This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/LfKEiBUYG-rD2066F2HvQK8WvPg.roa
File:                     LfKEiBUYG-rD2066F2HvQK8WvPg.roa (raw, json)
Hash identifier:          P6VfgqJ5zT/fBeMm4CrVPEyhOWX2kuGJJ1u66qFZ3ms=
Subject key identifier:   2D:F2:84:88:15:18:1B:EA:C3:DB:4E:BA:17:61:EF:40:AF:16:BC:F8
Certificate issuer:       /CN=4f32b9eff9f02c7cabe1995a2db509d8258d35fc
Certificate serial:       019B7DCAD0EC02396B1A238786DAD4B7AE47
Authority key identifier: 4F:32:B9:EF:F9:F0:2C:7C:AB:E1:99:5A:2D:B5:09:D8:25:8D:35:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/LfKEiBUYG-rD2066F2HvQK8WvPg.roa
Signing time:             Fri 02 Jan 2026 08:20:02 +0000
ROA not before:           Fri 02 Jan 2026 08:20:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198949
IP address blocks:        132.76.0.0/16 maxlen: 16
                          132.77.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 14:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:d0:ec:02:39:6b:1a:23:87:86:da:d4:b7:ae:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f32b9eff9f02c7cabe1995a2db509d8258d35fc
        Validity
            Not Before: Jan  2 08:20:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2df2848815181beac3db4eba1761ef40af16bcf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:f7:4e:4d:ac:6d:75:37:a9:dc:4f:bf:53:27:
                    77:57:d9:84:b8:12:04:86:1b:27:bb:6f:9b:73:d5:
                    2b:07:28:42:ad:0f:c7:1b:10:d6:87:0d:d8:3c:02:
                    0b:45:20:3a:a8:df:d9:5f:a6:a1:2b:b4:94:1e:e7:
                    fe:fc:b8:d6:3e:7c:d8:cb:60:f7:bb:6b:20:50:eb:
                    7f:35:98:68:c9:ab:d4:d2:02:d5:85:32:bf:e7:b3:
                    a0:c7:c4:32:f5:02:24:1b:16:b8:c0:77:ce:57:f5:
                    7d:5e:2a:01:84:87:81:6d:d7:6d:70:9e:71:a8:a8:
                    ff:cd:4a:ce:54:86:48:90:60:f7:17:2a:07:3c:aa:
                    c7:d0:1f:e1:b3:bf:93:45:86:6d:20:c2:ee:45:8f:
                    f2:9f:ef:58:ac:ad:7f:97:9f:25:ab:d6:50:bd:33:
                    e5:5d:5f:f0:fe:89:c1:55:f7:e1:5a:ab:2e:be:a3:
                    95:d1:aa:86:68:9d:7e:ed:5b:64:bd:d8:27:1a:ce:
                    ac:58:da:7e:68:36:ba:f2:49:d6:d4:63:0e:14:f2:
                    5d:c3:1f:b4:3c:5f:a0:79:ca:01:b5:5e:04:56:ed:
                    54:d2:ab:1a:fd:22:c0:16:17:77:6a:91:7e:7b:c6:
                    97:50:c6:11:e8:43:3e:94:62:ee:77:bf:3d:7e:65:
                    03:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:F2:84:88:15:18:1B:EA:C3:DB:4E:BA:17:61:EF:40:AF:16:BC:F8
            X509v3 Authority Key Identifier:
                keyid:4F:32:B9:EF:F9:F0:2C:7C:AB:E1:99:5A:2D:B5:09:D8:25:8D:35:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/LfKEiBUYG-rD2066F2HvQK8WvPg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/172c4e-6f5d-475e-9be9-c4073c13ff7c/1/TzK57_nwLHyr4ZlaLbUJ2CWNNfw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  132.76.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         0c:31:4b:d7:bd:95:53:f8:cc:1c:52:9b:00:58:c2:4d:43:21:
         59:f2:f6:f0:1c:7b:a9:63:21:59:a9:b2:72:8a:93:10:38:9c:
         e9:d9:e9:53:7c:7c:09:15:ca:81:fe:1f:8e:76:e0:df:d3:3a:
         e2:ab:21:34:28:c5:82:a1:26:57:a1:e8:8e:0c:5d:3e:04:c4:
         26:77:8d:57:be:ab:02:bf:26:15:b7:6c:dd:31:65:27:49:b5:
         55:5c:f7:62:c8:88:4a:27:b4:76:45:6e:73:34:b0:55:61:e6:
         ee:f1:2d:30:40:68:32:02:27:c9:2f:f8:1d:49:ff:13:15:84:
         88:3e:1b:04:a4:ca:5a:6a:2c:00:8e:1c:2c:30:3a:3e:35:38:
         ae:91:da:07:ff:6b:33:28:72:a9:d6:2d:3f:5f:32:bd:61:d1:
         94:7c:fc:45:cb:07:be:dc:fc:29:7e:22:e2:b9:1a:3c:6d:ac:
         90:b3:b9:37:85:2f:90:23:8b:b9:4a:53:72:34:73:43:3b:d4:
         ed:7e:8e:58:d8:15:ea:c8:09:ab:0d:31:68:ab:6d:1c:64:45:
         c0:70:52:20:14:91:c3:c3:7b:ba:74:f6:03:de:aa:6c:13:3a:
         dc:38:2c:08:db:35:aa:67:26:97:98:c8:6a:0e:41:88:b2:12:
         dc:c1:f9:15
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt9ytDsAjlrGiOHhtrUt65HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMzJiOWVmZjlmMDJjN2NhYmUxOTk1YTJkYjUwOWQ4MjU4
ZDM1ZmMwHhcNMjYwMTAyMDgyMDAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGYyODQ4ODE1MTgxYmVhYzNkYjRlYmExNzYxZWY0MGFmMTZiY2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fdOTaxtdTep3E+/Uyd3V9mEuBIE
hhsnu2+bc9UrByhCrQ/HGxDWhw3YPAILRSA6qN/ZX6ahK7SUHuf+/LjWPnzYy2D3
u2sgUOt/NZhoyavU0gLVhTK/57Ogx8Qy9QIkGxa4wHfOV/V9XioBhIeBbddtcJ5x
qKj/zUrOVIZIkGD3FyoHPKrH0B/hs7+TRYZtIMLuRY/yn+9YrK1/l58lq9ZQvTPl
XV/w/onBVffhWqsuvqOV0aqGaJ1+7VtkvdgnGs6sWNp+aDa68knW1GMOFPJdwx+0
PF+gecoBtV4EVu1U0qsa/SLAFhd3apF+e8aXUMYR6EM+lGLud789fmUDAwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFC3yhIgVGBvqw9tOuhdh70CvFrz4MB8GA1UdIwQY
MBaAFE8yue/58Cx8q+GZWi21CdgljTX8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHpLNTdfbndMSHlyNFpsYUxiVUoyQ1dOTmZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS8xNzJjNGUtNmY1ZC00NzVlLTliZTkt
YzQwNzNjMTNmZjdjLzEvTGZLRWlCVVlHLXJEMjA2NkYySHZRSzhXdlBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS8xNzJjNGUtNmY1ZC00NzVlLTliZTktYzQwNzNjMTNmZjdj
LzEvVHpLNTdfbndMSHlyNFpsYUxiVUoyQ1dOTmZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBhEwwDQYJ
KoZIhvcNAQELBQADggEBAAwxS9e9lVP4zBxSmwBYwk1DIVny9vAce6ljIVmpsnKK
kxA4nOnZ6VN8fAkVyoH+H4524N/TOuKrITQoxYKhJleh6I4MXT4ExCZ3jVe+qwK/
JhW3bN0xZSdJtVVc92LIiEontHZFbnM0sFVh5u7xLTBAaDICJ8kv+B1J/xMVhIg+
GwSkylpqLACOHCwwOj41OK6R2gf/azMocqnWLT9fMr1h0ZR8/EXLB77c/Cl+IuK5
GjxtrJCzuTeFL5Aji7lKU3I0c0M71O1+jljYFerICasNMWirbRxkRcBwUiAUkcPD
e7p09gPeqmwTOtw4LAjbNapnJpeYyGoOQYiyEtzB+RU=
-----END CERTIFICATE-----