This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/LMYIJtO4-gOpJ0UJaAmxWMtNx1U.roa
File:                     LMYIJtO4-gOpJ0UJaAmxWMtNx1U.roa (raw, json)
Hash identifier:          F3Pb6xM/hyUT7K33L+12wbuqjp8KsI8PcAeJHlWMuQ4=
Subject key identifier:   2C:C6:08:26:D3:B8:FA:03:A9:27:45:09:68:09:B1:58:CB:4D:C7:55
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019B77590F6ED08FA280967B322EC3EC5D48
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/LMYIJtO4-gOpJ0UJaAmxWMtNx1U.roa
Signing time:             Thu 01 Jan 2026 02:18:03 +0000
ROA not before:           Thu 01 Jan 2026 02:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207854
IP address blocks:        188.114.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:0f:6e:d0:8f:a2:80:96:7b:32:2e:c3:ec:5d:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 02:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2cc60826d3b8fa03a92745096809b158cb4dc755
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:29:ba:41:36:03:a0:da:91:ef:f4:37:68:0c:
                    85:ac:f8:98:09:4a:8b:00:60:32:ea:4a:c7:35:05:
                    d5:db:25:b9:9a:6f:e0:81:11:12:e5:1b:57:dc:9a:
                    1f:56:c3:e3:f3:a5:48:4a:a0:91:43:af:68:42:9f:
                    c0:6f:5c:a3:1b:57:88:68:05:53:02:1e:94:86:9d:
                    94:17:e9:df:2d:0d:cf:f4:77:cc:ae:53:4c:8f:60:
                    c6:cd:c2:8f:90:27:ee:fd:eb:72:c2:5d:ad:0b:7e:
                    2b:93:fc:3a:15:8f:a8:26:24:b8:8c:39:b9:4c:c4:
                    3d:ea:23:15:f8:a8:8a:c6:1b:47:b4:c1:29:6a:62:
                    9f:f6:2f:e6:7d:ae:8c:1e:16:ed:a3:97:02:a5:8e:
                    7b:c8:be:89:db:ed:f9:94:1b:ac:b0:e3:ab:be:b9:
                    ac:2d:45:a4:dd:d7:da:08:be:86:d8:26:1c:af:62:
                    67:7d:d2:6b:58:c4:74:78:9e:05:cf:47:10:4b:54:
                    9f:ec:71:f1:c5:27:c2:7e:3a:c4:b0:6e:b0:54:43:
                    ba:c3:18:3a:12:12:49:62:ca:dd:fa:a5:11:24:00:
                    14:6c:02:c8:1f:ff:3f:05:ed:de:c5:e4:3d:cb:36:
                    60:e4:ed:5e:1a:8b:11:e7:ec:38:95:76:91:a4:56:
                    c5:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:C6:08:26:D3:B8:FA:03:A9:27:45:09:68:09:B1:58:CB:4D:C7:55
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/LMYIJtO4-gOpJ0UJaAmxWMtNx1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.114.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:c9:e8:c6:80:61:91:91:9d:28:c5:4a:5d:8e:66:85:17:9a:
         6e:17:61:6c:5a:42:60:23:55:d7:b2:e4:37:bf:94:d4:e6:84:
         95:e4:ce:ba:3e:39:d5:d6:f8:5c:9b:5e:78:ce:64:04:6a:95:
         07:7b:25:89:ea:08:1c:ed:a9:b2:b8:55:03:5b:de:fe:f8:d7:
         9c:fe:47:6c:31:2b:dc:b2:6a:71:6b:06:65:39:da:0c:b7:57:
         73:d4:d6:e9:6d:ad:8a:0d:af:9c:69:95:ee:17:1a:79:c8:0b:
         04:98:00:89:e1:e7:2e:cc:33:db:1d:b4:12:92:61:c2:f7:7e:
         68:46:f2:e7:35:aa:31:d3:3f:c9:8c:80:9e:2f:3f:e6:d2:f7:
         a1:21:b2:ac:bb:a7:65:c2:67:7d:c5:3f:57:e3:30:7b:3a:29:
         f5:6f:eb:18:cc:70:73:69:48:b3:b7:68:9d:11:f6:7a:91:a2:
         56:c9:97:b5:2e:42:a1:f5:6a:a1:ef:50:52:b3:d1:10:50:87:
         d9:c7:bb:71:e7:90:f5:62:37:bc:03:07:a1:47:24:24:dc:4f:
         0f:2f:0d:a1:28:7a:18:a6:58:2c:8b:a8:a0:31:9f:ab:b9:c0:
         14:27:02:91:4a:11:d1:ce:39:c7:1b:82:72:ed:40:fd:b6:a7:
         32:dd:69:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQ9u0I+igJZ7Mi7D7F1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjYwMTAxMDIxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2M2MDgyNmQzYjhmYTAzYTkyNzQ1MDk2ODA5YjE1OGNiNGRjNzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlym6QTYDoNqR7/Q3aAyFrPiYCUqL
AGAy6krHNQXV2yW5mm/ggRES5RtX3JofVsPj86VISqCRQ69oQp/Ab1yjG1eIaAVT
Ah6Uhp2UF+nfLQ3P9HfMrlNMj2DGzcKPkCfu/etywl2tC34rk/w6FY+oJiS4jDm5
TMQ96iMV+KiKxhtHtMEpamKf9i/mfa6MHhbto5cCpY57yL6J2+35lBussOOrvrms
LUWk3dfaCL6G2CYcr2JnfdJrWMR0eJ4Fz0cQS1Sf7HHxxSfCfjrEsG6wVEO6wxg6
EhJJYsrd+qURJAAUbALIH/8/Be3exeQ9yzZg5O1eGosR5+w4lXaRpFbFbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzGCCbTuPoDqSdFCWgJsVjLTcdVMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvTE1ZSUp0TzQtZ09wSjBVSmFBbXhXTXROeDFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvHJBMA0G
CSqGSIb3DQEBCwUAA4IBAQBgyejGgGGRkZ0oxUpdjmaFF5puF2FsWkJgI1XXsuQ3
v5TU5oSV5M66PjnV1vhcm154zmQEapUHeyWJ6ggc7amyuFUDW97++Nec/kdsMSvc
smpxawZlOdoMt1dz1Nbpba2KDa+caZXuFxp5yAsEmACJ4ecuzDPbHbQSkmHC935o
RvLnNaox0z/JjICeLz/m0vehIbKsu6dlwmd9xT9X4zB7Oin1b+sYzHBzaUizt2id
EfZ6kaJWyZe1LkKh9Wqh71BSs9EQUIfZx7tx55D1Yje8AwehRyQk3E8PLw2hKHoY
plgsi6igMZ+rucAUJwKRShHRzjnHG4Jy7UD9tqcy3WnT
-----END CERTIFICATE-----