This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/okyZecfvIRqZODTkhqFVtVBqWlo.roa
File:                     okyZecfvIRqZODTkhqFVtVBqWlo.roa (raw, json)
Hash identifier:          JURGYJBnqyW45CKjgzH7wE+F8JuOD/bJVrdaAV1cAA4=
Subject key identifier:   A2:4C:99:79:C7:EF:21:1A:99:38:34:E4:86:A1:55:B5:50:6A:5A:5A
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019B7F1508E8123BD708307219F5119A86EE
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/okyZecfvIRqZODTkhqFVtVBqWlo.roa
Signing time:             Fri 02 Jan 2026 14:20:43 +0000
ROA not before:           Fri 02 Jan 2026 14:20:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208949
IP address blocks:        185.114.146.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 08:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:08:e8:12:3b:d7:08:30:72:19:f5:11:9a:86:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Jan  2 14:20:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a24c9979c7ef211a993834e486a155b5506a5a5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d8:ff:2b:45:cd:3e:be:8c:fb:bc:5e:8c:f7:
                    3f:f0:72:56:53:b1:ec:55:24:53:21:89:bb:60:94:
                    85:66:bb:b8:f3:4e:f5:96:01:98:20:dd:92:b9:29:
                    1a:71:14:db:17:ec:ce:3e:fd:f3:d3:d0:df:06:cd:
                    c3:df:12:b9:aa:f4:02:84:b7:30:38:29:e0:07:04:
                    c9:09:5c:80:7e:83:45:80:7f:73:6f:02:d5:a8:0a:
                    78:94:6a:25:9f:3e:40:52:86:12:f0:b5:e1:e0:58:
                    d8:dc:1e:6b:9d:7f:b8:79:53:4e:f1:2a:da:c4:35:
                    ab:ec:55:97:f1:7c:bd:29:8b:41:a3:38:19:21:87:
                    86:3d:c9:0a:91:5a:c9:f0:81:ef:c4:77:a7:87:5e:
                    58:72:6e:30:7c:76:5e:ce:6a:a4:bc:89:cf:f8:cc:
                    79:56:9b:f7:69:c4:d0:3c:74:be:e0:14:36:e5:a2:
                    a1:90:38:43:84:ea:86:e5:c7:77:96:55:09:98:3c:
                    eb:35:7a:6d:48:84:c1:ca:8b:49:e7:4b:d1:04:6e:
                    98:2e:99:1c:99:df:5b:f3:cd:1a:0a:a0:01:cc:74:
                    a3:36:0f:8c:2c:dc:54:2b:a4:46:2f:49:58:64:62:
                    b5:4b:ac:93:e1:67:2d:77:8c:ee:8e:c0:fb:14:e2:
                    11:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:4C:99:79:C7:EF:21:1A:99:38:34:E4:86:A1:55:B5:50:6A:5A:5A
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/okyZecfvIRqZODTkhqFVtVBqWlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.114.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:6a:d5:93:0d:70:0f:49:d4:38:09:a4:a2:1b:47:5a:e3:ab:
         ee:16:08:2a:78:cd:9b:df:d5:82:e6:0f:4e:40:9e:25:d2:56:
         8e:ca:c8:28:27:04:11:ab:f3:8e:5d:5b:a1:ed:8e:21:27:f0:
         22:0f:6f:1d:10:97:11:2b:69:81:86:d8:b8:c3:da:9b:cc:f9:
         a2:40:64:5b:46:c7:04:32:18:84:82:71:b5:94:33:68:32:39:
         27:bf:bb:c5:65:2d:7f:ba:e3:4a:53:a8:bd:0c:80:25:24:b3:
         c2:5c:51:9d:f8:c7:7c:8b:b9:4d:70:db:06:0b:37:ec:99:38:
         f2:76:fe:3d:a7:55:cf:de:3d:a5:80:dd:c4:f0:f7:25:a2:07:
         b6:16:d5:75:3e:39:56:35:eb:70:90:b3:58:3f:b6:2c:80:77:
         13:cf:88:d8:44:57:63:0f:a6:8c:4a:4c:10:73:51:79:f8:15:
         9c:08:b8:ac:86:a3:a1:23:88:ec:af:57:f9:71:97:5b:79:19:
         9a:e3:e1:fd:2f:52:c2:06:8a:02:38:06:f2:e9:f6:3a:a4:ec:
         4b:a2:66:2b:59:b0:f0:25:36:82:e0:9f:21:50:0a:cf:de:20:
         fd:0b:2a:5f:d9:6b:5e:77:dd:e1:e1:b2:df:55:e5:99:ee:ff:
         fc:03:21:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FQjoEjvXCDByGfURmobuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjYwMTAyMTQyMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjRjOTk3OWM3ZWYyMTFhOTkzODM0ZTQ4NmExNTViNTUwNmE1YTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9j/K0XNPr6M+7xejPc/8HJWU7Hs
VSRTIYm7YJSFZru48071lgGYIN2SuSkacRTbF+zOPv3z09DfBs3D3xK5qvQChLcw
OCngBwTJCVyAfoNFgH9zbwLVqAp4lGolnz5AUoYS8LXh4FjY3B5rnX+4eVNO8Sra
xDWr7FWX8Xy9KYtBozgZIYeGPckKkVrJ8IHvxHenh15Ycm4wfHZezmqkvInP+Mx5
Vpv3acTQPHS+4BQ25aKhkDhDhOqG5cd3llUJmDzrNXptSITByotJ50vRBG6YLpkc
md9b880aCqABzHSjNg+MLNxUK6RGL0lYZGK1S6yT4Wctd4zujsD7FOIRRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJMmXnH7yEamTg05IahVbVQalpaMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvb2t5WmVjZnZJUnFaT0RUa2hxRlZ0VkJxV2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXKSMA0G
CSqGSIb3DQEBCwUAA4IBAQBRatWTDXAPSdQ4CaSiG0da46vuFggqeM2b39WC5g9O
QJ4l0laOysgoJwQRq/OOXVuh7Y4hJ/AiD28dEJcRK2mBhti4w9qbzPmiQGRbRscE
MhiEgnG1lDNoMjknv7vFZS1/uuNKU6i9DIAlJLPCXFGd+Md8i7lNcNsGCzfsmTjy
dv49p1XP3j2lgN3E8Pcloge2FtV1PjlWNetwkLNYP7YsgHcTz4jYRFdjD6aMSkwQ
c1F5+BWcCLishqOhI4jsr1f5cZdbeRma4+H9L1LCBooCOAby6fY6pOxLomYrWbDw
JTaC4J8hUArP3iD9Cypf2Wted93h4bLfVeWZ7v/8AyF0
-----END CERTIFICATE-----