This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lPZKciquIzXlunjytZimRQ9wpY8.roa
File:                     lPZKciquIzXlunjytZimRQ9wpY8.roa (raw, json)
Hash identifier:          ngGK1qL61aBVSSR5ohWgBNm4srayIQvq6MkIcMzJ+yg=
Subject key identifier:   94:F6:4A:72:2A:AE:23:35:E5:BA:78:F2:B5:98:A6:45:0F:70:A5:8F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5AE93841BF95F3E22589BA25C72263
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lPZKciquIzXlunjytZimRQ9wpY8.roa
Signing time:             Thu 01 Jan 2026 16:18:56 +0000
ROA not before:           Thu 01 Jan 2026 16:18:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     270176
IP address blocks:        89.213.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:e9:38:41:bf:95:f3:e2:25:89:ba:25:c7:22:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94f64a722aae2335e5ba78f2b598a6450f70a58f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6f:7d:57:58:41:30:14:15:53:a6:7b:fb:58:
                    4f:46:0f:85:c8:b7:78:26:b9:bd:32:60:2c:01:e9:
                    0b:27:a1:a8:f5:a6:d7:20:21:0d:22:b1:f0:d6:ef:
                    40:a3:0c:34:04:3d:fd:cd:51:89:aa:8e:d2:47:0b:
                    54:cc:e8:05:10:93:67:6a:f5:9f:c5:4b:a6:4e:9c:
                    8a:50:a9:0f:3e:8f:0f:d7:35:dd:9e:80:d3:2d:b5:
                    d2:20:d7:f4:96:f8:e9:a6:0f:d5:99:56:84:73:66:
                    c9:53:70:cc:af:6d:cb:94:be:1f:65:c7:d3:39:83:
                    64:0b:06:54:f6:c7:fd:20:2e:36:00:12:e0:32:80:
                    fb:d2:bf:c0:08:6a:9f:49:61:34:ea:03:13:90:97:
                    4a:44:79:b9:bb:3f:cb:c6:e6:f0:fe:9b:4d:46:6b:
                    b5:12:12:e2:c3:53:f1:81:ee:dc:28:1f:85:88:69:
                    d9:b2:35:b6:ac:f0:65:0e:87:60:bd:62:05:f6:73:
                    03:0a:1b:bb:b7:18:f4:ec:d2:88:6d:b2:b4:78:28:
                    93:8b:70:e2:3e:e8:1f:66:4f:b4:ec:6c:3a:0b:d0:
                    6c:f2:ad:9b:c8:4d:5f:50:e9:e7:0e:8b:54:09:d8:
                    6a:a9:96:8a:b9:bc:88:95:49:93:21:6a:dd:86:a6:
                    d7:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:F6:4A:72:2A:AE:23:35:E5:BA:78:F2:B5:98:A6:45:0F:70:A5:8F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/lPZKciquIzXlunjytZimRQ9wpY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.213.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:47:11:c0:3d:2d:7a:7d:10:d0:6b:9d:2c:4a:dd:b1:cf:13:
         e4:9b:5e:09:e8:e7:a7:8d:9d:29:a3:fa:a1:e3:e2:2f:5f:79:
         35:3f:a2:04:1c:22:e2:dd:9c:15:4f:ce:6c:b6:f7:ab:52:3c:
         84:b1:a2:64:c6:de:8e:4e:22:59:28:c1:9a:da:9a:57:da:28:
         69:36:98:bd:16:31:07:f6:c7:0a:55:06:4b:df:92:c2:47:d7:
         0d:22:44:df:83:ba:59:43:84:e7:ff:6f:d1:57:c4:bd:2a:55:
         25:d4:fb:80:92:00:6e:9c:d4:08:44:6f:9a:40:34:95:f5:5a:
         d2:c3:04:85:39:bc:9f:e2:67:15:aa:bd:d7:60:94:7f:3e:91:
         eb:3b:7b:b8:6f:4a:05:71:5d:a2:6a:7e:cd:08:7e:b5:6c:60:
         3e:7d:b5:3f:1c:18:2e:fc:8b:d7:3e:a0:08:a0:3a:46:cb:47:
         3e:7b:75:0f:f2:46:f1:90:6c:81:d2:a7:f0:30:0b:49:25:24:
         28:9a:9f:b7:d0:0b:24:ad:ca:54:d3:74:b1:3e:10:b9:1a:cc:
         c9:52:39:4c:d4:3c:34:1c:5c:33:27:e7:6a:63:8c:c0:5c:01:
         10:0f:57:f3:9b:75:e5:b5:8e:18:a6:57:7f:6a:03:b6:42:24:
         ac:c2:27:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wuk4Qb+V8+IlibolxyJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGY2NGE3MjJhYWUyMzM1ZTViYTc4ZjJiNTk4YTY0NTBmNzBhNThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm99V1hBMBQVU6Z7+1hPRg+FyLd4
Jrm9MmAsAekLJ6Go9abXICENIrHw1u9Aoww0BD39zVGJqo7SRwtUzOgFEJNnavWf
xUumTpyKUKkPPo8P1zXdnoDTLbXSINf0lvjppg/VmVaEc2bJU3DMr23LlL4fZcfT
OYNkCwZU9sf9IC42ABLgMoD70r/ACGqfSWE06gMTkJdKRHm5uz/Lxubw/ptNRmu1
EhLiw1Pxge7cKB+FiGnZsjW2rPBlDodgvWIF9nMDChu7txj07NKIbbK0eCiTi3Di
PugfZk+07Gw6C9Bs8q2byE1fUOnnDotUCdhqqZaKubyIlUmTIWrdhqbXkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJT2SnIqriM15bp48rWYpkUPcKWPMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvbFBaS2NpcXVJelhsdW5qeXRaaW1SUTl3cFk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWdVqMA0G
CSqGSIb3DQEBCwUAA4IBAQBzRxHAPS16fRDQa50sSt2xzxPkm14J6OenjZ0po/qh
4+IvX3k1P6IEHCLi3ZwVT85stverUjyEsaJkxt6OTiJZKMGa2ppX2ihpNpi9FjEH
9scKVQZL35LCR9cNIkTfg7pZQ4Tn/2/RV8S9KlUl1PuAkgBunNQIRG+aQDSV9VrS
wwSFObyf4mcVqr3XYJR/PpHrO3u4b0oFcV2ian7NCH61bGA+fbU/HBgu/IvXPqAI
oDpGy0c+e3UP8kbxkGyB0qfwMAtJJSQomp+30AskrcpU03SxPhC5GszJUjlM1Dw0
HFwzJ+dqY4zAXAEQD1fzm3XltY4Ypld/agO2QiSswifc
-----END CERTIFICATE-----