This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/LbwUBW6UnU18v-U18rNDE3l0xQQ.roa
File:                     LbwUBW6UnU18v-U18rNDE3l0xQQ.roa (raw, json)
Hash identifier:          SkrwHdQX53t1+eW9cdOIIYqsrHJtmmj6qudznw4zEbg=
Subject key identifier:   2D:BC:14:05:6E:94:9D:4D:7C:BF:E5:35:F2:B3:43:13:79:74:C5:04
Certificate issuer:       /CN=480e3cf0d122574c7e7b3bf034d0d3d013eebc15
Certificate serial:       019B7C1288C086EACDB39DB2BD576AEFB0E2
Authority key identifier: 48:0E:3C:F0:D1:22:57:4C:7E:7B:3B:F0:34:D0:D3:D0:13:EE:BC:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SA488NEiV0x-ezvwNNDT0BPuvBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/LbwUBW6UnU18v-U18rNDE3l0xQQ.roa
Signing time:             Fri 02 Jan 2026 00:19:07 +0000
ROA not before:           Fri 02 Jan 2026 00:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202647
IP address blocks:        2001:67c:ac0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/SA488NEiV0x-ezvwNNDT0BPuvBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/SA488NEiV0x-ezvwNNDT0BPuvBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SA488NEiV0x-ezvwNNDT0BPuvBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 15:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:88:c0:86:ea:cd:b3:9d:b2:bd:57:6a:ef:b0:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=480e3cf0d122574c7e7b3bf034d0d3d013eebc15
        Validity
            Not Before: Jan  2 00:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2dbc14056e949d4d7cbfe535f2b343137974c504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:e1:18:ca:60:73:a5:23:e3:40:38:b4:d9:05:
                    60:5c:fa:f1:76:70:82:ec:76:f4:fc:96:70:fb:2f:
                    5b:57:d0:b0:3c:c2:0b:c7:1d:35:60:34:3f:32:61:
                    d2:54:9c:71:40:f3:e3:2e:a0:6e:e9:28:b7:46:7e:
                    84:d2:c6:e3:03:48:d6:d7:f7:af:9d:39:a3:a9:0c:
                    00:96:db:76:90:b5:c1:71:58:54:d4:3a:ba:8c:d5:
                    49:36:e5:9f:08:90:b4:cd:b5:75:4d:53:bb:18:c0:
                    4a:bd:18:89:42:df:98:c1:f5:56:94:bf:50:25:ba:
                    5c:8f:21:60:b6:00:c4:e8:d4:40:75:c3:da:11:e0:
                    a7:b7:c4:a3:1b:c4:b5:39:40:79:d2:b1:e9:5a:71:
                    bf:1a:f7:99:87:41:7f:8d:37:5f:41:ed:90:cb:0c:
                    e2:3a:c4:32:f4:38:49:98:b5:ee:bd:dd:80:5b:31:
                    1e:02:2a:1c:60:3c:17:a9:bf:4e:33:41:ac:c8:cf:
                    03:93:be:a7:c8:83:85:f5:43:11:e0:a2:ba:dd:2d:
                    0c:bf:ab:83:d4:ec:b4:a5:93:da:36:65:ab:70:dc:
                    d6:f7:c8:29:7c:49:ef:0d:e1:04:82:52:c5:d9:bf:
                    6a:4a:1c:e5:86:29:03:a1:18:58:cd:1e:45:e7:62:
                    0f:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:BC:14:05:6E:94:9D:4D:7C:BF:E5:35:F2:B3:43:13:79:74:C5:04
            X509v3 Authority Key Identifier:
                keyid:48:0E:3C:F0:D1:22:57:4C:7E:7B:3B:F0:34:D0:D3:D0:13:EE:BC:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SA488NEiV0x-ezvwNNDT0BPuvBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/LbwUBW6UnU18v-U18rNDE3l0xQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ba66f2-de3e-4de8-bd65-22f23fe29287/1/SA488NEiV0x-ezvwNNDT0BPuvBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ac0::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:ce:b8:ac:98:47:88:e5:0f:e1:b3:c7:44:23:7d:21:8e:4e:
         25:fa:c7:96:0d:ea:81:e3:e8:8f:26:65:dc:78:38:a7:b7:00:
         45:2c:61:38:99:78:91:6f:64:1b:79:bf:c5:0e:56:79:9d:52:
         b3:4e:97:c1:61:12:f1:10:e2:85:89:bb:b2:c3:9c:88:73:72:
         1f:77:24:8d:ff:59:e5:43:6f:38:68:30:db:85:57:e3:dd:f0:
         dd:d7:1d:2c:59:30:ec:9f:af:19:0f:99:a5:42:ae:6f:d6:c3:
         48:dc:ae:ae:ad:59:5e:a0:16:47:60:70:4b:ee:95:d6:c8:5c:
         3e:4a:3a:a5:18:9a:47:25:5f:39:2e:c0:fd:17:2f:d8:27:91:
         ad:1c:ac:aa:e9:0d:d8:d7:09:7c:87:62:70:fd:99:aa:a2:a5:
         e8:4d:66:51:e3:01:10:6b:ff:d2:46:36:70:36:3c:d8:b2:76:
         f9:e4:99:4c:cf:8a:91:ac:47:24:f9:20:21:3f:35:71:b1:ec:
         4a:f0:e4:9d:e0:e1:95:f0:e8:ba:be:37:9b:d9:8b:f2:bb:53:
         5f:76:d2:2a:7f:3d:25:38:6b:23:e5:29:b5:bd:1d:41:fe:29:
         80:57:84:19:d8:7b:4a:65:9f:28:41:60:fb:f2:52:79:5d:fc:
         06:da:74:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8EojAhurNs52yvVdq77DiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MGUzY2YwZDEyMjU3NGM3ZTdiM2JmMDM0ZDBkM2QwMTNl
ZWJjMTUwHhcNMjYwMTAyMDAxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGJjMTQwNTZlOTQ5ZDRkN2NiZmU1MzVmMmIzNDMxMzc5NzRjNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreEYymBzpSPjQDi02QVgXPrxdnCC
7Hb0/JZw+y9bV9CwPMILxx01YDQ/MmHSVJxxQPPjLqBu6Si3Rn6E0sbjA0jW1/ev
nTmjqQwAltt2kLXBcVhU1Dq6jNVJNuWfCJC0zbV1TVO7GMBKvRiJQt+YwfVWlL9Q
JbpcjyFgtgDE6NRAdcPaEeCnt8SjG8S1OUB50rHpWnG/GveZh0F/jTdfQe2Qywzi
OsQy9DhJmLXuvd2AWzEeAiocYDwXqb9OM0GsyM8Dk76nyIOF9UMR4KK63S0Mv6uD
1Oy0pZPaNmWrcNzW98gpfEnvDeEEglLF2b9qShzlhikDoRhYzR5F52IP4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC28FAVulJ1NfL/lNfKzQxN5dMUEMB8GA1UdIwQY
MBaAFEgOPPDRIldMfns78DTQ09AT7rwVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0E0ODhORWlWMHgtZXp2d05ORFQwQlB1dkJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9iYTY2ZjItZGUzZS00ZGU4LWJkNjUt
MjJmMjNmZTI5Mjg3LzEvTGJ3VUJXNlVuVTE4di1VMThyTkRFM2wweFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9iYTY2ZjItZGUzZS00ZGU4LWJkNjUtMjJmMjNmZTI5Mjg3
LzEvU0E0ODhORWlWMHgtZXp2d05ORFQwQlB1dkJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfArA
MA0GCSqGSIb3DQEBCwUAA4IBAQAkzrismEeI5Q/hs8dEI30hjk4l+seWDeqB4+iP
JmXceDintwBFLGE4mXiRb2Qbeb/FDlZ5nVKzTpfBYRLxEOKFibuyw5yIc3IfdySN
/1nlQ284aDDbhVfj3fDd1x0sWTDsn68ZD5mlQq5v1sNI3K6urVleoBZHYHBL7pXW
yFw+SjqlGJpHJV85LsD9Fy/YJ5GtHKyq6Q3Y1wl8h2Jw/ZmqoqXoTWZR4wEQa//S
RjZwNjzYsnb55JlMz4qRrEck+SAhPzVxsexK8OSd4OGV8Oi6vjeb2Yvyu1NfdtIq
fz0lOGsj5Sm1vR1B/imAV4QZ2HtKZZ8oQWD78lJ5XfwG2nSY
-----END CERTIFICATE-----