This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/ajUdjtPuTYK4cJ-GDNgzwU_V7QU.roa
File:                     ajUdjtPuTYK4cJ-GDNgzwU_V7QU.roa (raw, json)
Hash identifier:          zq0p6TTpyxJr1rlBswAzuDS0To2T7g83akxmSzfwXWY=
Subject key identifier:   6A:35:1D:8E:D3:EE:4D:82:B8:70:9F:86:0C:D8:33:C1:4F:D5:ED:05
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       019B7E38256024A76684F4F44AE5D148DBD6
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/ajUdjtPuTYK4cJ-GDNgzwU_V7QU.roa
Signing time:             Fri 02 Jan 2026 10:19:27 +0000
ROA not before:           Fri 02 Jan 2026 10:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138997
IP address blocks:        185.126.134.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:25:60:24:a7:66:84:f4:f4:4a:e5:d1:48:db:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 10:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a351d8ed3ee4d82b8709f860cd833c14fd5ed05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:48:20:df:5b:6e:3c:15:84:f2:29:1e:5c:6f:
                    a1:69:05:1a:15:1a:13:d8:bf:0b:9d:63:12:55:21:
                    a0:c4:3c:d6:ef:42:9e:34:d9:5e:5e:4d:a1:ab:37:
                    1b:ac:04:c3:f0:c9:7a:af:0f:c8:c2:b0:18:a5:f5:
                    73:1c:58:bf:77:c3:27:6d:7d:95:17:ba:4e:33:ac:
                    f2:fe:eb:43:5b:c2:19:ef:87:43:ce:6f:ff:1e:04:
                    e0:fb:44:d3:44:e5:ba:65:f2:f4:ac:ae:fa:3a:6a:
                    9a:2b:fa:8b:8e:8f:da:3d:bf:3b:ae:d7:dc:82:97:
                    ad:30:a0:5e:38:e5:ac:a6:bc:e2:2b:70:a4:5a:f2:
                    aa:2a:ed:87:ce:ff:c3:eb:67:da:a4:9c:40:83:8d:
                    c4:39:17:e7:71:e5:e0:95:98:e8:ef:d0:b4:de:5a:
                    25:ba:53:da:f2:43:17:1a:04:27:1f:28:49:b5:1e:
                    39:e8:cb:15:83:17:fb:74:d4:7a:5e:b0:83:2c:b7:
                    6c:b4:a1:b3:71:50:ef:b0:ad:8f:95:4e:9c:50:36:
                    48:a5:4a:b3:2b:13:9c:5e:5d:f9:28:77:58:ee:bb:
                    8a:d0:44:17:46:88:a1:88:fc:03:a1:49:df:26:1f:
                    f5:75:01:aa:7a:e0:f9:27:8f:73:40:d6:e7:f4:c4:
                    c9:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:35:1D:8E:D3:EE:4D:82:B8:70:9F:86:0C:D8:33:C1:4F:D5:ED:05
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/ajUdjtPuTYK4cJ-GDNgzwU_V7QU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:13:ed:4a:1a:09:7c:51:b7:13:4e:6c:09:23:ac:ac:71:9d:
         05:f4:e7:c2:3e:52:53:05:56:f6:77:e5:c0:97:37:ff:59:f7:
         7e:24:c5:ac:ba:cb:26:22:9f:9f:f4:76:2d:5e:8f:38:56:cf:
         b6:da:6c:43:ef:34:b9:4a:d5:a6:57:d1:da:b6:e7:4d:1b:74:
         d3:e7:fd:18:db:2f:c8:3a:cc:93:9d:07:f5:3f:31:9f:50:47:
         4e:a3:21:46:bc:e4:b3:e7:89:04:d8:43:43:c8:35:31:0f:27:
         9b:f3:44:65:e6:a6:50:1e:57:e3:2f:8d:27:1e:6e:fd:19:cf:
         af:50:aa:92:68:dd:27:6c:67:b0:7c:d4:db:21:1f:1e:1e:c3:
         d7:01:bf:d0:1e:a5:63:90:bf:bd:78:f7:50:46:fe:8e:3c:98:
         9c:c0:54:69:47:5c:25:61:b9:b4:fc:fd:41:b8:d8:ff:47:a2:
         44:de:32:67:85:63:6a:c4:51:8d:94:8e:14:8a:25:3a:e0:59:
         be:12:12:21:05:15:ac:a8:af:a1:1f:08:f8:58:b7:fb:59:ce:
         64:8c:59:1a:d0:f4:79:6d:70:a1:3a:fb:6a:9e:e7:25:2a:1d:
         1c:71:35:43:ca:47:f2:c9:6e:72:3b:f4:aa:a4:28:5e:c6:51:
         14:e0:4a:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OCVgJKdmhPT0SuXRSNvWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjYwMTAyMTAxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTM1MWQ4ZWQzZWU0ZDgyYjg3MDlmODYwY2Q4MzNjMTRmZDVlZDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0gg31tuPBWE8ikeXG+haQUaFRoT
2L8LnWMSVSGgxDzW70KeNNleXk2hqzcbrATD8Ml6rw/IwrAYpfVzHFi/d8MnbX2V
F7pOM6zy/utDW8IZ74dDzm//HgTg+0TTROW6ZfL0rK76OmqaK/qLjo/aPb87rtfc
gpetMKBeOOWsprziK3CkWvKqKu2Hzv/D62fapJxAg43EORfnceXglZjo79C03lol
ulPa8kMXGgQnHyhJtR456MsVgxf7dNR6XrCDLLdstKGzcVDvsK2PlU6cUDZIpUqz
KxOcXl35KHdY7ruK0EQXRoihiPwDoUnfJh/1dQGqeuD5J49zQNbn9MTJ0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGo1HY7T7k2CuHCfhgzYM8FP1e0FMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvYWpVZGp0UHVUWUs0Y0otR0ROZ3p3VV9WN1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX6GMA0G
CSqGSIb3DQEBCwUAA4IBAQCUE+1KGgl8UbcTTmwJI6yscZ0F9OfCPlJTBVb2d+XA
lzf/Wfd+JMWsussmIp+f9HYtXo84Vs+22mxD7zS5StWmV9HatudNG3TT5/0Y2y/I
OsyTnQf1PzGfUEdOoyFGvOSz54kE2ENDyDUxDyeb80Rl5qZQHlfjL40nHm79Gc+v
UKqSaN0nbGewfNTbIR8eHsPXAb/QHqVjkL+9ePdQRv6OPJicwFRpR1wlYbm0/P1B
uNj/R6JE3jJnhWNqxFGNlI4UiiU64Fm+EhIhBRWsqK+hHwj4WLf7Wc5kjFka0PR5
bXChOvtqnuclKh0ccTVDykfyyW5yO/SqpChexlEU4EqI
-----END CERTIFICATE-----