This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/Lac9mI8_0GODDuYUWUFmqBSt9mc.roa
File:                     Lac9mI8_0GODDuYUWUFmqBSt9mc.roa (raw, json)
Hash identifier:          CCm67OvIIp58ZZddyH8lbNoIHH7qksW59/3/CScmsJ8=
Subject key identifier:   2D:A7:3D:98:8F:3F:D0:63:83:0E:E6:14:59:41:66:A8:14:AD:F6:67
Certificate issuer:       /CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
Certificate serial:       019B7AC8A81F6E987C58BE9B9B501198DEC2
Authority key identifier: B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/Lac9mI8_0GODDuYUWUFmqBSt9mc.roa
Signing time:             Thu 01 Jan 2026 18:18:49 +0000
ROA not before:           Thu 01 Jan 2026 18:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        194.99.96.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:a8:1f:6e:98:7c:58:be:9b:9b:50:11:98:de:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b74ce3f3c5e5a2f9d8b8a4c77a8361f8a216f3ad
        Validity
            Not Before: Jan  1 18:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2da73d988f3fd063830ee614594166a814adf667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:97:5f:24:be:5d:3b:cc:33:3c:b7:7e:e1:0c:
                    ba:65:b3:89:a2:d1:9e:4a:15:1d:6d:c2:b8:cd:ca:
                    4f:1a:64:1a:1a:73:56:c4:80:89:9b:0c:75:e8:2c:
                    fb:2d:e6:97:aa:e4:9a:45:7d:74:d3:9f:40:fe:f0:
                    d6:c6:18:eb:b1:78:c0:6a:77:4d:fe:42:12:d5:65:
                    a7:55:74:83:9d:a7:62:43:50:04:44:57:10:1c:02:
                    f8:0d:02:7f:f8:90:d5:a7:55:a5:8d:04:e8:6e:2a:
                    1d:fb:2d:f1:87:fd:f8:81:ac:99:53:3f:df:8b:c7:
                    42:16:e5:df:8b:89:91:b4:93:a8:5d:f4:fe:e1:e4:
                    15:6b:af:86:50:79:db:d5:53:8c:b7:78:07:a7:da:
                    48:22:6d:e5:48:23:6d:01:d5:e5:5e:1b:cf:95:b3:
                    48:8e:87:3b:46:96:c3:7a:8e:1c:6c:5d:ac:47:cb:
                    8e:05:d5:55:9b:8a:74:bd:d9:6e:40:19:3e:d5:a0:
                    5a:86:f7:b6:30:6a:3e:0d:27:96:94:7e:62:b5:4d:
                    e9:17:eb:ba:db:56:3d:6b:43:66:0e:37:d4:2a:c4:
                    ac:65:7f:db:b6:2b:b7:5e:2e:22:c2:96:ae:4e:68:
                    91:e1:9b:ec:00:6a:4c:ac:06:56:be:79:1b:cc:0a:
                    6e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:A7:3D:98:8F:3F:D0:63:83:0E:E6:14:59:41:66:A8:14:AD:F6:67
            X509v3 Authority Key Identifier:
                keyid:B7:4C:E3:F3:C5:E5:A2:F9:D8:B8:A4:C7:7A:83:61:F8:A2:16:F3:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t0zj88XlovnYuKTHeoNh-KIW860.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/Lac9mI8_0GODDuYUWUFmqBSt9mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ac681f-05d2-4045-ae10-5ebdd9e2887c/1/t0zj88XlovnYuKTHeoNh-KIW860.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.99.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:3d:7d:2b:62:f6:8b:1a:cc:09:bb:59:23:c4:2c:5c:cd:04:
         4f:74:ed:02:77:13:c3:eb:0d:2e:a9:08:2d:00:3e:38:68:4f:
         d6:13:d4:83:55:e4:e2:5e:d7:b3:47:e7:31:39:0d:03:f0:a2:
         c6:7b:a7:b9:bb:9e:17:9d:19:87:3f:2e:a8:4b:c7:5c:35:16:
         d1:e5:1a:96:1b:de:f6:08:07:8b:e0:e8:06:cb:5f:8b:0e:89:
         e1:3c:4b:96:3d:50:da:fb:b2:33:38:90:4e:c2:a6:2a:1a:d9:
         7c:ae:fc:62:aa:a7:1c:98:11:48:7f:66:3f:9a:02:f7:c4:df:
         b3:c0:d5:1a:e4:07:5c:d5:b8:28:df:c8:29:e9:9d:dc:b4:8e:
         96:f9:20:06:b9:15:d0:37:11:5a:b1:0b:42:ce:50:45:ee:dc:
         69:cb:5b:67:8f:7e:16:e1:49:54:8d:0e:a8:9c:78:06:3b:6b:
         69:c0:22:a5:6f:4f:13:09:fb:21:8c:b7:b5:53:1e:28:fc:6e:
         4f:23:9d:d1:6c:ed:4e:74:8f:ef:09:20:8a:d8:6a:00:69:75:
         b8:54:5d:2c:47:33:a4:43:1d:d4:fd:40:fb:24:e7:00:61:66:
         2c:a5:07:56:5d:d7:cf:18:4f:a4:00:16:df:af:60:1b:69:44:
         b8:3a:79:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yKgfbph8WL6bm1ARmN7CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3NGNlM2YzYzVlNWEyZjlkOGI4YTRjNzdhODM2MWY4YTIx
NmYzYWQwHhcNMjYwMTAxMTgxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGE3M2Q5ODhmM2ZkMDYzODMwZWU2MTQ1OTQxNjZhODE0YWRmNjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnJdfJL5dO8wzPLd+4Qy6ZbOJotGe
ShUdbcK4zcpPGmQaGnNWxICJmwx16Cz7LeaXquSaRX10059A/vDWxhjrsXjAandN
/kIS1WWnVXSDnadiQ1AERFcQHAL4DQJ/+JDVp1WljQTobiod+y3xh/34gayZUz/f
i8dCFuXfi4mRtJOoXfT+4eQVa6+GUHnb1VOMt3gHp9pIIm3lSCNtAdXlXhvPlbNI
joc7RpbDeo4cbF2sR8uOBdVVm4p0vdluQBk+1aBahve2MGo+DSeWlH5itU3pF+u6
21Y9a0NmDjfUKsSsZX/btiu3Xi4iwpauTmiR4ZvsAGpMrAZWvnkbzApubQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2nPZiPP9Bjgw7mFFlBZqgUrfZnMB8GA1UdIwQY
MBaAFLdM4/PF5aL52Likx3qDYfiiFvOtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDB6ajg4WGxvdm5ZdUtUSGVvTmgtS0lXODYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9hYzY4MWYtMDVkMi00MDQ1LWFlMTAt
NWViZGQ5ZTI4ODdjLzEvTGFjOW1JOF8wR09ERHVZVVdVRm1xQlN0OW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9hYzY4MWYtMDVkMi00MDQ1LWFlMTAtNWViZGQ5ZTI4ODdj
LzEvdDB6ajg4WGxvdm5ZdUtUSGVvTmgtS0lXODYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwmNgMA0G
CSqGSIb3DQEBCwUAA4IBAQAdPX0rYvaLGswJu1kjxCxczQRPdO0CdxPD6w0uqQgt
AD44aE/WE9SDVeTiXtezR+cxOQ0D8KLGe6e5u54XnRmHPy6oS8dcNRbR5RqWG972
CAeL4OgGy1+LDonhPEuWPVDa+7IzOJBOwqYqGtl8rvxiqqccmBFIf2Y/mgL3xN+z
wNUa5Adc1bgo38gp6Z3ctI6W+SAGuRXQNxFasQtCzlBF7txpy1tnj34W4UlUjQ6o
nHgGO2tpwCKlb08TCfshjLe1Ux4o/G5PI53RbO1OdI/vCSCK2GoAaXW4VF0sRzOk
Qx3U/UD7JOcAYWYspQdWXdfPGE+kABbfr2AbaUS4OnkG
-----END CERTIFICATE-----