This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/0_lLmzunEWHhPPG-gKfjrllAM9Q.roa
File:                     0_lLmzunEWHhPPG-gKfjrllAM9Q.roa (raw, json)
Hash identifier:          BMPTmplBWi34NKlY8AteOdmPIMvw5DpvCFbCqF2iQLs=
Subject key identifier:   D3:F9:4B:9B:3B:A7:11:61:E1:3C:F1:BE:80:A7:E3:AE:59:40:33:D4
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019B77590729B7060BC8B5D292709890FB91
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/0_lLmzunEWHhPPG-gKfjrllAM9Q.roa
Signing time:             Thu 01 Jan 2026 02:18:01 +0000
ROA not before:           Thu 01 Jan 2026 02:18:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203613
IP address blocks:        193.192.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:07:29:b7:06:0b:c8:b5:d2:92:70:98:90:fb:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 02:18:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3f94b9b3ba71161e13cf1be80a7e3ae594033d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:cc:7c:ae:92:68:bd:fb:1c:47:9b:13:48:92:
                    79:a1:57:3c:01:b7:bd:70:a9:42:30:e0:19:22:b2:
                    64:34:7f:4d:a1:bc:08:3f:70:21:44:77:3c:3b:c4:
                    0c:1e:c1:db:ff:ee:f7:5a:cb:bc:5c:88:0d:55:0a:
                    eb:04:f9:03:10:e4:b3:d9:9d:5c:57:56:55:70:80:
                    6f:18:df:ef:08:ae:9f:41:f7:11:e0:34:62:d1:2c:
                    13:a7:64:c5:1b:0f:bc:a6:d5:68:3b:f8:d1:30:c5:
                    57:c9:e6:f1:3b:9e:9a:32:d3:30:f9:64:64:4e:96:
                    33:1b:ea:aa:26:54:6e:92:67:2d:c1:7c:6b:da:bb:
                    0f:ed:e9:ec:17:29:cc:11:28:2e:07:34:d4:da:81:
                    53:de:37:e7:73:8d:51:6f:13:cb:58:ef:33:e2:9c:
                    86:06:36:a8:1e:af:a9:b4:ac:2a:64:6a:90:6f:d2:
                    97:57:62:c1:75:58:17:17:ef:1d:0b:a9:6d:d4:bc:
                    84:6e:b8:38:af:df:71:ee:18:ba:3f:ec:48:54:04:
                    c2:01:de:5f:7d:e3:46:58:e1:31:3b:33:56:c7:2b:
                    b6:89:7c:a5:1a:5b:d1:ab:66:e3:4d:02:d7:bb:24:
                    12:4e:9f:14:68:25:99:4e:db:93:bf:c6:c2:07:4b:
                    cf:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:F9:4B:9B:3B:A7:11:61:E1:3C:F1:BE:80:A7:E3:AE:59:40:33:D4
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/0_lLmzunEWHhPPG-gKfjrllAM9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.192.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:5d:9f:09:b6:a9:98:c2:fc:38:21:6e:1d:1f:66:8f:35:77:
         20:d4:e9:41:b4:67:d1:89:ad:c5:a9:01:c6:70:8d:cc:26:a8:
         5b:1e:ca:df:0c:62:4e:6c:43:5f:fb:f7:27:5d:c9:de:e7:65:
         4c:72:0a:8b:02:34:7e:d0:fe:89:69:7f:6b:db:7c:c2:aa:f7:
         8a:c6:49:3f:28:d6:ac:b1:10:3f:80:11:a7:35:d6:1d:28:8e:
         21:73:12:f0:00:f4:b8:c4:a2:72:db:e1:18:7c:04:8d:27:43:
         e6:e4:e3:9f:45:97:6a:91:1a:aa:50:eb:c1:6a:41:7d:3d:5a:
         2c:ef:ab:b4:bf:af:3d:62:d1:d3:0d:0c:ec:e7:7f:09:85:e4:
         41:60:47:3f:87:5b:b7:78:15:f0:8d:46:ca:7c:93:c7:6a:d5:
         6e:30:f9:51:43:f9:35:db:e1:ea:7a:34:43:e0:6c:32:e5:65:
         b9:d8:2b:73:59:51:57:24:9f:56:b7:4c:e0:62:99:91:4b:cc:
         ce:d7:71:d6:f6:ce:5c:e2:8b:62:f9:70:33:ec:1e:89:cf:18:
         cd:f5:52:2e:f1:20:f7:b0:6a:fe:47:6a:e0:55:3a:75:e0:3f:
         58:b9:b6:d0:cb:1d:26:1a:8f:bd:f2:f9:1b:ae:7a:5d:cc:e9:
         a6:ca:e4:7d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQcptwYLyLXSknCYkPuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjYwMTAxMDIxODAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2Y5NGI5YjNiYTcxMTYxZTEzY2YxYmU4MGE3ZTNhZTU5NDAzM2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxMx8rpJovfscR5sTSJJ5oVc8Abe9
cKlCMOAZIrJkNH9NobwIP3AhRHc8O8QMHsHb/+73Wsu8XIgNVQrrBPkDEOSz2Z1c
V1ZVcIBvGN/vCK6fQfcR4DRi0SwTp2TFGw+8ptVoO/jRMMVXyebxO56aMtMw+WRk
TpYzG+qqJlRukmctwXxr2rsP7ensFynMESguBzTU2oFT3jfnc41RbxPLWO8z4pyG
BjaoHq+ptKwqZGqQb9KXV2LBdVgXF+8dC6lt1LyEbrg4r99x7hi6P+xIVATCAd5f
feNGWOExOzNWxyu2iXylGlvRq2bjTQLXuyQSTp8UaCWZTtuTv8bCB0vPOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNP5S5s7pxFh4TzxvoCn465ZQDPUMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvMF9sTG16dW5FV0hoUFBHLWdLZmpybGxBTTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcC5MA0G
CSqGSIb3DQEBCwUAA4IBAQAcXZ8JtqmYwvw4IW4dH2aPNXcg1OlBtGfRia3FqQHG
cI3MJqhbHsrfDGJObENf+/cnXcne52VMcgqLAjR+0P6JaX9r23zCqveKxkk/KNas
sRA/gBGnNdYdKI4hcxLwAPS4xKJy2+EYfASNJ0Pm5OOfRZdqkRqqUOvBakF9PVos
76u0v689YtHTDQzs538JheRBYEc/h1u3eBXwjUbKfJPHatVuMPlRQ/k12+HqejRD
4Gwy5WW52CtzWVFXJJ9Wt0zgYpmRS8zO13HW9s5c4oti+XAz7B6JzxjN9VIu8SD3
sGr+R2rgVTp14D9YubbQyx0mGo+98vkbrnpdzOmmyuR9
-----END CERTIFICATE-----