This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/LptFnQhd89NgUqkpLPTnBFknYAk.roa
File:                     LptFnQhd89NgUqkpLPTnBFknYAk.roa (raw, json)
Hash identifier:          fqbnAAKHHgvyfy8CKEEzJ8XotikGsIfF53Y/L9F0Bc4=
Subject key identifier:   2E:9B:45:9D:08:5D:F3:D3:60:52:A9:29:2C:F4:E7:04:59:27:60:09
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019A5E3D7761393E25011B05DEE4853674A4
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/LptFnQhd89NgUqkpLPTnBFknYAk.roa
Signing time:             Fri 07 Nov 2025 12:14:37 +0000
ROA not before:           Fri 07 Nov 2025 12:14:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62610
IP address blocks:        91.193.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 10:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:5e:3d:77:61:39:3e:25:01:1b:05:de:e4:85:36:74:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Nov  7 12:14:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e9b459d085df3d36052a9292cf4e70459276009
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:1d:29:de:37:cd:3f:58:48:0b:ef:27:30:61:
                    f5:6c:4b:24:cd:d8:fa:66:39:af:bd:64:88:d2:e0:
                    7e:85:11:87:35:37:dd:f2:f6:b2:32:36:68:0c:9e:
                    e6:14:f3:0e:40:f1:c7:19:71:a0:23:0e:c2:5b:bf:
                    96:18:a3:5d:6a:9a:b0:0e:a2:4c:eb:f0:d4:26:b5:
                    d2:13:f9:f4:78:97:ff:23:66:3d:38:05:a1:60:db:
                    2a:81:72:fe:e4:d7:84:6d:71:b3:4b:98:cf:df:ad:
                    2b:45:d1:7f:2c:9c:5e:05:a5:ae:09:f8:c7:65:11:
                    ef:b8:ca:57:d1:57:17:4c:ac:80:f6:0c:b4:00:df:
                    33:1e:72:38:01:ca:3b:75:2a:0e:a2:2f:61:12:a7:
                    b5:19:22:13:1f:1d:0f:26:a6:6d:47:1f:24:8b:a7:
                    ac:26:4e:3a:6e:4d:97:75:65:b9:50:bd:80:7a:c3:
                    e2:e9:cc:96:96:28:fc:c0:ad:5b:e6:ec:ec:6d:80:
                    af:1c:34:13:cf:b8:aa:6a:a7:6a:47:6d:b7:3b:74:
                    e5:60:8e:25:c2:23:0d:be:7d:e7:cb:52:5f:92:30:
                    67:c6:dd:e4:d3:5c:c2:1c:81:9e:e5:82:80:cb:63:
                    ca:d0:59:e8:54:ef:d9:33:c3:39:41:c4:6d:73:47:
                    78:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:9B:45:9D:08:5D:F3:D3:60:52:A9:29:2C:F4:E7:04:59:27:60:09
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/LptFnQhd89NgUqkpLPTnBFknYAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:d8:24:1c:0a:23:58:51:f9:ca:f5:34:6c:40:68:36:d6:ba:
         de:8e:a3:d0:65:27:ed:3a:ed:3b:79:7d:48:46:56:a8:a9:3a:
         b4:57:91:e9:11:d9:7e:94:f7:b0:cc:9b:1a:7c:8e:f1:46:da:
         f6:b1:02:82:59:8e:f1:16:f7:a9:cc:6f:47:74:a7:0e:00:be:
         4a:5b:76:bf:95:6e:dc:67:97:bd:a9:c4:dd:5e:9d:80:b1:5d:
         24:12:fe:f3:46:1f:d2:1f:1f:6e:74:f3:6d:44:21:e4:f2:61:
         81:20:17:ef:0d:33:f8:16:a9:79:50:c6:d8:13:88:c0:1d:47:
         26:a3:44:76:0b:8b:76:38:5e:37:3f:38:28:60:91:fc:bf:62:
         95:ea:e2:a0:aa:06:a6:71:c2:5e:eb:ca:48:bc:d2:db:2b:ed:
         b2:f7:a2:5a:fc:3d:df:17:c6:9b:e2:6a:98:89:9b:c6:ff:96:
         17:57:29:85:96:e9:bf:36:e5:98:38:a5:cb:de:60:ef:ca:7c:
         4c:b6:f0:11:ac:1f:e7:78:42:27:6f:00:31:8d:2a:7e:f3:2d:
         a2:9f:eb:c7:7a:ee:38:a7:2d:dc:d5:0a:b5:0c:6d:40:ea:fd:
         ed:f6:ed:ea:37:e4:ba:2f:77:8b:a4:5f:6a:a3:4e:7a:19:06:
         40:5c:7c:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpePXdhOT4lARsF3uSFNnSkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUxMTA3MTIxNDM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTliNDU5ZDA4NWRmM2QzNjA1MmE5MjkyY2Y0ZTcwNDU5Mjc2MDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxx0p3jfNP1hIC+8nMGH1bEskzdj6
ZjmvvWSI0uB+hRGHNTfd8vayMjZoDJ7mFPMOQPHHGXGgIw7CW7+WGKNdapqwDqJM
6/DUJrXSE/n0eJf/I2Y9OAWhYNsqgXL+5NeEbXGzS5jP360rRdF/LJxeBaWuCfjH
ZRHvuMpX0VcXTKyA9gy0AN8zHnI4Aco7dSoOoi9hEqe1GSITHx0PJqZtRx8ki6es
Jk46bk2XdWW5UL2AesPi6cyWlij8wK1b5uzsbYCvHDQTz7iqaqdqR223O3TlYI4l
wiMNvn3ny1JfkjBnxt3k01zCHIGe5YKAy2PK0FnoVO/ZM8M5QcRtc0d4ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC6bRZ0IXfPTYFKpKSz05wRZJ2AJMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvTHB0Rm5RaGQ4OU5nVXFrcExQVG5CRmtuWUFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8HpMA0G
CSqGSIb3DQEBCwUAA4IBAQAe2CQcCiNYUfnK9TRsQGg21rrejqPQZSftOu07eX1I
RlaoqTq0V5HpEdl+lPewzJsafI7xRtr2sQKCWY7xFvepzG9HdKcOAL5KW3a/lW7c
Z5e9qcTdXp2AsV0kEv7zRh/SHx9udPNtRCHk8mGBIBfvDTP4Fql5UMbYE4jAHUcm
o0R2C4t2OF43PzgoYJH8v2KV6uKgqgamccJe68pIvNLbK+2y96Ja/D3fF8ab4mqY
iZvG/5YXVymFlum/NuWYOKXL3mDvynxMtvARrB/neEInbwAxjSp+8y2in+vHeu44
py3c1Qq1DG1A6v3t9u3qN+S6L3eLpF9qo056GQZAXHwl
-----END CERTIFICATE-----