This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/lXEQBr5n6vltoaNLnk53BzOQCKI.roa
File:                     lXEQBr5n6vltoaNLnk53BzOQCKI.roa (raw, json)
Hash identifier:          mS+ZoKxC2/xGrXQPEasbYL8daPcpjFFh4zp7Gf7c17s=
Subject key identifier:   95:71:10:06:BE:67:EA:F9:6D:A1:A3:4B:9E:4E:77:07:33:90:08:A2
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019B7DCB5A476B32FFFD6273127F36D1C0A4
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/lXEQBr5n6vltoaNLnk53BzOQCKI.roa
Signing time:             Fri 02 Jan 2026 08:20:37 +0000
ROA not before:           Fri 02 Jan 2026 08:20:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     153564
IP address blocks:        151.242.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:5a:47:6b:32:ff:fd:62:73:12:7f:36:d1:c0:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jan  2 08:20:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95711006be67eaf96da1a34b9e4e7707339008a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:be:37:40:7d:8c:18:a8:1e:a0:dc:ee:92:38:
                    28:15:a8:fc:31:2c:a6:e5:25:16:3d:08:67:2e:0a:
                    7b:0f:fe:d2:f2:ef:a8:68:b9:60:5b:e3:1f:5f:bb:
                    08:0e:24:27:b9:27:20:ac:ba:c7:d9:26:3b:b0:bd:
                    6f:bb:a0:f0:3a:1b:e2:f7:b9:7f:a6:94:d3:8b:73:
                    fe:26:ec:90:30:c8:6c:2a:31:a3:09:ca:b4:b7:e5:
                    a7:9b:a9:5d:e8:a8:c4:67:9d:54:e2:d4:86:b0:f8:
                    30:b0:f0:09:33:94:4e:a9:c9:8e:a5:02:e9:61:51:
                    f9:39:68:9f:ba:f6:25:c5:21:06:d6:85:ed:5b:83:
                    9a:36:96:59:b5:0b:cd:85:b2:81:50:d1:02:50:d0:
                    89:75:61:97:02:05:be:0b:21:bb:f4:58:cc:a4:f9:
                    62:26:ff:7f:e6:fe:46:af:c6:64:5f:35:e1:a7:16:
                    57:c6:42:b6:a8:a9:f1:b8:28:1c:0f:3e:f2:e9:d9:
                    0f:ff:61:13:48:dc:47:81:87:41:89:d0:f3:e8:c3:
                    35:bd:95:91:ff:f0:ce:85:a6:92:2c:02:d9:03:21:
                    c5:2e:5a:ab:84:2f:ab:4e:03:76:9a:bd:98:4e:b3:
                    33:4e:5d:6d:38:6d:bf:2f:6a:3d:f3:cb:f6:c5:00:
                    e0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:71:10:06:BE:67:EA:F9:6D:A1:A3:4B:9E:4E:77:07:33:90:08:A2
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/lXEQBr5n6vltoaNLnk53BzOQCKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.242.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:e6:79:ef:3c:87:50:92:29:cf:fd:09:75:2f:66:0a:ca:76:
         41:26:fd:c5:20:da:a6:93:f4:c1:aa:84:c6:72:e6:bf:12:6f:
         08:18:f5:b4:f7:14:7e:6e:e7:1c:2b:8e:38:51:dd:39:25:5d:
         2d:bd:5f:15:8a:56:25:21:21:90:68:d2:36:69:d4:ea:23:9c:
         88:e3:f4:ee:fb:11:5a:81:27:be:99:05:81:4b:9a:a0:4e:71:
         30:96:f2:57:e0:d9:a9:9a:d9:d0:7a:a3:0e:cb:49:f2:63:f2:
         31:1c:0c:a7:29:cf:c1:d3:20:b8:58:fb:7e:ce:f7:07:fe:2e:
         d8:2d:06:ff:0f:60:1b:f4:bc:8e:28:64:cb:19:22:6a:50:01:
         3a:67:a1:de:73:8d:d5:48:c3:f1:b9:c8:5d:65:b9:76:a3:81:
         f8:0d:42:e5:12:55:7a:da:8b:7e:b8:01:c9:43:2d:b8:ea:75:
         64:c2:ca:67:80:2e:c7:e1:f0:c0:12:b9:3d:83:33:b4:13:b7:
         d0:c4:d1:a2:9f:05:88:0f:b4:86:6c:67:df:41:58:9b:04:57:
         93:5b:8c:4d:af:d8:97:5e:1b:79:a1:84:cd:2e:02:c7:cf:63:
         27:3c:67:fc:ed:87:78:ce:f1:59:c7:1b:5f:9c:bd:44:40:30:
         4e:c8:e8:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y1pHazL//WJzEn820cCkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjYwMTAyMDgyMDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTcxMTAwNmJlNjdlYWY5NmRhMWEzNGI5ZTRlNzcwNzMzOTAwOGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv743QH2MGKgeoNzukjgoFaj8MSym
5SUWPQhnLgp7D/7S8u+oaLlgW+MfX7sIDiQnuScgrLrH2SY7sL1vu6DwOhvi97l/
ppTTi3P+JuyQMMhsKjGjCcq0t+Wnm6ld6KjEZ51U4tSGsPgwsPAJM5ROqcmOpQLp
YVH5OWifuvYlxSEG1oXtW4OaNpZZtQvNhbKBUNECUNCJdWGXAgW+CyG79FjMpPli
Jv9/5v5Gr8ZkXzXhpxZXxkK2qKnxuCgcDz7y6dkP/2ETSNxHgYdBidDz6MM1vZWR
//DOhaaSLALZAyHFLlqrhC+rTgN2mr2YTrMzTl1tOG2/L2o988v2xQDglQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJVxEAa+Z+r5baGjS55OdwczkAiiMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvbFhFUUJyNW42dmx0b2FOTG5rNTNCek9RQ0tJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/IlMA0G
CSqGSIb3DQEBCwUAA4IBAQBW5nnvPIdQkinP/Ql1L2YKynZBJv3FINqmk/TBqoTG
cua/Em8IGPW09xR+buccK444Ud05JV0tvV8VilYlISGQaNI2adTqI5yI4/Tu+xFa
gSe+mQWBS5qgTnEwlvJX4NmpmtnQeqMOy0nyY/IxHAynKc/B0yC4WPt+zvcH/i7Y
LQb/D2Ab9LyOKGTLGSJqUAE6Z6Hec43VSMPxuchdZbl2o4H4DULlElV62ot+uAHJ
Qy246nVkwspngC7H4fDAErk9gzO0E7fQxNGinwWID7SGbGffQVibBFeTW4xNr9iX
Xht5oYTNLgLHz2MnPGf87Yd4zvFZxxtfnL1EQDBOyOij
-----END CERTIFICATE-----