This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/LKqcV__iHBkuJmHBTgVTMKe7jfs.roa
File:                     LKqcV__iHBkuJmHBTgVTMKe7jfs.roa (raw, json)
Hash identifier:          LzRNG01pbqOOrg9Ke+0IrSjljXKIcSklaBxsB5gc1AU=
Subject key identifier:   2C:AA:9C:57:FF:E2:1C:19:2E:26:61:C1:4E:05:53:30:A7:BB:8D:FB
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       019B7E382485E19D07661418D5D95DB7A52F
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/LKqcV__iHBkuJmHBTgVTMKe7jfs.roa
Signing time:             Fri 02 Jan 2026 10:19:27 +0000
ROA not before:           Fri 02 Jan 2026 10:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17018
IP address blocks:        91.221.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 02:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:24:85:e1:9d:07:66:14:18:d5:d9:5d:b7:a5:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 10:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2caa9c57ffe21c192e2661c14e055330a7bb8dfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:9f:a7:35:d5:82:88:32:9e:bb:f8:de:01:c7:
                    24:70:32:f1:19:23:7b:27:05:a5:5a:a4:9e:98:59:
                    50:c8:51:d1:09:56:17:86:24:da:a6:d3:d1:25:47:
                    43:84:58:d9:a5:17:46:dd:86:05:15:05:8a:f3:85:
                    64:9f:e3:f1:d2:d6:1d:28:ce:1a:a5:7d:e6:ad:f4:
                    17:0c:b5:22:25:31:c9:13:d1:29:25:65:01:c5:33:
                    6c:d7:8c:73:d4:ce:e7:98:e9:fc:f7:2d:6f:cb:bd:
                    cc:57:55:14:b5:0a:06:02:72:b9:9e:35:57:06:73:
                    c6:4a:04:fb:ff:8c:55:c5:b2:5c:d8:31:e7:26:9d:
                    89:25:1c:1c:58:2c:15:1a:f1:d2:6f:0a:f3:b4:14:
                    01:78:53:cd:e9:ce:98:2b:d5:3d:45:b3:9c:7b:48:
                    90:61:79:80:1e:34:ec:03:e9:3d:41:aa:5c:0d:42:
                    41:51:a5:ce:05:f9:14:e1:8a:13:8f:4c:71:d8:30:
                    14:3f:da:d1:9e:d7:4c:cf:9f:71:4e:a1:b3:ab:b4:
                    f5:6e:cb:18:03:8f:5c:29:f3:84:43:a6:53:21:0a:
                    14:57:b0:34:f5:ed:b8:39:1e:bd:ff:c3:2d:53:24:
                    5b:8d:d5:5c:cf:57:3f:83:80:bd:29:67:1d:ae:de:
                    cf:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:AA:9C:57:FF:E2:1C:19:2E:26:61:C1:4E:05:53:30:A7:BB:8D:FB
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/LKqcV__iHBkuJmHBTgVTMKe7jfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:0c:93:32:05:83:44:10:34:a5:46:2a:a8:26:7d:9f:c4:23:
         f9:be:3b:02:cf:07:da:eb:0c:c9:91:c9:34:43:fb:be:7e:ec:
         3c:56:54:09:05:b5:b1:4d:2e:3a:9b:8f:b6:8d:62:dc:cf:97:
         4c:39:e1:81:07:15:a5:99:a8:43:3e:01:bc:31:3c:33:53:bd:
         2b:d8:39:0b:53:19:3b:bb:c7:d4:3c:f0:6a:7b:81:00:75:43:
         ae:da:de:fc:79:c7:34:bf:bd:e5:6d:1f:5e:ea:2b:ed:e0:c5:
         47:5b:90:54:5e:7a:79:62:a6:8d:f9:98:20:c0:6a:38:ae:60:
         dd:b9:26:de:c5:5a:af:c0:bc:10:a2:99:4e:6d:8c:ba:e0:6f:
         15:58:c0:34:95:72:5e:50:f8:c7:ab:9e:35:d1:9c:f1:a6:04:
         9d:9b:5d:eb:97:06:c0:ef:c3:20:21:0b:4a:c9:10:02:a7:81:
         81:99:bc:17:28:6a:82:dc:98:3a:96:a9:68:ed:77:7a:0f:ed:
         43:a1:fb:6f:0f:d5:ca:88:43:51:75:79:08:08:d9:01:35:91:
         4b:cc:38:b1:c7:8c:c3:83:79:61:50:cc:71:21:d1:17:e3:0e:
         25:6f:3b:fd:f4:64:7c:01:0a:df:85:f3:6f:97:b8:43:e0:4d:
         5a:0f:69:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OCSF4Z0HZhQY1dldt6UvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjYwMTAyMTAxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2FhOWM1N2ZmZTIxYzE5MmUyNjYxYzE0ZTA1NTMzMGE3YmI4ZGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5+nNdWCiDKeu/jeAcckcDLxGSN7
JwWlWqSemFlQyFHRCVYXhiTaptPRJUdDhFjZpRdG3YYFFQWK84Vkn+Px0tYdKM4a
pX3mrfQXDLUiJTHJE9EpJWUBxTNs14xz1M7nmOn89y1vy73MV1UUtQoGAnK5njVX
BnPGSgT7/4xVxbJc2DHnJp2JJRwcWCwVGvHSbwrztBQBeFPN6c6YK9U9RbOce0iQ
YXmAHjTsA+k9QapcDUJBUaXOBfkU4YoTj0xx2DAUP9rRntdMz59xTqGzq7T1bssY
A49cKfOEQ6ZTIQoUV7A09e24OR69/8MtUyRbjdVcz1c/g4C9KWcdrt7P0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCyqnFf/4hwZLiZhwU4FUzCnu437MB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvTEtxY1ZfX2lIQmt1Sm1IQlRnVlRNS2U3amZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW93pMA0G
CSqGSIb3DQEBCwUAA4IBAQCdDJMyBYNEEDSlRiqoJn2fxCP5vjsCzwfa6wzJkck0
Q/u+fuw8VlQJBbWxTS46m4+2jWLcz5dMOeGBBxWlmahDPgG8MTwzU70r2DkLUxk7
u8fUPPBqe4EAdUOu2t78ecc0v73lbR9e6ivt4MVHW5BUXnp5YqaN+ZggwGo4rmDd
uSbexVqvwLwQoplObYy64G8VWMA0lXJeUPjHq5410ZzxpgSdm13rlwbA78MgIQtK
yRACp4GBmbwXKGqC3Jg6lqlo7Xd6D+1DoftvD9XKiENRdXkICNkBNZFLzDixx4zD
g3lhUMxxIdEX4w4lbzv99GR8AQrfhfNvl7hD4E1aD2lA
-----END CERTIFICATE-----