This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/lzJxr3OaH_yk9VA1VyatZwJOBt8.roa
File:                     lzJxr3OaH_yk9VA1VyatZwJOBt8.roa (raw, json)
Hash identifier:          6DTksgX0M5lhtZAJh3VGJo/0CDrM2xhsttRRqVDddYw=
Subject key identifier:   97:32:71:AF:73:9A:1F:FC:A4:F5:50:35:57:26:AD:67:02:4E:06:DF
Certificate issuer:       /CN=934e7d515dde9a03c2dc87389a2fca4e7d58c4ec
Certificate serial:       019B7910110D9BB19CD87D8B5A0A33DB4482
Authority key identifier: 93:4E:7D:51:5D:DE:9A:03:C2:DC:87:38:9A:2F:CA:4E:7D:58:C4:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k059UV3emgPC3Ic4mi_KTn1YxOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/lzJxr3OaH_yk9VA1VyatZwJOBt8.roa
Signing time:             Thu 01 Jan 2026 10:17:34 +0000
ROA not before:           Thu 01 Jan 2026 10:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202443
IP address blocks:        194.34.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/k059UV3emgPC3Ic4mi_KTn1YxOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/k059UV3emgPC3Ic4mi_KTn1YxOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k059UV3emgPC3Ic4mi_KTn1YxOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:11:0d:9b:b1:9c:d8:7d:8b:5a:0a:33:db:44:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=934e7d515dde9a03c2dc87389a2fca4e7d58c4ec
        Validity
            Not Before: Jan  1 10:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=973271af739a1ffca4f550355726ad67024e06df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:02:a0:95:c8:b0:dd:03:21:7e:4f:fa:af:f3:
                    7d:ab:c1:dc:7a:d7:cb:c0:3f:33:68:c0:ef:9a:1e:
                    2d:b7:6e:2f:8b:4d:85:3a:3d:1d:e1:40:06:2b:0a:
                    99:84:3b:3a:13:3a:5f:c4:7e:1b:9f:c6:9e:99:f1:
                    8a:62:7f:e0:a1:cb:5e:cf:dd:0b:21:fd:3f:ff:45:
                    a8:eb:b3:b1:99:36:41:0e:25:41:26:2c:fa:15:2e:
                    42:0b:1b:1d:c5:0f:2c:cf:d2:85:6c:30:d5:78:78:
                    1b:8c:b2:18:6d:68:78:71:2b:92:f4:97:40:45:e4:
                    3f:26:35:c4:3f:96:f1:94:99:36:e7:6b:9c:a3:e5:
                    5c:5d:b4:a6:8b:30:98:c0:9f:c6:c4:c0:c3:bd:2a:
                    cd:43:1b:05:12:2a:e1:9f:a8:36:58:cd:a3:fc:79:
                    43:7d:95:ae:44:6b:f2:a9:5b:ef:e6:bd:8f:8a:aa:
                    2d:42:4e:99:86:97:ee:ab:9d:35:ea:7c:38:e9:e1:
                    00:b8:85:46:df:b8:9c:80:99:a6:56:f5:9e:19:21:
                    03:31:2d:46:72:f5:1a:18:6d:b8:e6:a0:39:c6:4c:
                    c9:05:68:be:89:4f:26:29:8a:3d:7d:b5:43:44:f6:
                    34:43:8d:c2:de:ab:4f:1b:5c:bf:5f:e1:50:9c:b5:
                    29:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:32:71:AF:73:9A:1F:FC:A4:F5:50:35:57:26:AD:67:02:4E:06:DF
            X509v3 Authority Key Identifier:
                keyid:93:4E:7D:51:5D:DE:9A:03:C2:DC:87:38:9A:2F:CA:4E:7D:58:C4:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k059UV3emgPC3Ic4mi_KTn1YxOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/lzJxr3OaH_yk9VA1VyatZwJOBt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/759327-cc9f-4d6d-ac79-9cb8d023cc0b/1/k059UV3emgPC3Ic4mi_KTn1YxOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:6c:78:ba:d1:0b:44:2e:91:39:2f:3a:f7:8f:c6:b9:ce:64:
         16:8a:0b:2b:3e:21:0a:48:37:63:2e:e5:36:15:00:dd:d9:4d:
         27:57:cd:73:2e:bb:58:1a:3b:45:c7:14:13:d9:c4:46:12:a5:
         da:29:6e:d2:35:99:fe:ba:0c:e2:2d:16:71:aa:36:f0:07:72:
         96:4c:ff:30:28:13:ce:11:5c:bb:e7:b4:7e:ad:50:5e:66:4f:
         fa:06:c1:af:fd:8d:9d:37:53:6d:16:1c:32:a4:22:bf:82:df:
         bd:58:60:70:20:44:59:bd:9a:10:30:26:96:8d:97:ca:ba:95:
         e7:85:57:72:60:c5:d9:ac:c9:4b:45:b3:3f:81:48:9e:7a:88:
         a3:77:2d:29:cd:b1:d2:42:2b:db:14:a9:58:e5:9a:6a:f8:d4:
         41:ff:46:7f:a7:fb:ca:9e:20:25:cd:2c:96:84:3e:78:52:30:
         9b:fa:10:30:57:a2:dd:98:85:e3:1d:f0:be:97:2b:df:7b:c9:
         9a:89:38:72:6a:c8:e9:02:de:41:b2:95:0e:2c:e9:27:ec:64:
         10:46:41:fe:71:ab:30:2e:50:f0:03:07:01:d0:bc:21:58:03:
         a6:df:3b:ef:ea:b1:b6:49:0d:00:b8:d5:fa:62:15:6c:56:3d:
         77:3f:12:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EBENm7Gc2H2LWgoz20SCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNGU3ZDUxNWRkZTlhMDNjMmRjODczODlhMmZjYTRlN2Q1
OGM0ZWMwHhcNMjYwMTAxMTAxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzMyNzFhZjczOWExZmZjYTRmNTUwMzU1NzI2YWQ2NzAyNGUwNmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmgKglciw3QMhfk/6r/N9q8HcetfL
wD8zaMDvmh4tt24vi02FOj0d4UAGKwqZhDs6EzpfxH4bn8aemfGKYn/goctez90L
If0//0Wo67OxmTZBDiVBJiz6FS5CCxsdxQ8sz9KFbDDVeHgbjLIYbWh4cSuS9JdA
ReQ/JjXEP5bxlJk252uco+VcXbSmizCYwJ/GxMDDvSrNQxsFEirhn6g2WM2j/HlD
fZWuRGvyqVvv5r2PiqotQk6Zhpfuq5016nw46eEAuIVG37icgJmmVvWeGSEDMS1G
cvUaGG245qA5xkzJBWi+iU8mKYo9fbVDRPY0Q43C3qtPG1y/X+FQnLUpKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcyca9zmh/8pPVQNVcmrWcCTgbfMB8GA1UdIwQY
MBaAFJNOfVFd3poDwtyHOJovyk59WMTsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazA1OVVWM2VtZ1BDM0ljNG1pX0tUbjFZeE93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi83NTkzMjctY2M5Zi00ZDZkLWFjNzkt
OWNiOGQwMjNjYzBiLzEvbHpKeHIzT2FIX3lrOVZBMVZ5YXRad0pPQnQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi83NTkzMjctY2M5Zi00ZDZkLWFjNzktOWNiOGQwMjNjYzBi
LzEvazA1OVVWM2VtZ1BDM0ljNG1pX0tUbjFZeE93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwiKoMA0G
CSqGSIb3DQEBCwUAA4IBAQCtbHi60QtELpE5Lzr3j8a5zmQWigsrPiEKSDdjLuU2
FQDd2U0nV81zLrtYGjtFxxQT2cRGEqXaKW7SNZn+ugziLRZxqjbwB3KWTP8wKBPO
EVy757R+rVBeZk/6BsGv/Y2dN1NtFhwypCK/gt+9WGBwIERZvZoQMCaWjZfKupXn
hVdyYMXZrMlLRbM/gUieeoijdy0pzbHSQivbFKlY5Zpq+NRB/0Z/p/vKniAlzSyW
hD54UjCb+hAwV6LdmIXjHfC+lyvfe8maiThyasjpAt5BspUOLOkn7GQQRkH+casw
LlDwAwcB0LwhWAOm3zvv6rG2SQ0AuNX6YhVsVj13PxLh
-----END CERTIFICATE-----