This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/LtMkeVGzz7h7CkGqERqV6V4qsFw.roa
File:                     LtMkeVGzz7h7CkGqERqV6V4qsFw.roa (raw, json)
Hash identifier:          RGCmsp7/VHcixBUIVcMwlIa1/oiBpWlQTFWDvtpCknY=
Subject key identifier:   2E:D3:24:79:51:B3:CF:B8:7B:0A:41:AA:11:1A:95:E9:5E:2A:B0:5C
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       019B7D5D144C8D7CE5A6C6DE2510833FA8FC
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/LtMkeVGzz7h7CkGqERqV6V4qsFw.roa
Signing time:             Fri 02 Jan 2026 06:20:10 +0000
ROA not before:           Fri 02 Jan 2026 06:20:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12589
IP address blocks:        194.88.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:14:4c:8d:7c:e5:a6:c6:de:25:10:83:3f:a8:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  2 06:20:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ed3247951b3cfb87b0a41aa111a95e95e2ab05c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:52:9a:1a:ed:7c:15:5d:5d:ac:b1:c3:2b:1f:
                    e2:40:39:0a:28:84:9a:58:fa:5f:fe:2c:f8:47:6c:
                    1e:69:e6:38:ed:cc:cb:ef:81:98:ff:6b:23:c2:d5:
                    40:b1:25:c4:f3:54:8a:8c:5a:8d:65:86:45:9b:ed:
                    fc:89:76:7e:c6:16:93:a1:36:b8:dc:d3:ad:53:cf:
                    3a:39:1b:6c:00:34:fc:59:e7:a5:a6:51:36:a9:e3:
                    69:3b:ca:24:ab:04:79:a5:f3:e2:44:79:35:8b:06:
                    49:36:ce:d5:02:3f:a0:1a:69:8c:cc:4f:be:d1:68:
                    92:9c:bc:ee:fa:c0:56:3b:99:51:35:aa:c2:9e:fb:
                    89:cb:d3:36:21:6b:8c:87:2a:26:f3:2e:18:8a:fb:
                    bd:e6:1b:72:3b:68:91:a1:e7:a3:af:90:f6:ae:53:
                    88:0e:64:49:0f:23:eb:51:25:66:6e:68:88:04:d0:
                    db:30:4e:56:a5:0c:22:82:c1:57:a4:a2:02:f1:44:
                    a6:31:6b:7e:6d:0a:9f:2d:d1:fe:36:ad:f3:35:e0:
                    3f:c5:ae:55:a6:3a:7d:ad:42:bf:93:97:07:93:b7:
                    85:67:9a:c8:cb:9f:36:db:b6:77:0a:27:a5:90:74:
                    68:4a:15:73:dd:6b:94:70:b6:3b:8e:7c:43:ed:63:
                    ba:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D3:24:79:51:B3:CF:B8:7B:0A:41:AA:11:1A:95:E9:5E:2A:B0:5C
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/LtMkeVGzz7h7CkGqERqV6V4qsFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.88.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:bd:64:03:27:06:58:3a:06:5c:f1:13:4a:57:0e:28:74:7f:
         a7:d8:7d:cd:da:4a:e0:d0:a8:41:9c:66:cb:df:c6:14:55:61:
         65:30:f1:45:8d:90:b0:a0:f9:cd:ef:07:af:9e:09:19:ef:b6:
         bb:fa:23:52:a9:75:a1:c9:fc:f9:da:9e:97:da:7b:12:4b:d4:
         96:1f:2b:e2:42:82:48:eb:57:d4:e0:69:85:dc:88:6b:3f:d2:
         1a:5a:a4:d2:84:7d:d0:b0:d7:2a:71:1c:d0:20:31:90:74:dc:
         ca:48:6e:10:4f:de:66:b2:07:fb:f2:54:57:79:90:4d:2d:34:
         de:61:ad:37:bf:0d:df:3c:e7:29:76:83:5e:7a:b2:64:92:a3:
         80:fc:0b:bf:3a:89:91:f2:e6:ec:84:1f:a4:20:cc:47:99:59:
         fc:9f:37:3c:7d:4e:33:8a:72:b1:9f:b4:12:c6:b4:24:1d:b0:
         ab:f1:97:e6:cd:35:1e:81:58:1f:ab:01:c2:89:e4:ce:51:59:
         3e:18:bc:59:8a:a9:06:be:04:69:9e:1f:dc:a9:e2:de:a4:81:
         12:6e:41:07:80:c7:91:0c:75:4b:20:e8:fa:5c:0e:ce:44:5f:
         44:18:73:ac:e8:54:46:e2:79:27:77:db:9e:04:71:80:3c:f7:
         f6:a6:36:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9XRRMjXzlpsbeJRCDP6j8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjYwMTAyMDYyMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQzMjQ3OTUxYjNjZmI4N2IwYTQxYWExMTFhOTVlOTVlMmFiMDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVKaGu18FV1drLHDKx/iQDkKKISa
WPpf/iz4R2weaeY47czL74GY/2sjwtVAsSXE81SKjFqNZYZFm+38iXZ+xhaToTa4
3NOtU886ORtsADT8WeelplE2qeNpO8okqwR5pfPiRHk1iwZJNs7VAj+gGmmMzE++
0WiSnLzu+sBWO5lRNarCnvuJy9M2IWuMhyom8y4Yivu95htyO2iRoeejr5D2rlOI
DmRJDyPrUSVmbmiIBNDbME5WpQwigsFXpKIC8USmMWt+bQqfLdH+Nq3zNeA/xa5V
pjp9rUK/k5cHk7eFZ5rIy58227Z3CielkHRoShVz3WuUcLY7jnxD7WO6VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7TJHlRs8+4ewpBqhEaleleKrBcMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvTHRNa2VWR3p6N2g3Q2tHcUVScVY2VjRxc0Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwlgtMA0G
CSqGSIb3DQEBCwUAA4IBAQB0vWQDJwZYOgZc8RNKVw4odH+n2H3N2krg0KhBnGbL
38YUVWFlMPFFjZCwoPnN7wevngkZ77a7+iNSqXWhyfz52p6X2nsSS9SWHyviQoJI
61fU4GmF3IhrP9IaWqTShH3QsNcqcRzQIDGQdNzKSG4QT95msgf78lRXeZBNLTTe
Ya03vw3fPOcpdoNeerJkkqOA/Au/OomR8ubshB+kIMxHmVn8nzc8fU4zinKxn7QS
xrQkHbCr8ZfmzTUegVgfqwHCieTOUVk+GLxZiqkGvgRpnh/cqeLepIESbkEHgMeR
DHVLIOj6XA7ORF9EGHOs6FRG4nknd9ueBHGAPPf2pjZg
-----END CERTIFICATE-----