This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/leGB8m29RWjK_iumLxdAPO-LbVQ.roa
File:                     leGB8m29RWjK_iumLxdAPO-LbVQ.roa (raw, json)
Hash identifier:          re/2P2K5TSI3Dvi9H7hljx/2KFrMsGS/uaXIMLDOibU=
Subject key identifier:   95:E1:81:F2:6D:BD:45:68:CA:FE:2B:A6:2F:17:40:3C:EF:8B:6D:54
Certificate issuer:       /CN=bd19d4535c7e62b921e859e6557b821f278e716a
Certificate serial:       019B7EA535177BB882A9305AAEC848E95D3A
Authority key identifier: BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/leGB8m29RWjK_iumLxdAPO-LbVQ.roa
Signing time:             Fri 02 Jan 2026 12:18:34 +0000
ROA not before:           Fri 02 Jan 2026 12:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7018
IP address blocks:        45.134.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:35:17:7b:b8:82:a9:30:5a:ae:c8:48:e9:5d:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd19d4535c7e62b921e859e6557b821f278e716a
        Validity
            Not Before: Jan  2 12:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95e181f26dbd4568cafe2ba62f17403cef8b6d54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:2a:c9:c4:20:4b:4e:9c:f5:02:f0:de:9f:b2:
                    fd:89:2a:56:db:38:aa:f1:b1:ad:2d:e6:f1:86:60:
                    55:5d:11:35:99:83:e7:82:56:63:94:7d:36:e8:ed:
                    6b:03:3f:97:96:ab:3f:7d:d5:2e:27:a8:41:6e:e5:
                    f8:e3:de:c1:2a:f3:43:b9:f2:9b:2e:a0:fa:fb:1c:
                    7f:d0:18:26:ef:25:0a:fb:23:6c:ac:82:b3:31:a9:
                    6d:f3:05:e1:be:36:b2:ea:a1:f8:2e:cc:af:8b:a5:
                    b6:fa:f3:eb:84:b8:d7:43:9c:6d:fc:01:e1:2d:0c:
                    1c:5d:71:72:2b:77:04:cb:da:c9:df:b4:45:d0:44:
                    7c:8f:a1:9e:ed:44:f0:65:c9:18:4b:bc:4c:8e:06:
                    41:ce:5b:19:32:50:83:07:69:10:64:07:35:7e:78:
                    68:9f:10:4a:67:a6:58:de:7e:f7:85:73:f4:93:0c:
                    43:dd:40:db:eb:b2:86:eb:6e:71:98:91:bf:ef:d9:
                    4c:26:9e:41:bd:64:98:8e:69:82:13:4a:c2:63:02:
                    67:05:07:54:aa:36:15:cd:8e:d7:d3:d0:f6:97:72:
                    1b:b5:b8:81:6d:4e:3b:c3:a8:bd:d0:80:b5:bf:17:
                    4f:e7:5e:24:a6:ea:25:9b:2b:c7:01:cf:51:ee:94:
                    65:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:E1:81:F2:6D:BD:45:68:CA:FE:2B:A6:2F:17:40:3C:EF:8B:6D:54
            X509v3 Authority Key Identifier:
                keyid:BD:19:D4:53:5C:7E:62:B9:21:E8:59:E6:55:7B:82:1F:27:8E:71:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/leGB8m29RWjK_iumLxdAPO-LbVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/2599f9-6f76-4db6-bca7-c1331f49fc09/1/vRnUU1x-Yrkh6FnmVXuCHyeOcWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:bf:86:58:3c:f0:b2:96:cc:0f:54:24:ce:cc:07:26:a1:25:
         3e:9b:42:7d:7d:b6:c4:04:20:6e:ed:b4:b7:9a:6d:7b:7f:d9:
         91:46:cd:81:04:cc:b8:be:47:56:ab:70:41:09:9e:ae:4e:0c:
         c0:95:c4:c6:1a:16:70:9c:7d:d0:09:80:96:88:55:12:f5:74:
         c4:22:65:b4:de:2a:32:56:94:cf:56:59:95:46:6f:24:d1:e2:
         e6:dc:68:ec:1b:0a:3e:d5:6c:e4:37:f6:8b:eb:33:71:da:26:
         1b:b2:95:47:59:16:68:f4:9f:75:a5:47:38:c8:e9:b3:1a:97:
         04:7f:a1:27:0b:d6:d2:95:1f:44:92:d8:23:92:1a:0b:59:e1:
         d4:d8:75:32:1f:f7:a8:a8:03:13:ee:96:ef:3a:77:a2:8f:e1:
         4a:ad:3a:19:0e:3f:ee:c2:6a:f9:3e:b3:fb:9b:d0:76:78:83:
         14:1e:89:bc:14:79:bd:43:7f:eb:3a:60:e9:45:06:d7:4d:42:
         9b:fc:f2:df:fd:0a:ae:ee:85:03:17:5e:e3:1a:7f:53:1c:6d:
         c9:b9:f9:4b:78:6f:5d:71:01:04:91:3a:5f:8a:3f:66:33:27:
         7b:37:32:99:c2:3a:0a:18:35:6f:51:84:a3:b0:14:e3:28:4d:
         72:a3:cc:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pTUXe7iCqTBarshI6V06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTlkNDUzNWM3ZTYyYjkyMWU4NTllNjU1N2I4MjFmMjc4
ZTcxNmEwHhcNMjYwMTAyMTIxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWUxODFmMjZkYmQ0NTY4Y2FmZTJiYTYyZjE3NDAzY2VmOGI2ZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5yrJxCBLTpz1AvDen7L9iSpW2ziq
8bGtLebxhmBVXRE1mYPnglZjlH026O1rAz+Xlqs/fdUuJ6hBbuX4497BKvNDufKb
LqD6+xx/0Bgm7yUK+yNsrIKzMalt8wXhvjay6qH4Lsyvi6W2+vPrhLjXQ5xt/AHh
LQwcXXFyK3cEy9rJ37RF0ER8j6Ge7UTwZckYS7xMjgZBzlsZMlCDB2kQZAc1fnho
nxBKZ6ZY3n73hXP0kwxD3UDb67KG625xmJG/79lMJp5BvWSYjmmCE0rCYwJnBQdU
qjYVzY7X09D2l3IbtbiBbU47w6i90IC1vxdP514kpuolmyvHAc9R7pRlxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXhgfJtvUVoyv4rpi8XQDzvi21UMB8GA1UdIwQY
MBaAFL0Z1FNcfmK5IehZ5lV7gh8njnFqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTct
YzEzMzFmNDlmYzA5LzEvbGVHQjhtMjlSV2pLX2l1bUx4ZEFQTy1MYlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy8yNTk5ZjktNmY3Ni00ZGI2LWJjYTctYzEzMzFmNDlmYzA5
LzEvdlJuVVUxeC1ZcmtoNkZubVZYdUNIeWVPY1dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYYIMA0G
CSqGSIb3DQEBCwUAA4IBAQBSv4ZYPPCylswPVCTOzAcmoSU+m0J9fbbEBCBu7bS3
mm17f9mRRs2BBMy4vkdWq3BBCZ6uTgzAlcTGGhZwnH3QCYCWiFUS9XTEImW03ioy
VpTPVlmVRm8k0eLm3GjsGwo+1WzkN/aL6zNx2iYbspVHWRZo9J91pUc4yOmzGpcE
f6EnC9bSlR9EktgjkhoLWeHU2HUyH/eoqAMT7pbvOneij+FKrToZDj/uwmr5PrP7
m9B2eIMUHom8FHm9Q3/rOmDpRQbXTUKb/PLf/Qqu7oUDF17jGn9THG3JuflLeG9d
cQEEkTpfij9mMyd7NzKZwjoKGDVvUYSjsBTjKE1yo8x2
-----END CERTIFICATE-----