This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IKoZIyzCQgcpwWvblFW6Bp0OFMQ.roa
File:                     IKoZIyzCQgcpwWvblFW6Bp0OFMQ.roa (raw, json)
Hash identifier:          ZnOIE5ltr9nUye/NSaJbeMWs4OlnH3EJhScCqp3PU2Y=
Subject key identifier:   20:AA:19:23:2C:C2:42:07:29:C1:6B:DB:94:55:BA:06:9D:0E:14:C4
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019B7E38180B2C70B691BA05CF6ADA9123E4
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IKoZIyzCQgcpwWvblFW6Bp0OFMQ.roa
Signing time:             Fri 02 Jan 2026 10:19:23 +0000
ROA not before:           Fri 02 Jan 2026 10:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8342
IP address blocks:        146.185.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:18:0b:2c:70:b6:91:ba:05:cf:6a:da:91:23:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 10:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20aa19232cc2420729c16bdb9455ba069d0e14c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:a3:64:be:89:07:05:42:61:be:cf:4c:c8:f3:
                    30:52:ff:da:f0:52:da:df:fb:41:09:f6:d7:30:16:
                    20:00:14:c2:70:31:24:30:e8:0d:8c:34:74:b7:65:
                    68:10:9f:56:ae:72:a9:3b:76:be:a9:13:cd:18:f1:
                    33:90:58:91:46:07:66:10:fb:67:80:36:84:c4:04:
                    e5:57:67:77:25:ef:3e:ba:53:5b:66:08:da:08:d0:
                    35:56:ab:37:0f:31:a7:39:62:f0:ca:a3:92:88:65:
                    63:c8:c6:d2:59:b2:ba:78:d7:75:21:3e:1a:2a:60:
                    c2:c3:89:d3:cf:ec:12:51:2a:e6:8d:ae:07:90:fc:
                    b1:99:bc:bc:b2:fa:74:4c:6f:88:1a:49:fa:0a:f8:
                    f6:58:06:6c:23:23:9e:46:16:a8:3a:ad:f4:2a:f5:
                    d8:2e:c8:8a:87:89:74:fa:9f:cf:63:33:fc:47:51:
                    0f:f7:85:6d:4b:ed:56:8d:c5:d5:ee:3f:58:bc:7b:
                    a7:9e:91:63:40:49:43:c2:5e:f4:03:ac:75:b8:40:
                    6d:7c:1b:0f:27:cd:80:52:95:bb:8e:49:23:4c:40:
                    53:af:64:e9:f7:20:31:79:d3:9f:70:5d:40:9c:b8:
                    eb:97:9b:78:1b:28:c1:5f:53:07:34:d1:6d:1d:2f:
                    c3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:AA:19:23:2C:C2:42:07:29:C1:6B:DB:94:55:BA:06:9D:0E:14:C4
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IKoZIyzCQgcpwWvblFW6Bp0OFMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.185.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:80:ff:d2:53:bb:29:fa:c9:a2:4a:04:0f:5b:7e:5b:0c:8a:
         89:97:d7:93:fc:96:71:08:c2:42:8f:f9:2b:5c:dc:3e:15:3c:
         61:08:8d:72:be:e4:33:a5:20:5b:11:c7:db:d4:02:5f:fe:4b:
         f6:40:66:0d:04:26:24:a3:2d:7f:d1:3b:d3:0c:83:f7:4b:7d:
         d3:06:02:6f:a3:18:70:22:9d:78:29:17:09:2d:e3:b7:fa:30:
         b7:2d:d1:bf:77:35:8a:4d:c2:f3:29:b1:e4:d2:2e:7f:a7:0a:
         74:6f:e6:5d:26:4c:0b:42:85:97:71:af:36:7d:ad:cb:95:56:
         3f:55:a8:65:96:54:1c:1f:74:d1:7e:dc:94:05:47:4b:3e:05:
         8e:44:0c:02:23:3b:a1:d0:21:7b:4a:83:5e:6e:99:a6:38:4a:
         45:00:b7:ad:12:42:28:c6:81:08:51:d0:2a:61:bb:6f:a0:a8:
         82:a1:6f:10:e5:3f:1b:fe:ea:c2:f3:c6:77:92:2e:b4:2d:e0:
         ec:bf:b1:82:0b:2b:e4:7e:6d:c5:3a:23:cd:2b:77:6d:41:03:
         62:62:42:3b:7d:fd:be:59:cc:34:f7:47:81:72:e5:56:ec:f3:
         d7:43:3c:e9:42:a5:e8:b0:43:1c:ef:64:9e:d4:1e:11:a6:8d:
         1f:41:85:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OBgLLHC2kboFz2rakSPkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjYwMTAyMTAxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGFhMTkyMzJjYzI0MjA3MjljMTZiZGI5NDU1YmEwNjlkMGUxNGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76NkvokHBUJhvs9MyPMwUv/a8FLa
3/tBCfbXMBYgABTCcDEkMOgNjDR0t2VoEJ9WrnKpO3a+qRPNGPEzkFiRRgdmEPtn
gDaExATlV2d3Je8+ulNbZgjaCNA1Vqs3DzGnOWLwyqOSiGVjyMbSWbK6eNd1IT4a
KmDCw4nTz+wSUSrmja4HkPyxmby8svp0TG+IGkn6Cvj2WAZsIyOeRhaoOq30KvXY
LsiKh4l0+p/PYzP8R1EP94VtS+1WjcXV7j9YvHunnpFjQElDwl70A6x1uEBtfBsP
J82AUpW7jkkjTEBTr2Tp9yAxedOfcF1AnLjrl5t4GyjBX1MHNNFtHS/D9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCqGSMswkIHKcFr25RVugadDhTEMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvSUtvWkl5ekNRZ2Nwd1d2YmxGVzZCcDBPRk1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkrnuMA0G
CSqGSIb3DQEBCwUAA4IBAQAMgP/SU7sp+smiSgQPW35bDIqJl9eT/JZxCMJCj/kr
XNw+FTxhCI1yvuQzpSBbEcfb1AJf/kv2QGYNBCYkoy1/0TvTDIP3S33TBgJvoxhw
Ip14KRcJLeO3+jC3LdG/dzWKTcLzKbHk0i5/pwp0b+ZdJkwLQoWXca82fa3LlVY/
VahlllQcH3TRftyUBUdLPgWORAwCIzuh0CF7SoNebpmmOEpFALetEkIoxoEIUdAq
YbtvoKiCoW8Q5T8b/urC88Z3ki60LeDsv7GCCyvkfm3FOiPNK3dtQQNiYkI7ff2+
Wcw090eBcuVW7PPXQzzpQqXosEMc72Se1B4Rpo0fQYV7
-----END CERTIFICATE-----