This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/LbIBxCm3zc4zW15g4xohoJX9qic.roa
File:                     LbIBxCm3zc4zW15g4xohoJX9qic.roa (raw, json)
Hash identifier:          6wgCSs5mGVTM6aHPm61i10v74wejjqjW11LjQknpJBs=
Subject key identifier:   2D:B2:01:C4:29:B7:CD:CE:33:5B:5E:60:E3:1A:21:A0:95:FD:AA:27
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       019B7A5AB8EB5B250CE9C60AADA068E2EE2E
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/LbIBxCm3zc4zW15g4xohoJX9qic.roa
Signing time:             Thu 01 Jan 2026 16:18:44 +0000
ROA not before:           Thu 01 Jan 2026 16:18:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215365
IP address blocks:        37.114.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 07:52:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:b8:eb:5b:25:0c:e9:c6:0a:ad:a0:68:e2:ee:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  1 16:18:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2db201c429b7cdce335b5e60e31a21a095fdaa27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4d:c6:66:df:95:17:a1:a6:70:a1:7d:31:c7:
                    d4:1f:cb:77:86:ae:fa:c2:99:31:51:ac:91:d1:22:
                    f4:c0:78:c9:83:3f:6d:c7:27:b7:5f:5b:5c:bd:c5:
                    f4:87:ba:47:31:1a:0d:f4:9e:00:9f:42:ec:68:42:
                    43:20:ea:b4:2a:5b:aa:d2:32:63:a9:cd:a7:60:d5:
                    06:f7:53:92:23:0e:9d:28:06:db:56:14:99:a7:94:
                    af:5d:a4:2a:b9:b9:b4:ca:16:33:e1:8d:49:c1:b5:
                    fd:9d:61:84:bc:a4:12:4a:25:f9:cc:fb:72:39:05:
                    15:d2:3e:67:a9:f3:ee:df:a4:6c:eb:51:1c:ce:38:
                    8a:4a:11:0c:4d:5d:ce:2b:cb:8b:56:bb:eb:38:ac:
                    b1:d5:ef:ed:ec:56:3c:b5:7b:b0:ed:2b:67:d7:8d:
                    1f:ad:a2:9e:70:29:25:9b:fa:3d:d4:b5:d6:08:e1:
                    8f:12:83:1c:04:b9:cc:de:38:a0:bc:bd:f8:ad:f9:
                    8d:8b:7b:64:e1:1c:9a:76:24:16:c2:17:cc:04:18:
                    01:19:b3:d4:13:b4:96:3b:ee:d9:01:7e:36:0d:35:
                    b2:99:b7:2d:ee:03:55:f8:03:85:90:7a:ae:0c:dc:
                    d0:82:a4:ec:75:25:80:f8:f2:7b:d6:20:e6:25:f9:
                    4b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B2:01:C4:29:B7:CD:CE:33:5B:5E:60:E3:1A:21:A0:95:FD:AA:27
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/LbIBxCm3zc4zW15g4xohoJX9qic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:55:0c:74:bb:64:18:46:ac:8c:92:b8:1b:04:15:5d:87:d5:
         d9:b2:62:de:4f:0f:25:20:ea:be:1e:ce:c9:b5:0e:a1:57:01:
         e7:dd:f9:1c:1b:42:9e:cc:fb:dc:42:29:69:3d:37:3e:69:9b:
         9e:82:c8:da:2e:3c:70:5c:c0:ab:63:99:d5:02:ce:ae:32:b0:
         73:e0:d0:99:19:e8:b0:78:3f:77:fb:03:7a:49:ad:7b:35:9d:
         79:35:ac:64:3d:13:4f:e9:5d:19:cf:52:7f:a8:5e:e9:fc:75:
         d7:5f:51:b6:ba:f9:53:71:65:32:d6:24:51:6b:ee:09:7b:c5:
         08:42:38:98:09:c8:1c:4e:d6:25:67:9b:1c:5a:95:34:19:51:
         82:8b:68:4c:10:4b:02:44:eb:58:68:fa:f2:b8:d1:a8:37:34:
         39:ff:e1:a0:8e:3f:e3:5c:e6:78:85:04:2d:b1:73:61:f3:4e:
         ea:ce:61:11:c6:b9:d0:cb:ef:36:bc:68:fb:84:b3:4c:74:cd:
         ca:68:17:27:92:ec:fa:fa:cc:82:14:89:d6:d9:1e:3b:d9:d5:
         18:e6:0a:a4:27:0b:60:e3:9c:db:3a:05:53:a0:3c:a4:95:53:
         e4:06:7b:13:09:34:ad:a8:ab:04:51:d1:c9:0c:4b:7b:82:2d:
         5b:8e:7e:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WrjrWyUM6cYKraBo4u4uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjYwMTAxMTYxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGIyMDFjNDI5YjdjZGNlMzM1YjVlNjBlMzFhMjFhMDk1ZmRhYTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArU3GZt+VF6GmcKF9McfUH8t3hq76
wpkxUayR0SL0wHjJgz9txye3X1tcvcX0h7pHMRoN9J4An0LsaEJDIOq0Kluq0jJj
qc2nYNUG91OSIw6dKAbbVhSZp5SvXaQqubm0yhYz4Y1JwbX9nWGEvKQSSiX5zPty
OQUV0j5nqfPu36Rs61EczjiKShEMTV3OK8uLVrvrOKyx1e/t7FY8tXuw7Stn140f
raKecCklm/o91LXWCOGPEoMcBLnM3jigvL34rfmNi3tk4RyadiQWwhfMBBgBGbPU
E7SWO+7ZAX42DTWymbct7gNV+AOFkHquDNzQgqTsdSWA+PJ71iDmJflLfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2yAcQpt83OM1teYOMaIaCV/aonMB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvTGJJQnhDbTN6YzR6VzE1ZzR4b2hvSlg5cWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXIjMA0G
CSqGSIb3DQEBCwUAA4IBAQBgVQx0u2QYRqyMkrgbBBVdh9XZsmLeTw8lIOq+Hs7J
tQ6hVwHn3fkcG0KezPvcQilpPTc+aZuegsjaLjxwXMCrY5nVAs6uMrBz4NCZGeiw
eD93+wN6Sa17NZ15NaxkPRNP6V0Zz1J/qF7p/HXXX1G2uvlTcWUy1iRRa+4Je8UI
QjiYCcgcTtYlZ5scWpU0GVGCi2hMEEsCROtYaPryuNGoNzQ5/+Ggjj/jXOZ4hQQt
sXNh807qzmERxrnQy+82vGj7hLNMdM3KaBcnkuz6+syCFInW2R472dUY5gqkJwtg
45zbOgVToDyklVPkBnsTCTStqKsEUdHJDEt7gi1bjn58
-----END CERTIFICATE-----