This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/lePQo6wZD_Sk6G9yXvisbl2Tsao.roa
File:                     lePQo6wZD_Sk6G9yXvisbl2Tsao.roa (raw, json)
Hash identifier:          4hQP72BMPYOrYdBAheaaMbRjYFT184+eQqEoi9pvU4Y=
Subject key identifier:   95:E3:D0:A3:AC:19:0F:F4:A4:E8:6F:72:5E:F8:AC:6E:5D:93:B1:AA
Certificate issuer:       /CN=405d645741215677b7748d1fdefd416207adb12d
Certificate serial:       019B7A5B0BDE9540F74EFA2F0500421EDA9B
Authority key identifier: 40:5D:64:57:41:21:56:77:B7:74:8D:1F:DE:FD:41:62:07:AD:B1:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QF1kV0EhVne3dI0f3v1BYgetsS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/lePQo6wZD_Sk6G9yXvisbl2Tsao.roa
Signing time:             Thu 01 Jan 2026 16:19:05 +0000
ROA not before:           Thu 01 Jan 2026 16:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15576
IP address blocks:        193.8.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/QF1kV0EhVne3dI0f3v1BYgetsS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/QF1kV0EhVne3dI0f3v1BYgetsS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QF1kV0EhVne3dI0f3v1BYgetsS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:0b:de:95:40:f7:4e:fa:2f:05:00:42:1e:da:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=405d645741215677b7748d1fdefd416207adb12d
        Validity
            Not Before: Jan  1 16:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95e3d0a3ac190ff4a4e86f725ef8ac6e5d93b1aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:20:53:b9:f2:94:98:3e:30:42:7a:26:f5:a7:
                    a5:63:d4:f1:7f:50:b0:1b:83:a7:30:2e:86:6d:0f:
                    24:ac:ac:59:61:9f:53:08:4a:aa:26:77:c0:07:37:
                    31:62:f1:c4:0e:a7:58:a7:99:4e:23:6a:d9:ca:73:
                    ba:7f:1e:26:3e:dc:75:59:cd:35:31:c9:46:95:b8:
                    c0:2c:6c:ab:52:a5:cf:47:94:5c:04:8e:40:fd:d0:
                    28:55:81:fb:99:e9:58:c2:83:f4:93:d3:5f:d2:51:
                    45:40:05:f0:ef:38:63:9d:84:41:92:58:37:d4:bd:
                    d7:2e:fc:31:a7:52:32:18:b1:18:fe:60:e9:61:2f:
                    94:fa:52:c5:4f:70:a7:65:48:8a:df:50:ea:f7:d6:
                    f3:1a:d3:b3:f8:b3:8c:48:c8:dc:4c:ef:5d:6e:1d:
                    b2:7e:93:25:56:ca:2d:e5:74:23:b8:af:03:bc:a2:
                    38:82:6f:c1:49:85:24:b1:fc:12:bb:a4:b6:3c:25:
                    7f:10:c6:ac:b9:c7:ae:20:09:01:a1:e8:53:28:c9:
                    84:42:34:e1:1a:e2:76:f0:f1:aa:c1:db:5d:9a:c4:
                    ac:49:64:26:f6:fb:b7:17:39:37:47:85:76:6c:fb:
                    a5:26:cb:5e:df:c3:e6:a2:de:9b:c5:a1:67:63:a3:
                    bd:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:E3:D0:A3:AC:19:0F:F4:A4:E8:6F:72:5E:F8:AC:6E:5D:93:B1:AA
            X509v3 Authority Key Identifier:
                keyid:40:5D:64:57:41:21:56:77:B7:74:8D:1F:DE:FD:41:62:07:AD:B1:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QF1kV0EhVne3dI0f3v1BYgetsS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/lePQo6wZD_Sk6G9yXvisbl2Tsao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/96/43d830-9811-4599-8349-440dd012b141/1/QF1kV0EhVne3dI0f3v1BYgetsS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:75:a1:eb:e1:e5:15:40:50:28:76:da:60:9e:e8:c4:a7:2a:
         74:3e:f6:7e:8a:53:e7:9a:f5:25:1b:e9:0e:49:ee:b4:46:af:
         30:95:f8:29:37:e6:37:ea:69:af:bc:95:22:b7:32:19:a8:ad:
         68:6a:dd:36:20:e2:d4:f9:cd:a4:b2:0c:b9:5e:9b:86:ff:fc:
         aa:0f:3c:37:6e:1f:17:7b:9c:bf:48:b3:5e:64:b9:0a:70:96:
         15:b8:e0:ae:cb:3a:62:f8:8e:13:b2:46:d2:ff:17:22:13:86:
         a9:2f:36:dd:5e:0f:26:93:b7:3e:a6:bb:26:07:a4:9a:35:c5:
         79:67:18:da:68:7d:39:8e:29:6d:d6:9f:cc:62:90:f4:26:0c:
         5e:26:56:3c:b6:3b:80:df:49:cb:b0:ac:4d:2a:5e:57:ac:29:
         3e:43:9f:49:50:89:75:94:cf:00:4e:62:e6:e2:e5:9a:14:29:
         40:2c:5b:a7:cb:b7:68:36:0b:ad:99:96:93:cf:1e:e8:fc:e1:
         08:61:68:99:38:74:5d:91:09:f3:77:b8:72:b6:2d:91:2e:42:
         cd:fe:cc:40:dc:af:51:e1:08:ac:d1:68:f1:a5:36:e3:fd:d4:
         63:72:87:56:f6:ae:55:7e:2f:fa:04:e2:fe:d2:45:87:ce:09:
         28:a8:c5:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WwvelUD3TvovBQBCHtqbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNWQ2NDU3NDEyMTU2NzdiNzc0OGQxZmRlZmQ0MTYyMDdh
ZGIxMmQwHhcNMjYwMTAxMTYxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWUzZDBhM2FjMTkwZmY0YTRlODZmNzI1ZWY4YWM2ZTVkOTNiMWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSBTufKUmD4wQnom9aelY9Txf1Cw
G4OnMC6GbQ8krKxZYZ9TCEqqJnfABzcxYvHEDqdYp5lOI2rZynO6fx4mPtx1Wc01
MclGlbjALGyrUqXPR5RcBI5A/dAoVYH7melYwoP0k9Nf0lFFQAXw7zhjnYRBklg3
1L3XLvwxp1IyGLEY/mDpYS+U+lLFT3CnZUiK31Dq99bzGtOz+LOMSMjcTO9dbh2y
fpMlVsot5XQjuK8DvKI4gm/BSYUksfwSu6S2PCV/EMasuceuIAkBoehTKMmEQjTh
GuJ28PGqwdtdmsSsSWQm9vu3Fzk3R4V2bPulJste38Pmot6bxaFnY6O96wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXj0KOsGQ/0pOhvcl74rG5dk7GqMB8GA1UdIwQY
MBaAFEBdZFdBIVZ3t3SNH979QWIHrbEtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUYxa1YwRWhWbmUzZEkwZjN2MUJZZ2V0c1MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ni80M2Q4MzAtOTgxMS00NTk5LTgzNDkt
NDQwZGQwMTJiMTQxLzEvbGVQUW82d1pEX1NrNkc5eVh2aXNibDJUc2FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ni80M2Q4MzAtOTgxMS00NTk5LTgzNDktNDQwZGQwMTJiMTQx
LzEvUUYxa1YwRWhWbmUzZEkwZjN2MUJZZ2V0c1MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhNMA0G
CSqGSIb3DQEBCwUAA4IBAQBUdaHr4eUVQFAodtpgnujEpyp0PvZ+ilPnmvUlG+kO
Se60Rq8wlfgpN+Y36mmvvJUitzIZqK1oat02IOLU+c2ksgy5XpuG//yqDzw3bh8X
e5y/SLNeZLkKcJYVuOCuyzpi+I4TskbS/xciE4apLzbdXg8mk7c+prsmB6SaNcV5
ZxjaaH05jilt1p/MYpD0JgxeJlY8tjuA30nLsKxNKl5XrCk+Q59JUIl1lM8ATmLm
4uWaFClALFuny7doNgutmZaTzx7o/OEIYWiZOHRdkQnzd7hyti2RLkLN/sxA3K9R
4Qis0WjxpTbj/dRjcodW9q5Vfi/6BOL+0kWHzgkoqMUo
-----END CERTIFICATE-----