This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/qzDK1lhCM39SxM8PACxbyKkom_M.roa
File:                     qzDK1lhCM39SxM8PACxbyKkom_M.roa (raw, json)
Hash identifier:          nfWxgyb2gt4+A8mM3hL0XhTI+0dXdf9+3PuS2IdhMMY=
Subject key identifier:   AB:30:CA:D6:58:42:33:7F:52:C4:CF:0F:00:2C:5B:C8:A9:28:9B:F3
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       019B7E3823AA6B7F99F3F4792F84E1B662AB
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/qzDK1lhCM39SxM8PACxbyKkom_M.roa
Signing time:             Fri 02 Jan 2026 10:19:26 +0000
ROA not before:           Fri 02 Jan 2026 10:19:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.126.156.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 15:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:23:aa:6b:7f:99:f3:f4:79:2f:84:e1:b6:62:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 10:19:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab30cad65842337f52c4cf0f002c5bc8a9289bf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:60:af:3c:c9:52:fc:20:c5:79:34:0c:fc:93:
                    8a:dd:04:ba:b0:09:c0:f0:8c:79:d9:f0:54:64:77:
                    fd:d9:1b:e3:ac:41:2e:e9:93:aa:f1:7e:91:87:27:
                    33:f1:e1:bf:4c:00:39:c8:37:2c:77:91:03:f2:9d:
                    8b:49:59:b2:d1:23:24:53:11:da:8a:88:21:5f:1b:
                    aa:c5:69:3c:f1:85:c3:bd:b2:7b:b0:22:ee:e5:53:
                    b0:d3:1f:a5:21:d0:2c:fe:b7:4e:9a:70:d0:6d:09:
                    e6:e1:fe:40:1d:2b:c8:13:72:37:7d:17:73:21:98:
                    81:c5:a6:ba:23:e9:b3:68:95:91:07:c4:83:7d:d4:
                    76:38:ae:3a:25:bc:d9:d7:79:05:2d:18:8c:e1:1b:
                    f5:5d:0e:b1:a3:92:fc:62:85:c6:4d:2f:c1:cc:90:
                    d4:96:5a:f2:88:8e:96:81:e7:40:58:91:88:5e:f2:
                    e6:be:58:7c:04:1e:62:79:27:c4:fd:26:30:87:b2:
                    80:3b:56:a5:fd:ac:19:02:0d:bb:a3:f7:90:c7:c8:
                    ca:a1:32:5d:9a:0b:c0:2b:d7:0e:70:49:5a:87:7c:
                    b1:d9:e6:8b:16:ba:af:0e:e9:b9:9f:b2:06:58:06:
                    ef:ed:c2:b6:a9:88:44:de:f4:cb:4b:e6:d1:f1:5d:
                    69:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:30:CA:D6:58:42:33:7F:52:C4:CF:0F:00:2C:5B:C8:A9:28:9B:F3
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/qzDK1lhCM39SxM8PACxbyKkom_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:09:d1:74:d2:ff:a2:f0:21:7a:48:f9:84:23:fd:cd:ce:d5:
         ea:fb:f4:1a:c3:29:db:62:8a:98:19:71:46:ec:79:f6:e1:80:
         f6:d6:88:c2:37:c1:15:5d:91:e2:7c:e8:a9:52:43:63:18:e1:
         73:e7:40:15:16:d1:93:e3:73:57:07:35:2c:c3:b4:35:6a:04:
         2d:5d:8a:9e:1a:dd:4e:65:f9:2c:44:19:88:aa:02:17:bb:d4:
         0f:bc:8a:16:48:84:41:bf:f6:a6:e7:83:90:50:42:13:47:5a:
         98:2b:2e:80:58:15:97:28:37:6d:d7:f0:64:6a:2f:72:e4:c8:
         c6:da:54:7a:54:71:20:4a:6e:f7:b6:5e:ae:01:9e:cb:78:7c:
         ab:6f:33:48:70:93:5d:7c:c9:31:66:cc:b9:76:e8:27:88:80:
         0d:35:a0:bb:25:b4:1d:10:7f:b6:46:1d:f5:0f:95:ca:2f:c0:
         0a:5b:d2:ce:27:e4:48:30:a8:ff:86:4b:e7:71:3e:90:02:44:
         aa:3e:21:bd:97:4d:81:f2:21:71:f1:61:f0:b4:49:fc:28:89:
         8f:c5:d4:72:70:bb:4e:3f:1d:49:a2:17:f1:f8:68:48:f0:6a:
         71:31:c0:6b:f3:ed:14:15:14:f3:2b:42:08:a3:cf:3b:fe:44:
         58:ce:a6:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OCOqa3+Z8/R5L4ThtmKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjYwMTAyMTAxOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjMwY2FkNjU4NDIzMzdmNTJjNGNmMGYwMDJjNWJjOGE5Mjg5YmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8WCvPMlS/CDFeTQM/JOK3QS6sAnA
8Ix52fBUZHf92RvjrEEu6ZOq8X6Rhycz8eG/TAA5yDcsd5ED8p2LSVmy0SMkUxHa
ioghXxuqxWk88YXDvbJ7sCLu5VOw0x+lIdAs/rdOmnDQbQnm4f5AHSvIE3I3fRdz
IZiBxaa6I+mzaJWRB8SDfdR2OK46JbzZ13kFLRiM4Rv1XQ6xo5L8YoXGTS/BzJDU
llryiI6WgedAWJGIXvLmvlh8BB5ieSfE/SYwh7KAO1al/awZAg27o/eQx8jKoTJd
mgvAK9cOcElah3yx2eaLFrqvDum5n7IGWAbv7cK2qYhE3vTLS+bR8V1pTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKswytZYQjN/UsTPDwAsW8ipKJvzMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvcXpESzFsaENNMzlTeE04UEFDeGJ5S2tvbV9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuX6cMA0G
CSqGSIb3DQEBCwUAA4IBAQAMCdF00v+i8CF6SPmEI/3NztXq+/QawynbYoqYGXFG
7Hn24YD21ojCN8EVXZHifOipUkNjGOFz50AVFtGT43NXBzUsw7Q1agQtXYqeGt1O
ZfksRBmIqgIXu9QPvIoWSIRBv/am54OQUEITR1qYKy6AWBWXKDdt1/Bkai9y5MjG
2lR6VHEgSm73tl6uAZ7LeHyrbzNIcJNdfMkxZsy5dugniIANNaC7JbQdEH+2Rh31
D5XKL8AKW9LOJ+RIMKj/hkvncT6QAkSqPiG9l02B8iFx8WHwtEn8KImPxdRycLtO
Px1Johfx+GhI8GpxMcBr8+0UFRTzK0IIo887/kRYzqap
-----END CERTIFICATE-----