This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/LcfjvM3VKxWMWMCxo2UYzOGhdNM.roa
File:                     LcfjvM3VKxWMWMCxo2UYzOGhdNM.roa (raw, json)
Hash identifier:          qwiD82k0GJBEu4EGgOxSBm88SaDWlnEZJMmEJL+CMw8=
Subject key identifier:   2D:C7:E3:BC:CD:D5:2B:15:8C:58:C0:B1:A3:65:18:CC:E1:A1:74:D3
Certificate issuer:       /CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
Certificate serial:       019B7DC9D37A630C6E4D12B06A53E8BB0098
Authority key identifier: 28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/LcfjvM3VKxWMWMCxo2UYzOGhdNM.roa
Signing time:             Fri 02 Jan 2026 08:18:57 +0000
ROA not before:           Fri 02 Jan 2026 08:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209504
IP address blocks:        185.125.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:d3:7a:63:0c:6e:4d:12:b0:6a:53:e8:bb:00:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28855852a4bcd1bf1ec813f3c13b0f1f372f3971
        Validity
            Not Before: Jan  2 08:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2dc7e3bccdd52b158c58c0b1a36518cce1a174d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a1:1a:b1:18:3c:1f:5d:d4:2c:88:16:ac:21:
                    49:2c:68:8c:eb:e9:9e:69:7b:dd:08:bd:49:e7:e2:
                    0c:90:01:98:83:db:30:99:f7:38:77:a5:3f:d0:a6:
                    ca:77:ce:cb:fa:4e:ee:33:d2:84:15:e1:82:28:95:
                    15:15:c5:4d:7d:e6:94:8a:97:ad:42:66:5c:d4:33:
                    4e:49:77:3a:8b:69:0d:ed:19:4f:9a:7c:97:15:59:
                    61:73:ad:8e:48:10:6e:36:7a:40:8e:63:58:a2:c7:
                    c3:79:12:a5:66:d3:14:32:ea:19:8a:2e:ae:24:02:
                    30:2c:d4:6f:a3:b7:a4:cc:8a:75:a7:98:a5:53:0e:
                    e9:8f:68:d7:df:e4:37:78:1e:84:d6:ce:dd:0d:78:
                    3d:f8:f0:bf:64:a7:09:46:44:4c:80:b8:04:ea:ba:
                    87:0f:ab:ec:7a:ec:65:89:56:8b:dd:7b:9a:de:59:
                    0b:e4:09:4a:21:c0:bc:02:e3:e7:f1:69:18:e5:6f:
                    20:76:05:18:30:0f:91:e9:88:90:1e:98:c6:a4:5a:
                    63:1f:5f:79:e3:5c:07:78:79:4a:60:b5:2c:81:06:
                    aa:20:7f:07:fa:1f:32:87:cb:72:1e:ae:39:c4:03:
                    a5:f5:47:36:53:d8:b8:5f:86:e9:e0:0c:98:b3:f1:
                    80:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:C7:E3:BC:CD:D5:2B:15:8C:58:C0:B1:A3:65:18:CC:E1:A1:74:D3
            X509v3 Authority Key Identifier:
                keyid:28:85:58:52:A4:BC:D1:BF:1E:C8:13:F3:C1:3B:0F:1F:37:2F:39:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KIVYUqS80b8eyBPzwTsPHzcvOXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/LcfjvM3VKxWMWMCxo2UYzOGhdNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/0e36fc-ba0b-4ce6-af6a-704463ebad36/1/KIVYUqS80b8eyBPzwTsPHzcvOXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.125.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:ce:ff:c3:ce:ad:f3:7c:8c:74:3f:92:df:25:f5:6a:2b:8f:
         c7:63:28:0c:bd:d9:72:ca:27:34:a7:4c:48:d7:d9:bc:8e:e3:
         3d:28:7c:6b:b6:12:a3:6d:5b:c1:ce:4e:2a:b2:86:6f:c7:ff:
         d4:11:fa:18:a7:98:dc:7e:21:72:be:35:97:42:ad:73:e4:3c:
         ac:3b:60:c7:77:7c:c0:80:3c:5e:30:40:60:26:08:81:3c:14:
         f8:48:18:ed:5b:98:23:5f:f3:9e:1d:be:f5:35:b0:9e:7b:46:
         b8:70:10:85:01:70:23:5f:e8:f6:a2:4e:a6:b6:47:50:f6:d3:
         2b:71:63:4c:63:3c:00:f7:19:8b:a1:5e:83:51:c7:c0:cc:43:
         58:52:89:a6:ce:74:8b:3a:7b:16:26:a0:d1:fd:dc:d9:84:67:
         0a:83:17:a3:70:20:8c:de:67:e4:94:cb:fd:36:3d:96:c7:9a:
         8f:97:d7:5b:42:e4:26:62:48:6f:b2:2b:79:02:d2:7e:9d:e8:
         d1:07:ae:6a:5e:19:2f:54:ce:26:ae:1a:e0:06:fd:17:13:59:
         38:8e:94:45:0c:0a:b0:59:a4:9c:f7:87:ea:4e:fc:47:23:35:
         a4:15:44:d1:94:63:03:57:c7:0e:35:94:e2:41:5c:08:cb:8b:
         fb:c7:21:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ydN6YwxuTRKwalPouwCYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4ODU1ODUyYTRiY2QxYmYxZWM4MTNmM2MxM2IwZjFmMzcy
ZjM5NzEwHhcNMjYwMTAyMDgxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGM3ZTNiY2NkZDUyYjE1OGM1OGMwYjFhMzY1MThjY2UxYTE3NGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qEasRg8H13ULIgWrCFJLGiM6+me
aXvdCL1J5+IMkAGYg9swmfc4d6U/0KbKd87L+k7uM9KEFeGCKJUVFcVNfeaUipet
QmZc1DNOSXc6i2kN7RlPmnyXFVlhc62OSBBuNnpAjmNYosfDeRKlZtMUMuoZii6u
JAIwLNRvo7ekzIp1p5ilUw7pj2jX3+Q3eB6E1s7dDXg9+PC/ZKcJRkRMgLgE6rqH
D6vseuxliVaL3Xua3lkL5AlKIcC8AuPn8WkY5W8gdgUYMA+R6YiQHpjGpFpjH195
41wHeHlKYLUsgQaqIH8H+h8yh8tyHq45xAOl9Uc2U9i4X4bp4AyYs/GAzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3H47zN1SsVjFjAsaNlGMzhoXTTMB8GA1UdIwQY
MBaAFCiFWFKkvNG/HsgT88E7Dx83LzlxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEt
NzA0NDYzZWJhZDM2LzEvTGNmanZNM1ZLeFdNV01DeG8yVVl6T0doZE5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8wZTM2ZmMtYmEwYi00Y2U2LWFmNmEtNzA0NDYzZWJhZDM2
LzEvS0lWWVVxUzgwYjhleUJQendUc1BIemN2T1hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX1aMA0G
CSqGSIb3DQEBCwUAA4IBAQCIzv/Dzq3zfIx0P5LfJfVqK4/HYygMvdlyyic0p0xI
19m8juM9KHxrthKjbVvBzk4qsoZvx//UEfoYp5jcfiFyvjWXQq1z5DysO2DHd3zA
gDxeMEBgJgiBPBT4SBjtW5gjX/OeHb71NbCee0a4cBCFAXAjX+j2ok6mtkdQ9tMr
cWNMYzwA9xmLoV6DUcfAzENYUommznSLOnsWJqDR/dzZhGcKgxejcCCM3mfklMv9
Nj2Wx5qPl9dbQuQmYkhvsit5AtJ+nejRB65qXhkvVM4mrhrgBv0XE1k4jpRFDAqw
WaSc94fqTvxHIzWkFUTRlGMDV8cONZTiQVwIy4v7xyFp
-----END CERTIFICATE-----