This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/LJebYt2RKAnZnlBYImxu1KuPPwA.roa
File:                     LJebYt2RKAnZnlBYImxu1KuPPwA.roa (raw, json)
Hash identifier:          w3sfxOU2em+eBC1lFr5Hlv5Tl5JwfPlg/nsmQIWubs4=
Subject key identifier:   2C:97:9B:62:DD:91:28:09:D9:9E:50:58:22:6C:6E:D4:AB:8F:3F:00
Certificate issuer:       /CN=8d281989c3b6e58fdc9534ee7eb3e260d1d87749
Certificate serial:       019B7E3937AC55A8CF21D711E925AC031F2D
Authority key identifier: 8D:28:19:89:C3:B6:E5:8F:DC:95:34:EE:7E:B3:E2:60:D1:D8:77:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/LJebYt2RKAnZnlBYImxu1KuPPwA.roa
Signing time:             Fri 02 Jan 2026 10:20:37 +0000
ROA not before:           Fri 02 Jan 2026 10:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31549
IP address blocks:        185.166.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:37:ac:55:a8:cf:21:d7:11:e9:25:ac:03:1f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d281989c3b6e58fdc9534ee7eb3e260d1d87749
        Validity
            Not Before: Jan  2 10:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c979b62dd912809d99e5058226c6ed4ab8f3f00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:5d:9d:c9:56:62:58:66:e8:82:f9:9e:c4:a3:
                    9d:c9:50:ae:b2:c0:97:3c:8c:fd:0c:06:17:bd:c2:
                    1d:1f:be:59:3c:25:f9:48:56:ab:f2:55:2f:61:44:
                    ac:85:b0:94:75:d2:d4:74:cb:ef:3d:82:c7:7b:df:
                    b7:76:14:6b:50:9a:90:b5:97:45:89:88:5d:92:0f:
                    41:bf:86:75:b3:25:4b:55:76:0f:c3:8e:b5:1a:34:
                    ea:77:f5:33:f6:71:64:83:55:16:58:10:42:61:51:
                    fe:33:10:2d:94:16:a5:22:cc:9f:55:85:ae:7f:3f:
                    aa:0d:91:1e:d2:f8:fc:09:79:12:25:ae:b5:92:48:
                    47:f5:20:20:af:27:44:02:5b:34:e0:c7:d7:bb:ea:
                    95:61:cc:a6:5c:5a:a5:3d:9d:16:e2:bd:b8:3a:d8:
                    58:0e:c5:97:93:06:9c:04:f0:28:75:c6:32:75:d0:
                    aa:cf:aa:45:ac:db:2e:ed:b1:a5:26:42:24:3d:6a:
                    d1:8d:f2:b0:2a:f6:d6:15:46:f9:6b:6d:e8:b5:ef:
                    e2:7e:e5:b4:69:53:57:52:0b:c5:f5:39:cd:69:57:
                    da:fe:0a:93:c1:bf:ab:51:50:5c:b2:5e:56:ec:27:
                    0a:39:51:66:7c:e6:16:b4:5d:b9:c1:b5:7c:fd:8a:
                    d6:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:97:9B:62:DD:91:28:09:D9:9E:50:58:22:6C:6E:D4:AB:8F:3F:00
            X509v3 Authority Key Identifier:
                keyid:8D:28:19:89:C3:B6:E5:8F:DC:95:34:EE:7E:B3:E2:60:D1:D8:77:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSgZicO25Y_clTTufrPiYNHYd0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/LJebYt2RKAnZnlBYImxu1KuPPwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/3bae86-a8fc-43e6-801a-bca80e47c573/1/jSgZicO25Y_clTTufrPiYNHYd0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:4d:84:1b:47:0c:cc:b6:c5:a9:16:e5:bd:70:f9:aa:82:e1:
         eb:b4:d5:9d:9f:b7:32:d5:6b:73:e1:30:1c:3c:cd:f6:13:5a:
         de:3f:e7:33:75:04:53:86:7f:34:ad:fe:16:11:6e:03:15:73:
         51:9a:e0:be:39:8d:24:a7:00:f5:c5:4a:dc:5a:43:98:20:4f:
         f8:f1:f0:02:01:8a:e0:0d:7a:bc:65:ac:cc:d7:2d:a9:41:4f:
         06:8a:ac:13:f2:e4:e0:4e:3b:23:3a:1c:34:92:40:97:6c:48:
         f6:6c:8c:e9:c7:3b:fc:4a:86:82:37:3f:72:82:01:3e:6a:97:
         c8:1b:d2:b8:9a:96:1b:0a:27:21:81:25:45:a6:09:47:3f:42:
         18:de:c6:b8:db:f3:19:57:23:de:5c:f7:af:f2:db:eb:c2:a4:
         8c:f6:78:33:42:0a:b8:04:db:58:ca:36:00:04:65:be:cc:00:
         01:1e:6d:82:cd:cc:fc:80:1d:d7:86:0c:f6:65:77:cb:8a:0b:
         5c:b1:34:e3:e0:ed:84:94:64:97:49:0d:b6:60:ff:52:40:0b:
         11:9a:fb:40:a9:43:99:e3:5e:21:67:10:c2:3c:66:65:d5:97:
         43:e3:60:0c:50:10:1e:69:f1:6b:0d:31:38:50:17:53:5c:97:
         91:65:81:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OTesVajPIdcR6SWsAx8tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjgxOTg5YzNiNmU1OGZkYzk1MzRlZTdlYjNlMjYwZDFk
ODc3NDkwHhcNMjYwMTAyMTAyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzk3OWI2MmRkOTEyODA5ZDk5ZTUwNTgyMjZjNmVkNGFiOGYzZjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzF2dyVZiWGbogvmexKOdyVCussCX
PIz9DAYXvcIdH75ZPCX5SFar8lUvYUSshbCUddLUdMvvPYLHe9+3dhRrUJqQtZdF
iYhdkg9Bv4Z1syVLVXYPw461GjTqd/Uz9nFkg1UWWBBCYVH+MxAtlBalIsyfVYWu
fz+qDZEe0vj8CXkSJa61kkhH9SAgrydEAls04MfXu+qVYcymXFqlPZ0W4r24OthY
DsWXkwacBPAodcYyddCqz6pFrNsu7bGlJkIkPWrRjfKwKvbWFUb5a23ote/ifuW0
aVNXUgvF9TnNaVfa/gqTwb+rUVBcsl5W7CcKOVFmfOYWtF25wbV8/YrWkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCyXm2LdkSgJ2Z5QWCJsbtSrjz8AMB8GA1UdIwQY
MBaAFI0oGYnDtuWP3JU07n6z4mDR2HdJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNnWmljTzI1WV9jbFRUdWZyUGlZTkhZZDBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8zYmFlODYtYThmYy00M2U2LTgwMWEt
YmNhODBlNDdjNTczLzEvTEplYll0MlJLQW5abmxCWUlteHUxS3VQUHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8zYmFlODYtYThmYy00M2U2LTgwMWEtYmNhODBlNDdjNTcz
LzEvalNnWmljTzI1WV9jbFRUdWZyUGlZTkhZZDBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaZxMA0G
CSqGSIb3DQEBCwUAA4IBAQAdTYQbRwzMtsWpFuW9cPmqguHrtNWdn7cy1Wtz4TAc
PM32E1reP+czdQRThn80rf4WEW4DFXNRmuC+OY0kpwD1xUrcWkOYIE/48fACAYrg
DXq8ZazM1y2pQU8GiqwT8uTgTjsjOhw0kkCXbEj2bIzpxzv8SoaCNz9yggE+apfI
G9K4mpYbCichgSVFpglHP0IY3sa42/MZVyPeXPev8tvrwqSM9ngzQgq4BNtYyjYA
BGW+zAABHm2Czcz8gB3Xhgz2ZXfLigtcsTTj4O2ElGSXSQ22YP9SQAsRmvtAqUOZ
414hZxDCPGZl1ZdD42AMUBAeafFrDTE4UBdTXJeRZYER
-----END CERTIFICATE-----