This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/lHWoX5jAJuLVN2VNAVfem0Cv6lI.roa
File:                     lHWoX5jAJuLVN2VNAVfem0Cv6lI.roa (raw, json)
Hash identifier:          w4LQYAlFsdEuBvJSJMls0bnXVF3zFsJEDmmNiiM8xt8=
Subject key identifier:   94:75:A8:5F:98:C0:26:E2:D5:37:65:4D:01:57:DE:9B:40:AF:EA:52
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       019B78A372E529ED2903A4157BAC1990CEE5
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/lHWoX5jAJuLVN2VNAVfem0Cv6lI.roa
Signing time:             Thu 01 Jan 2026 08:18:56 +0000
ROA not before:           Thu 01 Jan 2026 08:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47692
IP address blocks:        151.236.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:72:e5:29:ed:29:03:a4:15:7b:ac:19:90:ce:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Jan  1 08:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9475a85f98c026e2d537654d0157de9b40afea52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:12:da:dd:db:2b:eb:38:ca:83:15:13:06:00:
                    14:d5:9e:73:d1:ed:58:4c:10:69:46:f3:33:54:bd:
                    3c:35:ac:7a:b3:8d:57:6d:f1:4e:ca:a5:c7:ca:cc:
                    29:32:62:6b:a5:39:05:fd:58:f6:0a:40:fb:20:3a:
                    0d:05:d5:a3:32:15:90:a1:98:ae:3a:4a:d6:50:c7:
                    41:91:15:67:e5:17:cf:a1:12:c4:02:0a:e1:8c:57:
                    d7:d0:a2:4f:08:14:4f:de:89:9b:91:ed:e2:3a:ac:
                    78:8c:08:02:37:fb:9a:05:1f:b3:ae:e0:5e:58:87:
                    8f:b4:43:51:87:89:cf:0d:ed:7c:87:0e:ae:5f:5d:
                    26:37:c3:19:6e:dd:d8:c6:67:db:4a:6a:d3:38:20:
                    aa:7d:98:5f:a7:a6:ba:d3:b6:9c:f2:c4:22:62:97:
                    d0:c1:90:15:5d:63:b5:47:be:17:fd:69:ce:26:56:
                    67:92:89:66:dd:97:1d:30:c8:1f:63:5b:37:c9:89:
                    b7:a9:3c:1c:72:80:f1:79:60:ec:6a:ce:88:32:59:
                    26:8e:4e:1e:d2:93:57:3c:0d:ae:c5:a7:73:f5:b0:
                    d7:3c:0d:fc:23:11:be:3e:f8:35:57:04:c6:08:1f:
                    e3:b8:5f:88:84:1a:a4:bc:80:18:38:dc:9b:27:2f:
                    a3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:75:A8:5F:98:C0:26:E2:D5:37:65:4D:01:57:DE:9B:40:AF:EA:52
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/lHWoX5jAJuLVN2VNAVfem0Cv6lI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.236.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:53:f7:cd:14:0b:bb:33:c9:34:09:29:d7:50:ed:49:39:bd:
         a9:30:f5:ee:d3:41:7c:6b:56:51:dd:5f:96:91:15:32:f8:7e:
         ab:af:ed:13:74:04:c7:d9:7d:51:b5:3d:e0:fe:f9:92:5e:b8:
         5e:fd:96:a0:e9:44:68:67:33:74:84:a1:bb:a3:73:46:fb:33:
         aa:0f:1b:ea:94:8a:c7:9f:d1:5a:db:9a:22:1e:6d:6a:99:b7:
         cb:9e:31:33:42:ce:27:9c:df:96:d8:fa:14:06:b5:bb:bc:74:
         7e:50:65:4e:d5:f0:1e:e0:bd:62:bb:ed:b3:ab:c9:61:18:64:
         c0:64:40:7a:fe:cd:78:29:53:44:c4:a0:71:f6:dc:e5:cd:de:
         73:02:53:b5:97:92:30:58:53:ac:1a:b6:61:44:38:1e:ff:4d:
         08:52:3c:69:f7:f8:cb:98:9f:b9:06:e2:76:1b:96:6f:60:76:
         2e:4b:e5:bc:05:38:28:2f:58:f7:ac:16:ef:74:29:20:5b:fb:
         b3:02:27:ab:bd:dc:33:0e:0d:17:1e:ac:12:ad:6a:77:c8:a8:
         39:9e:39:f8:d5:37:14:6e:5e:85:61:29:b6:4d:6d:4f:20:c8:
         4e:93:69:7d:c6:17:9d:e0:66:c5:e5:52:e6:d3:99:1b:75:65:
         d7:ac:50:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o3LlKe0pA6QVe6wZkM7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjYwMTAxMDgxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDc1YTg1Zjk4YzAyNmUyZDUzNzY1NGQwMTU3ZGU5YjQwYWZlYTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBLa3dsr6zjKgxUTBgAU1Z5z0e1Y
TBBpRvMzVL08Nax6s41XbfFOyqXHyswpMmJrpTkF/Vj2CkD7IDoNBdWjMhWQoZiu
OkrWUMdBkRVn5RfPoRLEAgrhjFfX0KJPCBRP3ombke3iOqx4jAgCN/uaBR+zruBe
WIePtENRh4nPDe18hw6uX10mN8MZbt3YxmfbSmrTOCCqfZhfp6a607ac8sQiYpfQ
wZAVXWO1R74X/WnOJlZnkolm3ZcdMMgfY1s3yYm3qTwccoDxeWDsas6IMlkmjk4e
0pNXPA2uxadz9bDXPA38IxG+Pvg1VwTGCB/juF+IhBqkvIAYONybJy+jxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJR1qF+YwCbi1TdlTQFX3ptAr+pSMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEvbEhXb1g1akFKdUxWTjJWTkFWZmVtMEN2NmxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl+wfMA0G
CSqGSIb3DQEBCwUAA4IBAQAIU/fNFAu7M8k0CSnXUO1JOb2pMPXu00F8a1ZR3V+W
kRUy+H6rr+0TdATH2X1RtT3g/vmSXrhe/Zag6URoZzN0hKG7o3NG+zOqDxvqlIrH
n9Fa25oiHm1qmbfLnjEzQs4nnN+W2PoUBrW7vHR+UGVO1fAe4L1iu+2zq8lhGGTA
ZEB6/s14KVNExKBx9tzlzd5zAlO1l5IwWFOsGrZhRDge/00IUjxp9/jLmJ+5BuJ2
G5ZvYHYuS+W8BTgoL1j3rBbvdCkgW/uzAiervdwzDg0XHqwSrWp3yKg5njn41TcU
bl6FYSm2TW1PIMhOk2l9xhed4GbF5VLm05kbdWXXrFAI
-----END CERTIFICATE-----