This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/LUonv2RCWvu1zL14QrHsu9P2rS4.roa
File:                     LUonv2RCWvu1zL14QrHsu9P2rS4.roa (raw, json)
Hash identifier:          sYEwbsM2ctHv6cNHrCxgkHRsQW+if3GIsRAYyp3V97Y=
Subject key identifier:   2D:4A:27:BF:64:42:5A:FB:B5:CC:BD:78:42:B1:EC:BB:D3:F6:AD:2E
Certificate issuer:       /CN=95d9fc815e90ca87927907c5eab3fe79ca215eaa
Certificate serial:       019B77C6D924C486F51377572AF89C7CC12A
Authority key identifier: 95:D9:FC:81:5E:90:CA:87:92:79:07:C5:EA:B3:FE:79:CA:21:5E:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ldn8gV6QyoeSeQfF6rP-ecohXqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/LUonv2RCWvu1zL14QrHsu9P2rS4.roa
Signing time:             Thu 01 Jan 2026 04:17:58 +0000
ROA not before:           Thu 01 Jan 2026 04:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201185
IP address blocks:        185.85.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/ldn8gV6QyoeSeQfF6rP-ecohXqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/ldn8gV6QyoeSeQfF6rP-ecohXqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ldn8gV6QyoeSeQfF6rP-ecohXqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 07:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:d9:24:c4:86:f5:13:77:57:2a:f8:9c:7c:c1:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95d9fc815e90ca87927907c5eab3fe79ca215eaa
        Validity
            Not Before: Jan  1 04:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d4a27bf64425afbb5ccbd7842b1ecbbd3f6ad2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fe:a5:71:1a:51:cd:7f:fc:5e:49:5a:2f:bb:
                    5a:26:9e:f4:1c:08:9b:46:17:57:78:b6:e0:9d:86:
                    0b:70:27:9b:4a:76:4b:0a:41:f1:1a:04:48:a1:5c:
                    be:a2:9c:1e:b5:04:50:a8:67:f8:ca:d0:1a:29:30:
                    6e:34:12:cb:fd:ae:19:00:0b:f4:eb:00:80:95:54:
                    83:a1:34:29:bd:81:e5:76:80:26:c3:1a:fa:8b:ec:
                    a6:88:d5:e2:73:26:1a:7d:3b:cd:76:50:0b:f5:c3:
                    cd:0d:53:60:70:a2:42:0d:c0:b0:0d:93:c9:ec:be:
                    a9:93:91:8f:14:fe:4c:b0:61:e7:99:6f:b7:73:78:
                    c5:b0:66:35:2b:7c:3f:22:cf:f8:71:b1:0a:85:5e:
                    3e:10:af:3c:c9:2a:d0:46:df:f6:5e:ae:a2:3f:88:
                    3f:d3:be:05:63:29:8f:bb:34:e3:e1:f7:39:61:10:
                    5d:a8:1b:06:b8:46:67:de:8a:33:2d:7a:cb:a7:17:
                    18:42:84:c0:ff:22:a5:0b:e3:c8:ea:00:06:a8:dc:
                    8a:56:eb:7f:48:f0:7d:b7:8f:67:3d:0e:77:49:f4:
                    c2:a2:91:6d:a7:6f:34:ea:e9:5c:16:8b:48:81:e6:
                    b6:5c:77:58:39:0b:5d:8a:0c:d9:86:2d:79:9d:dd:
                    82:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:4A:27:BF:64:42:5A:FB:B5:CC:BD:78:42:B1:EC:BB:D3:F6:AD:2E
            X509v3 Authority Key Identifier:
                keyid:95:D9:FC:81:5E:90:CA:87:92:79:07:C5:EA:B3:FE:79:CA:21:5E:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ldn8gV6QyoeSeQfF6rP-ecohXqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/LUonv2RCWvu1zL14QrHsu9P2rS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/9caa50-a510-417a-b589-8ce4179232c8/1/ldn8gV6QyoeSeQfF6rP-ecohXqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.85.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:db:d1:ed:88:40:79:49:b2:f8:1c:8d:de:e1:40:1a:84:3b:
         27:6c:b8:11:5d:08:99:91:69:08:99:f5:4c:26:a4:f2:c9:76:
         92:34:8d:a6:97:1e:ec:e1:fd:18:e3:5e:8e:a2:41:cc:0d:c4:
         b7:57:99:cd:96:ec:30:1e:74:89:81:01:0d:70:78:fa:6e:35:
         1c:22:02:a8:b9:b5:03:f7:e3:17:fd:07:f0:7b:1d:30:9c:bc:
         79:c8:80:b3:96:c1:b4:0d:85:ba:24:7d:b8:28:cc:e5:e8:3b:
         ad:8e:3d:fe:df:f2:ea:5b:c8:e6:6d:ed:78:dd:af:86:75:ff:
         19:dd:68:03:1d:06:7b:fb:75:f0:7e:00:ad:97:ca:cc:55:a4:
         1d:68:1b:7f:dc:73:61:ad:07:3f:80:7f:3c:bf:4e:cf:3a:0d:
         6d:7b:1c:78:8e:d9:6e:a5:d2:81:51:2c:ce:0d:56:6e:78:ce:
         e8:25:c1:2a:3b:e6:3c:b4:39:90:09:0b:85:4b:ed:25:21:d9:
         2a:1a:db:05:14:2d:fe:a7:6a:86:4f:26:4f:45:42:cf:08:a8:
         ca:72:d7:3e:12:dc:6e:a7:e9:da:56:65:eb:ce:fd:74:37:6f:
         53:93:e7:f8:4e:75:d3:fd:b4:4b:89:b4:c3:98:d1:80:47:eb:
         67:9f:5f:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xtkkxIb1E3dXKvicfMEqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1ZDlmYzgxNWU5MGNhODc5Mjc5MDdjNWVhYjNmZTc5Y2Ey
MTVlYWEwHhcNMjYwMTAxMDQxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDRhMjdiZjY0NDI1YWZiYjVjY2JkNzg0MmIxZWNiYmQzZjZhZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/6lcRpRzX/8XklaL7taJp70HAib
RhdXeLbgnYYLcCebSnZLCkHxGgRIoVy+opwetQRQqGf4ytAaKTBuNBLL/a4ZAAv0
6wCAlVSDoTQpvYHldoAmwxr6i+ymiNXicyYafTvNdlAL9cPNDVNgcKJCDcCwDZPJ
7L6pk5GPFP5MsGHnmW+3c3jFsGY1K3w/Is/4cbEKhV4+EK88ySrQRt/2Xq6iP4g/
074FYymPuzTj4fc5YRBdqBsGuEZn3oozLXrLpxcYQoTA/yKlC+PI6gAGqNyKVut/
SPB9t49nPQ53SfTCopFtp2806ulcFotIgea2XHdYOQtdigzZhi15nd2C7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1KJ79kQlr7tcy9eEKx7LvT9q0uMB8GA1UdIwQY
MBaAFJXZ/IFekMqHknkHxeqz/nnKIV6qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGRuOGdWNlF5b2VTZVFmRjZyUC1lY29oWHFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS85Y2FhNTAtYTUxMC00MTdhLWI1ODkt
OGNlNDE3OTIzMmM4LzEvTFVvbnYyUkNXdnUxekwxNFFySHN1OVAyclM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS85Y2FhNTAtYTUxMC00MTdhLWI1ODktOGNlNDE3OTIzMmM4
LzEvbGRuOGdWNlF5b2VTZVFmRjZyUC1lY29oWHFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVVAMA0G
CSqGSIb3DQEBCwUAA4IBAQAV29HtiEB5SbL4HI3e4UAahDsnbLgRXQiZkWkImfVM
JqTyyXaSNI2mlx7s4f0Y416OokHMDcS3V5nNluwwHnSJgQENcHj6bjUcIgKoubUD
9+MX/Qfwex0wnLx5yICzlsG0DYW6JH24KMzl6Dutjj3+3/LqW8jmbe143a+Gdf8Z
3WgDHQZ7+3XwfgCtl8rMVaQdaBt/3HNhrQc/gH88v07POg1texx4jtlupdKBUSzO
DVZueM7oJcEqO+Y8tDmQCQuFS+0lIdkqGtsFFC3+p2qGTyZPRULPCKjKctc+Etxu
p+naVmXrzv10N29Tk+f4TnXT/bRLibTDmNGAR+tnn1+/
-----END CERTIFICATE-----