This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/LjhJq6z0EutkdYUDvjPf54YMQCY.roa
File:                     LjhJq6z0EutkdYUDvjPf54YMQCY.roa (raw, json)
Hash identifier:          UJ/E0MSAhlopMBAQ1Fn4sYzS7IPnJ8HsG+SPAcDqln8=
Subject key identifier:   2E:38:49:AB:AC:F4:12:EB:64:75:85:03:BE:33:DF:E7:86:0C:40:26
Certificate issuer:       /CN=3617c0659666985e185d84121e8c20a3644ea98d
Certificate serial:       019B7910A3E691DCBD7CCC0DD41CBE3D29C6
Authority key identifier: 36:17:C0:65:96:66:98:5E:18:5D:84:12:1E:8C:20:A3:64:4E:A9:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NhfAZZZmmF4YXYQSHowgo2ROqY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/LjhJq6z0EutkdYUDvjPf54YMQCY.roa
Signing time:             Thu 01 Jan 2026 10:18:12 +0000
ROA not before:           Thu 01 Jan 2026 10:18:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15404
IP address blocks:        193.57.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/NhfAZZZmmF4YXYQSHowgo2ROqY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/NhfAZZZmmF4YXYQSHowgo2ROqY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NhfAZZZmmF4YXYQSHowgo2ROqY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 07:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:a3:e6:91:dc:bd:7c:cc:0d:d4:1c:be:3d:29:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3617c0659666985e185d84121e8c20a3644ea98d
        Validity
            Not Before: Jan  1 10:18:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e3849abacf412eb64758503be33dfe7860c4026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f6:65:11:32:f3:50:ad:93:4b:3d:f8:27:b2:
                    fc:1e:7d:a4:1e:b7:f0:1a:bf:0c:f5:15:fc:a3:0a:
                    a8:e0:19:35:99:28:7f:1c:22:e8:15:12:f6:13:57:
                    7e:98:27:56:87:f0:8a:fd:63:8a:dc:cb:77:c0:63:
                    03:03:f3:3e:86:f3:74:41:3c:ab:07:ec:07:5f:95:
                    03:5f:1e:13:88:2e:ca:97:d1:31:84:b5:ba:27:9e:
                    7c:a7:e6:b5:5a:f8:d9:61:20:4d:96:e3:22:4e:66:
                    44:bc:e9:94:57:94:56:1f:b2:a4:65:91:8c:5d:69:
                    a3:10:4e:01:36:62:96:3a:1f:3a:ad:f1:64:c7:84:
                    20:37:c2:33:30:8a:28:cc:bd:d9:9a:49:9a:ec:b4:
                    ac:9e:06:b4:61:90:cc:9a:cc:2d:a2:9d:14:7c:81:
                    00:ab:a5:f8:45:c4:7a:87:a6:a6:be:75:72:81:3b:
                    63:c1:da:12:98:b3:f9:e5:01:a2:62:5a:ed:49:30:
                    89:e6:52:18:d5:01:1e:37:52:83:4d:1b:62:c7:31:
                    0e:90:a9:e8:82:de:8e:fc:cb:48:fa:ec:72:51:d5:
                    86:7b:10:9a:59:50:9d:0b:a9:83:91:74:c3:94:ba:
                    4f:46:72:c8:25:ba:ba:18:29:1b:ff:67:99:18:bb:
                    d0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:38:49:AB:AC:F4:12:EB:64:75:85:03:BE:33:DF:E7:86:0C:40:26
            X509v3 Authority Key Identifier:
                keyid:36:17:C0:65:96:66:98:5E:18:5D:84:12:1E:8C:20:A3:64:4E:A9:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NhfAZZZmmF4YXYQSHowgo2ROqY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/LjhJq6z0EutkdYUDvjPf54YMQCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/d1791d-1c94-42e6-9e3c-67acd2c88051/1/NhfAZZZmmF4YXYQSHowgo2ROqY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:41:c5:46:a8:e4:dc:67:7a:5b:dc:ee:b4:cf:d5:13:17:e5:
         23:ab:4c:80:e1:f2:18:c8:23:96:70:42:05:1d:98:04:e9:aa:
         35:5f:05:9c:af:ae:98:87:a8:8b:c7:6d:fc:32:34:d6:58:7b:
         97:ed:51:4e:be:10:15:75:56:34:c1:67:50:6b:a4:df:42:55:
         9d:c7:69:43:e3:d2:46:4b:69:d1:85:38:25:30:cf:83:4e:f6:
         38:ae:52:31:6f:5c:1e:e9:d1:c0:14:46:ae:a9:75:95:2b:a2:
         ca:3a:36:1a:35:33:0f:9a:9d:a4:37:0b:2c:6d:b9:80:3e:34:
         92:02:ff:1e:05:19:78:99:8c:51:67:4f:b7:64:38:9b:29:3d:
         46:30:23:d9:f7:87:43:3e:8a:46:6e:7d:cc:0c:01:25:77:c5:
         b9:c7:b1:a6:84:69:e7:17:d3:bf:24:7e:66:64:a4:05:40:53:
         8c:25:da:c2:d0:a7:3c:75:97:97:da:b6:b9:b3:59:7a:e7:72:
         15:6d:ad:a2:78:06:cc:11:d1:01:96:0f:fa:2f:98:0e:85:9a:
         0f:c4:48:ba:7f:9c:c1:0b:2c:ab:d3:21:b3:99:9b:70:26:38:
         76:18:bd:5a:fd:0e:d7:05:0f:45:a4:20:08:4f:2b:e3:bb:47:
         f8:6c:bd:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EKPmkdy9fMwN1By+PSnGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MTdjMDY1OTY2Njk4NWUxODVkODQxMjFlOGMyMGEzNjQ0
ZWE5OGQwHhcNMjYwMTAxMTAxODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTM4NDlhYmFjZjQxMmViNjQ3NTg1MDNiZTMzZGZlNzg2MGM0MDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvZlETLzUK2TSz34J7L8Hn2kHrfw
Gr8M9RX8owqo4Bk1mSh/HCLoFRL2E1d+mCdWh/CK/WOK3Mt3wGMDA/M+hvN0QTyr
B+wHX5UDXx4TiC7Kl9ExhLW6J558p+a1WvjZYSBNluMiTmZEvOmUV5RWH7KkZZGM
XWmjEE4BNmKWOh86rfFkx4QgN8IzMIoozL3Zmkma7LSsnga0YZDMmswtop0UfIEA
q6X4RcR6h6amvnVygTtjwdoSmLP55QGiYlrtSTCJ5lIY1QEeN1KDTRtixzEOkKno
gt6O/MtI+uxyUdWGexCaWVCdC6mDkXTDlLpPRnLIJbq6GCkb/2eZGLvQCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC44Saus9BLrZHWFA74z3+eGDEAmMB8GA1UdIwQY
MBaAFDYXwGWWZpheGF2EEh6MIKNkTqmNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhmQVpaWm1tRjRZWFlRU0hvd2dvMlJPcVkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9kMTc5MWQtMWM5NC00MmU2LTllM2Mt
NjdhY2QyYzg4MDUxLzEvTGpoSnE2ejBFdXRrZFlVRHZqUGY1NFlNUUNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9kMTc5MWQtMWM5NC00MmU2LTllM2MtNjdhY2QyYzg4MDUx
LzEvTmhmQVpaWm1tRjRZWFlRU0hvd2dvMlJPcVkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTk4MA0G
CSqGSIb3DQEBCwUAA4IBAQAaQcVGqOTcZ3pb3O60z9UTF+Ujq0yA4fIYyCOWcEIF
HZgE6ao1XwWcr66Yh6iLx238MjTWWHuX7VFOvhAVdVY0wWdQa6TfQlWdx2lD49JG
S2nRhTglMM+DTvY4rlIxb1we6dHAFEauqXWVK6LKOjYaNTMPmp2kNwssbbmAPjSS
Av8eBRl4mYxRZ0+3ZDibKT1GMCPZ94dDPopGbn3MDAEld8W5x7GmhGnnF9O/JH5m
ZKQFQFOMJdrC0Kc8dZeX2ra5s1l653IVba2ieAbMEdEBlg/6L5gOhZoPxEi6f5zB
Cyyr0yGzmZtwJjh2GL1a/Q7XBQ9FpCAITyvju0f4bL1x
-----END CERTIFICATE-----