This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/_lamG1HEM7mb6bmsKbHc8nn-fqc.roa
File:                     _lamG1HEM7mb6bmsKbHc8nn-fqc.roa (raw, json)
Hash identifier:          ROvWpEyglQp+R05KL7+1XLdi25nHMs/xhuTfvf2zT2Q=
Subject key identifier:   FE:56:A6:1B:51:C4:33:B9:9B:E9:B9:AC:29:B1:DC:F2:79:FE:7E:A7
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019AB69FB3FA91C9DCDFBDFC1AB8D6632B65
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/_lamG1HEM7mb6bmsKbHc8nn-fqc.roa
Signing time:             Mon 24 Nov 2025 16:08:30 +0000
ROA not before:           Mon 24 Nov 2025 16:08:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213494
IP address blocks:        45.95.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Dec 2025 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b6:9f:b3:fa:91:c9:dc:df:bd:fc:1a:b8:d6:63:2b:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Nov 24 16:08:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fe56a61b51c433b99be9b9ac29b1dcf279fe7ea7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:66:18:ba:f0:a3:8b:cc:73:7d:23:69:4d:3e:
                    7e:a9:d2:21:e4:5d:d5:ba:e3:ab:73:6e:d5:57:0f:
                    af:70:82:31:f8:da:b0:d8:b0:cc:d6:44:d3:ec:08:
                    8b:62:aa:6c:97:08:cc:71:0f:9a:27:2e:f9:31:3d:
                    cc:d8:89:cc:5a:6e:3f:10:f3:db:5a:b7:8e:c0:e0:
                    1f:a4:f0:fa:06:45:bf:6f:79:cb:ba:61:c6:b3:47:
                    9f:ac:56:94:d5:36:ee:13:e1:3a:b6:d4:6e:50:4a:
                    d7:cb:04:16:ee:ca:97:07:b9:fb:bc:c0:e2:6e:51:
                    8c:b9:99:1f:e3:12:0c:26:3d:24:b2:ae:24:e4:6c:
                    15:e3:8a:df:1c:00:f4:36:cb:80:1b:6a:72:68:d7:
                    15:8a:6a:31:e2:83:3b:13:2f:4a:b2:44:38:e4:9e:
                    88:47:c5:a3:a1:f8:95:54:a6:c9:82:32:99:7a:07:
                    f0:a6:b0:c9:ef:3e:14:ad:32:2e:16:4c:37:6a:47:
                    92:72:d5:4a:0a:dc:cb:a5:74:90:86:0f:0b:25:1c:
                    0f:23:38:b6:73:9a:c0:e4:ca:0d:5f:34:35:54:d2:
                    65:d6:22:89:de:78:53:c6:e3:f9:d8:4b:3e:2a:34:
                    1f:70:c8:5a:40:a8:68:bf:e4:2a:60:2c:5c:88:7a:
                    04:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:56:A6:1B:51:C4:33:B9:9B:E9:B9:AC:29:B1:DC:F2:79:FE:7E:A7
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/_lamG1HEM7mb6bmsKbHc8nn-fqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:0c:3d:8c:82:23:4d:b7:f4:9c:8b:e2:70:ac:c7:59:a5:91:
         88:04:7b:2a:06:e8:b2:1b:6a:a5:5b:ca:d5:cd:f7:16:5d:50:
         cd:71:94:40:29:31:a6:8e:58:89:72:f9:e1:e3:5e:44:85:47:
         11:97:d7:eb:a0:a5:b7:2e:18:26:73:89:90:8b:40:4d:86:2e:
         be:e9:89:9f:f6:63:b0:90:f7:0a:c0:22:c5:f1:37:85:20:4a:
         4c:02:d0:c8:89:ec:f9:65:60:d5:a6:b0:04:fc:2f:bd:92:1d:
         85:f6:ff:b5:f7:cd:d6:6b:38:a1:18:80:e2:c6:15:99:5d:35:
         d0:6e:e3:31:0a:31:1e:f5:1f:ec:cb:f3:e3:4c:12:49:e3:bc:
         38:58:2d:7d:a9:7a:e4:b8:b0:9f:b3:8c:49:9c:24:be:97:f3:
         6c:1e:19:10:6c:e6:5f:f4:cb:19:b4:61:81:43:29:02:13:c5:
         4c:0b:db:f6:22:38:51:9b:a3:58:16:b0:6f:d7:f4:ba:a3:d0:
         26:d3:ac:b0:66:af:e4:9d:9c:a8:07:57:e8:d7:fc:87:07:1c:
         78:8c:6a:cb:87:2d:e5:6f:70:e7:c9:cb:cb:35:77:16:8e:b3:
         ea:59:41:c9:73:09:ca:5e:3f:19:1f:09:04:fa:7e:7d:78:0b:
         56:8c:59:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq2n7P6kcnc3738GrjWYytlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjUxMTI0MTYwODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTU2YTYxYjUxYzQzM2I5OWJlOWI5YWMyOWIxZGNmMjc5ZmU3ZWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWYYuvCji8xzfSNpTT5+qdIh5F3V
uuOrc27VVw+vcIIx+Nqw2LDM1kTT7AiLYqpslwjMcQ+aJy75MT3M2InMWm4/EPPb
WreOwOAfpPD6BkW/b3nLumHGs0efrFaU1TbuE+E6ttRuUErXywQW7sqXB7n7vMDi
blGMuZkf4xIMJj0ksq4k5GwV44rfHAD0NsuAG2pyaNcVimox4oM7Ey9KskQ45J6I
R8WjofiVVKbJgjKZegfwprDJ7z4UrTIuFkw3akeSctVKCtzLpXSQhg8LJRwPIzi2
c5rA5MoNXzQ1VNJl1iKJ3nhTxuP52Es+KjQfcMhaQKhov+QqYCxciHoElQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5WphtRxDO5m+m5rCmx3PJ5/n6nMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvX2xhbUcxSEVNN21iNmJtc0tiSGM4bm4tZnFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV+9MA0G
CSqGSIb3DQEBCwUAA4IBAQBxDD2MgiNNt/Sci+JwrMdZpZGIBHsqBuiyG2qlW8rV
zfcWXVDNcZRAKTGmjliJcvnh415EhUcRl9froKW3Lhgmc4mQi0BNhi6+6Ymf9mOw
kPcKwCLF8TeFIEpMAtDIiez5ZWDVprAE/C+9kh2F9v+1983WazihGIDixhWZXTXQ
buMxCjEe9R/sy/PjTBJJ47w4WC19qXrkuLCfs4xJnCS+l/NsHhkQbOZf9MsZtGGB
QykCE8VMC9v2IjhRm6NYFrBv1/S6o9Am06ywZq/knZyoB1fo1/yHBxx4jGrLhy3l
b3DnycvLNXcWjrPqWUHJcwnKXj8ZHwkE+n59eAtWjFnP
-----END CERTIFICATE-----