This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/lpMIGwR4za4x1QHBAZmNEuk_WjY.roa
File:                     lpMIGwR4za4x1QHBAZmNEuk_WjY.roa (raw, json)
Hash identifier:          fm/rz7kb5OPsvmpY4pemRDx7xp0m1GxXkfdvL8Fastw=
Subject key identifier:   96:93:08:1B:04:78:CD:AE:31:D5:01:C1:01:99:8D:12:E9:3F:5A:36
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019B7C12EC45F5AFF5BB991E2A0B0A6601B7
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/lpMIGwR4za4x1QHBAZmNEuk_WjY.roa
Signing time:             Fri 02 Jan 2026 00:19:33 +0000
ROA not before:           Fri 02 Jan 2026 00:19:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204268
IP address blocks:        5.231.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:ec:45:f5:af:f5:bb:99:1e:2a:0b:0a:66:01:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jan  2 00:19:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9693081b0478cdae31d501c101998d12e93f5a36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:3a:01:4e:cd:2a:62:9b:cc:22:d3:7a:82:3a:
                    8c:a0:c5:a4:38:8b:c1:30:10:df:7f:8d:78:19:5d:
                    f8:3d:b7:ad:aa:d9:0c:ef:1b:12:7a:ad:a3:4b:11:
                    79:20:4a:47:a0:25:74:0f:20:56:22:93:c3:cb:ee:
                    60:16:68:2b:5b:a4:66:01:bf:8c:8d:b8:6b:b2:99:
                    81:38:34:2d:7c:65:88:a5:26:24:eb:30:da:90:ea:
                    ba:be:29:ef:85:bf:20:93:cb:c5:95:de:aa:bf:9d:
                    90:22:0c:d2:49:96:da:af:91:b4:1b:c0:7c:86:d1:
                    fc:83:e4:63:09:a9:ae:35:97:af:55:1b:15:6c:ab:
                    45:39:e0:18:86:4d:c1:8d:b1:38:c2:b4:94:dd:01:
                    f5:01:b6:a0:af:95:be:c6:fa:d9:62:ff:25:67:ba:
                    68:f0:d0:3a:ec:69:cd:d6:3a:5b:42:fb:3b:fe:84:
                    e9:08:0b:23:26:4a:f9:db:92:96:45:f9:f5:e2:54:
                    7c:e2:24:74:16:de:db:e6:59:4c:6a:17:da:29:4d:
                    42:c5:1c:fa:8b:fe:75:ab:24:13:ca:88:a9:50:ee:
                    13:c8:5e:ad:36:97:e0:05:56:e9:e4:7f:31:05:09:
                    4a:f9:c5:65:c4:0a:82:45:a5:98:ac:85:41:7d:7e:
                    9c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:93:08:1B:04:78:CD:AE:31:D5:01:C1:01:99:8D:12:E9:3F:5A:36
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/lpMIGwR4za4x1QHBAZmNEuk_WjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:39:8e:7f:0b:79:8d:e2:c9:34:86:33:08:52:e6:95:10:ca:
         a9:49:1a:e1:6c:d2:31:8a:cd:b8:b4:cd:e4:5d:d7:54:24:4a:
         22:68:63:f6:89:b8:d4:5c:a2:e6:96:02:e9:a2:91:e1:51:37:
         96:6b:b8:bf:04:3c:95:7b:1f:ec:e6:52:4f:41:25:72:7a:08:
         bf:30:d1:10:97:68:7b:d2:1c:95:00:ea:4a:a3:f6:11:51:c7:
         18:01:a0:2f:66:48:c4:a3:ad:b7:d9:9c:28:c9:34:d6:83:9a:
         55:4b:a2:05:b8:88:95:dc:bf:60:86:1a:ee:1d:23:5a:de:6f:
         38:fe:20:6d:5f:d2:1b:41:88:07:b1:b4:0c:16:55:0b:71:bd:
         7b:79:51:25:57:91:2b:fa:76:ed:07:01:0e:27:29:44:b2:c8:
         a9:de:e9:2b:d3:c8:3b:8c:92:68:86:ba:1b:fb:4d:67:3a:31:
         53:58:f4:2e:d9:25:f6:c3:11:d7:0a:7e:46:59:a7:fc:aa:9c:
         40:6d:71:e5:74:bb:56:1c:c9:81:37:a0:01:fa:bc:3c:03:65:
         b2:ba:34:11:0f:0d:58:f4:22:2f:af:6b:28:84:f8:58:fe:55:
         17:97:4d:ea:01:20:ae:e0:7f:51:91:7e:e9:31:a8:13:22:9c:
         f9:7c:89:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EuxF9a/1u5keKgsKZgG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwMTAyMDAxOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjkzMDgxYjA0NzhjZGFlMzFkNTAxYzEwMTk5OGQxMmU5M2Y1YTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDoBTs0qYpvMItN6gjqMoMWkOIvB
MBDff414GV34PbetqtkM7xsSeq2jSxF5IEpHoCV0DyBWIpPDy+5gFmgrW6RmAb+M
jbhrspmBODQtfGWIpSYk6zDakOq6vinvhb8gk8vFld6qv52QIgzSSZbar5G0G8B8
htH8g+RjCamuNZevVRsVbKtFOeAYhk3BjbE4wrSU3QH1Abagr5W+xvrZYv8lZ7po
8NA67GnN1jpbQvs7/oTpCAsjJkr525KWRfn14lR84iR0Ft7b5llMahfaKU1CxRz6
i/51qyQTyoipUO4TyF6tNpfgBVbp5H8xBQlK+cVlxAqCRaWYrIVBfX6cNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJaTCBsEeM2uMdUBwQGZjRLpP1o2MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvbHBNSUd3UjR6YTR4MVFIQkFabU5FdWtfV2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABefzMA0G
CSqGSIb3DQEBCwUAA4IBAQCKOY5/C3mN4sk0hjMIUuaVEMqpSRrhbNIxis24tM3k
XddUJEoiaGP2ibjUXKLmlgLpopHhUTeWa7i/BDyVex/s5lJPQSVyegi/MNEQl2h7
0hyVAOpKo/YRUccYAaAvZkjEo6232ZwoyTTWg5pVS6IFuIiV3L9ghhruHSNa3m84
/iBtX9IbQYgHsbQMFlULcb17eVElV5Er+nbtBwEOJylEssip3ukr08g7jJJohrob
+01nOjFTWPQu2SX2wxHXCn5GWaf8qpxAbXHldLtWHMmBN6AB+rw8A2WyujQRDw1Y
9CIvr2sohPhY/lUXl03qASCu4H9RkX7pMagTIpz5fIm5
-----END CERTIFICATE-----