This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/LdCRaHhazOeLddVRNjbt-lN1LPk.roa
File:                     LdCRaHhazOeLddVRNjbt-lN1LPk.roa (raw, json)
Hash identifier:          QrSaWYNr7PCIasXKnHQDuoKUjuH96RFSwCo7qprYbg0=
Subject key identifier:   2D:D0:91:68:78:5A:CC:E7:8B:75:D5:51:36:36:ED:FA:53:75:2C:F9
Certificate issuer:       /CN=8f0064c6f80e0967fbe4e4b8fb24a4143c4857c6
Certificate serial:       019B7F800A7C93142B7059CEE383E3A9E490
Authority key identifier: 8F:00:64:C6:F8:0E:09:67:FB:E4:E4:B8:FB:24:A4:14:3C:48:57:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jwBkxvgOCWf75OS4-ySkFDxIV8Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/LdCRaHhazOeLddVRNjbt-lN1LPk.roa
Signing time:             Fri 02 Jan 2026 16:17:36 +0000
ROA not before:           Fri 02 Jan 2026 16:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31252
IP address blocks:        193.57.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/jwBkxvgOCWf75OS4-ySkFDxIV8Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/jwBkxvgOCWf75OS4-ySkFDxIV8Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jwBkxvgOCWf75OS4-ySkFDxIV8Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 13:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:80:0a:7c:93:14:2b:70:59:ce:e3:83:e3:a9:e4:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f0064c6f80e0967fbe4e4b8fb24a4143c4857c6
        Validity
            Not Before: Jan  2 16:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2dd09168785acce78b75d5513636edfa53752cf9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:55:f1:2f:9a:03:ed:be:45:a3:d1:cd:75:79:
                    b7:12:0e:cf:34:96:82:46:87:a4:a5:46:70:c7:03:
                    9b:61:d8:1f:3b:af:d2:a8:bb:de:33:10:5a:49:73:
                    f9:48:7b:39:7e:f2:6d:6b:0c:80:5d:76:62:f2:0f:
                    2b:aa:18:77:85:78:16:0b:8f:c0:e8:36:19:34:97:
                    65:32:91:b3:3f:f1:e5:52:d2:a5:d8:1e:e3:db:c5:
                    ab:bb:fd:2b:27:f4:26:70:a0:93:b0:42:3c:79:18:
                    a2:9d:47:1c:36:4a:d7:36:ee:d7:a8:c7:c7:03:81:
                    bc:23:0a:4e:37:1c:31:28:46:7c:bd:66:1f:03:10:
                    44:b1:9f:a6:61:ef:57:48:47:69:2b:0e:1d:21:f8:
                    05:e1:c1:2d:c0:c6:d7:47:3d:d3:b5:c1:dc:f8:da:
                    47:96:63:f1:f7:a8:32:b2:97:94:05:02:60:2b:5b:
                    6a:63:87:d2:de:da:a8:da:38:88:ea:b2:e5:b8:71:
                    d9:e9:b4:d5:26:3b:fc:e0:dd:af:a6:8d:a5:84:e3:
                    09:05:95:8f:1c:6e:38:00:f4:63:c1:dd:84:53:dc:
                    10:8a:92:02:7d:9f:dd:47:1d:c3:01:a4:e2:44:d7:
                    6c:fc:7d:e7:05:6d:d9:e2:9e:d5:25:bb:59:43:77:
                    43:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D0:91:68:78:5A:CC:E7:8B:75:D5:51:36:36:ED:FA:53:75:2C:F9
            X509v3 Authority Key Identifier:
                keyid:8F:00:64:C6:F8:0E:09:67:FB:E4:E4:B8:FB:24:A4:14:3C:48:57:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jwBkxvgOCWf75OS4-ySkFDxIV8Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/LdCRaHhazOeLddVRNjbt-lN1LPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/5bab79-afaa-4cdd-bc23-40314fc3d874/1/jwBkxvgOCWf75OS4-ySkFDxIV8Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:13:d3:46:da:ca:8e:7f:77:82:43:31:b5:1c:d9:38:ee:7f:
         2e:9a:62:b8:54:47:dc:67:f4:0c:f6:f9:f5:c6:f0:44:ed:75:
         93:7c:80:61:83:50:c6:89:46:a9:02:01:b1:03:ee:d4:48:b1:
         68:02:0f:87:c9:36:94:9d:58:7c:8b:e1:72:02:c2:66:5e:75:
         09:5b:06:1b:ac:30:8f:29:76:02:d9:29:31:2a:da:79:72:95:
         a3:30:19:28:8f:53:02:75:2b:a3:60:02:ea:95:3b:7c:f6:7d:
         da:f6:97:23:e0:a6:65:cb:53:44:b1:71:78:a3:53:82:da:dc:
         02:7f:10:90:fc:8c:f9:6c:07:11:0b:b9:4b:ee:97:bd:59:a2:
         69:29:e4:b3:bf:4e:91:7d:30:68:4f:5e:c9:c4:da:96:a4:51:
         d9:c4:e7:a0:a9:09:30:34:e0:7c:a1:85:6f:40:5a:aa:a1:b9:
         27:36:0d:08:9b:43:93:6a:47:29:b5:c4:1e:b1:71:a7:d8:9e:
         62:3d:77:c3:44:78:6f:05:3d:9f:15:48:52:bf:33:c0:e7:fa:
         ca:78:ad:6f:d5:d1:65:eb:08:a2:4b:31:9f:c5:de:3a:da:1f:
         c3:de:a3:07:df:f7:c5:75:98:ea:a0:2c:43:34:80:7d:fe:89:
         72:c2:fd:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gAp8kxQrcFnO44PjqeSQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMDA2NGM2ZjgwZTA5NjdmYmU0ZTRiOGZiMjRhNDE0M2M0
ODU3YzYwHhcNMjYwMTAyMTYxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGQwOTE2ODc4NWFjY2U3OGI3NWQ1NTEzNjM2ZWRmYTUzNzUyY2Y5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAolXxL5oD7b5Fo9HNdXm3Eg7PNJaC
RoekpUZwxwObYdgfO6/SqLveMxBaSXP5SHs5fvJtawyAXXZi8g8rqhh3hXgWC4/A
6DYZNJdlMpGzP/HlUtKl2B7j28Wru/0rJ/QmcKCTsEI8eRiinUccNkrXNu7XqMfH
A4G8IwpONxwxKEZ8vWYfAxBEsZ+mYe9XSEdpKw4dIfgF4cEtwMbXRz3TtcHc+NpH
lmPx96gyspeUBQJgK1tqY4fS3tqo2jiI6rLluHHZ6bTVJjv84N2vpo2lhOMJBZWP
HG44APRjwd2EU9wQipICfZ/dRx3DAaTiRNds/H3nBW3Z4p7VJbtZQ3dDLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3QkWh4Wszni3XVUTY27fpTdSz5MB8GA1UdIwQY
MBaAFI8AZMb4Dgln++TkuPskpBQ8SFfGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvandCa3h2Z09DV2Y3NU9TNC15U2tGRHhJVjhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy81YmFiNzktYWZhYS00Y2RkLWJjMjMt
NDAzMTRmYzNkODc0LzEvTGRDUmFIaGF6T2VMZGRWUk5qYnQtbE4xTFBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy81YmFiNzktYWZhYS00Y2RkLWJjMjMtNDAzMTRmYzNkODc0
LzEvandCa3h2Z09DV2Y3NU9TNC15U2tGRHhJVjhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwTk0MA0G
CSqGSIb3DQEBCwUAA4IBAQCxE9NG2sqOf3eCQzG1HNk47n8ummK4VEfcZ/QM9vn1
xvBE7XWTfIBhg1DGiUapAgGxA+7USLFoAg+HyTaUnVh8i+FyAsJmXnUJWwYbrDCP
KXYC2SkxKtp5cpWjMBkoj1MCdSujYALqlTt89n3a9pcj4KZly1NEsXF4o1OC2twC
fxCQ/Iz5bAcRC7lL7pe9WaJpKeSzv06RfTBoT17JxNqWpFHZxOegqQkwNOB8oYVv
QFqqobknNg0Im0OTakcptcQesXGn2J5iPXfDRHhvBT2fFUhSvzPA5/rKeK1v1dFl
6wiiSzGfxd462h/D3qMH3/fFdZjqoCxDNIB9/olywv3p
-----END CERTIFICATE-----