This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/564f3a-52d6-4d09-81e2-efa9391f7d9e/1/KEVzLpiIlZvYuzak8r2VEN0lblo.roa
File:                     KEVzLpiIlZvYuzak8r2VEN0lblo.roa (raw, json)
Hash identifier:          vPPG7HusI8DfbdkDC9LeEMSZP0GfYBRUhRWHNDe+9aA=
Subject key identifier:   28:45:73:2E:98:88:95:9B:D8:BB:36:A4:F2:BD:95:10:DD:25:6E:5A
Certificate issuer:       /CN=8bcbdb51eb80226f41477a7bc50e0f961455ed83
Certificate serial:       019B7E38390F5641F1112B9CB5B7442A62AF
Authority key identifier: 8B:CB:DB:51:EB:80:22:6F:41:47:7A:7B:C5:0E:0F:96:14:55:ED:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i8vbUeuAIm9BR3p7xQ4PlhRV7YM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/564f3a-52d6-4d09-81e2-efa9391f7d9e/1/KEVzLpiIlZvYuzak8r2VEN0lblo.roa
Signing time:             Fri 02 Jan 2026 10:19:32 +0000
ROA not before:           Fri 02 Jan 2026 10:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137
IP address blocks:        158.110.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/564f3a-52d6-4d09-81e2-efa9391f7d9e/1/i8vbUeuAIm9BR3p7xQ4PlhRV7YM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/564f3a-52d6-4d09-81e2-efa9391f7d9e/1/i8vbUeuAIm9BR3p7xQ4PlhRV7YM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i8vbUeuAIm9BR3p7xQ4PlhRV7YM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:39:0f:56:41:f1:11:2b:9c:b5:b7:44:2a:62:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bcbdb51eb80226f41477a7bc50e0f961455ed83
        Validity
            Not Before: Jan  2 10:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2845732e9888959bd8bb36a4f2bd9510dd256e5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c2:08:79:3b:b2:f7:79:10:c1:41:c9:01:0b:
                    ad:3a:10:26:02:54:7b:9e:27:6d:8f:58:1c:be:93:
                    df:29:d3:ca:cb:b6:6e:35:91:36:af:97:2a:01:ea:
                    31:e8:a2:bc:b8:44:dc:b7:ad:36:57:37:ef:e1:ec:
                    72:e1:19:86:e7:b7:7f:77:14:9d:50:7f:4b:f5:27:
                    be:73:d1:ec:ee:ac:2b:b1:d5:b3:62:7f:bd:89:8c:
                    bb:ac:09:aa:6f:6c:18:0f:5f:e9:bc:19:a1:1f:9f:
                    ce:fe:ec:bd:f6:e2:d6:03:6e:40:db:62:34:c3:14:
                    fc:34:33:5c:b7:e0:1b:a1:77:c5:04:90:29:92:e8:
                    9f:29:49:a2:bf:1e:22:bb:b7:00:7c:5f:f7:ab:8e:
                    2c:9f:2b:f0:62:5e:fe:f0:e8:ab:b3:89:f7:22:48:
                    68:36:63:81:41:60:fe:39:70:b0:27:63:b9:75:a5:
                    9d:a6:31:86:e2:85:c6:c5:c8:9e:ba:31:1b:4e:7b:
                    01:dd:13:98:36:5d:56:0b:c7:c6:e3:9a:f5:36:46:
                    5b:95:32:24:67:14:7d:e4:5a:af:5f:c8:26:56:05:
                    b5:30:da:e8:f3:ac:ac:de:be:b0:29:a4:04:a7:0a:
                    74:dc:4e:ab:f3:45:a2:6b:80:54:62:13:e6:12:f8:
                    61:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:45:73:2E:98:88:95:9B:D8:BB:36:A4:F2:BD:95:10:DD:25:6E:5A
            X509v3 Authority Key Identifier:
                keyid:8B:CB:DB:51:EB:80:22:6F:41:47:7A:7B:C5:0E:0F:96:14:55:ED:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i8vbUeuAIm9BR3p7xQ4PlhRV7YM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/564f3a-52d6-4d09-81e2-efa9391f7d9e/1/KEVzLpiIlZvYuzak8r2VEN0lblo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/564f3a-52d6-4d09-81e2-efa9391f7d9e/1/i8vbUeuAIm9BR3p7xQ4PlhRV7YM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.110.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         7f:56:ee:3c:9c:e1:e6:bb:16:81:24:f1:49:ed:98:f1:ee:e6:
         d2:1d:9a:0b:b8:54:0b:69:6c:c8:61:c4:5e:42:3e:69:bc:a5:
         d1:a9:b4:36:00:49:66:ae:d9:b5:b7:f9:84:e3:77:b7:a9:2b:
         3e:2a:ce:43:8d:0b:bf:25:4b:08:22:ef:ec:14:3a:70:17:41:
         b3:2a:ad:82:06:6f:6d:c8:44:54:41:e4:c3:98:7a:c2:5b:1d:
         1b:88:db:da:c2:83:6d:85:dc:5e:46:53:b8:ab:87:e6:bd:00:
         ac:a4:05:b7:fe:85:ee:9b:e7:c5:94:44:66:64:cb:01:a1:83:
         3e:2f:ed:ee:52:0b:5d:8a:d0:87:19:33:c1:dd:09:b3:b0:25:
         66:8d:42:f5:fd:f3:fe:b2:a2:69:90:bd:a7:75:13:e9:8e:4d:
         f0:42:6d:15:b1:3a:85:70:f2:6a:21:9f:eb:a2:b5:37:59:82:
         a3:01:b7:4c:8e:e7:05:c7:e5:f2:0d:de:37:a8:55:58:20:9e:
         3a:bb:27:13:f5:f5:dc:53:6f:82:5d:27:eb:18:9a:d5:a8:a5:
         a7:2a:94:42:a0:2b:29:20:0b:7b:ff:52:4f:2b:70:ef:54:e3:
         87:d0:2a:ef:94:59:da:6c:48:89:80:f0:73:9a:4b:5e:e7:38:
         8a:4c:a5:4d
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt+ODkPVkHxESuctbdEKmKvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiY2JkYjUxZWI4MDIyNmY0MTQ3N2E3YmM1MGUwZjk2MTQ1
NWVkODMwHhcNMjYwMTAyMTAxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODQ1NzMyZTk4ODg5NTliZDhiYjM2YTRmMmJkOTUxMGRkMjU2ZTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMIIeTuy93kQwUHJAQutOhAmAlR7
nidtj1gcvpPfKdPKy7ZuNZE2r5cqAeox6KK8uETct602Vzfv4exy4RmG57d/dxSd
UH9L9Se+c9Hs7qwrsdWzYn+9iYy7rAmqb2wYD1/pvBmhH5/O/uy99uLWA25A22I0
wxT8NDNct+AboXfFBJApkuifKUmivx4iu7cAfF/3q44snyvwYl7+8Oirs4n3Ikho
NmOBQWD+OXCwJ2O5daWdpjGG4oXGxcieujEbTnsB3ROYNl1WC8fG45r1NkZblTIk
ZxR95FqvX8gmVgW1MNro86ys3r6wKaQEpwp03E6r80Wia4BUYhPmEvhh2QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFChFcy6YiJWb2Ls2pPK9lRDdJW5aMB8GA1UdIwQY
MBaAFIvL21HrgCJvQUd6e8UOD5YUVe2DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTh2YlVldUFJbTlCUjNwN3hRNFBsaFJWN1lNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy81NjRmM2EtNTJkNi00ZDA5LTgxZTIt
ZWZhOTM5MWY3ZDllLzEvS0VWekxwaUlsWnZZdXphazhyMlZFTjBsYmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy81NjRmM2EtNTJkNi00ZDA5LTgxZTItZWZhOTM5MWY3ZDll
LzEvaTh2YlVldUFJbTlCUjNwN3hRNFBsaFJWN1lNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAnm4wDQYJ
KoZIhvcNAQELBQADggEBAH9W7jyc4ea7FoEk8UntmPHu5tIdmgu4VAtpbMhhxF5C
Pmm8pdGptDYASWau2bW3+YTjd7epKz4qzkONC78lSwgi7+wUOnAXQbMqrYIGb23I
RFRB5MOYesJbHRuI29rCg22F3F5GU7irh+a9AKykBbf+he6b58WURGZkywGhgz4v
7e5SC12K0IcZM8HdCbOwJWaNQvX98/6yommQvad1E+mOTfBCbRWxOoVw8mohn+ui
tTdZgqMBt0yO5wXH5fIN3jeoVVggnjq7JxP19dxTb4JdJ+sYmtWopacqlEKgKykg
C3v/Uk8rcO9U44fQKu+UWdpsSImA8HOaS17nOIpMpU0=
-----END CERTIFICATE-----