This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/LwvZJMmH87yRcJ6ljprVO-K5WOE.roa
File:                     LwvZJMmH87yRcJ6ljprVO-K5WOE.roa (raw, json)
Hash identifier:          /RC0scZXUthpCQIXEz/eapoQTHlHyV8HYyVC6Sn1gHk=
Subject key identifier:   2F:0B:D9:24:C9:87:F3:BC:91:70:9E:A5:8E:9A:D5:3B:E2:B9:58:E1
Certificate issuer:       /CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
Certificate serial:       019B7CECE428AAE3F016119B3420130F93CF
Authority key identifier: 65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/LwvZJMmH87yRcJ6ljprVO-K5WOE.roa
Signing time:             Fri 02 Jan 2026 04:17:38 +0000
ROA not before:           Fri 02 Jan 2026 04:17:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211309
IP address blocks:        195.64.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ec:e4:28:aa:e3:f0:16:11:9b:34:20:13:0f:93:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65bdcff77bf060d5da12de45e2072e1cff4560a7
        Validity
            Not Before: Jan  2 04:17:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f0bd924c987f3bc91709ea58e9ad53be2b958e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8c:31:54:44:87:de:ce:1c:21:f8:cd:ef:c7:
                    50:a1:1c:e7:95:f6:4f:32:fa:f6:4c:07:a9:ec:a9:
                    b2:ff:26:f4:9c:44:3b:91:94:a4:52:34:04:9c:09:
                    cf:04:0f:93:0e:14:99:77:cd:dd:82:21:d0:f1:db:
                    73:77:d1:41:ef:f1:29:10:e6:38:63:ff:ae:b5:94:
                    b3:e5:d2:4b:19:ae:9a:f3:2f:94:88:e5:da:d6:07:
                    b9:25:b9:de:10:5d:64:3c:61:04:09:4c:df:df:90:
                    59:e2:1e:cf:6b:ce:4c:e6:9a:e8:77:22:5a:8d:09:
                    1c:d8:9f:83:db:a4:76:c0:c6:79:7a:54:5f:52:38:
                    fb:ec:93:ed:3b:87:c8:cf:4d:b7:cc:3d:cb:3a:2f:
                    69:50:09:1b:8a:b6:65:d9:09:59:22:f7:9c:c3:bb:
                    b0:f4:42:d4:0d:e2:8f:24:5e:69:ee:6d:d6:71:39:
                    d7:a7:11:18:cf:23:46:fc:e7:aa:e1:17:c1:97:9b:
                    da:2b:a6:4b:d2:33:0b:ad:c9:ce:4c:c0:31:de:58:
                    00:e9:f1:04:93:c9:7d:04:d0:97:4a:68:8d:b8:38:
                    0e:02:3c:34:fd:0d:fd:cd:05:24:b6:d2:e0:9e:19:
                    c1:5c:ac:dd:7d:d2:5d:4e:c4:a4:1f:90:44:e6:9d:
                    1d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:0B:D9:24:C9:87:F3:BC:91:70:9E:A5:8E:9A:D5:3B:E2:B9:58:E1
            X509v3 Authority Key Identifier:
                keyid:65:BD:CF:F7:7B:F0:60:D5:DA:12:DE:45:E2:07:2E:1C:FF:45:60:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zb3P93vwYNXaEt5F4gcuHP9FYKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/LwvZJMmH87yRcJ6ljprVO-K5WOE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/195f3d-a851-455a-9b0f-d70cd97f4857/1/Zb3P93vwYNXaEt5F4gcuHP9FYKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:da:24:83:28:69:52:ab:35:d1:88:fe:8a:d1:07:ba:9c:ae:
         f9:e5:91:37:a3:fa:39:f5:46:5a:8d:3b:60:53:08:e1:60:f1:
         6b:94:b5:3b:3b:ee:bb:c4:f1:44:4c:fd:34:38:07:aa:98:72:
         03:7a:ff:d0:1c:21:6a:ed:d3:cc:42:88:9c:9c:99:09:de:70:
         e8:8d:9b:6f:43:ba:98:20:e4:8e:b1:da:15:5b:97:44:fc:27:
         02:26:56:74:a2:9b:ff:67:16:09:82:bd:68:8a:3d:8f:6f:0c:
         d4:49:c8:23:b7:88:6f:84:4b:0d:db:17:49:ed:56:8b:c3:bc:
         67:f7:7f:de:de:a3:8e:b0:72:55:90:0e:98:33:34:63:33:58:
         c5:1d:57:84:2b:97:44:66:75:4a:3b:5d:72:6e:f5:9b:22:89:
         30:10:db:1f:ed:11:8d:91:79:48:d6:4a:8e:f2:6f:ef:40:d3:
         97:17:0c:42:c7:89:03:fd:2d:d0:c3:01:94:13:6a:fd:7e:3c:
         cc:15:b8:76:7e:49:5b:ae:95:56:3f:86:1a:21:9b:99:d2:79:
         f1:8b:25:3d:93:45:fb:62:94:08:0a:bb:b1:73:fb:e9:15:66:
         a2:e3:06:eb:bb:64:8c:c4:56:80:d0:96:09:d9:88:98:29:ae:
         88:57:ad:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87OQoquPwFhGbNCATD5PPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1YmRjZmY3N2JmMDYwZDVkYTEyZGU0NWUyMDcyZTFjZmY0
NTYwYTcwHhcNMjYwMTAyMDQxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjBiZDkyNGM5ODdmM2JjOTE3MDllYTU4ZTlhZDUzYmUyYjk1OGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIwxVESH3s4cIfjN78dQoRznlfZP
Mvr2TAep7Kmy/yb0nEQ7kZSkUjQEnAnPBA+TDhSZd83dgiHQ8dtzd9FB7/EpEOY4
Y/+utZSz5dJLGa6a8y+UiOXa1ge5JbneEF1kPGEECUzf35BZ4h7Pa85M5prodyJa
jQkc2J+D26R2wMZ5elRfUjj77JPtO4fIz023zD3LOi9pUAkbirZl2QlZIvecw7uw
9ELUDeKPJF5p7m3WcTnXpxEYzyNG/Oeq4RfBl5vaK6ZL0jMLrcnOTMAx3lgA6fEE
k8l9BNCXSmiNuDgOAjw0/Q39zQUkttLgnhnBXKzdfdJdTsSkH5BE5p0dRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC8L2STJh/O8kXCepY6a1TviuVjhMB8GA1UdIwQY
MBaAFGW9z/d78GDV2hLeReIHLhz/RWCnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYt
ZDcwY2Q5N2Y0ODU3LzEvTHd2WkpNbUg4N3lSY0o2bGpwclZPLUs1V09FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8xOTVmM2QtYTg1MS00NTVhLTliMGYtZDcwY2Q5N2Y0ODU3
LzEvWmIzUDkzdndZTlhhRXQ1RjRnY3VIUDlGWUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw0B2MA0G
CSqGSIb3DQEBCwUAA4IBAQAb2iSDKGlSqzXRiP6K0Qe6nK755ZE3o/o59UZajTtg
UwjhYPFrlLU7O+67xPFETP00OAeqmHIDev/QHCFq7dPMQoicnJkJ3nDojZtvQ7qY
IOSOsdoVW5dE/CcCJlZ0opv/ZxYJgr1oij2PbwzUScgjt4hvhEsN2xdJ7VaLw7xn
93/e3qOOsHJVkA6YMzRjM1jFHVeEK5dEZnVKO11ybvWbIokwENsf7RGNkXlI1kqO
8m/vQNOXFwxCx4kD/S3QwwGUE2r9fjzMFbh2fklbrpVWP4YaIZuZ0nnxiyU9k0X7
YpQICruxc/vpFWai4wbru2SMxFaA0JYJ2YiYKa6IV60O
-----END CERTIFICATE-----