This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/lUw_XdZP6bX4n5-SYWNG2-zZnOw.roa
File:                     lUw_XdZP6bX4n5-SYWNG2-zZnOw.roa (raw, json)
Hash identifier:          +jsK4yuTKnCvpnRDtOXNtNGBeHyq7q+eUpA+NUbQ1Is=
Subject key identifier:   95:4C:3F:5D:D6:4F:E9:B5:F8:9F:9F:92:61:63:46:DB:EC:D9:9C:EC
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       019B7E38053D7981F03D5F1C345E27F81A43
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/lUw_XdZP6bX4n5-SYWNG2-zZnOw.roa
Signing time:             Fri 02 Jan 2026 10:19:19 +0000
ROA not before:           Fri 02 Jan 2026 10:19:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        130.49.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 13:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:05:3d:79:81:f0:3d:5f:1c:34:5e:27:f8:1a:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Jan  2 10:19:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=954c3f5dd64fe9b5f89f9f92616346dbecd99cec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c6:c0:96:f8:8c:55:78:29:e7:b3:36:e0:86:
                    07:b0:e4:40:a0:3c:23:c1:ca:28:71:1a:b1:e7:58:
                    00:36:68:6f:a5:69:de:bf:cd:32:35:5f:4b:2f:df:
                    66:8f:7e:a0:76:a9:70:b2:09:7b:c1:9c:80:3a:75:
                    99:95:c5:6d:dd:85:da:ea:fb:e1:e6:94:11:e9:4c:
                    d3:dd:28:61:d6:b6:4a:71:36:4d:5a:03:58:ed:e3:
                    92:c7:8c:96:c9:ba:2a:0d:8b:ed:ee:d5:e9:77:b0:
                    69:c7:c4:52:7a:31:43:81:ea:1b:1d:81:7a:5c:25:
                    e0:5e:57:26:10:54:49:9e:da:c3:d0:97:e2:c2:ad:
                    c8:c2:42:db:61:f3:b0:74:aa:cb:86:79:ae:ad:48:
                    2c:a7:2f:a9:9a:24:c4:cc:65:9e:95:1c:1c:95:df:
                    31:0e:c2:d4:bb:0a:08:ab:37:cb:4d:df:d0:e1:03:
                    fa:03:44:53:e2:3c:26:9c:d7:90:a1:8e:48:f6:6d:
                    b9:86:b1:58:2e:00:b0:72:73:41:57:07:33:16:b5:
                    be:53:93:45:82:29:d8:b6:5d:94:eb:be:e6:f1:40:
                    58:1e:0a:26:30:4c:79:77:88:39:55:57:7f:13:9d:
                    d3:01:ea:bb:0d:2c:e4:21:02:0e:41:d8:c5:eb:71:
                    60:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:4C:3F:5D:D6:4F:E9:B5:F8:9F:9F:92:61:63:46:DB:EC:D9:9C:EC
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/lUw_XdZP6bX4n5-SYWNG2-zZnOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.49.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:72:69:46:45:ad:06:d3:71:a9:2f:52:2e:4f:c7:eb:28:80:
         cc:75:cc:6a:a8:0d:15:74:1a:e5:b4:41:82:92:7a:f3:2b:ab:
         e2:e8:78:7b:cc:71:41:6f:0c:31:ca:1c:cf:10:f9:eb:fb:b6:
         33:b4:35:b1:7a:b0:0d:44:70:73:1e:f1:ee:40:a0:68:bf:2a:
         55:6d:0b:a0:26:80:97:0f:e6:5e:bf:52:1b:e8:42:70:1d:5c:
         32:48:c3:41:5a:03:64:9d:db:b7:4c:17:07:86:af:00:94:a3:
         26:0c:2d:a2:82:12:c6:a5:19:f7:aa:b3:44:26:ac:1e:bf:01:
         e4:6d:3c:e7:b5:7e:e5:17:6c:63:14:bd:da:5e:dc:67:0e:3a:
         7f:d8:60:a0:61:2f:38:0b:2d:00:ff:6a:72:d8:e3:1b:f2:60:
         0e:c7:97:5b:d3:c9:ec:0c:25:fc:63:73:61:66:a6:e6:9a:6c:
         58:a8:3b:7a:64:ee:fc:fe:a6:8a:fd:ab:3a:4f:e0:b8:1e:15:
         d9:d8:f3:3f:cf:a2:af:7a:69:dc:ea:7a:e3:77:5e:e3:51:ec:
         c9:4a:d0:ab:f8:0a:bf:94:59:42:99:26:f5:62:0a:04:c3:32:
         8d:c3:46:7a:e1:94:91:fe:8d:00:6a:8b:20:a0:34:19:00:55:
         e3:1a:77:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OAU9eYHwPV8cNF4n+BpDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjYwMTAyMTAxOTE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTRjM2Y1ZGQ2NGZlOWI1Zjg5ZjlmOTI2MTYzNDZkYmVjZDk5Y2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcbAlviMVXgp57M24IYHsORAoDwj
wcoocRqx51gANmhvpWnev80yNV9LL99mj36gdqlwsgl7wZyAOnWZlcVt3YXa6vvh
5pQR6UzT3Shh1rZKcTZNWgNY7eOSx4yWyboqDYvt7tXpd7Bpx8RSejFDgeobHYF6
XCXgXlcmEFRJntrD0Jfiwq3IwkLbYfOwdKrLhnmurUgspy+pmiTEzGWelRwcld8x
DsLUuwoIqzfLTd/Q4QP6A0RT4jwmnNeQoY5I9m25hrFYLgCwcnNBVwczFrW+U5NF
ginYtl2U677m8UBYHgomMEx5d4g5VVd/E53TAeq7DSzkIQIOQdjF63FgIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVMP13WT+m1+J+fkmFjRtvs2ZzsMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvbFV3X1hkWlA2Ylg0bjUtU1lXTkcyLXpabk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgjHZMA0G
CSqGSIb3DQEBCwUAA4IBAQCpcmlGRa0G03GpL1IuT8frKIDMdcxqqA0VdBrltEGC
knrzK6vi6Hh7zHFBbwwxyhzPEPnr+7YztDWxerANRHBzHvHuQKBovypVbQugJoCX
D+Zev1Ib6EJwHVwySMNBWgNkndu3TBcHhq8AlKMmDC2ighLGpRn3qrNEJqwevwHk
bTzntX7lF2xjFL3aXtxnDjp/2GCgYS84Cy0A/2py2OMb8mAOx5db08nsDCX8Y3Nh
ZqbmmmxYqDt6ZO78/qaK/as6T+C4HhXZ2PM/z6Kvemnc6nrjd17jUezJStCr+Aq/
lFlCmSb1YgoEwzKNw0Z64ZSR/o0AaosgoDQZAFXjGnej
-----END CERTIFICATE-----