lb9dWd03BfnM72HsEUOqMfSXM5c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/b0deec-7233-42f3-8767-b5503a32edfe/1/vyOcd5D8PVd2JtW78YYeWcm0cK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:31:cb:bb:3b:60:a6:7a:04:a0:d1:24:c1:91:d4:a6:f4:bc:
         52:b9:7f:52:60:5c:c3:74:6c:bc:cf:e4:ef:f1:cb:02:cc:f2:
         1e:95:aa:09:0f:72:da:c4:a8:1e:df:71:44:87:81:2e:21:90:
         36:ef:ac:25:57:9e:5b:e7:68:5e:d9:d3:08:79:ac:57:50:8d:
         59:47:bd:1d:df:8a:db:9c:b9:cd:4b:c1:35:6d:05:ad:5c:bc:
         f2:c4:01:1f:b7:bf:e6:97:53:b0:e2:d3:2a:22:99:a4:04:ef:
         f1:d2:92:c0:e5:4e:8c:c4:24:6b:4d:62:ad:a9:bc:b0:33:b1:
         9e:d4:ab:3b:b1:0c:c8:20:84:13:63:8e:44:34:8f:b6:e7:8d:
         bb:41:bf:d5:43:c8:5e:2e:c4:23:e8:ce:e8:c5:3a:d0:ad:b2:
         7d:61:7a:20:a3:24:53:1f:66:dd:b3:f0:71:8c:0b:73:36:4f:
         b5:9d:d7:e9:c6:60:aa:0b:67:1b:91:d3:62:37:cc:39:3e:5a:
         e5:bc:a4:4c:71:cc:1a:3f:b0:5e:43:a1:cc:70:84:08:83:d8:
         17:61:22:40:92:09:c5:d6:50:b4:51:4d:44:8b:fd:88:0e:86:
         69:28:f9:98:aa:d4:a5:43:01:58:12:3a:e1:4b:65:db:b2:09:
         2c:4f:b2:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OQYJSsMuEno0hiYH6BkGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMjM5Yzc3OTBmYzNkNTc3NjI2ZDViYmYxODYxZTU5Yzli
NDcwYWUwHhcNMjYwMTAyMTAyMDI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWJmNWQ1OWRkMzcwNWY5Y2NlZjYxZWMxMTQzYWEzMWY0OTczMzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pMyrbsjdqFcxc5XGHDRn/Qmgc4/
KBUGcjnE1SvYqWTh2QTbYv7qBMuDXlHlMG98S2mo9TgjgOO7zEsc/QZb/aQ99O9M
czdA/eosrxjU0b1GdKCLs9iiHg6P7vpIlSASkNXzaygYhPRlfGmvKfvvIrj0zMXs
mP9AaNKmtiAQ2RP6vzIX+DVM+8hm6/nzkCQDbSTDynG7cRlLgirHHvslT0NcTzdL
wmAJKGTWxJp6guCx56Gi/ogaNIgwlo1yRE6wWdk+XqUA+rjSXgJS4E/UxPTd27bW
I3SQ+0UWbJRwSoWCUh+XRDMJMmh7mgO7Cf0+aDV7UXa6OpWvc48E0vnXNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJW/XVndNwX5zO9h7BFDqjH0lzOXMB8GA1UdIwQY
MBaAFL8jnHeQ/D1XdibVu/GGHlnJtHCuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnlPY2Q1RDhQVmQySnRXNzhZWWVXY20wY0s0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9iMGRlZWMtNzIzMy00MmYzLTg3Njct
YjU1MDNhMzJlZGZlLzEvbGI5ZFdkMDNCZm5NNzJIc0VVT3FNZlNYTTVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9iMGRlZWMtNzIzMy00MmYzLTg3NjctYjU1MDNhMzJlZGZl
LzEvdnlPY2Q1RDhQVmQySnRXNzhZWWVXY20wY0s0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXa7QMA0G
CSqGSIb3DQEBCwUAA4IBAQAoMcu7O2CmegSg0STBkdSm9LxSuX9SYFzDdGy8z+Tv
8csCzPIelaoJD3LaxKge33FEh4EuIZA276wlV55b52he2dMIeaxXUI1ZR70d34rb
nLnNS8E1bQWtXLzyxAEft7/ml1Ow4tMqIpmkBO/x0pLA5U6MxCRrTWKtqbywM7Ge
1Ks7sQzIIIQTY45ENI+25427Qb/VQ8heLsQj6M7oxTrQrbJ9YXogoyRTH2bds/Bx
jAtzNk+1ndfpxmCqC2cbkdNiN8w5PlrlvKRMccwaP7BeQ6HMcIQIg9gXYSJAkgnF
1lC0UU1Ei/2IDoZpKPmYqtSlQwFYEjrhS2XbsgksT7Jx
-----END CERTIFICATE-----