This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/kLgt42UXCSlPmmzBhtriKb-BEdg.roa
File:                     kLgt42UXCSlPmmzBhtriKb-BEdg.roa (raw, json)
Hash identifier:          StnSDmBsLjA5VJ2jTHIfEuAPLe0plO7Q4DMIq/31dvI=
Subject key identifier:   90:B8:2D:E3:65:17:09:29:4F:9A:6C:C1:86:DA:E2:29:BF:81:11:D8
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019A29D038523EFC1C699B9A083709189D12
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/kLgt42UXCSlPmmzBhtriKb-BEdg.roa
Signing time:             Tue 28 Oct 2025 07:55:03 +0000
ROA not before:           Tue 28 Oct 2025 07:55:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142561
IP address blocks:        81.18.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 14:25:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:29:d0:38:52:3e:fc:1c:69:9b:9a:08:37:09:18:9d:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Oct 28 07:55:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90b82de3651709294f9a6cc186dae229bf8111d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:1b:9b:14:06:69:f2:3b:c8:6a:af:61:20:39:
                    25:4b:73:9d:9c:46:c1:0e:ac:ff:fe:b6:7f:51:b5:
                    60:ad:31:6e:c5:99:51:41:06:a3:fb:43:57:48:0f:
                    d2:bb:12:32:b0:1f:5e:d6:08:88:ae:5d:53:cf:00:
                    cb:cf:2c:f3:cb:90:9a:17:bb:b8:57:ac:9f:c7:43:
                    e8:f4:c7:03:10:8d:f9:24:2b:63:83:73:cc:b1:05:
                    0a:90:a1:da:41:38:97:21:79:d2:8b:be:c4:38:a3:
                    31:cf:6c:c3:04:d8:b7:09:f3:17:0c:ea:60:84:49:
                    16:cb:07:50:12:a0:13:9f:87:71:63:08:28:55:ec:
                    a3:ad:1f:c2:93:72:11:31:e6:05:00:d8:89:2d:54:
                    f1:a8:d5:c2:e8:ef:dc:05:31:6b:c4:ef:f7:69:9f:
                    7a:73:e0:f1:26:3b:5e:38:c3:39:61:11:12:fc:5c:
                    ba:ab:7d:12:d4:4d:e9:eb:73:b4:87:a9:42:1a:18:
                    f4:c2:7d:e2:59:fc:d0:6a:73:ed:25:0b:44:85:94:
                    1b:7f:f3:e7:c1:5b:e3:83:31:28:b2:68:97:cf:9a:
                    6d:55:4a:27:d4:10:60:b9:04:c2:10:1e:40:ba:f5:
                    ea:a9:c4:72:0b:8b:df:61:fc:1f:24:f2:19:6d:52:
                    14:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B8:2D:E3:65:17:09:29:4F:9A:6C:C1:86:DA:E2:29:BF:81:11:D8
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/kLgt42UXCSlPmmzBhtriKb-BEdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.18.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:4c:d4:19:95:f6:7e:f2:a6:d9:86:76:8d:05:dc:d7:79:22:
         cc:11:92:20:fb:6d:63:09:2f:56:7b:0f:4d:28:2a:db:d5:d3:
         7b:ff:c0:9f:57:8f:1e:62:0e:56:a7:64:a3:ac:17:6f:43:d1:
         22:75:47:9f:1f:a1:96:4f:5b:67:3b:9b:34:95:00:a7:94:2d:
         c7:6e:de:57:3e:ec:b1:c5:2e:db:a2:54:f7:99:80:1a:65:b5:
         37:85:7e:f8:b8:ac:ee:d2:b7:f5:df:85:71:88:7b:7f:b2:f5:
         6c:a2:df:38:12:f9:cc:49:fe:6f:77:88:cf:76:06:3d:4d:07:
         a0:46:7a:61:81:20:56:0a:ef:d4:8e:49:ee:e4:31:05:e4:42:
         f0:07:bb:1c:1d:e5:3a:bb:94:a8:89:b2:02:57:3b:c7:e0:52:
         b6:08:92:1a:e0:c5:a5:a0:45:1c:e4:02:a1:cd:cc:72:58:f6:
         42:24:d2:50:01:4f:c7:82:e5:d1:41:b6:bf:2d:06:91:5e:41:
         d4:38:36:91:1d:73:d5:89:55:1c:09:31:b5:ed:fe:15:4d:90:
         ab:e0:4b:9a:2b:aa:8b:3c:7a:59:1d:37:f3:34:62:2e:08:cc:
         a1:92:8b:19:d7:bc:ff:68:35:20:55:01:ef:a6:cf:f5:4b:c2:
         36:85:0a:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZop0DhSPvwcaZuaCDcJGJ0SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjUxMDI4MDc1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI4MmRlMzY1MTcwOTI5NGY5YTZjYzE4NmRhZTIyOWJmODExMWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRubFAZp8jvIaq9hIDklS3OdnEbB
Dqz//rZ/UbVgrTFuxZlRQQaj+0NXSA/SuxIysB9e1giIrl1TzwDLzyzzy5CaF7u4
V6yfx0Po9McDEI35JCtjg3PMsQUKkKHaQTiXIXnSi77EOKMxz2zDBNi3CfMXDOpg
hEkWywdQEqATn4dxYwgoVeyjrR/Ck3IRMeYFANiJLVTxqNXC6O/cBTFrxO/3aZ96
c+DxJjteOMM5YRES/Fy6q30S1E3p63O0h6lCGhj0wn3iWfzQanPtJQtEhZQbf/Pn
wVvjgzEosmiXz5ptVUon1BBguQTCEB5AuvXqqcRyC4vfYfwfJPIZbVIUtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJC4LeNlFwkpT5pswYba4im/gRHYMB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEva0xndDQyVVhDU2xQbW16Qmh0cmlLYi1CRWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURI8MA0G
CSqGSIb3DQEBCwUAA4IBAQABTNQZlfZ+8qbZhnaNBdzXeSLMEZIg+21jCS9Wew9N
KCrb1dN7/8CfV48eYg5Wp2SjrBdvQ9EidUefH6GWT1tnO5s0lQCnlC3Hbt5XPuyx
xS7bolT3mYAaZbU3hX74uKzu0rf134VxiHt/svVsot84EvnMSf5vd4jPdgY9TQeg
RnphgSBWCu/Ujknu5DEF5ELwB7scHeU6u5SoibICVzvH4FK2CJIa4MWloEUc5AKh
zcxyWPZCJNJQAU/HguXRQba/LQaRXkHUODaRHXPViVUcCTG17f4VTZCr4EuaK6qL
PHpZHTfzNGIuCMyhkosZ17z/aDUgVQHvps/1S8I2hQqO
-----END CERTIFICATE-----