This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/LFUS6tQiGpmjI6ItUVw2MpTAETI.roa
File:                     LFUS6tQiGpmjI6ItUVw2MpTAETI.roa (raw, json)
Hash identifier:          FEu4LPnIRepU4N89SAmjCCbg/lOypjW1gLoZTKRnXmE=
Subject key identifier:   2C:55:12:EA:D4:22:1A:99:A3:23:A2:2D:51:5C:36:32:94:C0:11:32
Certificate issuer:       /CN=7af1a7bf74285db2e82091fbf463a2eef6e3a578
Certificate serial:       019B797EC05FA370EF9243329B42E8045A2A
Authority key identifier: 7A:F1:A7:BF:74:28:5D:B2:E8:20:91:FB:F4:63:A2:EE:F6:E3:A5:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/evGnv3QoXbLoIJH79GOi7vbjpXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/LFUS6tQiGpmjI6ItUVw2MpTAETI.roa
Signing time:             Thu 01 Jan 2026 12:18:28 +0000
ROA not before:           Thu 01 Jan 2026 12:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29119
IP address blocks:        91.90.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/evGnv3QoXbLoIJH79GOi7vbjpXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/evGnv3QoXbLoIJH79GOi7vbjpXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/evGnv3QoXbLoIJH79GOi7vbjpXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:c0:5f:a3:70:ef:92:43:32:9b:42:e8:04:5a:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7af1a7bf74285db2e82091fbf463a2eef6e3a578
        Validity
            Not Before: Jan  1 12:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c5512ead4221a99a323a22d515c363294c01132
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ed:49:95:86:f9:d5:3e:0f:d5:08:92:c7:94:
                    ce:8f:e2:d6:c9:f4:fa:28:83:3b:34:6e:73:e1:c9:
                    c3:dc:f7:a4:ff:b4:46:03:64:c0:68:47:92:33:0a:
                    97:21:2d:ef:a3:69:2f:e2:48:65:1a:24:64:78:17:
                    d5:1a:03:f4:89:81:e9:d0:4b:b6:db:a7:7d:ea:4e:
                    37:29:2c:4d:89:1a:ac:1b:9c:5e:fc:6d:08:ee:94:
                    40:30:05:41:67:96:d5:9f:a4:73:6d:55:d6:bc:e8:
                    b7:d5:84:cd:cd:f1:ea:81:97:f3:b9:31:1a:ef:c0:
                    75:ee:09:0c:c6:3e:a7:22:61:56:f8:68:a3:43:1a:
                    88:d2:be:60:15:1a:7f:5a:d8:c5:37:2f:83:95:99:
                    df:d1:7c:c3:7d:1c:da:ae:06:44:9a:52:b3:3d:87:
                    58:58:3d:e7:8c:fe:8e:4b:63:dc:93:ba:cc:30:41:
                    00:35:00:fb:59:9e:9f:21:7b:e0:cc:05:cd:9a:2c:
                    a4:c2:49:3c:3a:7e:86:ac:72:89:48:ae:ac:52:07:
                    f2:24:0a:56:aa:f4:94:7e:ff:e8:1f:81:f8:79:dc:
                    94:4d:32:b8:42:55:1c:76:bf:c7:10:4f:34:0f:b8:
                    8f:fe:5d:b1:93:3d:4d:24:d2:d2:9a:75:26:21:62:
                    ec:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:55:12:EA:D4:22:1A:99:A3:23:A2:2D:51:5C:36:32:94:C0:11:32
            X509v3 Authority Key Identifier:
                keyid:7A:F1:A7:BF:74:28:5D:B2:E8:20:91:FB:F4:63:A2:EE:F6:E3:A5:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/evGnv3QoXbLoIJH79GOi7vbjpXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/LFUS6tQiGpmjI6ItUVw2MpTAETI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/058435-a1c6-4436-95a2-b7114b69f84c/1/evGnv3QoXbLoIJH79GOi7vbjpXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.90.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:71:78:98:a9:42:2e:5e:36:5c:aa:eb:07:91:a8:1f:7e:27:
         aa:bd:45:b3:52:ea:0c:c6:0e:28:99:9a:2d:19:b5:e3:4d:fa:
         42:40:6f:5c:80:a8:65:ec:69:79:51:6f:76:b6:a7:70:47:00:
         fe:23:e9:c8:41:78:7d:c9:1d:f3:b8:ba:c7:c4:a8:01:d1:7e:
         75:e7:a2:48:0c:fc:42:68:5b:d7:7c:d4:30:4d:67:a8:9c:84:
         e9:c3:56:14:ab:c4:ce:df:3e:a2:0c:27:cd:ae:d0:f0:c0:40:
         e6:d4:ab:b0:a5:95:45:c0:9c:3c:25:a9:4d:4e:e7:33:ae:96:
         3d:eb:5c:db:04:8d:da:60:c7:b7:bb:59:e9:05:05:42:e9:e4:
         11:28:01:58:5b:88:74:3a:2a:5b:e9:04:1e:aa:e2:bc:68:bf:
         45:94:a0:e8:b9:62:9c:69:7b:2d:0c:15:52:bd:c6:f3:52:1d:
         3f:62:60:dd:23:1c:12:9b:07:b6:ab:40:d3:cd:9c:fe:fc:36:
         84:7c:c9:0b:a9:69:1c:9c:f8:bd:4c:da:15:5e:50:3f:cd:70:
         a6:04:67:b5:20:66:69:a2:dd:99:d9:cf:c5:f6:30:e2:11:72:
         52:a8:01:aa:fc:5b:33:df:4b:9a:27:26:01:7a:46:2a:f5:59:
         64:8b:d2:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fsBfo3DvkkMym0LoBFoqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZjFhN2JmNzQyODVkYjJlODIwOTFmYmY0NjNhMmVlZjZl
M2E1NzgwHhcNMjYwMTAxMTIxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzU1MTJlYWQ0MjIxYTk5YTMyM2EyMmQ1MTVjMzYzMjk0YzAxMTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApu1JlYb51T4P1QiSx5TOj+LWyfT6
KIM7NG5z4cnD3Pek/7RGA2TAaEeSMwqXIS3vo2kv4khlGiRkeBfVGgP0iYHp0Eu2
26d96k43KSxNiRqsG5xe/G0I7pRAMAVBZ5bVn6RzbVXWvOi31YTNzfHqgZfzuTEa
78B17gkMxj6nImFW+GijQxqI0r5gFRp/WtjFNy+DlZnf0XzDfRzargZEmlKzPYdY
WD3njP6OS2Pck7rMMEEANQD7WZ6fIXvgzAXNmiykwkk8On6GrHKJSK6sUgfyJApW
qvSUfv/oH4H4edyUTTK4QlUcdr/HEE80D7iP/l2xkz1NJNLSmnUmIWLszQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxVEurUIhqZoyOiLVFcNjKUwBEyMB8GA1UdIwQY
MBaAFHrxp790KF2y6CCR+/Rjou7246V4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXZHbnYzUW9YYkxvSUpINzlHT2k3dmJqcFhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8wNTg0MzUtYTFjNi00NDM2LTk1YTIt
YjcxMTRiNjlmODRjLzEvTEZVUzZ0UWlHcG1qSTZJdFVWdzJNcFRBRVRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8wNTg0MzUtYTFjNi00NDM2LTk1YTItYjcxMTRiNjlmODRj
LzEvZXZHbnYzUW9YYkxvSUpINzlHT2k3dmJqcFhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1qhMA0G
CSqGSIb3DQEBCwUAA4IBAQCPcXiYqUIuXjZcqusHkagffieqvUWzUuoMxg4omZot
GbXjTfpCQG9cgKhl7Gl5UW92tqdwRwD+I+nIQXh9yR3zuLrHxKgB0X5156JIDPxC
aFvXfNQwTWeonITpw1YUq8TO3z6iDCfNrtDwwEDm1KuwpZVFwJw8JalNTuczrpY9
61zbBI3aYMe3u1npBQVC6eQRKAFYW4h0Oipb6QQequK8aL9FlKDouWKcaXstDBVS
vcbzUh0/YmDdIxwSmwe2q0DTzZz+/DaEfMkLqWkcnPi9TNoVXlA/zXCmBGe1IGZp
ot2Z2c/F9jDiEXJSqAGq/Fsz30uaJyYBekYq9Vlki9J7
-----END CERTIFICATE-----