This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aqp74ROdkZWrN8F6-L3QLnd9yo8.roa
File:                     aqp74ROdkZWrN8F6-L3QLnd9yo8.roa (raw, json)
Hash identifier:          J+/vCdtd9ubtXXmCAdD7UAR9/0OdPEbLFRV44qoZZOc=
Subject key identifier:   6A:AA:7B:E1:13:9D:91:95:AB:37:C1:7A:F8:BD:D0:2E:77:7D:CA:8F
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019B7F14C37CB2D47B34E9DAB61C0A1C5B57
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aqp74ROdkZWrN8F6-L3QLnd9yo8.roa
Signing time:             Fri 02 Jan 2026 14:20:25 +0000
ROA not before:           Fri 02 Jan 2026 14:20:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209709
IP address blocks:        213.169.206.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:c3:7c:b2:d4:7b:34:e9:da:b6:1c:0a:1c:5b:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 14:20:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6aaa7be1139d9195ab37c17af8bdd02e777dca8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b1:48:90:15:75:2a:84:be:9c:e5:8c:91:d1:
                    1b:80:3d:01:23:70:f7:2f:36:f2:94:67:56:ed:b1:
                    01:41:a5:b9:d9:e4:d2:e8:89:1e:a3:a6:e2:d0:cf:
                    30:a5:3c:ab:33:64:4c:c8:a5:78:9d:b9:56:9c:15:
                    0d:01:7a:d8:cc:8c:a5:ed:9d:d5:04:25:c9:d6:0d:
                    68:3e:95:fe:e2:8f:76:2d:e5:42:e2:b6:03:2f:87:
                    1a:6b:30:c8:6e:db:52:ea:dc:2d:23:be:c1:05:e7:
                    fd:cf:d7:a0:35:95:00:b4:62:33:c0:ca:92:f9:b5:
                    46:43:61:82:c8:e1:7d:e8:42:d5:cc:95:9e:5a:fc:
                    1a:09:3d:f0:15:be:36:1f:3e:84:4b:57:99:0b:2e:
                    f7:81:7a:04:63:71:ff:ae:3e:bd:6d:1e:6f:ed:e2:
                    e0:6a:69:41:8e:a8:04:fb:c9:55:42:29:0c:2a:59:
                    ad:a4:4c:59:82:a7:58:f1:04:64:d4:94:80:61:81:
                    d7:e8:6e:f9:72:c2:32:97:d6:dc:d3:7b:e2:da:63:
                    1c:51:00:98:68:2e:b5:82:78:36:d7:e0:75:19:a4:
                    04:d0:89:ca:2b:10:04:95:73:51:97:21:c6:15:a1:
                    8d:41:a5:32:53:c6:21:ca:59:51:12:05:15:09:d6:
                    08:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:AA:7B:E1:13:9D:91:95:AB:37:C1:7A:F8:BD:D0:2E:77:7D:CA:8F
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/aqp74ROdkZWrN8F6-L3QLnd9yo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.169.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ae:25:0f:51:80:97:cd:ca:5a:68:a9:e8:33:fd:25:03:bb:57:
         01:2e:9d:9a:e9:91:a3:d5:f9:12:ad:01:ee:fb:39:e4:be:1f:
         6b:dd:72:f8:eb:e5:f5:12:fa:c7:79:aa:17:cd:bc:32:85:37:
         d4:9d:2b:b4:1e:cb:ce:6e:07:e3:13:dd:2c:e2:c9:0d:7e:06:
         20:de:b7:41:5d:fd:85:78:4b:0f:0a:ca:de:f0:5b:1e:31:a8:
         fe:8b:07:cc:7d:18:dd:87:6d:18:41:2e:92:60:7c:7e:e8:84:
         59:3e:68:69:c3:c4:41:8d:a9:1f:f7:8d:38:a7:b7:37:4e:7e:
         af:99:ca:31:19:2a:e4:0c:73:df:31:3d:a8:bc:57:8c:67:6b:
         f4:86:14:24:07:b7:c0:91:35:00:c9:3f:0a:76:17:f5:05:25:
         4d:3b:78:4f:45:ff:e4:18:36:4e:e3:cd:bc:f1:93:64:37:15:
         bf:ba:86:1a:53:bd:76:74:65:9d:18:a0:96:3a:83:12:c4:e4:
         5b:eb:69:10:71:b5:f0:35:8a:e2:aa:8b:6e:ab:c7:7a:72:10:
         03:8c:32:a1:00:9e:57:6e:58:84:a7:90:0e:e9:7a:e2:b0:58:
         7e:91:31:bd:7d:b9:f0:e2:41:09:39:c4:a0:a2:48:95:75:1c:
         47:c3:48:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FMN8stR7NOnathwKHFtXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMTAyMTQyMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWFhN2JlMTEzOWQ5MTk1YWIzN2MxN2FmOGJkZDAyZTc3N2RjYThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrFIkBV1KoS+nOWMkdEbgD0BI3D3
LzbylGdW7bEBQaW52eTS6Ikeo6bi0M8wpTyrM2RMyKV4nblWnBUNAXrYzIyl7Z3V
BCXJ1g1oPpX+4o92LeVC4rYDL4caazDIbttS6twtI77BBef9z9egNZUAtGIzwMqS
+bVGQ2GCyOF96ELVzJWeWvwaCT3wFb42Hz6ES1eZCy73gXoEY3H/rj69bR5v7eLg
amlBjqgE+8lVQikMKlmtpExZgqdY8QRk1JSAYYHX6G75csIyl9bc03vi2mMcUQCY
aC61gng21+B1GaQE0InKKxAElXNRlyHGFaGNQaUyU8YhyllREgUVCdYIVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqqe+ETnZGVqzfBevi90C53fcqPMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvYXFwNzRST2RrWldyTjhGNi1MM1FMbmQ5eW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1anOMA0G
CSqGSIb3DQEBCwUAA4IBAQCuJQ9RgJfNylpoqegz/SUDu1cBLp2a6ZGj1fkSrQHu
+znkvh9r3XL46+X1EvrHeaoXzbwyhTfUnSu0HsvObgfjE90s4skNfgYg3rdBXf2F
eEsPCsre8FseMaj+iwfMfRjdh20YQS6SYHx+6IRZPmhpw8RBjakf9404p7c3Tn6v
mcoxGSrkDHPfMT2ovFeMZ2v0hhQkB7fAkTUAyT8Kdhf1BSVNO3hPRf/kGDZO4828
8ZNkNxW/uoYaU712dGWdGKCWOoMSxORb62kQcbXwNYriqotuq8d6chADjDKhAJ5X
bliEp5AO6XrisFh+kTG9fbnw4kEJOcSgokiVdRxHw0hi
-----END CERTIFICATE-----