This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/lPb2QmWiKPxzYTHlUwItF0AKSL0.roa
File:                     lPb2QmWiKPxzYTHlUwItF0AKSL0.roa (raw, json)
Hash identifier:          t0HsgpiNiYSsplZbvt5snbpm+tzmqAxHOzqpSQ+fk5c=
Subject key identifier:   94:F6:F6:42:65:A2:28:FC:73:61:31:E5:53:02:2D:17:40:0A:48:BD
Certificate issuer:       /CN=ff56d837fe254fa92e1f3c2f861aa1e485521746
Certificate serial:       019B77C74EF64A9F7B9C7D15DAED68F7580D
Authority key identifier: FF:56:D8:37:FE:25:4F:A9:2E:1F:3C:2F:86:1A:A1:E4:85:52:17:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/lPb2QmWiKPxzYTHlUwItF0AKSL0.roa
Signing time:             Thu 01 Jan 2026 04:18:29 +0000
ROA not before:           Thu 01 Jan 2026 04:18:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57039
IP address blocks:        94.143.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:4e:f6:4a:9f:7b:9c:7d:15:da:ed:68:f7:58:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff56d837fe254fa92e1f3c2f861aa1e485521746
        Validity
            Not Before: Jan  1 04:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94f6f64265a228fc736131e553022d17400a48bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:48:98:1f:d6:0c:95:20:e9:d2:43:d0:2b:57:
                    88:e8:3b:25:ba:cc:08:17:dc:34:66:21:fb:0f:68:
                    dc:f7:82:44:a9:18:0a:68:fb:7a:bf:b5:a0:52:6a:
                    5c:13:cf:2b:06:ad:29:8f:9e:17:be:b2:4b:c8:3d:
                    23:ec:f5:18:ca:3c:83:bb:d2:51:b3:ae:83:a8:0a:
                    22:37:a3:a2:cb:b8:4c:af:49:94:09:ec:58:86:85:
                    ce:06:38:3a:11:2d:fb:42:3c:ac:68:a1:ae:c8:95:
                    95:c4:69:cb:6e:1d:8a:c0:58:ec:d5:ed:54:ba:5b:
                    a1:80:8e:0f:ed:2e:26:4f:18:4a:11:dd:00:23:89:
                    33:07:a1:06:04:b5:f8:b0:bf:2b:db:eb:71:93:ab:
                    35:09:85:fb:04:38:c8:74:ea:5e:a3:78:33:b2:2c:
                    42:98:ef:c4:71:03:66:52:e8:e9:9b:d2:5f:e3:84:
                    a9:e6:2b:db:f7:3a:4b:19:db:fa:55:b4:63:23:94:
                    b5:1b:52:29:7a:b4:65:b2:0b:60:e2:92:7c:6f:94:
                    0b:3d:8b:d3:7d:79:3a:1a:76:f8:0a:48:04:45:15:
                    f6:0d:f2:9f:91:76:ca:bb:f2:dc:a4:ad:3b:f3:9f:
                    7e:85:a7:78:9a:19:09:2e:9a:c6:52:b8:94:b3:87:
                    4b:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:F6:F6:42:65:A2:28:FC:73:61:31:E5:53:02:2D:17:40:0A:48:BD
            X509v3 Authority Key Identifier:
                keyid:FF:56:D8:37:FE:25:4F:A9:2E:1F:3C:2F:86:1A:A1:E4:85:52:17:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/lPb2QmWiKPxzYTHlUwItF0AKSL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/1b3749-9673-412d-b348-50fc4d557d08/1/_1bYN_4lT6kuHzwvhhqh5IVSF0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.143.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:19:36:79:f4:13:21:a7:d8:5b:e0:50:a9:58:6a:89:cb:ac:
         ce:e9:b3:0c:26:da:da:ba:2d:e6:11:74:c5:a9:75:06:50:64:
         9b:4e:2c:6b:97:4f:42:23:dd:af:cc:97:b7:a1:95:b0:7b:ea:
         1e:32:b6:25:91:61:26:98:36:3d:40:a6:bd:54:e6:b4:3b:cf:
         ea:70:eb:d4:7e:6b:85:cc:20:52:69:bf:34:4e:46:c5:fc:4b:
         22:5d:48:09:e6:4f:ef:ba:3d:9a:2f:92:0e:ea:a4:e9:84:8a:
         8b:c9:81:e3:c7:82:51:4b:8e:58:a2:a8:04:86:84:c2:4a:ab:
         37:e2:6e:74:ed:49:5e:dc:2e:47:3d:a9:de:a6:18:0c:24:53:
         16:aa:96:f8:8e:1b:67:54:71:07:1a:ce:17:41:43:70:e2:c3:
         f3:8e:18:10:3c:b4:8d:08:8b:14:07:de:f7:ff:01:bc:9d:49:
         21:88:32:b2:69:a1:58:f0:83:bb:7c:91:7e:37:f2:a8:92:65:
         31:6a:d4:4a:bb:a1:03:6d:8c:18:16:ad:25:ec:18:4f:83:df:
         df:c4:cc:39:f2:f4:b9:5d:9a:60:5d:0f:b7:a8:d7:d6:e4:a6:
         d5:a3:d0:7f:da:91:f3:02:18:d9:e2:1a:47:14:b1:f7:e7:d3:
         7f:2d:54:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x072Sp97nH0V2u1o91gNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNTZkODM3ZmUyNTRmYTkyZTFmM2MyZjg2MWFhMWU0ODU1
MjE3NDYwHhcNMjYwMTAxMDQxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGY2ZjY0MjY1YTIyOGZjNzM2MTMxZTU1MzAyMmQxNzQwMGE0OGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUiYH9YMlSDp0kPQK1eI6DsluswI
F9w0ZiH7D2jc94JEqRgKaPt6v7WgUmpcE88rBq0pj54XvrJLyD0j7PUYyjyDu9JR
s66DqAoiN6Oiy7hMr0mUCexYhoXOBjg6ES37QjysaKGuyJWVxGnLbh2KwFjs1e1U
uluhgI4P7S4mTxhKEd0AI4kzB6EGBLX4sL8r2+txk6s1CYX7BDjIdOpeo3gzsixC
mO/EcQNmUujpm9Jf44Sp5ivb9zpLGdv6VbRjI5S1G1IperRlsgtg4pJ8b5QLPYvT
fXk6Gnb4CkgERRX2DfKfkXbKu/LcpK07859+had4mhkJLprGUriUs4dL6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJT29kJloij8c2Ex5VMCLRdACki9MB8GA1UdIwQY
MBaAFP9W2Df+JU+pLh88L4YaoeSFUhdGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzFiWU5fNGxUNmt1SHp3dmhocWg1SVZTRjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xYjM3NDktOTY3My00MTJkLWIzNDgt
NTBmYzRkNTU3ZDA4LzEvbFBiMlFtV2lLUHh6WVRIbFV3SXRGMEFLU0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xYjM3NDktOTY3My00MTJkLWIzNDgtNTBmYzRkNTU3ZDA4
LzEvXzFiWU5fNGxUNmt1SHp3dmhocWg1SVZTRjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo9jMA0G
CSqGSIb3DQEBCwUAA4IBAQAnGTZ59BMhp9hb4FCpWGqJy6zO6bMMJtraui3mEXTF
qXUGUGSbTixrl09CI92vzJe3oZWwe+oeMrYlkWEmmDY9QKa9VOa0O8/qcOvUfmuF
zCBSab80TkbF/EsiXUgJ5k/vuj2aL5IO6qTphIqLyYHjx4JRS45YoqgEhoTCSqs3
4m507Ule3C5HPanephgMJFMWqpb4jhtnVHEHGs4XQUNw4sPzjhgQPLSNCIsUB973
/wG8nUkhiDKyaaFY8IO7fJF+N/KokmUxatRKu6EDbYwYFq0l7BhPg9/fxMw58vS5
XZpgXQ+3qNfW5KbVo9B/2pHzAhjZ4hpHFLH359N/LVSK
-----END CERTIFICATE-----