This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/Lbd7OlSYZZwy_6X1BIMG6Koz7d4.roa
File:                     Lbd7OlSYZZwy_6X1BIMG6Koz7d4.roa (raw, json)
Hash identifier:          tiYUvDBlf1LQU9lfVQg2G8kbpiC1hXVYCRazqiEsZus=
Subject key identifier:   2D:B7:7B:3A:54:98:65:9C:32:FF:A5:F5:04:83:06:E8:AA:33:ED:DE
Certificate issuer:       /CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
Certificate serial:       019B7DCB10AE6BD72786A49B310BFB23D099
Authority key identifier: 4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/Lbd7OlSYZZwy_6X1BIMG6Koz7d4.roa
Signing time:             Fri 02 Jan 2026 08:20:18 +0000
ROA not before:           Fri 02 Jan 2026 08:20:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6205
IP address blocks:        185.174.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 11:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:10:ae:6b:d7:27:86:a4:9b:31:0b:fb:23:d0:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da84d247ce37cdccf06e1571d226a2b85677bcd
        Validity
            Not Before: Jan  2 08:20:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2db77b3a5498659c32ffa5f5048306e8aa33edde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:21:90:67:ca:d1:2e:76:1c:7e:d7:b5:14:fa:
                    50:e4:be:79:7f:f0:49:ae:fb:21:6a:cd:fb:27:87:
                    31:e7:86:27:1f:d4:7f:e7:3d:b3:07:9f:1b:d7:bf:
                    d7:bc:5b:90:ed:c3:9b:54:17:10:3a:df:c2:1f:5a:
                    5b:b9:e1:79:4a:a1:ac:66:3d:d8:f3:6f:ae:63:88:
                    9e:cb:7b:04:90:00:59:88:c9:46:0f:8c:63:63:3f:
                    50:8b:f9:6d:f4:43:a5:84:ae:35:23:6d:13:dc:80:
                    6d:54:88:3d:04:d8:39:81:da:7e:e4:9f:b3:20:68:
                    f7:5f:29:11:f7:32:e4:f0:b8:6b:b4:ae:7e:9d:3e:
                    a6:cd:43:d2:36:f8:31:af:13:34:37:53:8e:8e:89:
                    62:9f:a1:3b:9d:8e:d4:77:9c:b1:54:d7:85:84:b9:
                    e4:0f:57:e0:f3:fa:70:15:9d:65:1d:0e:6c:6f:1f:
                    6c:b7:d9:e6:1b:eb:5a:34:f8:8c:da:be:64:05:c6:
                    86:3f:ca:d5:76:16:f3:fc:ce:89:db:41:a5:5b:38:
                    46:74:be:9c:83:1b:d8:96:0d:b0:06:d3:ec:86:5b:
                    12:df:2e:6b:36:fc:a8:05:e2:4a:b5:2d:af:f7:ef:
                    40:cf:45:2b:4a:f7:2f:0c:12:c8:62:c4:42:b6:8d:
                    bc:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B7:7B:3A:54:98:65:9C:32:FF:A5:F5:04:83:06:E8:AA:33:ED:DE
            X509v3 Authority Key Identifier:
                keyid:4D:A8:4D:24:7C:E3:7C:DC:CF:06:E1:57:1D:22:6A:2B:85:67:7B:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TahNJHzjfNzPBuFXHSJqK4Vne80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/Lbd7OlSYZZwy_6X1BIMG6Koz7d4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/210fbb-aa6e-49c9-918b-5558a8b53e3d/1/TahNJHzjfNzPBuFXHSJqK4Vne80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:6b:f2:d7:80:c9:0b:51:97:8f:e5:80:d2:14:ba:4c:8c:c7:
         f6:fb:64:19:b4:df:3a:7f:f8:16:b7:cd:68:fe:b8:ca:b1:39:
         78:62:61:de:ad:a5:86:3e:30:0c:81:39:5d:ed:7a:5b:13:d6:
         ac:6c:64:e9:e5:e1:c3:1c:ee:4c:6c:66:70:ad:6c:05:58:e8:
         a7:86:bd:12:49:e5:9e:70:89:e6:e8:31:f1:53:97:58:f3:27:
         f7:43:96:5b:a1:93:86:ec:09:43:3d:25:27:86:ab:9a:39:02:
         24:7b:6b:55:b8:6b:aa:f5:2a:54:17:20:dc:78:21:43:b3:fc:
         77:dc:d7:a1:09:51:c1:39:39:2f:60:11:d0:3b:ac:44:be:6c:
         62:3d:f5:a6:a9:99:2e:55:af:07:52:16:95:b1:0a:8e:a2:5d:
         03:82:d8:84:c2:73:01:ea:b4:70:24:4e:e9:34:8d:57:24:be:
         9c:66:f6:aa:a8:e9:a0:68:8c:38:4d:91:a3:32:eb:ac:28:56:
         6c:b3:dc:cd:a0:b0:1b:e7:a8:cf:d0:08:d1:ce:fc:32:7d:34:
         dd:bb:44:07:65:26:ae:b9:8b:56:88:cc:03:39:10:43:32:5d:
         f4:1c:26:a4:63:55:3e:fd:06:30:b5:d0:c6:9c:9b:50:65:b3:
         13:bc:02:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yxCua9cnhqSbMQv7I9CZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTg0ZDI0N2NlMzdjZGNjZjA2ZTE1NzFkMjI2YTJiODU2
NzdiY2QwHhcNMjYwMTAyMDgyMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGI3N2IzYTU0OTg2NTljMzJmZmE1ZjUwNDgzMDZlOGFhMzNlZGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyGQZ8rRLnYcfte1FPpQ5L55f/BJ
rvshas37J4cx54YnH9R/5z2zB58b17/XvFuQ7cObVBcQOt/CH1pbueF5SqGsZj3Y
82+uY4iey3sEkABZiMlGD4xjYz9Qi/lt9EOlhK41I20T3IBtVIg9BNg5gdp+5J+z
IGj3XykR9zLk8LhrtK5+nT6mzUPSNvgxrxM0N1OOjolin6E7nY7Ud5yxVNeFhLnk
D1fg8/pwFZ1lHQ5sbx9st9nmG+taNPiM2r5kBcaGP8rVdhbz/M6J20GlWzhGdL6c
gxvYlg2wBtPshlsS3y5rNvyoBeJKtS2v9+9Az0UrSvcvDBLIYsRCto28qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC23ezpUmGWcMv+l9QSDBuiqM+3eMB8GA1UdIwQY
MBaAFE2oTSR843zczwbhVx0iaiuFZ3vNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGIt
NTU1OGE4YjUzZTNkLzEvTGJkN09sU1laWnd5XzZYMUJJTUc2S296N2Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC8yMTBmYmItYWE2ZS00OWM5LTkxOGItNTU1OGE4YjUzZTNk
LzEvVGFoTkpIempmTnpQQnVGWEhTSnFLNFZuZTgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAua5FMA0G
CSqGSIb3DQEBCwUAA4IBAQAfa/LXgMkLUZeP5YDSFLpMjMf2+2QZtN86f/gWt81o
/rjKsTl4YmHeraWGPjAMgTld7XpbE9asbGTp5eHDHO5MbGZwrWwFWOinhr0SSeWe
cInm6DHxU5dY8yf3Q5ZboZOG7AlDPSUnhquaOQIke2tVuGuq9SpUFyDceCFDs/x3
3NehCVHBOTkvYBHQO6xEvmxiPfWmqZkuVa8HUhaVsQqOol0DgtiEwnMB6rRwJE7p
NI1XJL6cZvaqqOmgaIw4TZGjMuusKFZss9zNoLAb56jP0AjRzvwyfTTdu0QHZSau
uYtWiMwDORBDMl30HCakY1U+/QYwtdDGnJtQZbMTvAKY
-----END CERTIFICATE-----