This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/L_TEhfaPFx7PtkuyDCeQbYMpWxs.roa
File:                     L_TEhfaPFx7PtkuyDCeQbYMpWxs.roa (raw, json)
Hash identifier:          3qkqR71VJ7EC6Lme1R2L9TAp9y2BC9EuTTKGRZgwwzc=
Subject key identifier:   2F:F4:C4:85:F6:8F:17:1E:CF:B6:4B:B2:0C:27:90:6D:83:29:5B:1B
Certificate issuer:       /CN=37518d180923a7f3c00653ec12bc702b95aab907
Certificate serial:       019B7C123B987A605DF909652740C0690150
Authority key identifier: 37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/L_TEhfaPFx7PtkuyDCeQbYMpWxs.roa
Signing time:             Fri 02 Jan 2026 00:18:48 +0000
ROA not before:           Fri 02 Jan 2026 00:18:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212167
IP address blocks:        193.255.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 00:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:3b:98:7a:60:5d:f9:09:65:27:40:c0:69:01:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=37518d180923a7f3c00653ec12bc702b95aab907
        Validity
            Not Before: Jan  2 00:18:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ff4c485f68f171ecfb64bb20c27906d83295b1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d8:d8:16:74:a0:62:16:9d:31:93:5e:23:3f:
                    47:e7:a5:44:6c:de:78:ca:be:11:56:bb:f0:e6:96:
                    fa:2b:bd:2a:ff:3d:af:85:b2:77:1b:d2:77:11:94:
                    5a:11:df:ed:f6:75:a8:cf:84:04:9d:e2:67:37:a7:
                    b5:50:10:46:8e:4c:ef:61:ad:a2:35:7f:ad:4b:59:
                    5c:82:5a:80:8b:d6:f4:67:77:10:a7:9e:9a:03:2a:
                    3e:fd:e7:37:bf:e6:4e:48:c3:1d:00:9a:f8:ec:e8:
                    91:59:dc:61:ce:4a:d2:3e:ba:0b:bc:9d:8e:cf:69:
                    71:3b:1e:b0:be:29:cb:cf:85:70:4d:79:57:9d:eb:
                    03:ea:53:ce:e2:de:e9:25:1b:6a:85:a9:02:82:be:
                    a4:4f:53:1f:0a:2d:35:7d:82:1e:ac:fb:85:bc:3a:
                    5c:8d:4e:cd:49:ed:56:d5:37:25:33:a9:3c:9f:ab:
                    d2:a7:87:60:b1:84:14:3b:3a:26:ef:f2:39:b9:07:
                    67:c8:bc:51:e0:7b:77:e4:0f:c6:ac:dc:cc:5e:28:
                    07:ad:6e:69:6c:39:a2:53:91:2c:75:73:76:96:5b:
                    49:f3:46:51:41:17:d1:9c:9f:7d:6e:0d:41:3c:6b:
                    e8:be:53:df:a5:ef:0e:98:28:f6:3e:94:8c:5e:b2:
                    10:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:F4:C4:85:F6:8F:17:1E:CF:B6:4B:B2:0C:27:90:6D:83:29:5B:1B
            X509v3 Authority Key Identifier:
                keyid:37:51:8D:18:09:23:A7:F3:C0:06:53:EC:12:BC:70:2B:95:AA:B9:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/N1GNGAkjp_PABlPsErxwK5WquQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/L_TEhfaPFx7PtkuyDCeQbYMpWxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/f80ef3-9f0b-4bd1-8018-59671920fb60/1/N1GNGAkjp_PABlPsErxwK5WquQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.255.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         70:c1:73:5e:5a:41:c2:21:aa:60:d5:80:cd:a3:b7:8c:12:2a:
         10:e6:8e:39:46:0a:a8:06:83:95:c6:29:f6:0a:62:19:1b:6e:
         9c:21:21:51:c6:a8:25:a1:bb:d6:dd:f4:f0:b7:5b:6a:b1:b1:
         23:05:61:1c:52:a6:67:d7:c9:91:f4:de:47:e0:1c:e4:02:77:
         aa:de:16:eb:21:c9:aa:5f:4d:25:5c:97:36:b6:c5:77:f1:41:
         af:f4:85:61:99:fc:40:d6:1b:15:65:71:3b:da:3b:b3:42:7f:
         04:b6:24:09:47:96:8b:16:17:aa:e6:6a:1d:f2:d7:5e:30:44:
         8c:7f:69:de:4f:b5:a4:88:2b:69:08:47:3e:4d:e5:f1:ab:0d:
         9a:d6:5b:d7:8d:87:49:f8:d2:90:77:8d:f4:00:8e:fb:1a:9e:
         df:4e:64:8f:d2:42:be:bb:ca:da:14:68:8e:a5:47:44:d5:28:
         36:e7:a5:4f:9b:78:55:d6:87:3d:1d:92:7b:3b:27:f7:43:56:
         27:56:a2:0f:62:26:0b:32:d5:dc:87:1d:1c:f6:38:63:2f:de:
         95:7d:e7:22:ed:22:91:5a:61:95:b9:2a:73:e4:f2:bf:b7:eb:
         72:ab:7f:12:57:6a:58:fa:5c:a5:1f:64:b2:25:69:13:72:d3:
         7f:77:92:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EjuYemBd+QllJ0DAaQFQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3NTE4ZDE4MDkyM2E3ZjNjMDA2NTNlYzEyYmM3MDJiOTVh
YWI5MDcwHhcNMjYwMTAyMDAxODQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmY0YzQ4NWY2OGYxNzFlY2ZiNjRiYjIwYzI3OTA2ZDgzMjk1YjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49jYFnSgYhadMZNeIz9H56VEbN54
yr4RVrvw5pb6K70q/z2vhbJ3G9J3EZRaEd/t9nWoz4QEneJnN6e1UBBGjkzvYa2i
NX+tS1lcglqAi9b0Z3cQp56aAyo+/ec3v+ZOSMMdAJr47OiRWdxhzkrSProLvJ2O
z2lxOx6wvinLz4VwTXlXnesD6lPO4t7pJRtqhakCgr6kT1MfCi01fYIerPuFvDpc
jU7NSe1W1TclM6k8n6vSp4dgsYQUOzom7/I5uQdnyLxR4Ht35A/GrNzMXigHrW5p
bDmiU5EsdXN2lltJ80ZRQRfRnJ99bg1BPGvovlPfpe8OmCj2PpSMXrIQDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/0xIX2jxcez7ZLsgwnkG2DKVsbMB8GA1UdIwQY
MBaAFDdRjRgJI6fzwAZT7BK8cCuVqrkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgt
NTk2NzE5MjBmYjYwLzEvTF9URWhmYVBGeDdQdGt1eURDZVFiWU1wV3hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9mODBlZjMtOWYwYi00YmQxLTgwMTgtNTk2NzE5MjBmYjYw
LzEvTjFHTkdBa2pwX1BBQmxQc0VyeHdLNVdxdVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwf80MA0G
CSqGSIb3DQEBCwUAA4IBAQBwwXNeWkHCIapg1YDNo7eMEioQ5o45RgqoBoOVxin2
CmIZG26cISFRxqglobvW3fTwt1tqsbEjBWEcUqZn18mR9N5H4BzkAneq3hbrIcmq
X00lXJc2tsV38UGv9IVhmfxA1hsVZXE72juzQn8EtiQJR5aLFheq5mod8tdeMESM
f2neT7WkiCtpCEc+TeXxqw2a1lvXjYdJ+NKQd430AI77Gp7fTmSP0kK+u8raFGiO
pUdE1Sg256VPm3hV1oc9HZJ7Oyf3Q1YnVqIPYiYLMtXchx0c9jhjL96Vfeci7SKR
WmGVuSpz5PK/t+tyq38SV2pY+lylH2SyJWkTctN/d5Kz
-----END CERTIFICATE-----