This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/LB897dXLBM36a7U6SkP9ZIBRp0U.roa
File:                     LB897dXLBM36a7U6SkP9ZIBRp0U.roa (raw, json)
Hash identifier:          syt+8t+IbVJ3QRitmZH6LwQ2EF86AutEdjHbzKfuLYY=
Subject key identifier:   2C:1F:3D:ED:D5:CB:04:CD:FA:6B:B5:3A:4A:43:FD:64:80:51:A7:45
Certificate issuer:       /CN=72aa537574350f26a6f36b43dc303b9e339e7eec
Certificate serial:       019BEACCFB1CADE2F131B99F771199FD0A0F
Authority key identifier: 72:AA:53:75:74:35:0F:26:A6:F3:6B:43:DC:30:3B:9E:33:9E:7E:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cqpTdXQ1Dyam82tD3DA7njOefuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/LB897dXLBM36a7U6SkP9ZIBRp0U.roa
Signing time:             Fri 23 Jan 2026 12:21:00 +0000
ROA not before:           Fri 23 Jan 2026 12:21:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43160
IP address blocks:        109.74.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/cqpTdXQ1Dyam82tD3DA7njOefuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/cqpTdXQ1Dyam82tD3DA7njOefuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cqpTdXQ1Dyam82tD3DA7njOefuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 09:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:ea:cc:fb:1c:ad:e2:f1:31:b9:9f:77:11:99:fd:0a:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72aa537574350f26a6f36b43dc303b9e339e7eec
        Validity
            Not Before: Jan 23 12:21:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c1f3dedd5cb04cdfa6bb53a4a43fd648051a745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:0d:d0:15:da:c8:a9:07:f7:0b:ff:34:f6:c5:
                    6a:85:90:64:a4:e9:26:2c:6d:0a:22:e6:a2:21:b4:
                    e2:ed:91:65:97:3f:1c:df:21:35:75:d8:ca:0e:19:
                    9a:b5:81:80:13:0c:d0:67:32:c2:cb:35:74:0a:75:
                    6f:93:ad:c2:64:64:49:c9:5d:ba:59:8b:f8:f8:78:
                    84:16:1d:db:f1:59:d3:8d:fc:d4:6d:42:d2:e7:f7:
                    1e:e8:4a:04:fb:a5:67:51:28:8f:58:bc:02:43:5b:
                    dc:a5:ef:22:2e:ee:59:0e:17:1a:d5:16:37:a1:00:
                    35:e1:96:b5:7e:04:c3:5e:2f:5f:ec:d8:57:ef:46:
                    53:ba:2b:f0:96:29:96:cf:50:a3:8a:e2:2f:ca:a0:
                    91:aa:ca:92:60:bc:04:fa:fc:99:de:24:b5:ef:97:
                    5d:49:b3:15:a2:fe:26:ee:a3:9b:a2:96:42:6c:4f:
                    57:ff:60:a6:fe:c4:cf:44:99:e6:48:41:de:fd:56:
                    5d:29:59:17:78:c4:a2:6a:bf:14:0f:12:a3:e3:54:
                    bd:f3:a1:f6:a6:d8:73:30:d8:2a:5f:e1:dc:cb:09:
                    72:56:07:af:c5:67:6e:24:ff:f0:75:12:be:c8:73:
                    93:8a:20:cf:67:f0:e5:2d:03:df:0b:10:61:16:3b:
                    60:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:1F:3D:ED:D5:CB:04:CD:FA:6B:B5:3A:4A:43:FD:64:80:51:A7:45
            X509v3 Authority Key Identifier:
                keyid:72:AA:53:75:74:35:0F:26:A6:F3:6B:43:DC:30:3B:9E:33:9E:7E:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cqpTdXQ1Dyam82tD3DA7njOefuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/LB897dXLBM36a7U6SkP9ZIBRp0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/cqpTdXQ1Dyam82tD3DA7njOefuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.74.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:87:a1:fd:de:8f:35:d9:9b:f4:87:95:26:32:e3:ae:00:e6:
         03:00:11:c1:be:be:55:0a:60:ea:13:85:1a:eb:94:63:af:6c:
         6a:42:6d:ca:dc:1c:df:3c:bf:e9:c7:ab:b4:21:c3:c9:c7:19:
         10:ad:de:af:f7:d1:9b:ad:53:e9:de:d3:af:52:ac:4a:fa:b9:
         c2:23:ac:77:7a:f8:45:0b:5f:7c:c3:da:11:3e:b3:4a:6e:a8:
         9d:83:75:46:7c:ab:6e:e3:aa:f9:f7:53:3e:fc:4c:7d:bf:84:
         3d:78:8c:d9:76:94:67:e0:97:e9:8c:33:ac:bb:de:cf:82:be:
         50:88:1d:b9:ce:3b:aa:2b:a0:64:cd:84:48:6e:9d:dc:9d:26:
         1f:d1:a9:22:e4:d5:b0:67:a3:dc:5b:5f:af:0b:54:65:d0:0a:
         48:de:9b:5d:6d:d4:e3:73:51:21:22:cb:44:b4:9a:cc:c8:78:
         7b:3a:6d:32:20:73:c4:35:70:90:66:0a:99:d4:b7:b2:5f:b9:
         d7:13:df:96:24:9c:53:e2:c1:3c:16:7e:ae:57:c1:aa:bd:d3:
         bf:01:4f:62:cc:25:82:eb:9b:42:fc:ef:0d:be:78:c2:ec:8b:
         79:f1:19:e4:92:58:da:90:78:dd:b7:10:af:31:60:d3:ba:71:
         28:5b:3e:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvqzPscreLxMbmfdxGZ/QoPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYWE1Mzc1NzQzNTBmMjZhNmYzNmI0M2RjMzAzYjllMzM5
ZTdlZWMwHhcNMjYwMTIzMTIyMTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzFmM2RlZGQ1Y2IwNGNkZmE2YmI1M2E0YTQzZmQ2NDgwNTFhNzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5A3QFdrIqQf3C/809sVqhZBkpOkm
LG0KIuaiIbTi7ZFllz8c3yE1ddjKDhmatYGAEwzQZzLCyzV0CnVvk63CZGRJyV26
WYv4+HiEFh3b8VnTjfzUbULS5/ce6EoE+6VnUSiPWLwCQ1vcpe8iLu5ZDhca1RY3
oQA14Za1fgTDXi9f7NhX70ZTuivwlimWz1CjiuIvyqCRqsqSYLwE+vyZ3iS175dd
SbMVov4m7qObopZCbE9X/2Cm/sTPRJnmSEHe/VZdKVkXeMSiar8UDxKj41S986H2
pthzMNgqX+HcywlyVgevxWduJP/wdRK+yHOTiiDPZ/DlLQPfCxBhFjtgmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCwfPe3VywTN+mu1OkpD/WSAUadFMB8GA1UdIwQY
MBaAFHKqU3V0NQ8mpvNrQ9wwO54znn7sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3FwVGRYUTFEeWFtODJ0RDNEQTduak9lZnV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8wZjQzODMtNzI2Yy00YWI4LTliMjUt
OTZmZDAyYmNlNzY0LzEvTEI4OTdkWExCTTM2YTdVNlNrUDlaSUJScDBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8wZjQzODMtNzI2Yy00YWI4LTliMjUtOTZmZDAyYmNlNzY0
LzEvY3FwVGRYUTFEeWFtODJ0RDNEQTduak9lZnV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUoTMA0G
CSqGSIb3DQEBCwUAA4IBAQBah6H93o812Zv0h5UmMuOuAOYDABHBvr5VCmDqE4Ua
65Rjr2xqQm3K3BzfPL/px6u0IcPJxxkQrd6v99GbrVPp3tOvUqxK+rnCI6x3evhF
C198w9oRPrNKbqidg3VGfKtu46r591M+/Ex9v4Q9eIzZdpRn4JfpjDOsu97Pgr5Q
iB25zjuqK6BkzYRIbp3cnSYf0aki5NWwZ6PcW1+vC1Rl0ApI3ptdbdTjc1EhIstE
tJrMyHh7Om0yIHPENXCQZgqZ1LeyX7nXE9+WJJxT4sE8Fn6uV8GqvdO/AU9izCWC
65tC/O8NvnjC7It58RnkkljakHjdtxCvMWDTunEoWz5Y
-----END CERTIFICATE-----