This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/LFK2KZYQdm49lMZGq09_QCx1zKM.roa
File:                     LFK2KZYQdm49lMZGq09_QCx1zKM.roa (raw, json)
Hash identifier:          nYysAfjey6lKN0HP83k5T3J+7jNUAsnWPGq1zi3IPys=
Subject key identifier:   2C:52:B6:29:96:10:76:6E:3D:94:C6:46:AB:4F:7F:40:2C:75:CC:A3
Certificate issuer:       /CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
Certificate serial:       019B7B36ACB48FEE7D45ABC4BA39BF4B36D8
Authority key identifier: B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/LFK2KZYQdm49lMZGq09_QCx1zKM.roa
Signing time:             Thu 01 Jan 2026 20:18:59 +0000
ROA not before:           Thu 01 Jan 2026 20:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213724
IP address blocks:        88.135.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:ac:b4:8f:ee:7d:45:ab:c4:ba:39:bf:4b:36:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
        Validity
            Not Before: Jan  1 20:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c52b6299610766e3d94c646ab4f7f402c75cca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d0:19:d3:b1:83:d3:73:3f:b5:3b:f9:34:11:
                    8a:ff:84:66:1c:bb:ea:53:8f:49:8c:81:6a:19:24:
                    c3:e0:95:0c:71:82:b8:34:61:20:75:bb:1b:4f:07:
                    02:ad:43:da:8d:32:e0:39:c2:e8:57:d7:9e:42:14:
                    0c:e5:bb:17:39:1a:f7:a7:8d:94:18:20:83:ba:ea:
                    a1:a0:10:87:eb:f4:83:3e:25:da:10:1b:e7:89:eb:
                    cb:9b:ba:dd:f9:0b:b4:70:13:28:40:2e:95:78:18:
                    91:b0:0d:a5:9b:88:38:37:7b:2f:b8:3b:13:9d:19:
                    d1:78:61:09:1c:ff:43:4e:52:26:ef:a9:9e:1d:62:
                    01:e9:a4:30:bf:66:d2:73:c3:76:79:fb:b5:93:c7:
                    09:3e:2a:01:6d:26:35:91:96:88:8b:23:3c:ce:c4:
                    31:56:06:a2:0d:23:2a:96:cd:ea:5b:2c:89:df:05:
                    17:bf:d9:ff:c9:75:cb:7a:a0:4d:d7:28:3f:24:2c:
                    3a:d3:a2:60:1c:c8:98:05:c7:f3:6b:e9:54:5d:a7:
                    15:9f:a1:8a:d1:63:2b:d1:45:13:6f:22:84:15:bb:
                    d2:00:a1:b2:e4:6f:14:f9:8e:81:f3:44:bb:6e:da:
                    89:c4:5b:cd:bd:39:f5:ec:93:d8:4d:48:19:e0:c8:
                    09:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:52:B6:29:96:10:76:6E:3D:94:C6:46:AB:4F:7F:40:2C:75:CC:A3
            X509v3 Authority Key Identifier:
                keyid:B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/LFK2KZYQdm49lMZGq09_QCx1zKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.135.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:4d:6e:75:c7:0f:74:d6:9b:0f:73:f1:4d:38:4c:aa:b0:16:
         51:02:bf:15:26:8b:34:f7:6a:2d:5b:fc:ff:c1:20:23:6c:e1:
         75:49:8d:a2:65:8f:8d:2e:12:aa:41:5e:56:56:4e:d9:d3:c2:
         79:9e:bf:c7:aa:61:c1:05:5e:c5:cf:ad:dd:a8:4b:60:b0:25:
         4c:17:7d:99:16:11:1f:25:ed:a0:31:2a:9c:e8:28:a7:ae:6c:
         1e:05:4c:62:26:74:3d:3b:63:45:f7:76:23:49:5b:f6:ce:e7:
         ba:d2:da:d2:d6:c0:7d:c7:ab:58:01:19:63:16:fe:9b:4d:9a:
         45:19:6a:b5:15:07:b5:9b:e8:9f:b0:75:e4:3b:cb:a1:43:00:
         d6:88:c6:d3:0f:13:38:4f:76:18:1d:e4:19:df:9f:1e:7f:55:
         91:ec:4a:3b:8a:3a:ad:e2:0c:a0:c4:03:6d:97:b6:90:ce:eb:
         55:37:13:47:d9:19:2a:53:cf:de:95:d6:da:c6:6b:11:bd:96:
         a6:8d:12:09:1d:51:14:78:8c:58:d6:24:db:51:ca:66:6f:95:
         e9:3a:64:3f:fc:04:69:6b:42:31:5f:e8:02:62:04:6d:47:49:
         3a:50:10:a2:2f:0d:68:05:11:22:31:22:c0:82:00:fd:88:40:
         4e:58:67:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nqy0j+59RavEujm/SzbYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOTNkZjg3N2JmMmYwY2YwMWE5NzE4OTczZWFlZWU4N2Iw
Njk3ZDkwHhcNMjYwMTAxMjAxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzUyYjYyOTk2MTA3NjZlM2Q5NGM2NDZhYjRmN2Y0MDJjNzVjY2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudAZ07GD03M/tTv5NBGK/4RmHLvq
U49JjIFqGSTD4JUMcYK4NGEgdbsbTwcCrUPajTLgOcLoV9eeQhQM5bsXORr3p42U
GCCDuuqhoBCH6/SDPiXaEBvnievLm7rd+Qu0cBMoQC6VeBiRsA2lm4g4N3svuDsT
nRnReGEJHP9DTlIm76meHWIB6aQwv2bSc8N2efu1k8cJPioBbSY1kZaIiyM8zsQx
VgaiDSMqls3qWyyJ3wUXv9n/yXXLeqBN1yg/JCw606JgHMiYBcfza+lUXacVn6GK
0WMr0UUTbyKEFbvSAKGy5G8U+Y6B80S7btqJxFvNvTn17JPYTUgZ4MgJlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxStimWEHZuPZTGRqtPf0AsdcyjMB8GA1UdIwQY
MBaAFLOT34d78vDPAalxiXPq7uh7BpfZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYt
Mzk2YmM3MjBlMmI0LzEvTEZLMktaWVFkbTQ5bE1aR3EwOV9RQ3gxektNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYtMzk2YmM3MjBlMmI0
LzEvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWIdFMA0G
CSqGSIb3DQEBCwUAA4IBAQBHTW51xw901psPc/FNOEyqsBZRAr8VJos092otW/z/
wSAjbOF1SY2iZY+NLhKqQV5WVk7Z08J5nr/HqmHBBV7Fz63dqEtgsCVMF32ZFhEf
Je2gMSqc6CinrmweBUxiJnQ9O2NF93YjSVv2zue60trS1sB9x6tYARljFv6bTZpF
GWq1FQe1m+ifsHXkO8uhQwDWiMbTDxM4T3YYHeQZ358ef1WR7Eo7ijqt4gygxANt
l7aQzutVNxNH2RkqU8/eldbaxmsRvZamjRIJHVEUeIxY1iTbUcpmb5XpOmQ//ARp
a0IxX+gCYgRtR0k6UBCiLw1oBREiMSLAggD9iEBOWGfj
-----END CERTIFICATE-----