This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/L1cSbjjQGctZbYceguMaYMQAPvU.roa
File:                     L1cSbjjQGctZbYceguMaYMQAPvU.roa (raw, json)
Hash identifier:          peUd7meGLOIIhj/OSy9KzfxP7xwU4LdriyeCXz9sbec=
Subject key identifier:   2F:57:12:6E:38:D0:19:CB:59:6D:87:1E:82:E3:1A:60:C4:00:3E:F5
Certificate issuer:       /CN=e89f228577fa91b2709e70b819ff469c4cc2ea91
Certificate serial:       019B7B36B7328291E6CA51626AD38FE14676
Authority key identifier: E8:9F:22:85:77:FA:91:B2:70:9E:70:B8:19:FF:46:9C:4C:C2:EA:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/L1cSbjjQGctZbYceguMaYMQAPvU.roa
Signing time:             Thu 01 Jan 2026 20:19:01 +0000
ROA not before:           Thu 01 Jan 2026 20:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42321
IP address blocks:        194.0.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:b7:32:82:91:e6:ca:51:62:6a:d3:8f:e1:46:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e89f228577fa91b2709e70b819ff469c4cc2ea91
        Validity
            Not Before: Jan  1 20:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f57126e38d019cb596d871e82e31a60c4003ef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:77:ea:cf:bb:5c:73:0e:ee:c6:14:79:8b:3d:
                    9d:1d:43:d9:a9:98:39:79:1b:b6:57:de:6c:c0:d8:
                    ee:4a:a3:9e:b9:bf:76:e5:ef:a4:a4:64:2a:41:2e:
                    f6:28:8a:1a:d3:e2:87:8d:ee:b5:6a:e7:be:ba:92:
                    f9:7a:5b:f7:92:70:7f:27:ca:9d:10:05:71:a1:6e:
                    91:e2:2d:fd:35:eb:b0:9b:71:f4:6b:6e:5d:5e:71:
                    c3:2c:e0:12:85:67:77:b3:85:82:80:9b:d9:9d:9b:
                    10:8d:00:23:0e:78:8b:44:f6:49:4f:a3:dc:a1:1f:
                    0b:ad:fa:f9:19:59:eb:0a:f0:3b:ab:b5:77:3a:3a:
                    18:6c:2b:08:89:af:39:18:29:22:0d:ee:30:ad:6d:
                    c2:a8:4c:01:05:ff:b3:4e:bf:c9:71:c4:97:ea:1b:
                    f9:4e:35:3c:87:79:40:f9:1d:4b:8a:b2:07:0a:06:
                    23:10:f5:e0:19:fb:6e:51:7f:60:5c:37:4a:43:a2:
                    07:b6:00:87:64:9e:31:1c:58:6c:ef:93:f5:80:80:
                    45:e7:c8:c5:e1:29:f2:cb:2a:63:02:7b:42:ba:aa:
                    4b:fe:f4:c1:22:01:3f:95:7f:b9:b3:d7:11:7e:ec:
                    f1:72:8d:06:a7:3a:ea:cb:5c:b7:fb:45:32:84:04:
                    ef:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:57:12:6E:38:D0:19:CB:59:6D:87:1E:82:E3:1A:60:C4:00:3E:F5
            X509v3 Authority Key Identifier:
                keyid:E8:9F:22:85:77:FA:91:B2:70:9E:70:B8:19:FF:46:9C:4C:C2:EA:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/L1cSbjjQGctZbYceguMaYMQAPvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/9e5259-3d31-402d-b390-4c8fae529936/1/6J8ihXf6kbJwnnC4Gf9GnEzC6pE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:6d:24:ab:17:c0:d2:5a:1a:fa:ca:03:29:db:02:1f:28:86:
         e6:ce:30:46:6f:6e:0b:72:48:86:33:a8:d3:f3:32:9f:7f:4f:
         b2:f5:21:ff:3c:4a:14:6a:ab:c0:2e:85:5c:7f:82:3d:06:ab:
         fe:c0:55:4e:b0:b4:a3:07:c8:c4:3b:17:46:71:91:4b:9c:58:
         09:27:58:ff:45:67:cd:02:3f:d1:3b:8e:68:f2:be:ac:f5:9b:
         a1:03:e4:d4:cc:48:90:da:2c:52:0e:d7:e1:6e:e4:62:5f:8b:
         29:ab:0a:4a:0f:45:2c:c7:21:81:60:ee:5a:65:91:12:60:5c:
         e2:43:27:73:fa:70:f2:b7:37:82:ae:ed:cf:ff:b3:4f:24:13:
         80:ce:bf:9e:9a:21:96:f6:ea:8c:ba:15:ac:0d:e0:25:24:d4:
         31:a6:f8:14:37:d1:21:85:ef:4a:87:d2:b0:55:5d:c1:d1:d5:
         0e:d3:09:0f:a2:c9:3f:f2:f2:94:7a:ca:0f:db:72:1b:0c:d2:
         5e:c6:76:5c:e8:30:40:b3:7a:f7:5a:c0:01:54:da:40:de:0f:
         f1:e3:08:45:5f:a3:19:a7:1c:ee:52:41:17:11:e9:5c:fb:48:
         9f:f9:7c:d8:45:84:12:91:e1:e1:d8:7d:5a:d0:41:3d:9a:38:
         04:7c:4f:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NrcygpHmylFiatOP4UZ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4OWYyMjg1NzdmYTkxYjI3MDllNzBiODE5ZmY0NjljNGNj
MmVhOTEwHhcNMjYwMTAxMjAxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjU3MTI2ZTM4ZDAxOWNiNTk2ZDg3MWU4MmUzMWE2MGM0MDAzZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmnfqz7tccw7uxhR5iz2dHUPZqZg5
eRu2V95swNjuSqOeub925e+kpGQqQS72KIoa0+KHje61aue+upL5elv3knB/J8qd
EAVxoW6R4i39Neuwm3H0a25dXnHDLOAShWd3s4WCgJvZnZsQjQAjDniLRPZJT6Pc
oR8Lrfr5GVnrCvA7q7V3OjoYbCsIia85GCkiDe4wrW3CqEwBBf+zTr/JccSX6hv5
TjU8h3lA+R1LirIHCgYjEPXgGftuUX9gXDdKQ6IHtgCHZJ4xHFhs75P1gIBF58jF
4SnyyypjAntCuqpL/vTBIgE/lX+5s9cRfuzxco0Gpzrqy1y3+0UyhATvWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC9XEm440BnLWW2HHoLjGmDEAD71MB8GA1UdIwQY
MBaAFOifIoV3+pGycJ5wuBn/RpxMwuqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNko4aWhYZjZrYkp3bm5DNEdmOUduRXpDNnBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy85ZTUyNTktM2QzMS00MDJkLWIzOTAt
NGM4ZmFlNTI5OTM2LzEvTDFjU2JqalFHY3RaYlljZWd1TWFZTVFBUHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy85ZTUyNTktM2QzMS00MDJkLWIzOTAtNGM4ZmFlNTI5OTM2
LzEvNko4aWhYZjZrYkp3bm5DNEdmOUduRXpDNnBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgDKMA0G
CSqGSIb3DQEBCwUAA4IBAQCYbSSrF8DSWhr6ygMp2wIfKIbmzjBGb24LckiGM6jT
8zKff0+y9SH/PEoUaqvALoVcf4I9Bqv+wFVOsLSjB8jEOxdGcZFLnFgJJ1j/RWfN
Aj/RO45o8r6s9ZuhA+TUzEiQ2ixSDtfhbuRiX4spqwpKD0UsxyGBYO5aZZESYFzi
Qydz+nDytzeCru3P/7NPJBOAzr+emiGW9uqMuhWsDeAlJNQxpvgUN9Ehhe9Kh9Kw
VV3B0dUO0wkPosk/8vKUesoP23IbDNJexnZc6DBAs3r3WsABVNpA3g/x4whFX6MZ
pxzuUkEXEelc+0if+XzYRYQSkeHh2H1a0EE9mjgEfE/6
-----END CERTIFICATE-----