This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/lbl2pQkR5Gt2zpZZ9Jh22oLkisQ.roa
File:                     lbl2pQkR5Gt2zpZZ9Jh22oLkisQ.roa (raw, json)
Hash identifier:          x9+pd0aqdgxunGrrCWfBRzAZtvQjFOaQn2oOsjiZkVo=
Subject key identifier:   95:B9:76:A5:09:11:E4:6B:76:CE:96:59:F4:98:76:DA:82:E4:8A:C4
Certificate issuer:       /CN=d020f10832c49bad6f15a96058c5ba18572ac52a
Certificate serial:       019B7BA4E839A159F42DA759A391A9E7A96E
Authority key identifier: D0:20:F1:08:32:C4:9B:AD:6F:15:A9:60:58:C5:BA:18:57:2A:C5:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0CDxCDLEm61vFalgWMW6GFcqxSo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/lbl2pQkR5Gt2zpZZ9Jh22oLkisQ.roa
Signing time:             Thu 01 Jan 2026 22:19:23 +0000
ROA not before:           Thu 01 Jan 2026 22:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21364
IP address blocks:        80.245.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/0CDxCDLEm61vFalgWMW6GFcqxSo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/0CDxCDLEm61vFalgWMW6GFcqxSo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0CDxCDLEm61vFalgWMW6GFcqxSo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:e8:39:a1:59:f4:2d:a7:59:a3:91:a9:e7:a9:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d020f10832c49bad6f15a96058c5ba18572ac52a
        Validity
            Not Before: Jan  1 22:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95b976a50911e46b76ce9659f49876da82e48ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:80:c4:11:32:3d:7f:61:f7:49:29:ae:5e:f5:
                    56:ec:e9:26:19:17:fc:ec:02:92:0f:7b:dc:04:43:
                    8d:bd:bc:12:57:a7:0f:33:a4:8d:25:ef:e3:16:6d:
                    1a:a2:7d:7e:fb:57:43:cb:e3:23:fb:5f:28:fd:e6:
                    82:d5:2f:67:21:f0:8f:53:4c:d1:38:b5:2b:5c:45:
                    8f:f0:8a:b3:1b:c0:75:1d:93:1b:29:72:60:3f:74:
                    6c:cd:a2:3f:f4:fe:ba:00:1c:07:58:9e:67:77:b5:
                    d4:d3:7c:11:60:21:88:ab:af:30:ca:56:67:88:b1:
                    fc:89:d5:5f:d2:cb:ce:bb:f0:61:76:fc:d3:3f:c4:
                    bf:79:03:6b:10:16:0b:7c:6c:0c:47:28:bb:17:01:
                    a7:57:bb:d3:60:c5:65:72:66:4b:e1:a9:74:9f:75:
                    97:2d:9d:c6:3f:32:4f:22:f8:39:d4:25:b5:12:5b:
                    10:8f:94:0e:e6:85:1d:a3:f3:a3:85:a9:29:cc:50:
                    44:d9:9a:cb:ba:29:cb:0e:61:7f:0f:07:6d:aa:ea:
                    47:70:eb:d2:44:7b:91:f1:ba:32:17:11:9e:fe:e8:
                    35:fe:9b:e8:64:5d:65:2b:54:a1:1a:df:83:95:8b:
                    ca:1b:60:99:74:1b:ad:fd:01:38:66:3c:03:87:8b:
                    bd:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B9:76:A5:09:11:E4:6B:76:CE:96:59:F4:98:76:DA:82:E4:8A:C4
            X509v3 Authority Key Identifier:
                keyid:D0:20:F1:08:32:C4:9B:AD:6F:15:A9:60:58:C5:BA:18:57:2A:C5:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0CDxCDLEm61vFalgWMW6GFcqxSo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/lbl2pQkR5Gt2zpZZ9Jh22oLkisQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/2c11c1-4250-4387-a4db-2701d591deae/1/0CDxCDLEm61vFalgWMW6GFcqxSo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.245.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6a:3d:c1:ca:3f:6c:a5:f8:18:0c:11:33:0d:12:26:80:9d:40:
         e7:aa:6a:d2:ff:69:ba:26:e1:34:de:d0:48:1d:a0:1e:42:06:
         43:50:8d:b4:3b:3d:23:2b:46:ca:e3:89:2d:02:56:0b:1a:59:
         34:b6:ec:4f:cb:b1:9d:40:36:69:45:b2:5f:01:dc:56:96:cb:
         3d:4f:c6:06:f5:50:60:5c:68:a3:06:54:c6:e0:c6:1d:02:5a:
         ab:d7:12:9b:05:1f:0a:aa:46:73:f2:9c:13:5a:ee:bd:0e:1a:
         b0:17:36:4d:fd:fa:67:1b:b2:1c:f8:bb:5e:2f:06:f4:70:a2:
         77:53:81:96:00:d6:48:f1:c6:17:f0:e4:46:ae:e0:dd:dd:8d:
         2d:99:c6:f9:0b:68:30:ce:b6:ec:8b:38:e8:24:1e:3a:0a:a2:
         15:33:86:af:53:2d:d1:90:5f:23:80:36:b2:31:2f:94:d7:dc:
         b6:aa:f0:5c:4c:45:46:8e:f3:6c:5f:16:36:b7:22:4e:82:39:
         6f:d5:85:bf:54:9f:b0:85:21:71:5c:8f:f7:5b:01:c1:98:d1:
         3a:7e:85:a3:58:cb:9f:e8:b6:28:d8:e0:a6:de:f9:f7:96:67:
         73:30:3f:1a:5c:00:b4:42:92:d5:4c:64:f9:4b:35:21:7b:11:
         b9:f3:ec:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pOg5oVn0LadZo5Gp56luMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjBmMTA4MzJjNDliYWQ2ZjE1YTk2MDU4YzViYTE4NTcy
YWM1MmEwHhcNMjYwMTAxMjIxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWI5NzZhNTA5MTFlNDZiNzZjZTk2NTlmNDk4NzZkYTgyZTQ4YWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjIDEETI9f2H3SSmuXvVW7OkmGRf8
7AKSD3vcBEONvbwSV6cPM6SNJe/jFm0aon1++1dDy+Mj+18o/eaC1S9nIfCPU0zR
OLUrXEWP8IqzG8B1HZMbKXJgP3RszaI/9P66ABwHWJ5nd7XU03wRYCGIq68wylZn
iLH8idVf0svOu/BhdvzTP8S/eQNrEBYLfGwMRyi7FwGnV7vTYMVlcmZL4al0n3WX
LZ3GPzJPIvg51CW1ElsQj5QO5oUdo/OjhakpzFBE2ZrLuinLDmF/DwdtqupHcOvS
RHuR8boyFxGe/ug1/pvoZF1lK1ShGt+DlYvKG2CZdBut/QE4ZjwDh4u9qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJW5dqUJEeRrds6WWfSYdtqC5IrEMB8GA1UdIwQY
MBaAFNAg8QgyxJutbxWpYFjFuhhXKsUqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENEeENETEVtNjF2RmFsZ1dNVzZHRmNxeFNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni8yYzExYzEtNDI1MC00Mzg3LWE0ZGIt
MjcwMWQ1OTFkZWFlLzEvbGJsMnBRa1I1R3QyenBaWjlKaDIyb0xraXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni8yYzExYzEtNDI1MC00Mzg3LWE0ZGItMjcwMWQ1OTFkZWFl
LzEvMENEeENETEVtNjF2RmFsZ1dNVzZHRmNxeFNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPUAMA0G
CSqGSIb3DQEBCwUAA4IBAQBqPcHKP2yl+BgMETMNEiaAnUDnqmrS/2m6JuE03tBI
HaAeQgZDUI20Oz0jK0bK44ktAlYLGlk0tuxPy7GdQDZpRbJfAdxWlss9T8YG9VBg
XGijBlTG4MYdAlqr1xKbBR8KqkZz8pwTWu69DhqwFzZN/fpnG7Ic+LteLwb0cKJ3
U4GWANZI8cYX8ORGruDd3Y0tmcb5C2gwzrbsizjoJB46CqIVM4avUy3RkF8jgDay
MS+U19y2qvBcTEVGjvNsXxY2tyJOgjlv1YW/VJ+whSFxXI/3WwHBmNE6foWjWMuf
6LYo2OCm3vn3lmdzMD8aXAC0QpLVTGT5SzUhexG58+w1
-----END CERTIFICATE-----