This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/LYGy5EllLjLC7TGMDgwkX0_QvDU.roa
File:                     LYGy5EllLjLC7TGMDgwkX0_QvDU.roa (raw, json)
Hash identifier:          xMfq4e5OlYkNcnNj+cpAE6tuZxSVsEy28YruLrqthqE=
Subject key identifier:   2D:81:B2:E4:49:65:2E:32:C2:ED:31:8C:0E:0C:24:5F:4F:D0:BC:35
Certificate issuer:       /CN=b4112bb59b0627da23af90c0f0584b71b50f778f
Certificate serial:       019B7C80648DAA27B7CEB81AC07D9BBBE9C9
Authority key identifier: B4:11:2B:B5:9B:06:27:DA:23:AF:90:C0:F0:58:4B:71:B5:0F:77:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBErtZsGJ9ojr5DA8FhLcbUPd48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/LYGy5EllLjLC7TGMDgwkX0_QvDU.roa
Signing time:             Fri 02 Jan 2026 02:19:07 +0000
ROA not before:           Fri 02 Jan 2026 02:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49537
IP address blocks:        194.169.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/tBErtZsGJ9ojr5DA8FhLcbUPd48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/tBErtZsGJ9ojr5DA8FhLcbUPd48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBErtZsGJ9ojr5DA8FhLcbUPd48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:64:8d:aa:27:b7:ce:b8:1a:c0:7d:9b:bb:e9:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4112bb59b0627da23af90c0f0584b71b50f778f
        Validity
            Not Before: Jan  2 02:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d81b2e449652e32c2ed318c0e0c245f4fd0bc35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a8:83:f9:89:16:f9:c8:81:e3:03:f5:c5:58:
                    9c:fa:81:00:c6:c2:54:28:e4:43:33:42:a5:cc:7d:
                    c1:e9:2e:d5:67:7c:d4:82:98:10:83:b9:3b:ef:d6:
                    48:46:96:a2:3e:67:4b:a5:6e:8f:e3:a8:ce:a9:2d:
                    df:b1:c1:c0:92:af:a1:43:e5:ad:72:97:10:d5:3e:
                    17:31:e5:0d:6c:a0:b5:b9:6f:07:45:b7:26:5c:31:
                    ca:01:47:60:f8:3f:4f:66:df:5a:82:50:96:0e:50:
                    3a:0c:b4:97:e4:07:38:8d:4d:64:d4:1b:f6:3b:39:
                    71:85:82:53:da:e5:6e:80:d9:d4:69:d8:10:a6:be:
                    e3:b4:76:d2:e1:d4:6b:28:73:81:03:40:6c:a1:34:
                    2f:56:bb:a4:71:97:98:2a:49:39:1c:d3:b9:ce:a7:
                    af:86:d8:51:1f:c7:0e:12:72:7e:9f:a6:36:8b:d3:
                    dc:70:27:ce:9b:45:37:5f:e1:21:8e:04:ec:87:f1:
                    9f:c2:0a:08:20:77:34:56:d9:bb:4b:01:9c:84:b3:
                    bc:2d:a1:46:dd:d5:44:73:8f:57:1f:e1:dd:f5:ca:
                    28:73:f3:88:25:26:b4:d6:b4:5b:00:57:8e:2e:dc:
                    3d:93:01:0c:3a:d0:b3:a0:5b:53:c5:ed:c5:db:05:
                    3d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:81:B2:E4:49:65:2E:32:C2:ED:31:8C:0E:0C:24:5F:4F:D0:BC:35
            X509v3 Authority Key Identifier:
                keyid:B4:11:2B:B5:9B:06:27:DA:23:AF:90:C0:F0:58:4B:71:B5:0F:77:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBErtZsGJ9ojr5DA8FhLcbUPd48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/LYGy5EllLjLC7TGMDgwkX0_QvDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/67d57e-f3de-4d10-bd9d-87a10bc68a37/1/tBErtZsGJ9ojr5DA8FhLcbUPd48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:45:dd:c4:46:37:c7:e5:02:aa:2f:54:03:39:8d:3e:19:f9:
         ad:6b:3a:56:0a:37:a3:42:df:ef:2e:d0:86:2c:67:85:ef:31:
         c2:e2:8a:52:65:22:34:e9:61:96:e6:e0:69:bd:9a:72:a6:c1:
         90:6d:34:50:ca:a1:e4:56:00:03:9c:9e:df:c8:6a:77:24:89:
         34:fa:25:96:24:31:84:f5:86:5f:76:e3:be:bc:fb:f3:7c:90:
         ce:67:57:b6:30:6d:8a:f8:7e:07:ac:39:fc:69:95:67:65:92:
         c4:49:99:e1:b9:02:d7:7f:f4:63:61:cf:96:f5:a0:94:a9:26:
         41:3e:65:94:fd:cc:7d:ca:78:fe:8f:08:7f:c8:96:87:03:0f:
         7f:86:31:ab:f3:4f:e1:6d:06:8e:db:77:2b:af:37:e6:c7:c5:
         41:ff:90:f2:31:5a:cb:4e:3d:7f:8f:5b:a7:c1:99:12:42:96:
         54:cc:ad:ed:3b:ef:5d:34:90:02:6b:90:d2:58:21:6b:a3:ca:
         ec:05:c7:eb:c8:60:ba:aa:b2:fc:da:55:e8:51:6b:c7:84:fa:
         e1:d7:48:c4:7e:b8:e4:68:8c:e0:f6:13:be:14:0d:90:d1:42:
         88:c0:98:03:c8:c6:71:55:ab:83:39:ef:60:22:b8:ff:01:2f:
         4b:0f:4a:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gGSNqie3zrgawH2bu+nJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MTEyYmI1OWIwNjI3ZGEyM2FmOTBjMGYwNTg0YjcxYjUw
Zjc3OGYwHhcNMjYwMTAyMDIxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDgxYjJlNDQ5NjUyZTMyYzJlZDMxOGMwZTBjMjQ1ZjRmZDBiYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KiD+YkW+ciB4wP1xVic+oEAxsJU
KORDM0KlzH3B6S7VZ3zUgpgQg7k779ZIRpaiPmdLpW6P46jOqS3fscHAkq+hQ+Wt
cpcQ1T4XMeUNbKC1uW8HRbcmXDHKAUdg+D9PZt9aglCWDlA6DLSX5Ac4jU1k1Bv2
OzlxhYJT2uVugNnUadgQpr7jtHbS4dRrKHOBA0BsoTQvVrukcZeYKkk5HNO5zqev
hthRH8cOEnJ+n6Y2i9PccCfOm0U3X+EhjgTsh/GfwgoIIHc0Vtm7SwGchLO8LaFG
3dVEc49XH+Hd9cooc/OIJSa01rRbAFeOLtw9kwEMOtCzoFtTxe3F2wU9jQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2BsuRJZS4ywu0xjA4MJF9P0Lw1MB8GA1UdIwQY
MBaAFLQRK7WbBifaI6+QwPBYS3G1D3ePMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJFcnRac0dKOW9qcjVEQThGaExjYlVQZDQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy82N2Q1N2UtZjNkZS00ZDEwLWJkOWQt
ODdhMTBiYzY4YTM3LzEvTFlHeTVFbGxMakxDN1RHTURnd2tYMF9RdkRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy82N2Q1N2UtZjNkZS00ZDEwLWJkOWQtODdhMTBiYzY4YTM3
LzEvdEJFcnRac0dKOW9qcjVEQThGaExjYlVQZDQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwqnWMA0G
CSqGSIb3DQEBCwUAA4IBAQAORd3ERjfH5QKqL1QDOY0+GfmtazpWCjejQt/vLtCG
LGeF7zHC4opSZSI06WGW5uBpvZpypsGQbTRQyqHkVgADnJ7fyGp3JIk0+iWWJDGE
9YZfduO+vPvzfJDOZ1e2MG2K+H4HrDn8aZVnZZLESZnhuQLXf/RjYc+W9aCUqSZB
PmWU/cx9ynj+jwh/yJaHAw9/hjGr80/hbQaO23crrzfmx8VB/5DyMVrLTj1/j1un
wZkSQpZUzK3tO+9dNJACa5DSWCFro8rsBcfryGC6qrL82lXoUWvHhPrh10jEfrjk
aIzg9hO+FA2Q0UKIwJgDyMZxVauDOe9gIrj/AS9LD0oa
-----END CERTIFICATE-----