This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/88lmdc-mnvLuh7LWT7ewTNitVbQ.roa
File:                     88lmdc-mnvLuh7LWT7ewTNitVbQ.roa (raw, json)
Hash identifier:          4ev2GHc0kZ6+DnkiGr59ZAC1o1ATDYyOeOGEjJWvhDk=
Subject key identifier:   F3:C9:66:75:CF:A6:9E:F2:EE:87:B2:D6:4F:B7:B0:4C:D8:AD:55:B4
Certificate issuer:       /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial:       019B7F1576602AD193070E995B88832FFCD4
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/88lmdc-mnvLuh7LWT7ewTNitVbQ.roa
Signing time:             Fri 02 Jan 2026 14:21:11 +0000
ROA not before:           Fri 02 Jan 2026 14:21:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4785
IP address blocks:        45.12.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 08:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:76:60:2a:d1:93:07:0e:99:5b:88:83:2f:fc:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
        Validity
            Not Before: Jan  2 14:21:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f3c96675cfa69ef2ee87b2d64fb7b04cd8ad55b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:29:17:56:8e:2a:aa:dd:05:c7:7b:b9:5d:b8:
                    58:64:aa:75:e9:47:a6:53:92:90:cf:af:27:74:f4:
                    68:54:df:4c:48:dd:0b:02:11:fd:a8:4f:29:a4:f1:
                    40:12:bd:fe:ae:71:aa:50:ad:47:50:4a:fd:42:2b:
                    3f:37:57:21:3e:e1:83:07:51:b9:a7:e6:e9:59:10:
                    85:f7:96:87:a3:6c:f6:a8:b3:db:51:d3:ed:e7:1e:
                    22:f5:5c:42:1b:ca:dd:ba:e5:23:24:f8:25:62:1a:
                    9e:a9:34:72:9b:d7:ee:67:cb:75:1d:e8:1c:ca:01:
                    3d:7e:18:72:ec:be:9e:f1:25:f4:81:83:67:86:16:
                    23:fe:c9:a0:50:cb:91:bc:c7:34:19:0a:e6:f9:18:
                    7f:27:b3:4b:d3:42:7a:24:ba:ee:e7:7d:8c:ea:1a:
                    73:2d:39:a0:88:cb:7d:ef:c1:7e:99:eb:b5:63:b2:
                    d4:de:3c:88:5d:a0:2d:c1:2b:5f:c5:1e:aa:2b:77:
                    b2:be:51:e8:04:92:e8:9d:cd:98:41:a0:7a:28:46:
                    ba:e7:36:61:e2:5d:a0:70:f6:27:86:b2:11:50:45:
                    ad:12:2d:0f:60:26:b4:58:79:77:a9:e1:29:9c:bc:
                    06:d1:7c:2b:fd:b7:fd:6d:39:d1:4e:69:1c:bb:ce:
                    d0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:C9:66:75:CF:A6:9E:F2:EE:87:B2:D6:4F:B7:B0:4C:D8:AD:55:B4
            X509v3 Authority Key Identifier:
                keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/88lmdc-mnvLuh7LWT7ewTNitVbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:7b:9a:22:04:8a:b1:45:d1:80:73:32:48:03:bb:7c:5e:50:
         69:5a:8e:46:c6:32:0f:af:8e:38:bb:01:e5:8e:8d:9d:a2:67:
         39:5b:fc:87:1e:4a:8a:3b:d5:0e:40:b2:39:df:2a:bb:d0:f7:
         77:21:e1:54:fd:06:42:91:49:12:82:98:8d:9b:96:1d:71:7f:
         b9:80:13:eb:3e:73:03:76:3d:a7:bc:69:2d:e1:78:06:a4:bc:
         4c:91:f9:8d:c9:5a:15:94:c1:79:4d:1c:f9:13:04:23:89:2f:
         09:a8:93:45:ae:28:32:76:c1:73:14:19:5e:22:98:ff:b0:93:
         76:5f:af:d5:bd:b3:e5:74:b2:39:e8:9f:3b:c1:eb:7b:5c:e1:
         41:88:41:6b:93:25:f2:ec:c7:f5:ff:09:5f:e8:29:b7:05:f7:
         36:82:eb:a8:72:a0:62:58:b8:60:66:35:0c:23:df:66:52:82:
         73:56:3e:f2:4b:3b:16:4c:e6:1e:b3:51:b3:dd:94:a6:a0:d9:
         1c:60:d8:5c:a7:b0:73:c2:34:f5:86:4c:ba:54:e3:15:aa:0e:
         b0:6e:a4:6e:e0:0a:53:7c:b7:68:23:f7:5e:3f:98:1b:35:10:
         82:23:a5:78:42:e8:b7:e8:48:48:e5:d0:bf:bf:94:3b:1d:93:
         58:62:6d:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FXZgKtGTBw6ZW4iDL/zUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjYwMTAyMTQyMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2M5NjY3NWNmYTY5ZWYyZWU4N2IyZDY0ZmI3YjA0Y2Q4YWQ1NWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuikXVo4qqt0Fx3u5XbhYZKp16Uem
U5KQz68ndPRoVN9MSN0LAhH9qE8ppPFAEr3+rnGqUK1HUEr9Qis/N1chPuGDB1G5
p+bpWRCF95aHo2z2qLPbUdPt5x4i9VxCG8rduuUjJPglYhqeqTRym9fuZ8t1Hegc
ygE9fhhy7L6e8SX0gYNnhhYj/smgUMuRvMc0GQrm+Rh/J7NL00J6JLru532M6hpz
LTmgiMt978F+meu1Y7LU3jyIXaAtwStfxR6qK3eyvlHoBJLonc2YQaB6KEa65zZh
4l2gcPYnhrIRUEWtEi0PYCa0WHl3qeEpnLwG0Xwr/bf9bTnRTmkcu87QVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPJZnXPpp7y7oey1k+3sEzYrVW0MB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvODhsbWRjLW1udkx1aDdMV1Q3ZXdUTml0VmJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQxZMA0G
CSqGSIb3DQEBCwUAA4IBAQB7e5oiBIqxRdGAczJIA7t8XlBpWo5GxjIPr444uwHl
jo2domc5W/yHHkqKO9UOQLI53yq70Pd3IeFU/QZCkUkSgpiNm5YdcX+5gBPrPnMD
dj2nvGkt4XgGpLxMkfmNyVoVlMF5TRz5EwQjiS8JqJNFrigydsFzFBleIpj/sJN2
X6/VvbPldLI56J87wet7XOFBiEFrkyXy7Mf1/wlf6Cm3Bfc2guuocqBiWLhgZjUM
I99mUoJzVj7ySzsWTOYes1Gz3ZSmoNkcYNhcp7BzwjT1hky6VOMVqg6wbqRu4ApT
fLdoI/deP5gbNRCCI6V4Qui36EhI5dC/v5Q7HZNYYm0t
-----END CERTIFICATE-----