This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/Lkpu54v6ux0vfrMmr2dvF4EUmIY.roa
File:                     Lkpu54v6ux0vfrMmr2dvF4EUmIY.roa (raw, json)
Hash identifier:          2lIxKAyj2wAnIHlH+oCwYSCBBNm4zlmBFuipn6Ti/Cc=
Subject key identifier:   2E:4A:6E:E7:8B:FA:BB:1D:2F:7E:B3:26:AF:67:6F:17:81:14:98:86
Certificate issuer:       /CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
Certificate serial:       019B7F822C9FCB7F8974D49D9F8E6392DB89
Authority key identifier: AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/Lkpu54v6ux0vfrMmr2dvF4EUmIY.roa
Signing time:             Fri 02 Jan 2026 16:19:56 +0000
ROA not before:           Fri 02 Jan 2026 16:19:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42831
IP address blocks:        45.13.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:2c:9f:cb:7f:89:74:d4:9d:9f:8e:63:92:db:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
        Validity
            Not Before: Jan  2 16:19:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e4a6ee78bfabb1d2f7eb326af676f1781149886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:69:9b:fe:e3:f1:c9:e9:08:a4:86:85:b6:cb:
                    f6:84:b8:e0:6e:2a:28:41:db:1f:82:3d:14:2b:d5:
                    8a:65:e7:80:af:cc:97:10:7e:a4:1e:b2:0d:0c:dd:
                    4d:14:10:00:e3:59:97:ff:4a:12:1e:ac:9b:fb:6e:
                    84:90:ed:8e:2c:88:6b:1d:6d:83:de:7e:fd:2e:fc:
                    f8:14:0a:c3:04:b9:31:6f:03:19:e3:76:41:a6:b6:
                    25:4a:1c:d1:b7:45:5c:ec:0e:44:16:21:6e:2e:94:
                    1d:f7:dc:2b:e1:cf:2d:eb:19:65:f9:45:be:8c:3e:
                    be:02:3d:32:c5:a8:38:4a:19:de:b6:83:ca:94:d3:
                    0c:14:f6:fc:78:a7:32:04:83:41:06:ab:a7:33:f7:
                    71:c3:39:a9:f7:7a:be:76:35:f1:24:8d:71:dc:02:
                    37:d3:ca:75:0e:b3:40:61:2c:7a:ac:71:ba:1e:50:
                    58:88:b9:dd:8d:b2:c7:cc:41:80:5f:83:dc:c9:4f:
                    d8:08:78:2a:f7:4b:4d:1a:5d:65:08:f3:11:57:05:
                    6a:f7:78:b2:45:0c:70:36:a8:45:a8:68:29:f9:e1:
                    9b:7a:ed:03:cb:c8:97:d3:0b:70:91:b5:27:07:c4:
                    fa:28:a0:48:cf:ba:4a:4e:26:b5:a8:fb:17:b7:4d:
                    fc:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:4A:6E:E7:8B:FA:BB:1D:2F:7E:B3:26:AF:67:6F:17:81:14:98:86
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/Lkpu54v6ux0vfrMmr2dvF4EUmIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:78:bb:3f:55:3b:ba:ef:a1:e4:88:e1:5a:84:4c:c0:1a:4c:
         c2:e7:ef:9b:7d:9a:e9:ed:0f:1c:1f:df:44:d9:59:16:63:75:
         e8:7b:3a:f5:1f:44:ae:da:b5:3b:be:b2:e2:ba:60:b3:eb:2b:
         26:3d:a1:cb:e2:8f:f4:d7:18:e7:75:f9:18:33:b1:1f:e1:5e:
         5d:da:72:75:60:64:eb:47:07:46:55:78:6c:ff:60:6c:59:10:
         83:a9:89:a3:77:3a:c4:27:ff:c5:cb:ff:22:b3:42:5e:fc:87:
         41:2f:58:3c:7d:a2:54:86:72:b0:46:94:e6:7d:83:06:54:28:
         c8:9f:5c:12:50:a7:36:c9:36:01:f1:51:76:cc:e5:a6:f3:50:
         35:a4:ff:ce:8a:7b:3c:2c:45:2c:41:70:8f:a9:a0:d7:43:37:
         ec:98:bb:a0:53:75:fb:23:7d:82:57:80:bc:7a:47:6f:ba:e3:
         4c:25:4b:c8:d3:d8:a3:56:17:0c:7e:fb:eb:9e:5e:c5:36:ef:
         1c:3d:df:99:45:f1:69:8a:90:1e:ec:a9:2d:e3:42:fa:9c:52:
         cc:ff:07:9a:de:30:0a:ac:e0:e6:8c:16:f8:55:bf:57:44:68:
         d6:79:5d:2a:58:9b:f8:08:8a:91:98:06:0f:12:54:38:84:7f:
         1d:70:19:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/giyfy3+JdNSdn45jktuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZjZmODVhYWQxMDFjNDU2YzFhYzlhMDFhNzE5MmZjNTc4
OGU5MmMwHhcNMjYwMTAyMTYxOTU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTRhNmVlNzhiZmFiYjFkMmY3ZWIzMjZhZjY3NmYxNzgxMTQ5ODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWmb/uPxyekIpIaFtsv2hLjgbioo
Qdsfgj0UK9WKZeeAr8yXEH6kHrINDN1NFBAA41mX/0oSHqyb+26EkO2OLIhrHW2D
3n79Lvz4FArDBLkxbwMZ43ZBprYlShzRt0Vc7A5EFiFuLpQd99wr4c8t6xll+UW+
jD6+Aj0yxag4ShnetoPKlNMMFPb8eKcyBINBBqunM/dxwzmp93q+djXxJI1x3AI3
08p1DrNAYSx6rHG6HlBYiLndjbLHzEGAX4PcyU/YCHgq90tNGl1lCPMRVwVq93iy
RQxwNqhFqGgp+eGbeu0Dy8iX0wtwkbUnB8T6KKBIz7pKTia1qPsXt038hQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5KbueL+rsdL36zJq9nbxeBFJiGMB8GA1UdIwQY
MBaAFK/2+FqtEBxFbBrJoBpxkvxXiOksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTIt
NjQ0YmQwZmM3ZjgwLzEvTGtwdTU0djZ1eDB2ZnJNbXIyZHZGNEVVbUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTItNjQ0YmQwZmM3Zjgw
LzEvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ0eMA0G
CSqGSIb3DQEBCwUAA4IBAQALeLs/VTu676HkiOFahEzAGkzC5++bfZrp7Q8cH99E
2VkWY3Xoezr1H0Su2rU7vrLiumCz6ysmPaHL4o/01xjndfkYM7Ef4V5d2nJ1YGTr
RwdGVXhs/2BsWRCDqYmjdzrEJ//Fy/8is0Je/IdBL1g8faJUhnKwRpTmfYMGVCjI
n1wSUKc2yTYB8VF2zOWm81A1pP/Oins8LEUsQXCPqaDXQzfsmLugU3X7I32CV4C8
ekdvuuNMJUvI09ijVhcMfvvrnl7FNu8cPd+ZRfFpipAe7Kkt40L6nFLM/wea3jAK
rODmjBb4Vb9XRGjWeV0qWJv4CIqRmAYPElQ4hH8dcBln
-----END CERTIFICATE-----