This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/lex0MSfafX69jgAmgDrAWYS2f9Y.roa
File:                     lex0MSfafX69jgAmgDrAWYS2f9Y.roa (raw, json)
Hash identifier:          i/FMA/z6OJZHxVdVZzVnuaqiacIER1savYD4hQ1WM2g=
Subject key identifier:   95:EC:74:31:27:DA:7D:7E:BD:8E:00:26:80:3A:C0:59:84:B6:7F:D6
Certificate issuer:       /CN=400de28131c73b5f5320f51dae6c1bd47ab82f92
Certificate serial:       019B7C12E5124AC9C9F5A3D5F90C4CC8FDB0
Authority key identifier: 40:0D:E2:81:31:C7:3B:5F:53:20:F5:1D:AE:6C:1B:D4:7A:B8:2F:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QA3igTHHO19TIPUdrmwb1Hq4L5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/lex0MSfafX69jgAmgDrAWYS2f9Y.roa
Signing time:             Fri 02 Jan 2026 00:19:31 +0000
ROA not before:           Fri 02 Jan 2026 00:19:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        91.197.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/QA3igTHHO19TIPUdrmwb1Hq4L5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/QA3igTHHO19TIPUdrmwb1Hq4L5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QA3igTHHO19TIPUdrmwb1Hq4L5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 00:20:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:e5:12:4a:c9:c9:f5:a3:d5:f9:0c:4c:c8:fd:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=400de28131c73b5f5320f51dae6c1bd47ab82f92
        Validity
            Not Before: Jan  2 00:19:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95ec743127da7d7ebd8e0026803ac05984b67fd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:6d:7d:9f:f8:0a:99:e4:da:7f:29:63:f2:72:
                    19:4b:78:f8:8b:f4:4f:f0:86:64:ce:be:64:30:a8:
                    63:5f:e0:5c:8c:a9:73:6a:e9:41:85:22:f6:29:29:
                    ba:39:a7:11:6c:1b:e0:60:a2:bf:56:be:18:9e:1f:
                    ea:6e:fc:8c:6d:99:50:a8:4f:0c:09:b9:a2:a7:bb:
                    7c:62:c6:f8:31:68:ca:d5:8c:e3:ad:38:9c:4c:33:
                    ec:f7:d3:a3:b1:6b:eb:0f:04:6e:0f:ba:71:5b:02:
                    8c:1b:13:99:01:d3:a6:45:81:13:85:18:79:c7:72:
                    99:d5:99:e5:6b:b5:6e:18:7e:5b:c8:79:6c:bb:7d:
                    aa:ef:f6:2b:9a:f7:60:29:e5:b3:89:a2:84:f5:cc:
                    45:ed:19:0d:a8:ca:e2:17:55:2a:16:18:f2:d8:c8:
                    b8:c9:d7:96:4a:03:ea:04:5b:1f:e8:96:1b:ce:3c:
                    96:76:18:ec:3d:65:66:1a:21:4e:1b:f8:fc:77:78:
                    48:37:cb:d5:9f:3a:3e:d1:7e:16:9c:43:e9:e1:74:
                    77:60:d6:24:ad:78:bc:4f:36:00:4a:67:e9:b0:8a:
                    76:65:b1:0d:e5:29:f7:c3:da:5d:a8:d0:a0:28:30:
                    12:4b:cb:2a:b3:a3:48:d7:eb:32:45:50:e0:57:27:
                    20:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:EC:74:31:27:DA:7D:7E:BD:8E:00:26:80:3A:C0:59:84:B6:7F:D6
            X509v3 Authority Key Identifier:
                keyid:40:0D:E2:81:31:C7:3B:5F:53:20:F5:1D:AE:6C:1B:D4:7A:B8:2F:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QA3igTHHO19TIPUdrmwb1Hq4L5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/lex0MSfafX69jgAmgDrAWYS2f9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/QA3igTHHO19TIPUdrmwb1Hq4L5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:4c:fd:cd:c9:c6:d9:1d:51:5b:40:b5:1c:48:3d:d5:96:9d:
         35:53:bb:21:79:e7:5a:14:e1:ee:98:0f:3d:83:eb:c7:60:fe:
         f0:2e:f2:be:d1:47:35:42:0a:49:55:88:d3:d4:d4:bb:67:60:
         30:b1:b3:36:54:e6:7e:03:d2:8d:33:f2:61:5f:eb:28:41:e4:
         70:61:84:53:08:6f:12:b3:c5:4d:d5:37:fb:bf:38:76:93:12:
         51:af:ed:2a:89:06:34:6c:b3:8e:25:eb:20:c3:a1:14:45:ac:
         cf:bf:ae:2a:de:43:fe:78:58:34:17:09:81:f2:69:2d:95:f3:
         5e:48:14:d8:c8:ee:9e:61:f2:30:21:5a:1c:8e:0b:10:86:b1:
         aa:74:96:a5:8b:bc:3b:7d:68:ee:33:70:56:bb:df:cf:18:21:
         a9:a2:01:da:f8:37:56:bc:ed:e6:e3:34:1f:cc:5e:3d:b7:aa:
         d2:9d:fb:51:e1:69:ba:ac:4e:84:4c:66:48:76:fc:85:b5:af:
         bf:56:ee:81:b0:e5:fb:57:d1:2b:29:2c:ff:69:41:77:8f:cb:
         45:00:ef:89:6f:f9:27:0e:5f:a2:bc:e3:d6:d5:31:d6:c7:16:
         88:f7:01:84:18:df:e7:29:98:30:54:3b:3b:2e:ba:a1:1e:ea:
         24:9c:04:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EuUSSsnJ9aPV+QxMyP2wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMGRlMjgxMzFjNzNiNWY1MzIwZjUxZGFlNmMxYmQ0N2Fi
ODJmOTIwHhcNMjYwMTAyMDAxOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWVjNzQzMTI3ZGE3ZDdlYmQ4ZTAwMjY4MDNhYzA1OTg0YjY3ZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4W19n/gKmeTafylj8nIZS3j4i/RP
8IZkzr5kMKhjX+BcjKlzaulBhSL2KSm6OacRbBvgYKK/Vr4Ynh/qbvyMbZlQqE8M
Cbmip7t8Ysb4MWjK1YzjrTicTDPs99OjsWvrDwRuD7pxWwKMGxOZAdOmRYEThRh5
x3KZ1Znla7VuGH5byHlsu32q7/YrmvdgKeWziaKE9cxF7RkNqMriF1UqFhjy2Mi4
ydeWSgPqBFsf6JYbzjyWdhjsPWVmGiFOG/j8d3hIN8vVnzo+0X4WnEPp4XR3YNYk
rXi8TzYASmfpsIp2ZbEN5Sn3w9pdqNCgKDASS8sqs6NI1+syRVDgVycgPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXsdDEn2n1+vY4AJoA6wFmEtn/WMB8GA1UdIwQY
MBaAFEAN4oExxztfUyD1Ha5sG9R6uC+SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUEzaWdUSEhPMTlUSVBVZHJtd2IxSHE0TDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9lNzk3ZjItZjI3Mi00NjYzLWIxNDUt
YmM2YTFiMjFmZDVlLzEvbGV4ME1TZmFmWDY5amdBbWdEckFXWVMyZjlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9lNzk3ZjItZjI3Mi00NjYzLWIxNDUtYmM2YTFiMjFmZDVl
LzEvUUEzaWdUSEhPMTlUSVBVZHJtd2IxSHE0TDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8XzMA0G
CSqGSIb3DQEBCwUAA4IBAQAKTP3NycbZHVFbQLUcSD3Vlp01U7sheedaFOHumA89
g+vHYP7wLvK+0Uc1QgpJVYjT1NS7Z2AwsbM2VOZ+A9KNM/JhX+soQeRwYYRTCG8S
s8VN1Tf7vzh2kxJRr+0qiQY0bLOOJesgw6EURazPv64q3kP+eFg0FwmB8mktlfNe
SBTYyO6eYfIwIVocjgsQhrGqdJali7w7fWjuM3BWu9/PGCGpogHa+DdWvO3m4zQf
zF49t6rSnftR4Wm6rE6ETGZIdvyFta+/Vu6BsOX7V9ErKSz/aUF3j8tFAO+Jb/kn
Dl+ivOPW1THWxxaI9wGEGN/nKZgwVDs7LrqhHuoknASb
-----END CERTIFICATE-----