This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/LfmeRYcfUiEj399TDpOym_UlFRA.roa
File:                     LfmeRYcfUiEj399TDpOym_UlFRA.roa (raw, json)
Hash identifier:          BkStJv/EZ8z0hAQkEE3CqcK8hG9A1BieEUEqY6z0bK8=
Subject key identifier:   2D:F9:9E:45:87:1F:52:21:23:DF:DF:53:0E:93:B2:9B:F5:25:15:10
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       019B7E39205266C4D6FECD8C93F6321609F9
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/LfmeRYcfUiEj399TDpOym_UlFRA.roa
Signing time:             Fri 02 Jan 2026 10:20:31 +0000
ROA not before:           Fri 02 Jan 2026 10:20:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211218
IP address blocks:        194.28.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:20:52:66:c4:d6:fe:cd:8c:93:f6:32:16:09:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 10:20:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2df99e45871f522123dfdf530e93b29bf5251510
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:c6:4b:bf:2e:a1:a1:29:09:f4:63:9f:48:07:
                    a9:09:68:fe:cb:b8:51:f4:58:eb:96:fd:ff:c5:a8:
                    0f:7e:26:70:01:fb:59:90:93:58:3d:69:ce:b8:32:
                    2a:94:4d:cd:03:cb:d1:61:e6:07:8a:f7:6e:be:e7:
                    45:aa:d9:0e:97:42:12:b7:5a:dc:89:72:a9:6f:2b:
                    2b:2b:d3:2a:c7:39:b5:7f:f7:d8:67:b4:c2:ba:d3:
                    79:f7:3a:13:a9:4c:34:e1:34:72:41:ed:a3:8d:c6:
                    dc:d9:43:ef:f9:08:80:3f:32:d8:fe:cf:c1:44:f9:
                    b1:bc:e3:40:fb:1a:82:a2:a9:1d:3b:50:17:5e:70:
                    18:82:09:c2:f8:ca:c5:7f:6a:da:5c:15:2d:9a:7c:
                    44:c2:0a:1d:69:39:79:8b:36:43:15:3e:85:26:6b:
                    c7:a5:e4:20:84:d1:0f:bf:12:9f:b3:5d:eb:5c:76:
                    87:58:05:33:90:25:f4:6b:a0:45:eb:a5:e9:cf:79:
                    ea:81:0a:02:89:de:2d:26:0b:76:a1:31:b8:6f:5b:
                    78:7f:e1:d7:f2:42:f0:d9:4b:5f:55:c2:0a:66:06:
                    ff:36:6d:e0:3d:ee:af:9d:4e:ca:a8:32:22:14:f6:
                    8c:bf:1f:6b:83:72:f4:5c:81:e5:35:0b:12:f6:2b:
                    23:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:F9:9E:45:87:1F:52:21:23:DF:DF:53:0E:93:B2:9B:F5:25:15:10
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/LfmeRYcfUiEj399TDpOym_UlFRA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.28.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:13:8e:9d:af:55:d8:ed:9b:09:db:9e:3e:69:50:c3:a9:67:
         0e:54:c6:d8:c5:85:aa:0c:52:42:4c:4f:fd:a1:56:25:3f:16:
         d6:50:79:e1:47:4a:5c:8c:0d:d6:b8:c6:44:16:c8:10:84:0e:
         dd:ab:de:00:34:05:58:a3:08:c9:50:5d:eb:a6:45:9a:cb:20:
         92:ed:be:4a:4e:99:9e:a9:8e:13:66:9e:84:99:d5:0a:c2:2a:
         21:1e:89:18:77:2e:22:8e:81:a2:2a:29:2c:2a:d6:9a:63:78:
         cf:fb:7b:e0:b4:50:64:de:d7:64:0b:15:ac:5d:42:9a:2b:91:
         89:cf:aa:44:73:f2:d8:95:2e:b0:5a:5a:e2:93:b2:95:ca:72:
         a5:6a:8f:38:1f:3a:b9:dd:8e:e8:99:3a:f6:3c:60:78:81:5a:
         c4:29:7e:d8:2b:fa:84:94:b0:7f:8f:b9:23:3f:96:82:48:61:
         72:59:3c:02:80:cd:d4:d9:80:e6:a8:d1:be:6f:b6:70:63:76:
         48:76:99:3f:9a:cc:78:a0:7b:83:58:63:30:4d:6b:eb:42:84:
         9c:d6:f0:8b:36:0c:bf:ec:3e:04:4b:e9:d3:a1:51:60:1f:69:
         ff:e9:cd:ac:30:26:7d:e4:3c:13:7e:18:9a:1b:30:f5:b5:c3:
         e5:22:ea:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OSBSZsTW/s2Mk/YyFgn5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjYwMTAyMTAyMDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGY5OWU0NTg3MWY1MjIxMjNkZmRmNTMwZTkzYjI5YmY1MjUxNTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1sZLvy6hoSkJ9GOfSAepCWj+y7hR
9Fjrlv3/xagPfiZwAftZkJNYPWnOuDIqlE3NA8vRYeYHivduvudFqtkOl0ISt1rc
iXKpbysrK9Mqxzm1f/fYZ7TCutN59zoTqUw04TRyQe2jjcbc2UPv+QiAPzLY/s/B
RPmxvONA+xqCoqkdO1AXXnAYggnC+MrFf2raXBUtmnxEwgodaTl5izZDFT6FJmvH
peQghNEPvxKfs13rXHaHWAUzkCX0a6BF66Xpz3nqgQoCid4tJgt2oTG4b1t4f+HX
8kLw2UtfVcIKZgb/Nm3gPe6vnU7KqDIiFPaMvx9rg3L0XIHlNQsS9isjAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC35nkWHH1IhI9/fUw6Tspv1JRUQMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvTGZtZVJZY2ZVaUVqMzk5VERwT3ltX1VsRlJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhxlMA0G
CSqGSIb3DQEBCwUAA4IBAQBIE46dr1XY7ZsJ254+aVDDqWcOVMbYxYWqDFJCTE/9
oVYlPxbWUHnhR0pcjA3WuMZEFsgQhA7dq94ANAVYowjJUF3rpkWayyCS7b5KTpme
qY4TZp6EmdUKwiohHokYdy4ijoGiKiksKtaaY3jP+3vgtFBk3tdkCxWsXUKaK5GJ
z6pEc/LYlS6wWlrik7KVynKlao84Hzq53Y7omTr2PGB4gVrEKX7YK/qElLB/j7kj
P5aCSGFyWTwCgM3U2YDmqNG+b7ZwY3ZIdpk/msx4oHuDWGMwTWvrQoSc1vCLNgy/
7D4ES+nToVFgH2n/6c2sMCZ95DwTfhiaGzD1tcPlIuqX
-----END CERTIFICATE-----