This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/AaFb4BxfuUv5NeajfZzyZ_pKzC8.roa
File:                     AaFb4BxfuUv5NeajfZzyZ_pKzC8.roa (raw, json)
Hash identifier:          nTI1O9abgRlXav6e6wF4qbfd1OvGtpWjUhjV79Bt2Cg=
Subject key identifier:   01:A1:5B:E0:1C:5F:B9:4B:F9:35:E6:A3:7D:9C:F2:67:FA:4A:CC:2F
Certificate issuer:       /CN=34fe6b9d0cc1e7f6e16b2a46b42ca5e01c700346
Certificate serial:       019B7F152F5FE0274258853C8C653A3653D5
Authority key identifier: 34:FE:6B:9D:0C:C1:E7:F6:E1:6B:2A:46:B4:2C:A5:E0:1C:70:03:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/AaFb4BxfuUv5NeajfZzyZ_pKzC8.roa
Signing time:             Fri 02 Jan 2026 14:20:53 +0000
ROA not before:           Fri 02 Jan 2026 14:20:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        185.156.16.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 17 Jan 2026 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:2f:5f:e0:27:42:58:85:3c:8c:65:3a:36:53:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34fe6b9d0cc1e7f6e16b2a46b42ca5e01c700346
        Validity
            Not Before: Jan  2 14:20:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=01a15be01c5fb94bf935e6a37d9cf267fa4acc2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1e:d9:93:0e:1a:90:71:15:ed:85:dc:5f:03:
                    2f:52:f3:a1:d7:f6:3e:8b:2f:35:f5:3a:93:ee:71:
                    13:0e:e9:8f:ad:07:85:62:c9:5f:5e:76:c2:b2:f3:
                    e9:75:93:39:bd:4f:b4:a7:e6:4a:17:c2:b3:88:52:
                    32:c6:fe:b7:ea:29:06:77:f3:61:6e:83:30:5d:0c:
                    06:60:9f:e6:c9:27:d6:20:9a:7f:c1:22:78:fa:19:
                    7b:d5:d5:ba:ed:a5:6a:da:26:e0:c1:44:d1:91:04:
                    17:5a:8d:12:73:6f:62:5e:aa:f4:56:be:56:e0:eb:
                    bb:44:23:b7:51:c6:5f:a9:7e:b3:88:f6:43:f0:4b:
                    52:b3:63:0a:a8:2e:86:9b:47:05:13:2b:25:89:d7:
                    d7:9a:8d:cd:14:6f:34:97:63:0b:62:2c:d9:57:89:
                    9a:2a:6a:1e:9a:60:3a:67:ca:ff:52:e7:9e:66:c7:
                    ca:90:bd:62:8c:9d:58:4e:90:6c:36:96:ef:2b:13:
                    42:89:a3:91:a7:c0:20:e4:a9:5a:68:09:48:55:b6:
                    f8:f3:dd:ad:28:c3:f1:1d:40:6d:b5:86:8a:6a:35:
                    78:d8:32:b9:9f:db:c6:80:dc:3a:dd:f6:1a:a7:47:
                    ef:7a:2f:e2:54:83:bf:aa:7d:9e:91:d6:cb:ad:ca:
                    7c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A1:5B:E0:1C:5F:B9:4B:F9:35:E6:A3:7D:9C:F2:67:FA:4A:CC:2F
            X509v3 Authority Key Identifier:
                keyid:34:FE:6B:9D:0C:C1:E7:F6:E1:6B:2A:46:B4:2C:A5:E0:1C:70:03:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NP5rnQzB5_bhaypGtCyl4BxwA0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/AaFb4BxfuUv5NeajfZzyZ_pKzC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/62df36-fd36-4baf-9d2e-118afed7a5ae/1/NP5rnQzB5_bhaypGtCyl4BxwA0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:27:83:fb:8e:aa:e1:a7:ee:6a:e5:ec:7c:11:83:1e:5d:16:
         91:15:83:16:f9:e0:b0:04:67:5a:33:3d:5f:0d:06:da:92:ca:
         3d:32:97:38:45:3a:f9:ce:07:c9:8a:b4:b2:54:9f:24:24:46:
         82:db:af:56:a1:02:61:d4:e0:41:59:03:c6:b6:9e:78:b5:60:
         f2:db:3f:7d:a8:e8:b6:a0:9c:46:5c:0a:fb:25:39:7a:99:3e:
         6e:e9:15:a2:c5:6a:2d:8a:48:42:ae:2f:34:ef:d8:cb:18:39:
         49:95:53:bf:62:75:59:d5:2a:23:4e:8b:7c:e6:3c:46:2f:06:
         32:16:50:a5:0d:61:7f:dc:8a:b1:35:e7:13:07:ea:62:e4:b3:
         a3:ac:4a:3c:1e:0a:3a:c3:c2:bb:f1:8f:60:01:9d:76:63:4f:
         40:6c:79:7c:3d:2f:26:eb:a0:97:29:be:5a:c1:19:53:0e:38:
         03:8a:43:b1:25:35:bc:c1:fa:94:38:81:cb:4b:ee:bb:ff:69:
         28:e9:b3:10:2c:c7:ba:41:93:60:68:bb:29:44:c0:8a:fb:98:
         dd:65:b4:91:81:8c:2c:c6:5a:09:4a:77:eb:73:2d:f7:ee:e8:
         dd:d9:f4:36:fe:03:e5:0e:44:d9:a4:58:10:af:3f:11:ff:e3:
         5e:c8:75:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FS9f4CdCWIU8jGU6NlPVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ZmU2YjlkMGNjMWU3ZjZlMTZiMmE0NmI0MmNhNWUwMWM3
MDAzNDYwHhcNMjYwMTAyMTQyMDUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWExNWJlMDFjNWZiOTRiZjkzNWU2YTM3ZDljZjI2N2ZhNGFjYzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuR7Zkw4akHEV7YXcXwMvUvOh1/Y+
iy819TqT7nETDumPrQeFYslfXnbCsvPpdZM5vU+0p+ZKF8KziFIyxv636ikGd/Nh
boMwXQwGYJ/mySfWIJp/wSJ4+hl71dW67aVq2ibgwUTRkQQXWo0Sc29iXqr0Vr5W
4Ou7RCO3UcZfqX6ziPZD8EtSs2MKqC6Gm0cFEyslidfXmo3NFG80l2MLYizZV4ma
KmoemmA6Z8r/UueeZsfKkL1ijJ1YTpBsNpbvKxNCiaORp8Ag5KlaaAlIVbb4892t
KMPxHUBttYaKajV42DK5n9vGgNw63fYap0fvei/iVIO/qn2ekdbLrcp8/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGhW+AcX7lL+TXmo32c8mf6SswvMB8GA1UdIwQY
MBaAFDT+a50Mwef24WsqRrQspeAccANGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlA1cm5RekI1X2JoYXlwR3RDeWw0Qnh3QTBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC82MmRmMzYtZmQzNi00YmFmLTlkMmUt
MTE4YWZlZDdhNWFlLzEvQWFGYjRCeGZ1VXY1TmVhamZaenlaX3BLekM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC82MmRmMzYtZmQzNi00YmFmLTlkMmUtMTE4YWZlZDdhNWFl
LzEvTlA1cm5RekI1X2JoYXlwR3RDeWw0Qnh3QTBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZwQMA0G
CSqGSIb3DQEBCwUAA4IBAQCRJ4P7jqrhp+5q5ex8EYMeXRaRFYMW+eCwBGdaMz1f
DQbakso9Mpc4RTr5zgfJirSyVJ8kJEaC269WoQJh1OBBWQPGtp54tWDy2z99qOi2
oJxGXAr7JTl6mT5u6RWixWotikhCri8079jLGDlJlVO/YnVZ1SojTot85jxGLwYy
FlClDWF/3IqxNecTB+pi5LOjrEo8Hgo6w8K78Y9gAZ12Y09AbHl8PS8m66CXKb5a
wRlTDjgDikOxJTW8wfqUOIHLS+67/2ko6bMQLMe6QZNgaLspRMCK+5jdZbSRgYws
xloJSnfrcy337ujd2fQ2/gPlDkTZpFgQrz8R/+NeyHWf
-----END CERTIFICATE-----