This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/LbAsbZP8pKdcgYfmiIDyAGQBKho.roa
File:                     LbAsbZP8pKdcgYfmiIDyAGQBKho.roa (raw, json)
Hash identifier:          7+EfPR+EVPJJ8yuh3DwijyIrg0LTXffAnGr7QnFnXFE=
Subject key identifier:   2D:B0:2C:6D:93:FC:A4:A7:5C:81:87:E6:88:80:F2:00:64:01:2A:1A
Certificate issuer:       /CN=3c8a0498ec3b4eb44f4df2541ae39180abb65f44
Certificate serial:       019B7AC92D7B7505D03D03323A2B00D38F1B
Authority key identifier: 3C:8A:04:98:EC:3B:4E:B4:4F:4D:F2:54:1A:E3:91:80:AB:B6:5F:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PIoEmOw7TrRPTfJUGuORgKu2X0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/LbAsbZP8pKdcgYfmiIDyAGQBKho.roa
Signing time:             Thu 01 Jan 2026 18:19:23 +0000
ROA not before:           Thu 01 Jan 2026 18:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213644
IP address blocks:        92.42.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/PIoEmOw7TrRPTfJUGuORgKu2X0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/PIoEmOw7TrRPTfJUGuORgKu2X0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PIoEmOw7TrRPTfJUGuORgKu2X0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:2d:7b:75:05:d0:3d:03:32:3a:2b:00:d3:8f:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c8a0498ec3b4eb44f4df2541ae39180abb65f44
        Validity
            Not Before: Jan  1 18:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2db02c6d93fca4a75c8187e68880f20064012a1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5c:5e:c4:f7:f6:c1:20:51:77:f8:d4:b8:0d:
                    8c:5e:e8:e4:14:bd:31:ca:7f:ea:15:51:be:8e:c0:
                    08:80:ea:c0:ae:2a:58:86:ad:08:32:ff:93:a5:88:
                    9a:d4:c5:b4:bd:eb:0a:2e:51:c5:3c:84:8d:9b:60:
                    b5:3d:c8:97:10:41:22:2f:32:32:4c:74:08:81:04:
                    26:a7:b7:d7:a5:96:69:57:05:d7:4d:6f:83:40:da:
                    6e:98:e5:9a:25:08:56:28:d9:43:fb:47:7f:d0:84:
                    b9:d5:44:0a:56:b3:31:79:2e:a4:27:8d:8c:f5:b6:
                    f2:fa:2f:fb:5f:b0:4a:3b:1c:73:cf:8c:16:8d:fa:
                    93:a3:4c:42:61:6d:3e:09:e5:74:88:e9:56:cf:49:
                    f7:3f:87:9b:eb:e1:5c:6c:51:89:50:26:43:f0:9a:
                    67:dc:8b:1d:c4:0a:53:cb:16:d0:48:f2:2d:08:74:
                    52:64:a2:58:9f:94:50:7e:f3:13:88:d3:45:a2:e6:
                    5c:76:a0:31:f0:b5:f7:b3:41:26:0c:7e:c7:ff:14:
                    c0:44:d7:de:58:6e:11:a3:1c:58:13:3a:f7:60:cf:
                    fe:4a:4d:6f:97:0e:28:5c:83:f4:86:1b:da:56:69:
                    5c:ad:20:29:c9:41:5a:bd:85:23:52:5f:cf:4c:c0:
                    c1:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B0:2C:6D:93:FC:A4:A7:5C:81:87:E6:88:80:F2:00:64:01:2A:1A
            X509v3 Authority Key Identifier:
                keyid:3C:8A:04:98:EC:3B:4E:B4:4F:4D:F2:54:1A:E3:91:80:AB:B6:5F:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PIoEmOw7TrRPTfJUGuORgKu2X0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/LbAsbZP8pKdcgYfmiIDyAGQBKho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/02f63e-4ea2-43ac-abd5-0dab2312902a/1/PIoEmOw7TrRPTfJUGuORgKu2X0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.42.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:09:b5:90:46:c6:22:03:b7:ab:43:b4:c0:b0:88:e3:a5:d5:
         67:73:8d:ef:66:ce:1a:b6:08:38:5a:ad:9d:e8:f2:6c:b7:e6:
         19:d4:57:f2:26:72:74:4c:9f:a3:df:96:d4:ab:32:8a:5c:89:
         7d:9d:ad:6d:65:37:21:92:80:11:2c:28:6c:7e:cf:46:d0:e4:
         0e:94:9e:b6:39:dd:ff:a0:84:66:00:e2:63:cb:80:fb:bc:25:
         fd:0c:bb:9a:0c:49:ff:6c:a5:48:ee:02:b0:7b:7f:d1:6b:aa:
         71:1a:1e:c2:c8:d9:e2:71:6f:47:5c:7b:7b:68:d3:82:2c:29:
         90:14:02:74:97:8f:cb:67:6e:b1:a6:72:6d:8b:21:ec:4e:41:
         00:50:f7:78:41:bb:10:e0:6a:42:ff:50:4a:c1:2c:41:32:e1:
         40:30:0a:fd:85:17:ed:de:c3:7f:d1:5b:96:6f:90:c3:fa:7d:
         8c:80:67:94:a5:db:e0:19:30:71:49:3f:b5:28:5b:9e:85:43:
         6c:0e:64:d9:31:5b:60:b3:5b:f4:6f:c9:00:1a:d2:fd:95:07:
         da:b9:59:c9:ed:a7:6c:bd:5f:8e:4f:9a:fd:fc:41:e5:58:40:
         d0:b6:fb:c5:77:c8:43:d9:92:22:fb:5c:f0:70:f1:e0:52:d1:
         c2:5f:67:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6yS17dQXQPQMyOisA048bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjOGEwNDk4ZWMzYjRlYjQ0ZjRkZjI1NDFhZTM5MTgwYWJi
NjVmNDQwHhcNMjYwMTAxMTgxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGIwMmM2ZDkzZmNhNGE3NWM4MTg3ZTY4ODgwZjIwMDY0MDEyYTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVxexPf2wSBRd/jUuA2MXujkFL0x
yn/qFVG+jsAIgOrAripYhq0IMv+TpYia1MW0vesKLlHFPISNm2C1PciXEEEiLzIy
THQIgQQmp7fXpZZpVwXXTW+DQNpumOWaJQhWKNlD+0d/0IS51UQKVrMxeS6kJ42M
9bby+i/7X7BKOxxzz4wWjfqTo0xCYW0+CeV0iOlWz0n3P4eb6+FcbFGJUCZD8Jpn
3IsdxApTyxbQSPItCHRSZKJYn5RQfvMTiNNFouZcdqAx8LX3s0EmDH7H/xTARNfe
WG4RoxxYEzr3YM/+Sk1vlw4oXIP0hhvaVmlcrSApyUFavYUjUl/PTMDBDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2wLG2T/KSnXIGH5oiA8gBkASoaMB8GA1UdIwQY
MBaAFDyKBJjsO060T03yVBrjkYCrtl9EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUElvRW1PdzdUclJQVGZKVUd1T1JnS3UyWDBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8wMmY2M2UtNGVhMi00M2FjLWFiZDUt
MGRhYjIzMTI5MDJhLzEvTGJBc2JaUDhwS2RjZ1lmbWlJRHlBR1FCS2hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8wMmY2M2UtNGVhMi00M2FjLWFiZDUtMGRhYjIzMTI5MDJh
LzEvUElvRW1PdzdUclJQVGZKVUd1T1JnS3UyWDBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXCrLMA0G
CSqGSIb3DQEBCwUAA4IBAQAcCbWQRsYiA7erQ7TAsIjjpdVnc43vZs4atgg4Wq2d
6PJst+YZ1FfyJnJ0TJ+j35bUqzKKXIl9na1tZTchkoARLChsfs9G0OQOlJ62Od3/
oIRmAOJjy4D7vCX9DLuaDEn/bKVI7gKwe3/Ra6pxGh7CyNnicW9HXHt7aNOCLCmQ
FAJ0l4/LZ26xpnJtiyHsTkEAUPd4QbsQ4GpC/1BKwSxBMuFAMAr9hRft3sN/0VuW
b5DD+n2MgGeUpdvgGTBxST+1KFuehUNsDmTZMVtgs1v0b8kAGtL9lQfauVnJ7ads
vV+OT5r9/EHlWEDQtvvFd8hD2ZIi+1zwcPHgUtHCX2cy
-----END CERTIFICATE-----