This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/leUezOsMyq96-d8mJ8nIjjD7JvA.roa
File:                     leUezOsMyq96-d8mJ8nIjjD7JvA.roa (raw, json)
Hash identifier:          g5CFKJHlpq/pgKR++1ZaNjuNwVvKoATKegh0uW1A5JI=
Subject key identifier:   95:E5:1E:CC:EB:0C:CA:AF:7A:F9:DF:26:27:C9:C8:8E:30:FB:26:F0
Certificate issuer:       /CN=af734108705a95796e8577125dd300c751dfd9a8
Certificate serial:       019B7EA73CF27664835DC09B6D77396E1286
Authority key identifier: AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/leUezOsMyq96-d8mJ8nIjjD7JvA.roa
Signing time:             Fri 02 Jan 2026 12:20:47 +0000
ROA not before:           Fri 02 Jan 2026 12:20:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62442
IP address blocks:        185.221.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:3c:f2:76:64:83:5d:c0:9b:6d:77:39:6e:12:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af734108705a95796e8577125dd300c751dfd9a8
        Validity
            Not Before: Jan  2 12:20:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95e51ecceb0ccaaf7af9df2627c9c88e30fb26f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:61:68:78:61:65:30:af:0e:04:d5:6f:f8:df:
                    2e:64:78:11:64:37:4a:da:30:3f:63:ff:64:f1:93:
                    8e:4b:68:0c:d3:c1:dd:ec:4e:49:61:1a:63:90:d5:
                    5a:fb:f0:2f:ea:f5:6d:5c:d5:6c:d0:f9:c7:b2:b4:
                    0c:15:46:f5:dc:45:77:49:48:9c:f7:be:18:a5:1d:
                    21:b2:c7:bc:6f:06:30:da:29:a9:8e:24:e3:48:96:
                    ff:78:8f:f1:27:59:f1:b4:f3:d7:4a:f9:47:00:fc:
                    c7:b9:a7:52:4f:d7:e3:e4:42:e4:ca:9d:24:ce:2e:
                    00:40:47:7f:e4:77:3d:86:e1:f2:12:4e:f1:15:fd:
                    89:dc:1a:84:eb:ba:ca:2c:eb:ef:9f:94:1c:56:55:
                    48:24:f3:5a:9a:8c:81:0e:6c:1e:45:87:86:36:71:
                    85:08:63:84:88:4a:b5:5c:b3:40:6d:d2:11:e8:a1:
                    a8:94:90:6f:a3:26:03:37:10:68:fe:6d:1f:1e:4d:
                    1c:88:77:6e:22:c3:2d:83:0b:00:30:f8:2d:99:41:
                    fb:61:ba:c9:b3:f0:a0:51:31:c5:15:16:cc:c7:1f:
                    b2:ab:69:94:37:8d:cc:31:98:6f:b1:a8:22:ab:4c:
                    b9:73:7c:8d:44:fc:37:c9:bc:3c:9b:9b:74:ef:4a:
                    2c:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:E5:1E:CC:EB:0C:CA:AF:7A:F9:DF:26:27:C9:C8:8E:30:FB:26:F0
            X509v3 Authority Key Identifier:
                keyid:AF:73:41:08:70:5A:95:79:6E:85:77:12:5D:D3:00:C7:51:DF:D9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r3NBCHBalXluhXcSXdMAx1Hf2ag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/leUezOsMyq96-d8mJ8nIjjD7JvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/c93a66-c7c7-4c33-a725-18d1a406aaed/1/r3NBCHBalXluhXcSXdMAx1Hf2ag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:4f:5b:e0:ce:d1:e3:78:4a:1a:bf:07:83:69:b7:49:12:5f:
         af:e4:b8:b3:a8:97:9e:84:0c:39:37:c5:a3:cc:d0:aa:eb:25:
         4a:9b:bb:51:b7:c7:78:0e:e2:f1:60:7f:7f:d4:eb:fe:d6:f8:
         73:61:86:40:29:2c:f3:cc:9e:8d:56:ec:bc:99:4a:7b:eb:3e:
         df:01:ec:07:30:37:bf:a5:6f:7c:d9:a0:08:45:a6:de:e5:60:
         9e:ac:fe:d3:a6:70:c4:b9:dc:d6:c3:07:3f:45:69:a6:e1:98:
         09:41:34:a3:2d:e3:86:3c:8d:88:e3:06:2e:41:3c:a1:7e:66:
         74:7b:e8:34:01:ab:7f:a2:dd:63:6c:b4:67:9c:de:b4:dc:51:
         57:7b:db:1d:de:8d:d2:9d:eb:43:d1:c2:d1:c8:1e:55:2f:de:
         8f:52:be:ab:f5:35:0b:ff:a6:2c:a2:51:46:58:e5:bf:f7:cc:
         d1:b7:bc:dd:a7:21:13:2d:a3:46:72:e4:10:d9:13:d6:3d:2f:
         04:2e:1c:ba:b3:d9:2a:1b:2d:f7:57:b9:31:38:86:05:a0:54:
         b8:f1:d4:6a:45:63:92:e0:4a:3f:9e:9b:58:28:ad:a7:b7:6b:
         f1:02:ce:c7:21:1b:95:5c:af:1e:55:63:91:e1:79:37:f4:eb:
         de:e7:c9:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pzzydmSDXcCbbXc5bhKGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNzM0MTA4NzA1YTk1Nzk2ZTg1NzcxMjVkZDMwMGM3NTFk
ZmQ5YTgwHhcNMjYwMTAyMTIyMDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWU1MWVjY2ViMGNjYWFmN2FmOWRmMjYyN2M5Yzg4ZTMwZmIyNmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6mFoeGFlMK8OBNVv+N8uZHgRZDdK
2jA/Y/9k8ZOOS2gM08Hd7E5JYRpjkNVa+/Av6vVtXNVs0PnHsrQMFUb13EV3SUic
974YpR0hsse8bwYw2impjiTjSJb/eI/xJ1nxtPPXSvlHAPzHuadST9fj5ELkyp0k
zi4AQEd/5Hc9huHyEk7xFf2J3BqE67rKLOvvn5QcVlVIJPNamoyBDmweRYeGNnGF
CGOEiEq1XLNAbdIR6KGolJBvoyYDNxBo/m0fHk0ciHduIsMtgwsAMPgtmUH7YbrJ
s/CgUTHFFRbMxx+yq2mUN43MMZhvsagiq0y5c3yNRPw3ybw8m5t070osUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJXlHszrDMqvevnfJifJyI4w+ybwMB8GA1UdIwQY
MBaAFK9zQQhwWpV5boV3El3TAMdR39moMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUt
MThkMWE0MDZhYWVkLzEvbGVVZXpPc015cTk2LWQ4bUo4bklqakQ3SnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9jOTNhNjYtYzdjNy00YzMzLWE3MjUtMThkMWE0MDZhYWVk
LzEvcjNOQkNIQmFsWGx1aFhjU1hkTUF4MUhmMmFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3vMA0G
CSqGSIb3DQEBCwUAA4IBAQCMT1vgztHjeEoavweDabdJEl+v5LizqJeehAw5N8Wj
zNCq6yVKm7tRt8d4DuLxYH9/1Ov+1vhzYYZAKSzzzJ6NVuy8mUp76z7fAewHMDe/
pW982aAIRabe5WCerP7TpnDEudzWwwc/RWmm4ZgJQTSjLeOGPI2I4wYuQTyhfmZ0
e+g0Aat/ot1jbLRnnN603FFXe9sd3o3SnetD0cLRyB5VL96PUr6r9TUL/6YsolFG
WOW/98zRt7zdpyETLaNGcuQQ2RPWPS8ELhy6s9kqGy33V7kxOIYFoFS48dRqRWOS
4Eo/nptYKK2nt2vxAs7HIRuVXK8eVWOR4Xk39Ove58n0
-----END CERTIFICATE-----