This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/lnQm--gY8ePlCI161SZETEH7iss.roa
File:                     lnQm--gY8ePlCI161SZETEH7iss.roa (raw, json)
Hash identifier:          vxrBUtHuyLV0LieoKDVoBuqAYfEuInf7kfLphmP99fg=
Subject key identifier:   96:74:26:FB:E8:18:F1:E3:E5:08:8D:7A:D5:26:44:4C:41:FB:8A:CB
Certificate issuer:       /CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
Certificate serial:       019B7E38BAF4C039362392F5B20BDA05BAA4
Authority key identifier: 18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/lnQm--gY8ePlCI161SZETEH7iss.roa
Signing time:             Fri 02 Jan 2026 10:20:05 +0000
ROA not before:           Fri 02 Jan 2026 10:20:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62240
IP address blocks:        185.208.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:ba:f4:c0:39:36:23:92:f5:b2:0b:da:05:ba:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18a84a8e475f6606e7a12f92b330d63d8f880be0
        Validity
            Not Before: Jan  2 10:20:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=967426fbe818f1e3e5088d7ad526444c41fb8acb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:40:9d:4c:bb:ae:fa:12:f4:45:5a:5f:2f:ed:
                    7f:a7:ab:57:b0:9a:67:71:1f:cd:dd:55:69:62:71:
                    77:53:e5:75:00:bc:a3:25:8d:a8:a6:d5:06:cd:e8:
                    b0:1e:1d:9c:88:ec:de:8e:0f:3c:a1:bf:eb:03:59:
                    27:10:52:f7:3d:16:6d:fb:3d:c4:ad:a3:d4:b9:2b:
                    1a:dc:9f:37:b0:8d:bc:fa:3a:5f:a3:f4:19:e0:2d:
                    f4:08:68:f1:8b:3b:30:8b:2a:dc:ab:0a:8d:1b:78:
                    85:62:ca:e3:71:58:14:71:16:87:fd:b0:b2:cc:fa:
                    0c:a0:1f:76:fe:ef:42:86:88:6a:9b:95:16:d6:b8:
                    57:74:8b:f5:48:26:84:b9:83:00:f1:e4:12:7c:47:
                    45:16:81:66:08:e9:7c:50:2d:12:9c:21:61:c4:18:
                    86:a1:8d:8b:5e:20:ae:71:66:bb:59:78:45:b7:9c:
                    ce:cb:3d:a8:01:2a:62:fb:3c:2d:26:86:df:de:3f:
                    33:51:80:98:af:81:6b:5a:48:1f:ee:a9:f1:c6:1b:
                    10:65:83:f2:5a:99:9c:f8:d0:6c:dc:b2:40:0b:ad:
                    e4:98:9b:3a:22:27:69:20:59:99:ed:e6:78:b1:65:
                    c8:74:46:3f:01:7e:7c:3f:cd:b4:7a:ac:5e:e7:12:
                    98:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:74:26:FB:E8:18:F1:E3:E5:08:8D:7A:D5:26:44:4C:41:FB:8A:CB
            X509v3 Authority Key Identifier:
                keyid:18:A8:4A:8E:47:5F:66:06:E7:A1:2F:92:B3:30:D6:3D:8F:88:0B:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GKhKjkdfZgbnoS-SszDWPY-IC-A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/lnQm--gY8ePlCI161SZETEH7iss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/892a27-fdb6-4285-829a-87f5b6479d1e/1/GKhKjkdfZgbnoS-SszDWPY-IC-A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:2a:54:34:f5:d9:45:0d:91:bf:12:c0:48:e0:1a:4e:95:37:
         9e:df:a0:1f:62:31:d4:64:c8:6a:e2:82:43:78:bd:16:ff:75:
         9b:cb:ba:d3:bf:5e:38:f1:90:48:e4:47:f2:88:67:3d:2d:99:
         51:c5:92:56:ae:bb:94:1f:ed:b2:15:58:e3:23:ac:aa:b7:7d:
         9f:eb:fd:45:17:e3:54:bf:f6:76:e7:21:c4:12:37:0d:aa:dc:
         d0:42:dc:fd:ec:7a:a2:24:16:a0:bc:2a:77:a4:cb:a8:76:6a:
         f3:fb:eb:fc:29:e1:a9:a3:b6:0a:a9:6a:13:33:75:dc:26:4b:
         67:53:05:34:2a:98:a8:26:a6:de:9e:eb:1c:de:b4:fe:7d:57:
         e2:cf:87:51:aa:d3:cb:cf:9e:52:78:6f:73:0f:f2:db:c4:6a:
         7d:c3:59:79:5b:b3:7c:6e:dd:a0:79:49:40:de:ad:0f:2c:2a:
         fd:94:33:79:d8:69:2e:02:37:5f:56:7e:bb:49:45:78:6f:c8:
         32:8c:60:89:e2:41:20:d4:56:ee:dc:fa:ec:01:b4:ec:48:09:
         f3:71:89:f7:9b:68:09:6a:2e:a6:cd:c1:38:1d:59:8f:4e:8a:
         99:19:6c:ee:37:71:96:83:cc:85:1e:19:b4:5b:8e:69:80:d1:
         c6:62:0d:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OLr0wDk2I5L1sgvaBbqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YTg0YThlNDc1ZjY2MDZlN2ExMmY5MmIzMzBkNjNkOGY4
ODBiZTAwHhcNMjYwMTAyMTAyMDA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njc0MjZmYmU4MThmMWUzZTUwODhkN2FkNTI2NDQ0YzQxZmI4YWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0CdTLuu+hL0RVpfL+1/p6tXsJpn
cR/N3VVpYnF3U+V1ALyjJY2optUGzeiwHh2ciOzejg88ob/rA1knEFL3PRZt+z3E
raPUuSsa3J83sI28+jpfo/QZ4C30CGjxizswiyrcqwqNG3iFYsrjcVgUcRaH/bCy
zPoMoB92/u9Chohqm5UW1rhXdIv1SCaEuYMA8eQSfEdFFoFmCOl8UC0SnCFhxBiG
oY2LXiCucWa7WXhFt5zOyz2oASpi+zwtJobf3j8zUYCYr4FrWkgf7qnxxhsQZYPy
Wpmc+NBs3LJAC63kmJs6IidpIFmZ7eZ4sWXIdEY/AX58P820eqxe5xKYKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZ0JvvoGPHj5QiNetUmRExB+4rLMB8GA1UdIwQY
MBaAFBioSo5HX2YG56EvkrMw1j2PiAvgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEt
ODdmNWI2NDc5ZDFlLzEvbG5RbS0tZ1k4ZVBsQ0kxNjFTWkVURUg3aXNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC84OTJhMjctZmRiNi00Mjg1LTgyOWEtODdmNWI2NDc5ZDFl
LzEvR0toS2prZGZaZ2Jub1MtU3N6RFdQWS1JQy1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudAJMA0G
CSqGSIb3DQEBCwUAA4IBAQBFKlQ09dlFDZG/EsBI4BpOlTee36AfYjHUZMhq4oJD
eL0W/3Wby7rTv1448ZBI5EfyiGc9LZlRxZJWrruUH+2yFVjjI6yqt32f6/1FF+NU
v/Z25yHEEjcNqtzQQtz97HqiJBagvCp3pMuodmrz++v8KeGpo7YKqWoTM3XcJktn
UwU0KpioJqbenusc3rT+fVfiz4dRqtPLz55SeG9zD/LbxGp9w1l5W7N8bt2geUlA
3q0PLCr9lDN52GkuAjdfVn67SUV4b8gyjGCJ4kEg1Fbu3PrsAbTsSAnzcYn3m2gJ
ai6mzcE4HVmPToqZGWzuN3GWg8yFHhm0W45pgNHGYg2v
-----END CERTIFICATE-----