This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/lgASEf8e2wSRk9xbv_20wIJbXDM.roa
File:                     lgASEf8e2wSRk9xbv_20wIJbXDM.roa (raw, json)
Hash identifier:          OBNbGNbD7TSZJPMMT4UYmjERp8O1mPv9E5azwcAja4o=
Subject key identifier:   96:00:12:11:FF:1E:DB:04:91:93:DC:5B:BF:FD:B4:C0:82:5B:5C:33
Certificate issuer:       /CN=317b8147503ea19f581ca00d28dbee5e58cb8f48
Certificate serial:       019B79ED5DAD0A408E94EAB65F39A9111429
Authority key identifier: 31:7B:81:47:50:3E:A1:9F:58:1C:A0:0D:28:DB:EE:5E:58:CB:8F:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/lgASEf8e2wSRk9xbv_20wIJbXDM.roa
Signing time:             Thu 01 Jan 2026 14:19:17 +0000
ROA not before:           Thu 01 Jan 2026 14:19:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42473
IP address blocks:        185.93.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 14:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:5d:ad:0a:40:8e:94:ea:b6:5f:39:a9:11:14:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=317b8147503ea19f581ca00d28dbee5e58cb8f48
        Validity
            Not Before: Jan  1 14:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=96001211ff1edb049193dc5bbffdb4c0825b5c33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:90:2b:6e:f3:fc:00:da:39:c1:1c:01:42:2c:
                    1e:ac:69:b6:da:77:a5:66:0a:56:c0:9d:33:74:2f:
                    3c:1f:10:07:f2:1f:2b:98:b9:99:07:2b:b8:d3:c4:
                    72:4d:a2:ac:d7:1b:bf:07:44:8e:75:f0:25:25:9d:
                    9a:14:b3:31:55:d5:ba:5d:41:d4:26:c2:b8:7c:b8:
                    8d:b1:a4:0c:ce:d0:69:de:0d:7b:0c:88:f4:fe:e3:
                    b1:c1:ca:b0:ad:a1:77:07:c6:2a:7e:11:15:39:7e:
                    e2:d5:77:a8:e6:32:c8:9f:18:db:7e:fd:3e:02:19:
                    fd:08:a2:b5:94:31:e1:30:ce:e1:e1:79:3b:ce:2c:
                    2e:aa:4d:db:ee:5b:ac:14:2a:57:ed:af:84:b2:ae:
                    52:16:5c:80:62:11:2d:5f:c3:91:cd:f8:41:38:13:
                    6d:ee:38:5e:8f:25:24:59:0e:f5:f6:32:80:92:48:
                    38:b4:91:ac:28:fd:17:cc:4e:41:24:bc:31:a9:35:
                    90:64:b8:88:02:2b:b2:da:f2:f1:db:9c:91:f4:3f:
                    4d:a4:84:d3:90:1d:f4:e6:3d:1d:73:34:7f:24:28:
                    5a:50:ba:44:54:2a:4e:70:d7:d7:00:21:01:03:46:
                    52:44:f8:94:3c:71:f1:f2:3d:03:74:ab:42:13:b6:
                    d2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:00:12:11:FF:1E:DB:04:91:93:DC:5B:BF:FD:B4:C0:82:5B:5C:33
            X509v3 Authority Key Identifier:
                keyid:31:7B:81:47:50:3E:A1:9F:58:1C:A0:0D:28:DB:EE:5E:58:CB:8F:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MXuBR1A-oZ9YHKANKNvuXljLj0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/lgASEf8e2wSRk9xbv_20wIJbXDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2e4e54-0548-4d0c-93f1-75461abbb5a4/1/MXuBR1A-oZ9YHKANKNvuXljLj0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:02:e4:12:ee:9c:1a:13:45:1f:56:76:08:7a:14:4b:a4:4d:
         8f:f5:9d:6e:7d:06:d8:dd:89:02:3a:c7:4c:31:5a:80:ca:d8:
         55:01:6e:d8:50:d9:7b:46:41:b6:ed:66:d7:8b:67:77:c7:13:
         1c:38:a3:ab:10:27:72:9e:07:41:20:66:7c:77:ec:cb:54:48:
         2a:48:19:7c:70:d6:6d:2d:bb:25:0f:b0:6d:bc:c2:19:b6:1d:
         96:79:83:42:8a:47:e7:b4:0e:1a:23:aa:c8:66:33:54:c0:63:
         ce:2a:d3:2f:be:1a:1d:2b:47:9d:c2:6a:43:8d:54:36:d0:07:
         59:41:bd:ed:5b:bc:93:4b:12:35:b2:a9:a2:fe:f8:98:9e:66:
         35:57:a1:16:74:75:15:11:4d:c9:83:3a:fc:af:22:4f:55:e0:
         ea:82:9c:39:52:37:6a:84:d6:73:61:14:f1:b0:97:c8:65:73:
         6c:dd:b3:6a:52:1c:e9:09:db:b1:c9:18:1f:e7:73:cc:07:35:
         9a:d5:b9:6c:c8:47:5c:db:24:0e:02:c0:af:7b:e1:f6:3b:26:
         14:e9:fa:8e:9b:fb:e2:dd:05:cd:e5:e5:10:cd:36:32:18:7e:
         87:11:ae:af:f7:7a:0f:c7:ea:16:a6:41:3c:25:43:3e:27:ab:
         a6:9e:3f:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57V2tCkCOlOq2XzmpERQpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxN2I4MTQ3NTAzZWExOWY1ODFjYTAwZDI4ZGJlZTVlNThj
YjhmNDgwHhcNMjYwMTAxMTQxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjAwMTIxMWZmMWVkYjA0OTE5M2RjNWJiZmZkYjRjMDgyNWI1YzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpArbvP8ANo5wRwBQiwerGm22nel
ZgpWwJ0zdC88HxAH8h8rmLmZByu408RyTaKs1xu/B0SOdfAlJZ2aFLMxVdW6XUHU
JsK4fLiNsaQMztBp3g17DIj0/uOxwcqwraF3B8YqfhEVOX7i1Xeo5jLInxjbfv0+
Ahn9CKK1lDHhMM7h4Xk7ziwuqk3b7lusFCpX7a+Esq5SFlyAYhEtX8ORzfhBOBNt
7jhejyUkWQ719jKAkkg4tJGsKP0XzE5BJLwxqTWQZLiIAiuy2vLx25yR9D9NpITT
kB305j0dczR/JChaULpEVCpOcNfXACEBA0ZSRPiUPHHx8j0DdKtCE7bSWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYAEhH/HtsEkZPcW7/9tMCCW1wzMB8GA1UdIwQY
MBaAFDF7gUdQPqGfWBygDSjb7l5Yy49IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVh1QlIxQS1vWjlZSEtBTktOdnVYbGpMajBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8yZTRlNTQtMDU0OC00ZDBjLTkzZjEt
NzU0NjFhYmJiNWE0LzEvbGdBU0VmOGUyd1NSazl4YnZfMjB3SUpiWERNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8yZTRlNTQtMDU0OC00ZDBjLTkzZjEtNzU0NjFhYmJiNWE0
LzEvTVh1QlIxQS1vWjlZSEtBTktOdnVYbGpMajBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV3VMA0G
CSqGSIb3DQEBCwUAA4IBAQBoAuQS7pwaE0UfVnYIehRLpE2P9Z1ufQbY3YkCOsdM
MVqAythVAW7YUNl7RkG27WbXi2d3xxMcOKOrECdyngdBIGZ8d+zLVEgqSBl8cNZt
LbslD7BtvMIZth2WeYNCikfntA4aI6rIZjNUwGPOKtMvvhodK0edwmpDjVQ20AdZ
Qb3tW7yTSxI1sqmi/viYnmY1V6EWdHUVEU3Jgzr8ryJPVeDqgpw5UjdqhNZzYRTx
sJfIZXNs3bNqUhzpCduxyRgf53PMBzWa1blsyEdc2yQOAsCve+H2OyYU6fqOm/vi
3QXN5eUQzTYyGH6HEa6v93oPx+oWpkE8JUM+J6umnj+v
-----END CERTIFICATE-----