This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/0bed52-b7cc-414a-9c88-6d77f065a2c3/1/LVJLyRNkzYXWrFPMXDuqL1cx3r0.roa
File:                     LVJLyRNkzYXWrFPMXDuqL1cx3r0.roa (raw, json)
Hash identifier:          /6VNNRjnmK1nx7DLPoyOKEbtFH+S0vHKlP1nyDqaMBk=
Subject key identifier:   2D:52:4B:C9:13:64:CD:85:D6:AC:53:CC:5C:3B:AA:2F:57:31:DE:BD
Certificate issuer:       /CN=85acfb9ad3a50ce15331cff4eba88bcc07b7a282
Certificate serial:       019B7C1265CB949D9282E817E537C899A1F0
Authority key identifier: 85:AC:FB:9A:D3:A5:0C:E1:53:31:CF:F4:EB:A8:8B:CC:07:B7:A2:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/haz7mtOlDOFTMc_066iLzAe3ooI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/0bed52-b7cc-414a-9c88-6d77f065a2c3/1/LVJLyRNkzYXWrFPMXDuqL1cx3r0.roa
Signing time:             Fri 02 Jan 2026 00:18:58 +0000
ROA not before:           Fri 02 Jan 2026 00:18:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21334
IP address blocks:        91.220.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/0bed52-b7cc-414a-9c88-6d77f065a2c3/1/haz7mtOlDOFTMc_066iLzAe3ooI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/0bed52-b7cc-414a-9c88-6d77f065a2c3/1/haz7mtOlDOFTMc_066iLzAe3ooI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/haz7mtOlDOFTMc_066iLzAe3ooI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:65:cb:94:9d:92:82:e8:17:e5:37:c8:99:a1:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85acfb9ad3a50ce15331cff4eba88bcc07b7a282
        Validity
            Not Before: Jan  2 00:18:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d524bc91364cd85d6ac53cc5c3baa2f5731debd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:eb:60:52:38:11:b8:87:08:cb:e8:55:f0:3a:
                    5f:99:b7:2a:e3:77:af:53:13:78:f2:c8:3f:e6:39:
                    e4:61:73:76:3a:c9:ec:42:92:01:4a:99:a5:ee:8d:
                    c2:2b:d9:ce:7b:d0:9b:ba:64:5e:26:79:c7:85:35:
                    53:91:4e:c6:b1:8d:ef:8e:98:4e:f1:53:63:a4:f9:
                    49:5a:2d:3f:66:bd:33:d9:a6:39:4f:2a:1b:dc:96:
                    8b:66:b4:e0:93:a2:c3:62:0b:9b:6b:ec:b1:0f:51:
                    7f:ba:2b:38:77:3a:3f:20:96:be:87:d2:0b:4f:48:
                    3e:95:61:5f:dd:a4:af:0a:c6:12:12:60:40:bf:cb:
                    17:17:6a:43:fa:05:62:e1:82:8f:73:bf:ad:a2:75:
                    6d:4e:36:86:74:10:40:b9:15:fc:8b:a7:63:4d:e9:
                    40:fb:59:57:11:6c:c4:53:ad:7b:9b:0f:37:41:fc:
                    f5:17:40:15:17:24:e8:a4:df:36:41:44:d1:01:d7:
                    5c:5f:78:84:ef:26:e9:c4:f2:0d:8f:96:4b:67:d7:
                    54:3a:8d:8b:b8:24:25:2f:2a:e2:10:77:05:0a:3c:
                    35:ac:75:fa:25:31:42:0d:aa:56:5d:82:bc:e3:73:
                    9e:7a:16:48:6d:f7:78:77:86:51:f0:11:1c:92:d2:
                    b5:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:52:4B:C9:13:64:CD:85:D6:AC:53:CC:5C:3B:AA:2F:57:31:DE:BD
            X509v3 Authority Key Identifier:
                keyid:85:AC:FB:9A:D3:A5:0C:E1:53:31:CF:F4:EB:A8:8B:CC:07:B7:A2:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/haz7mtOlDOFTMc_066iLzAe3ooI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/0bed52-b7cc-414a-9c88-6d77f065a2c3/1/LVJLyRNkzYXWrFPMXDuqL1cx3r0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/0bed52-b7cc-414a-9c88-6d77f065a2c3/1/haz7mtOlDOFTMc_066iLzAe3ooI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:c2:59:da:56:4a:60:82:fa:13:e3:2a:aa:cc:3c:43:0c:64:
         c0:ac:8b:6f:43:73:cb:7d:8c:e8:48:6c:81:20:ea:39:5b:05:
         08:6d:52:53:ac:0d:e8:ad:f2:56:4b:72:01:58:84:dd:8a:ed:
         bf:24:a1:25:87:a3:2e:d8:c0:34:c8:64:cd:ad:80:3a:7b:c4:
         85:ff:39:51:b7:f1:cd:29:50:d5:58:5b:cd:cb:12:ed:c9:d0:
         98:3b:7f:0c:28:3a:ad:30:e2:04:da:76:cc:24:35:e0:a9:98:
         48:73:e2:88:8f:0f:56:c9:69:f8:bf:57:7f:80:7a:b5:49:69:
         f6:ae:c4:9d:8b:f8:b8:59:e3:ce:ba:0c:7b:7a:c0:b6:18:c1:
         e5:23:3b:c8:bc:3c:03:4b:47:10:8d:d5:64:d0:ae:9f:09:ee:
         3a:51:83:62:38:83:0a:52:14:1c:17:eb:ab:4c:b3:25:82:83:
         7c:09:e2:ee:a3:d0:c9:33:6b:3e:4c:c5:80:81:84:a9:26:8e:
         f4:7d:4b:08:00:52:c1:f2:91:06:89:49:6c:61:bf:6f:06:6c:
         94:a6:7b:11:cb:40:1e:71:8c:da:8f:4a:f7:2b:86:d9:6b:10:
         3c:3f:a5:19:1e:c0:60:41:a5:40:e1:be:72:3c:c4:e5:c8:a4:
         b0:62:bd:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EmXLlJ2SgugX5TfImaHwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1YWNmYjlhZDNhNTBjZTE1MzMxY2ZmNGViYTg4YmNjMDdi
N2EyODIwHhcNMjYwMTAyMDAxODU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDUyNGJjOTEzNjRjZDg1ZDZhYzUzY2M1YzNiYWEyZjU3MzFkZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+tgUjgRuIcIy+hV8Dpfmbcq43ev
UxN48sg/5jnkYXN2OsnsQpIBSpml7o3CK9nOe9CbumReJnnHhTVTkU7GsY3vjphO
8VNjpPlJWi0/Zr0z2aY5Tyob3JaLZrTgk6LDYguba+yxD1F/uis4dzo/IJa+h9IL
T0g+lWFf3aSvCsYSEmBAv8sXF2pD+gVi4YKPc7+tonVtTjaGdBBAuRX8i6djTelA
+1lXEWzEU617mw83Qfz1F0AVFyTopN82QUTRAddcX3iE7ybpxPINj5ZLZ9dUOo2L
uCQlLyriEHcFCjw1rHX6JTFCDapWXYK843OeehZIbfd4d4ZR8BEcktK1yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1SS8kTZM2F1qxTzFw7qi9XMd69MB8GA1UdIwQY
MBaAFIWs+5rTpQzhUzHP9Ouoi8wHt6KCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGF6N210T2xET0ZUTWNfMDY2aUx6QWUzb29JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8wYmVkNTItYjdjYy00MTRhLTljODgt
NmQ3N2YwNjVhMmMzLzEvTFZKTHlSTmt6WVhXckZQTVhEdXFMMWN4M3IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8wYmVkNTItYjdjYy00MTRhLTljODgtNmQ3N2YwNjVhMmMz
LzEvaGF6N210T2xET0ZUTWNfMDY2aUx6QWUzb29JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9z3MA0G
CSqGSIb3DQEBCwUAA4IBAQBMwlnaVkpggvoT4yqqzDxDDGTArItvQ3PLfYzoSGyB
IOo5WwUIbVJTrA3orfJWS3IBWITdiu2/JKElh6Mu2MA0yGTNrYA6e8SF/zlRt/HN
KVDVWFvNyxLtydCYO38MKDqtMOIE2nbMJDXgqZhIc+KIjw9WyWn4v1d/gHq1SWn2
rsSdi/i4WePOugx7esC2GMHlIzvIvDwDS0cQjdVk0K6fCe46UYNiOIMKUhQcF+ur
TLMlgoN8CeLuo9DJM2s+TMWAgYSpJo70fUsIAFLB8pEGiUlsYb9vBmyUpnsRy0Ae
cYzaj0r3K4bZaxA8P6UZHsBgQaVA4b5yPMTlyKSwYr2g
-----END CERTIFICATE-----