This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/ltCY0LbA7g04AeojWAPe920Jtrs.roa
File:                     ltCY0LbA7g04AeojWAPe920Jtrs.roa (raw, json)
Hash identifier:          j5WamdPrlkidU1jh7KsMKpw2rhoydKcyJk2/fHehOzA=
Subject key identifier:   96:D0:98:D0:B6:C0:EE:0D:38:01:EA:23:58:03:DE:F7:6D:09:B6:BB
Certificate issuer:       /CN=7e02a961b0375d72191bd970815d6b15f427d073
Certificate serial:       019B77590DF4B720C46FF58F5B05EB33EEA0
Authority key identifier: 7E:02:A9:61:B0:37:5D:72:19:1B:D9:70:81:5D:6B:15:F4:27:D0:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fgKpYbA3XXIZG9lwgV1rFfQn0HM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/ltCY0LbA7g04AeojWAPe920Jtrs.roa
Signing time:             Thu 01 Jan 2026 02:18:03 +0000
ROA not before:           Thu 01 Jan 2026 02:18:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204299
IP address blocks:        185.254.20.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/fgKpYbA3XXIZG9lwgV1rFfQn0HM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/fgKpYbA3XXIZG9lwgV1rFfQn0HM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fgKpYbA3XXIZG9lwgV1rFfQn0HM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 23:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:0d:f4:b7:20:c4:6f:f5:8f:5b:05:eb:33:ee:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e02a961b0375d72191bd970815d6b15f427d073
        Validity
            Not Before: Jan  1 02:18:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=96d098d0b6c0ee0d3801ea235803def76d09b6bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3f:4d:75:9b:39:71:29:cc:e9:65:2d:9a:86:
                    17:95:9a:51:2d:df:b9:a6:70:70:82:11:e5:08:e8:
                    6b:52:8d:3c:5b:eb:08:4b:5b:4f:63:c6:be:f9:0d:
                    05:f1:5f:bc:fd:41:b2:42:2f:96:4c:80:77:de:29:
                    77:8a:8d:c3:47:8a:66:59:aa:c2:9e:58:05:f1:76:
                    c5:ce:88:03:c1:c3:b3:99:d8:f3:35:91:a0:85:89:
                    47:65:17:83:27:7c:88:60:79:a3:e8:74:3f:1d:46:
                    09:a3:83:53:17:22:9c:42:3b:35:05:53:8b:3f:f6:
                    7c:29:b5:a6:0a:0b:b7:42:0c:41:33:0d:de:ab:1d:
                    dc:7d:eb:53:e5:20:cc:e8:65:66:61:bb:ff:0b:28:
                    09:9c:a8:b0:bd:92:3b:de:d4:77:4f:5a:16:45:4b:
                    f7:af:82:ed:fd:10:69:72:82:35:95:bb:e0:24:dc:
                    d3:f1:db:55:ec:9f:0d:34:4d:83:cf:d5:59:20:b7:
                    0a:58:60:05:87:2e:4e:aa:22:06:37:51:5c:e2:7d:
                    e1:95:97:36:d0:0a:bb:35:84:37:b2:75:d0:95:cb:
                    5b:36:14:71:ed:0f:8b:ac:72:18:37:09:b3:b9:86:
                    71:8f:e5:08:20:78:7f:d1:a4:d5:ff:c9:25:20:d0:
                    8b:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:D0:98:D0:B6:C0:EE:0D:38:01:EA:23:58:03:DE:F7:6D:09:B6:BB
            X509v3 Authority Key Identifier:
                keyid:7E:02:A9:61:B0:37:5D:72:19:1B:D9:70:81:5D:6B:15:F4:27:D0:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fgKpYbA3XXIZG9lwgV1rFfQn0HM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/ltCY0LbA7g04AeojWAPe920Jtrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/3e6842-7229-4212-b2d4-cc47c1de01bd/1/fgKpYbA3XXIZG9lwgV1rFfQn0HM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:d8:ef:dd:84:79:a3:df:7a:aa:40:6b:5b:72:69:e7:56:25:
         9e:cb:37:be:86:98:98:11:bd:dc:cd:83:db:7b:75:18:45:20:
         6a:45:fd:12:c4:39:43:0d:94:32:a9:7d:8e:36:57:fd:49:95:
         81:31:a1:6a:74:f9:24:a6:12:90:14:81:4e:51:40:46:0a:88:
         3f:e1:f2:6e:51:90:a9:15:a0:30:ef:cb:7c:00:56:87:9e:a2:
         69:4e:a3:65:7c:74:19:4b:e4:28:4a:6c:af:19:84:d4:d8:f8:
         48:6a:1f:41:60:c2:62:8b:86:e8:5d:d2:93:ef:8b:31:90:e5:
         a7:b9:0b:85:24:4d:c0:a3:57:21:3d:c0:cf:b9:4a:10:28:7c:
         d1:07:e6:ec:64:1e:4b:05:df:ae:94:a0:0e:48:e3:47:2e:6c:
         98:70:2c:b8:59:d5:12:8c:fe:3b:77:cf:58:79:72:86:d7:2a:
         f0:06:bd:09:af:23:61:4e:38:49:42:13:2a:23:75:ac:ee:30:
         5c:07:c1:99:2b:27:93:00:2c:48:68:81:5c:db:b4:e1:7c:fe:
         78:5f:e4:1d:89:5f:9c:e7:89:80:ae:92:7f:17:ed:ee:8b:f6:
         be:a2:11:b8:1d:95:33:ef:01:b4:ad:8e:aa:04:9c:dd:0d:ba:
         a6:e7:9c:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQ30tyDEb/WPWwXrM+6gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMDJhOTYxYjAzNzVkNzIxOTFiZDk3MDgxNWQ2YjE1ZjQy
N2QwNzMwHhcNMjYwMTAxMDIxODAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmQwOThkMGI2YzBlZTBkMzgwMWVhMjM1ODAzZGVmNzZkMDliNmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5D9NdZs5cSnM6WUtmoYXlZpRLd+5
pnBwghHlCOhrUo08W+sIS1tPY8a++Q0F8V+8/UGyQi+WTIB33il3io3DR4pmWarC
nlgF8XbFzogDwcOzmdjzNZGghYlHZReDJ3yIYHmj6HQ/HUYJo4NTFyKcQjs1BVOL
P/Z8KbWmCgu3QgxBMw3eqx3cfetT5SDM6GVmYbv/CygJnKiwvZI73tR3T1oWRUv3
r4Lt/RBpcoI1lbvgJNzT8dtV7J8NNE2Dz9VZILcKWGAFhy5OqiIGN1Fc4n3hlZc2
0Aq7NYQ3snXQlctbNhRx7Q+LrHIYNwmzuYZxj+UIIHh/0aTV/8klINCLLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbQmNC2wO4NOAHqI1gD3vdtCba7MB8GA1UdIwQY
MBaAFH4CqWGwN11yGRvZcIFdaxX0J9BzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmdLcFliQTNYWElaRzlsd2dWMXJGZlFuMEhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8zZTY4NDItNzIyOS00MjEyLWIyZDQt
Y2M0N2MxZGUwMWJkLzEvbHRDWTBMYkE3ZzA0QWVvaldBUGU5MjBKdHJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS8zZTY4NDItNzIyOS00MjEyLWIyZDQtY2M0N2MxZGUwMWJk
LzEvZmdLcFliQTNYWElaRzlsd2dWMXJGZlFuMEhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuf4UMA0G
CSqGSIb3DQEBCwUAA4IBAQBK2O/dhHmj33qqQGtbcmnnViWeyze+hpiYEb3czYPb
e3UYRSBqRf0SxDlDDZQyqX2ONlf9SZWBMaFqdPkkphKQFIFOUUBGCog/4fJuUZCp
FaAw78t8AFaHnqJpTqNlfHQZS+QoSmyvGYTU2PhIah9BYMJii4boXdKT74sxkOWn
uQuFJE3Ao1chPcDPuUoQKHzRB+bsZB5LBd+ulKAOSONHLmyYcCy4WdUSjP47d89Y
eXKG1yrwBr0JryNhTjhJQhMqI3Ws7jBcB8GZKyeTACxIaIFc27ThfP54X+QdiV+c
54mArpJ/F+3ui/a+ohG4HZUz7wG0rY6qBJzdDbqm55x/
-----END CERTIFICATE-----