This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/Lt1d_zlwhux2IVzKQWnKfN58kb4.roa
File:                     Lt1d_zlwhux2IVzKQWnKfN58kb4.roa (raw, json)
Hash identifier:          ir0joYXK6Nxy/SHex21LkKB897GX0TnoKlLbL29fcKU=
Subject key identifier:   2E:DD:5D:FF:39:70:86:EC:76:21:5C:CA:41:69:CA:7C:DE:7C:91:BE
Certificate issuer:       /CN=286687fb64a77f0100baf23d4f341ece775950e5
Certificate serial:       019B7A5B29600410504D87FD47E0D31D17B8
Authority key identifier: 28:66:87:FB:64:A7:7F:01:00:BA:F2:3D:4F:34:1E:CE:77:59:50:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KGaH-2SnfwEAuvI9TzQezndZUOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/Lt1d_zlwhux2IVzKQWnKfN58kb4.roa
Signing time:             Thu 01 Jan 2026 16:19:13 +0000
ROA not before:           Thu 01 Jan 2026 16:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60989
IP address blocks:        185.109.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/KGaH-2SnfwEAuvI9TzQezndZUOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/KGaH-2SnfwEAuvI9TzQezndZUOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KGaH-2SnfwEAuvI9TzQezndZUOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:29:60:04:10:50:4d:87:fd:47:e0:d3:1d:17:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=286687fb64a77f0100baf23d4f341ece775950e5
        Validity
            Not Before: Jan  1 16:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2edd5dff397086ec76215cca4169ca7cde7c91be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:d8:1b:3a:d5:e1:08:d9:2d:c9:1e:b0:a3:16:
                    81:41:0e:f2:0d:2c:58:3a:b3:4b:7a:d6:f2:bb:38:
                    f7:97:5c:c0:b3:b0:42:b0:e0:b8:ad:44:d5:ac:71:
                    1b:1e:b4:bd:f1:88:4f:00:86:e0:c9:6c:80:c2:c7:
                    22:c4:f5:cd:3c:ac:7b:75:5c:b2:7b:e2:40:62:39:
                    ad:f2:87:55:16:0f:22:37:3d:13:a5:a9:4b:b6:fd:
                    69:bf:78:3f:c6:ad:0d:12:d3:79:bf:be:e0:02:7c:
                    6e:dd:c3:06:3b:a2:d4:e4:24:9a:63:83:85:91:7b:
                    71:f5:46:1d:c6:29:ec:8c:42:fc:2a:6d:c6:56:12:
                    f7:b2:0f:b3:bf:b6:18:74:6e:2a:d8:0e:42:6c:56:
                    56:61:c0:0c:31:24:d3:f4:66:84:d9:47:5d:f8:62:
                    44:33:9c:85:b8:48:f5:d4:08:1a:b4:11:ce:ff:ac:
                    08:9e:50:27:10:63:81:06:4f:01:07:cd:7a:c7:03:
                    56:5b:85:d3:4a:af:86:bd:6b:ef:78:ed:64:90:ba:
                    2b:2e:c7:62:f5:c1:00:18:ab:82:72:61:fe:f1:41:
                    14:38:c4:67:9c:86:be:66:a6:f3:39:6c:cb:20:e0:
                    c7:02:e9:92:d7:37:a6:6d:6c:37:db:65:93:ab:a7:
                    d0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:DD:5D:FF:39:70:86:EC:76:21:5C:CA:41:69:CA:7C:DE:7C:91:BE
            X509v3 Authority Key Identifier:
                keyid:28:66:87:FB:64:A7:7F:01:00:BA:F2:3D:4F:34:1E:CE:77:59:50:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KGaH-2SnfwEAuvI9TzQezndZUOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/Lt1d_zlwhux2IVzKQWnKfN58kb4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/2052ad-3d41-45da-8474-6339f6b36bcb/1/KGaH-2SnfwEAuvI9TzQezndZUOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.109.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:61:dc:b8:d4:03:e9:d9:89:80:21:77:41:69:07:41:5c:35:
         50:f9:aa:ef:f9:05:02:1c:1d:7f:28:a3:a5:e3:49:7a:16:54:
         04:7a:6c:8a:f4:f9:5f:b4:92:e8:29:ac:57:27:7e:c6:ce:94:
         6e:b0:48:5f:42:d0:d4:95:be:19:6f:06:8d:d2:e2:75:5e:21:
         4e:51:a4:ed:24:14:6a:d3:26:aa:b7:f3:4e:d6:2a:16:6e:b2:
         d0:51:34:41:c3:7f:d2:87:87:f3:e9:26:b6:73:eb:c8:24:1e:
         2c:67:09:6e:67:9e:df:f1:a9:87:38:0f:35:05:7b:74:58:3f:
         9a:ad:00:a5:08:c7:6b:fe:07:83:6a:8e:18:5d:7a:6e:7a:5d:
         e6:8c:87:09:6e:79:6d:93:14:e2:15:50:a7:d6:a1:b3:7b:6f:
         b9:3b:fa:1f:af:05:7d:84:f8:2f:bd:0d:07:3c:8b:a7:d4:8f:
         57:18:97:95:f5:60:d7:35:d0:b5:ea:a1:ed:e3:4c:05:78:f5:
         f7:9b:76:c8:b8:7a:5e:c6:7a:2c:3d:e5:01:16:a4:cd:97:40:
         b1:db:7b:80:90:f5:ab:6e:d7:aa:4b:2f:07:7a:84:4e:4c:a2:
         36:9a:99:c9:1d:ca:ad:4f:b2:55:ba:c0:dd:0d:d3:95:63:84:
         23:3c:34:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WylgBBBQTYf9R+DTHRe4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NjY4N2ZiNjRhNzdmMDEwMGJhZjIzZDRmMzQxZWNlNzc1
OTUwZTUwHhcNMjYwMTAxMTYxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWRkNWRmZjM5NzA4NmVjNzYyMTVjY2E0MTY5Y2E3Y2RlN2M5MWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09gbOtXhCNktyR6woxaBQQ7yDSxY
OrNLetbyuzj3l1zAs7BCsOC4rUTVrHEbHrS98YhPAIbgyWyAwscixPXNPKx7dVyy
e+JAYjmt8odVFg8iNz0TpalLtv1pv3g/xq0NEtN5v77gAnxu3cMGO6LU5CSaY4OF
kXtx9UYdxinsjEL8Km3GVhL3sg+zv7YYdG4q2A5CbFZWYcAMMSTT9GaE2Udd+GJE
M5yFuEj11AgatBHO/6wInlAnEGOBBk8BB816xwNWW4XTSq+GvWvveO1kkLorLsdi
9cEAGKuCcmH+8UEUOMRnnIa+ZqbzOWzLIODHAumS1zembWw322WTq6fQLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7dXf85cIbsdiFcykFpynzefJG+MB8GA1UdIwQY
MBaAFChmh/tkp38BALryPU80Hs53WVDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0dhSC0yU25md0VBdXZJOVR6UWV6bmRaVU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8yMDUyYWQtM2Q0MS00NWRhLTg0NzQt
NjMzOWY2YjM2YmNiLzEvTHQxZF96bHdodXgySVZ6S1FXbktmTjU4a2I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8yMDUyYWQtM2Q0MS00NWRhLTg0NzQtNjMzOWY2YjM2YmNi
LzEvS0dhSC0yU25md0VBdXZJOVR6UWV6bmRaVU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuW0yMA0G
CSqGSIb3DQEBCwUAA4IBAQAHYdy41APp2YmAIXdBaQdBXDVQ+arv+QUCHB1/KKOl
40l6FlQEemyK9PlftJLoKaxXJ37GzpRusEhfQtDUlb4ZbwaN0uJ1XiFOUaTtJBRq
0yaqt/NO1ioWbrLQUTRBw3/Sh4fz6Sa2c+vIJB4sZwluZ57f8amHOA81BXt0WD+a
rQClCMdr/geDao4YXXpuel3mjIcJbnltkxTiFVCn1qGze2+5O/ofrwV9hPgvvQ0H
PIun1I9XGJeV9WDXNdC16qHt40wFePX3m3bIuHpexnosPeUBFqTNl0Cx23uAkPWr
bteqSy8HeoROTKI2mpnJHcqtT7JVusDdDdOVY4QjPDQU
-----END CERTIFICATE-----