This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/lnjlGqeSJRjiZXGR9UWwM1AXf_Q.roa
File:                     lnjlGqeSJRjiZXGR9UWwM1AXf_Q.roa (raw, json)
Hash identifier:          aNa57xkBvP6KhWbTSSYB2DdXOWY3tvwB5/a1u/Dvisw=
Subject key identifier:   96:78:E5:1A:A7:92:25:18:E2:65:71:91:F5:45:B0:33:50:17:7F:F4
Certificate issuer:       /CN=2e872826fce02bd9485ef276641d2b584f599b37
Certificate serial:       019B7834CCA5EB5126BAB01F553C9C40229D
Authority key identifier: 2E:87:28:26:FC:E0:2B:D9:48:5E:F2:76:64:1D:2B:58:4F:59:9B:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/lnjlGqeSJRjiZXGR9UWwM1AXf_Q.roa
Signing time:             Thu 01 Jan 2026 06:18:04 +0000
ROA not before:           Thu 01 Jan 2026 06:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48728
IP address blocks:        45.67.72.0/24 maxlen: 24
                          45.67.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:cc:a5:eb:51:26:ba:b0:1f:55:3c:9c:40:22:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e872826fce02bd9485ef276641d2b584f599b37
        Validity
            Not Before: Jan  1 06:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9678e51aa7922518e2657191f545b03350177ff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fb:ba:25:f3:04:87:0c:d9:ad:63:c0:2f:dd:
                    60:bb:6d:91:2b:dd:d5:e7:b6:a9:32:b2:00:55:00:
                    bc:31:2d:bb:aa:6b:0b:cd:5c:4d:62:5a:06:d7:fd:
                    ad:00:a0:d0:bd:c4:7c:8c:d8:39:80:fd:01:72:b3:
                    d5:af:f4:d4:61:5a:83:60:df:0e:d0:f7:ef:c3:2d:
                    76:9c:d4:55:7f:3b:0b:00:3e:dd:a6:a6:35:30:97:
                    bf:74:c9:2f:4b:90:5f:4d:02:91:f6:4b:6c:56:38:
                    56:62:d4:e1:0c:ed:36:67:da:37:a8:55:94:58:57:
                    3b:d6:ab:79:b0:0a:93:47:b3:12:37:b4:d9:27:db:
                    ea:2f:36:df:e8:55:f8:54:fc:db:ac:a5:af:60:21:
                    98:84:de:12:cf:3b:e0:03:e2:43:fc:84:f8:37:0c:
                    8a:82:c0:23:e8:88:e9:c2:3c:3c:8e:ec:a5:86:c0:
                    83:a5:40:b0:1d:0f:a7:aa:5e:9c:93:d6:bf:e0:39:
                    c5:9d:fd:0e:82:62:3f:6e:42:f5:9c:ad:7d:b7:20:
                    dd:1d:b8:5d:f1:9e:9b:c3:20:d8:b6:5f:fc:2d:07:
                    1c:61:ae:d2:40:4e:7a:76:f9:0c:bf:4f:ef:6f:6b:
                    1e:9c:fb:2a:f5:fb:04:d2:f6:5f:eb:f3:fe:80:b8:
                    8b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:78:E5:1A:A7:92:25:18:E2:65:71:91:F5:45:B0:33:50:17:7F:F4
            X509v3 Authority Key Identifier:
                keyid:2E:87:28:26:FC:E0:2B:D9:48:5E:F2:76:64:1D:2B:58:4F:59:9B:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/lnjlGqeSJRjiZXGR9UWwM1AXf_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1bcef4-131d-4db5-94c7-24c79b1cb4da/1/LocoJvzgK9lIXvJ2ZB0rWE9Zmzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.72.0/23

    Signature Algorithm: sha256WithRSAEncryption
         03:49:74:60:2d:6e:ec:2c:5d:7e:98:63:6e:0e:10:f7:92:0f:
         df:fb:02:b8:68:8d:73:70:57:6b:62:4e:75:37:78:e1:87:44:
         29:df:19:eb:b1:92:1c:12:d1:b3:6f:fa:b0:8d:b6:3d:26:06:
         ae:77:d1:1e:6c:ac:fa:39:98:5a:00:bc:74:ee:31:87:56:59:
         c6:f4:98:76:7d:bb:62:bf:7a:6f:92:10:aa:7e:97:b7:97:7c:
         2a:6e:4c:41:eb:7a:3e:ef:30:56:5f:ae:28:b4:a1:4e:26:58:
         cb:d8:3c:0d:5f:5b:9a:a3:ec:e7:b6:95:78:8b:06:92:e7:ff:
         a0:41:e9:2a:32:33:9a:ff:3e:21:5a:42:25:ef:e2:24:56:c4:
         cb:b0:9b:d2:99:d4:ec:ea:f3:9a:ab:45:01:7a:9d:39:e3:3d:
         74:f2:9e:50:f9:dd:b2:70:dd:dc:38:30:b3:c9:85:53:39:d8:
         e1:36:58:92:98:db:e3:ba:5c:c1:c0:c8:0f:f2:8f:58:b5:73:
         54:ba:0b:d3:ef:e4:e1:36:ae:08:aa:58:50:f2:f2:86:1a:44:
         c6:fd:12:9e:3d:49:91:a1:d5:6b:44:4e:60:2f:0f:33:6b:3f:
         c4:7e:b3:7b:e2:99:eb:00:f3:8a:44:d2:fc:3e:01:66:cd:b0:
         ac:85:19:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NMyl61EmurAfVTycQCKdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODcyODI2ZmNlMDJiZDk0ODVlZjI3NjY0MWQyYjU4NGY1
OTliMzcwHhcNMjYwMTAxMDYxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njc4ZTUxYWE3OTIyNTE4ZTI2NTcxOTFmNTQ1YjAzMzUwMTc3ZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtvu6JfMEhwzZrWPAL91gu22RK93V
57apMrIAVQC8MS27qmsLzVxNYloG1/2tAKDQvcR8jNg5gP0BcrPVr/TUYVqDYN8O
0Pfvwy12nNRVfzsLAD7dpqY1MJe/dMkvS5BfTQKR9ktsVjhWYtThDO02Z9o3qFWU
WFc71qt5sAqTR7MSN7TZJ9vqLzbf6FX4VPzbrKWvYCGYhN4SzzvgA+JD/IT4NwyK
gsAj6Ijpwjw8juylhsCDpUCwHQ+nql6ck9a/4DnFnf0OgmI/bkL1nK19tyDdHbhd
8Z6bwyDYtl/8LQccYa7SQE56dvkMv0/vb2senPsq9fsE0vZf6/P+gLiLUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZ45RqnkiUY4mVxkfVFsDNQF3/0MB8GA1UdIwQY
MBaAFC6HKCb84CvZSF7ydmQdK1hPWZs3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9jb0p2emdLOWxJWHZKMlpCMHJXRTlabXpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xYmNlZjQtMTMxZC00ZGI1LTk0Yzct
MjRjNzliMWNiNGRhLzEvbG5qbEdxZVNKUmppWlhHUjlVV3dNMUFYZl9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xYmNlZjQtMTMxZC00ZGI1LTk0YzctMjRjNzliMWNiNGRh
LzEvTG9jb0p2emdLOWxJWHZKMlpCMHJXRTlabXpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLUNIMA0G
CSqGSIb3DQEBCwUAA4IBAQADSXRgLW7sLF1+mGNuDhD3kg/f+wK4aI1zcFdrYk51
N3jhh0Qp3xnrsZIcEtGzb/qwjbY9Jgaud9EebKz6OZhaALx07jGHVlnG9Jh2fbti
v3pvkhCqfpe3l3wqbkxB63o+7zBWX64otKFOJljL2DwNX1uao+zntpV4iwaS5/+g
QekqMjOa/z4hWkIl7+IkVsTLsJvSmdTs6vOaq0UBep054z108p5Q+d2ycN3cODCz
yYVTOdjhNliSmNvjulzBwMgP8o9YtXNUugvT7+ThNq4IqlhQ8vKGGkTG/RKePUmR
odVrRE5gLw8zaz/EfrN74pnrAPOKRNL8PgFmzbCshRnZ
-----END CERTIFICATE-----