This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LKaOQokfTIgkWBs2UdoqCTA22vc.roa
File:                     LKaOQokfTIgkWBs2UdoqCTA22vc.roa (raw, json)
Hash identifier:          cUUhEOlVftW9+j+XpaAsAph0Rp9J2xVMMProgn5lBRE=
Subject key identifier:   2C:A6:8E:42:89:1F:4C:88:24:58:1B:36:51:DA:2A:09:30:36:DA:F7
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019B7DCB44B48A07A8DB50BA082FEA56CF11
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LKaOQokfTIgkWBs2UdoqCTA22vc.roa
Signing time:             Fri 02 Jan 2026 08:20:31 +0000
ROA not before:           Fri 02 Jan 2026 08:20:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     139205
IP address blocks:        185.65.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 12:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:44:b4:8a:07:a8:db:50:ba:08:2f:ea:56:cf:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Jan  2 08:20:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ca68e42891f4c8824581b3651da2a093036daf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c8:da:4f:69:59:39:b7:d3:43:20:a3:5f:df:
                    19:ff:c1:53:72:74:11:8b:b7:82:bb:e8:8d:e5:f4:
                    f8:81:a4:ba:55:5e:b9:8a:9b:40:85:d0:8e:1e:c5:
                    61:66:c4:fd:67:ab:f9:ff:ae:c7:5a:1f:06:a8:eb:
                    65:a4:8f:57:28:58:1b:4b:f1:fa:a9:62:17:ad:06:
                    5e:40:24:a1:45:98:1f:02:8d:18:5f:1a:b6:81:2d:
                    ff:c3:11:d4:2c:7d:fc:4e:6e:19:e1:91:de:1c:25:
                    1e:83:2f:27:0b:28:b3:da:a7:50:61:7a:72:1f:ae:
                    ac:2a:bb:d6:5e:c5:15:94:ab:e9:3c:5e:f7:5e:08:
                    d5:f1:cc:cb:28:a0:26:fb:34:be:b5:88:78:cd:b1:
                    85:46:5f:fb:ee:96:c9:8b:2d:26:51:68:fd:87:5b:
                    99:c9:c2:16:fc:ca:4f:dd:53:ba:57:a2:4d:c5:6c:
                    7d:44:0d:b9:ab:06:39:b8:f5:b9:68:f6:90:d3:e9:
                    27:e3:f4:4c:76:ab:84:e3:91:09:b8:b8:fc:05:12:
                    30:cf:5f:1d:52:a1:b1:a0:57:4b:db:50:56:50:26:
                    4a:7b:9d:24:00:05:a2:8b:45:75:60:ba:fe:c2:03:
                    74:33:aa:ef:e2:be:32:d3:1a:bd:c8:2b:60:de:ca:
                    37:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:A6:8E:42:89:1F:4C:88:24:58:1B:36:51:DA:2A:09:30:36:DA:F7
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LKaOQokfTIgkWBs2UdoqCTA22vc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:e8:cd:c9:b9:4c:91:fa:f2:2d:55:bb:75:6c:4e:a7:4b:62:
         7c:1d:0b:5b:8a:56:d8:f4:f9:9e:72:71:dd:35:e2:a0:c7:b6:
         49:49:10:a4:e4:83:a0:a4:be:ad:2e:8a:4a:7c:a3:7d:ec:a4:
         22:77:63:5d:dd:f7:59:f6:5a:2b:a4:24:cc:48:f4:fc:0a:a1:
         66:5c:54:7d:52:07:49:6b:b0:05:a9:07:7f:6a:2b:9b:5b:fd:
         30:3f:b0:ba:99:0f:40:96:a0:8f:e5:d4:9f:72:1c:23:51:92:
         99:d8:80:93:90:0c:1f:20:86:73:d4:06:a6:a7:65:d7:87:8e:
         8c:1f:46:1c:41:6e:bd:9c:f5:68:b9:01:25:a1:f3:d9:38:10:
         d5:ac:0a:6e:11:5e:7d:c3:b4:d3:20:78:ac:63:a8:20:a2:01:
         93:a4:ea:50:76:75:0c:bb:39:21:6e:72:33:aa:6a:d5:55:1c:
         6a:12:5a:9f:47:fb:80:32:17:ea:f1:0f:2f:2e:01:ef:a6:9b:
         78:a7:16:ca:2f:4c:55:8e:77:03:35:5c:b1:48:41:d4:a1:4a:
         51:3a:e3:93:a8:d9:7b:b0:b7:62:37:6f:ec:7a:cf:1e:eb:05:
         56:e9:aa:21:5e:86:82:23:81:98:7b:fb:4e:35:80:b0:49:4e:
         fb:bd:d5:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y0S0igeo21C6CC/qVs8RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjYwMTAyMDgyMDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2E2OGU0Mjg5MWY0Yzg4MjQ1ODFiMzY1MWRhMmEwOTMwMzZkYWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucjaT2lZObfTQyCjX98Z/8FTcnQR
i7eCu+iN5fT4gaS6VV65iptAhdCOHsVhZsT9Z6v5/67HWh8GqOtlpI9XKFgbS/H6
qWIXrQZeQCShRZgfAo0YXxq2gS3/wxHULH38Tm4Z4ZHeHCUegy8nCyiz2qdQYXpy
H66sKrvWXsUVlKvpPF73XgjV8czLKKAm+zS+tYh4zbGFRl/77pbJiy0mUWj9h1uZ
ycIW/MpP3VO6V6JNxWx9RA25qwY5uPW5aPaQ0+kn4/RMdquE45EJuLj8BRIwz18d
UqGxoFdL21BWUCZKe50kAAWii0V1YLr+wgN0M6rv4r4y0xq9yCtg3so34QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCymjkKJH0yIJFgbNlHaKgkwNtr3MB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvTEthT1Fva2ZUSWdrV0JzMlVkb3FDVEEyMnZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUHLMA0G
CSqGSIb3DQEBCwUAA4IBAQBL6M3JuUyR+vItVbt1bE6nS2J8HQtbilbY9PmecnHd
NeKgx7ZJSRCk5IOgpL6tLopKfKN97KQid2Nd3fdZ9lorpCTMSPT8CqFmXFR9UgdJ
a7AFqQd/aiubW/0wP7C6mQ9AlqCP5dSfchwjUZKZ2ICTkAwfIIZz1Aamp2XXh46M
H0YcQW69nPVouQElofPZOBDVrApuEV59w7TTIHisY6ggogGTpOpQdnUMuzkhbnIz
qmrVVRxqElqfR/uAMhfq8Q8vLgHvppt4pxbKL0xVjncDNVyxSEHUoUpROuOTqNl7
sLdiN2/ses8e6wVW6aohXoaCI4GYe/tONYCwSU77vdU3
-----END CERTIFICATE-----