This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/lueVV_jKMeHO5Ubr9jZ-cwt5lHo.roa
File:                     lueVV_jKMeHO5Ubr9jZ-cwt5lHo.roa (raw, json)
Hash identifier:          9c+KFKnP0O3swEyj7ofbRvYd449L+eQRnVpdXmf8AiM=
Subject key identifier:   96:E7:95:57:F8:CA:31:E1:CE:E5:46:EB:F6:36:7E:73:0B:79:94:7A
Certificate issuer:       /CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
Certificate serial:       019B7F84100C9B6B85D5E7B4AD66342C2B6A
Authority key identifier: BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/lueVV_jKMeHO5Ubr9jZ-cwt5lHo.roa
Signing time:             Fri 02 Jan 2026 16:21:59 +0000
ROA not before:           Fri 02 Jan 2026 16:21:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24940
IP address blocks:        2001:67c:1164::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 02:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:10:0c:9b:6b:85:d5:e7:b4:ad:66:34:2c:2b:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba6ed0fb7b320832ac1580534c7b263f304e981b
        Validity
            Not Before: Jan  2 16:21:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=96e79557f8ca31e1cee546ebf6367e730b79947a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:3d:85:a3:63:4e:17:3d:a4:0b:5d:34:fc:ed:
                    f9:16:50:bc:8e:e3:c9:fc:27:bd:c5:92:ce:b9:c6:
                    36:85:6a:65:f6:15:d5:0c:7f:98:51:f7:34:e4:4e:
                    4d:6f:a3:1b:e5:de:d3:49:4b:e9:bc:02:70:49:2a:
                    ee:0c:6a:7a:d8:69:c2:45:03:09:ad:cb:d3:39:56:
                    9f:8f:c9:c1:86:9b:4c:1d:42:fc:48:db:37:a5:33:
                    df:25:73:2b:db:c5:6f:99:6f:f2:d6:aa:90:d0:de:
                    e1:9a:4b:e4:00:21:aa:d9:97:44:cc:42:a2:09:0f:
                    92:3f:e5:ed:c5:e4:ee:ca:b0:57:54:ca:4d:0e:ec:
                    9e:40:bc:75:6e:92:bc:a5:be:20:97:31:64:82:18:
                    e5:b1:89:59:db:e0:13:ab:87:d1:17:1f:6e:34:b0:
                    d0:4c:1b:c3:8e:68:3a:d9:c2:92:f5:8d:9c:b3:95:
                    cd:c2:33:33:99:6b:4f:6b:d9:2b:63:b7:05:e1:49:
                    31:13:5c:8f:bf:50:04:1c:69:32:f2:e0:b0:97:f9:
                    84:cb:9e:fd:6a:da:72:07:0b:43:a4:6c:31:58:46:
                    d1:9c:10:22:43:a6:57:19:2d:94:7a:ee:e1:3a:73:
                    41:34:45:6a:64:05:68:50:36:78:8b:6e:69:0b:16:
                    bc:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:E7:95:57:F8:CA:31:E1:CE:E5:46:EB:F6:36:7E:73:0B:79:94:7A
            X509v3 Authority Key Identifier:
                keyid:BA:6E:D0:FB:7B:32:08:32:AC:15:80:53:4C:7B:26:3F:30:4E:98:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/um7Q-3syCDKsFYBTTHsmPzBOmBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/lueVV_jKMeHO5Ubr9jZ-cwt5lHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/42041d-5931-4824-9254-161f342387d1/1/um7Q-3syCDKsFYBTTHsmPzBOmBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1164::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:ba:16:39:8c:70:e8:bd:f6:a2:55:01:86:71:55:cb:c4:c8:
         da:a6:c7:84:65:ad:25:9c:1a:c5:72:23:e1:1d:95:d1:53:db:
         0d:ce:5d:6c:59:97:11:5c:78:8e:19:c7:38:12:a5:db:90:86:
         67:2e:1c:c0:cb:b4:6f:7e:f4:df:a8:2d:6b:9e:bb:6c:64:ae:
         07:3c:43:53:34:50:4b:16:eb:de:d8:e3:28:9c:95:08:e2:49:
         e4:e1:2a:91:90:bf:ea:6a:ee:ea:45:07:06:ee:91:7f:6e:70:
         f0:66:61:d6:71:5e:58:77:67:20:8a:16:2e:a3:9b:e2:00:f1:
         ce:60:60:36:e3:50:43:d2:bd:11:16:a2:f5:9f:7a:03:36:8e:
         8c:9f:0c:81:16:e0:8a:70:60:4a:da:65:a8:e6:20:12:57:7c:
         8b:5f:b0:18:2d:43:87:e1:93:3d:ef:f4:56:7f:0a:97:51:4e:
         d1:00:f1:48:e8:f1:c7:89:71:0b:c5:d2:e0:fa:a3:ee:65:38:
         0c:cd:a5:81:88:64:01:77:1d:93:97:f6:ac:f7:39:b0:c7:35:
         31:9b:55:a3:9d:b2:aa:f6:38:fa:c2:dd:64:1e:23:7b:da:21:
         b5:73:19:25:fa:a3:1a:bb:5e:a3:8f:40:97:4b:26:fe:5d:0b:
         e6:2d:0c:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/hBAMm2uF1ee0rWY0LCtqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhNmVkMGZiN2IzMjA4MzJhYzE1ODA1MzRjN2IyNjNmMzA0
ZTk4MWIwHhcNMjYwMTAyMTYyMTU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmU3OTU1N2Y4Y2EzMWUxY2VlNTQ2ZWJmNjM2N2U3MzBiNzk5NDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArz2Fo2NOFz2kC100/O35FlC8juPJ
/Ce9xZLOucY2hWpl9hXVDH+YUfc05E5Nb6Mb5d7TSUvpvAJwSSruDGp62GnCRQMJ
rcvTOVafj8nBhptMHUL8SNs3pTPfJXMr28VvmW/y1qqQ0N7hmkvkACGq2ZdEzEKi
CQ+SP+XtxeTuyrBXVMpNDuyeQLx1bpK8pb4glzFkghjlsYlZ2+ATq4fRFx9uNLDQ
TBvDjmg62cKS9Y2cs5XNwjMzmWtPa9krY7cF4UkxE1yPv1AEHGky8uCwl/mEy579
atpyBwtDpGwxWEbRnBAiQ6ZXGS2Ueu7hOnNBNEVqZAVoUDZ4i25pCxa82QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJbnlVf4yjHhzuVG6/Y2fnMLeZR6MB8GA1UdIwQY
MBaAFLpu0Pt7MggyrBWAU0x7Jj8wTpgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQt
MTYxZjM0MjM4N2QxLzEvbHVlVlZfaktNZUhPNVVicjlqWi1jd3Q1bEhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC80MjA0MWQtNTkzMS00ODI0LTkyNTQtMTYxZjM0MjM4N2Qx
LzEvdW03US0zc3lDREtzRllCVFRIc21QekJPbUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBFk
MA0GCSqGSIb3DQEBCwUAA4IBAQBQuhY5jHDovfaiVQGGcVXLxMjapseEZa0lnBrF
ciPhHZXRU9sNzl1sWZcRXHiOGcc4EqXbkIZnLhzAy7RvfvTfqC1rnrtsZK4HPENT
NFBLFuve2OMonJUI4knk4SqRkL/qau7qRQcG7pF/bnDwZmHWcV5Yd2cgihYuo5vi
APHOYGA241BD0r0RFqL1n3oDNo6MnwyBFuCKcGBK2mWo5iASV3yLX7AYLUOH4ZM9
7/RWfwqXUU7RAPFI6PHHiXELxdLg+qPuZTgMzaWBiGQBdx2Tl/as9zmwxzUxm1Wj
nbKq9jj6wt1kHiN72iG1cxkl+qMau16jj0CXSyb+XQvmLQyM
-----END CERTIFICATE-----