This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/f4de11-5239-4ec5-81e6-2648fe9cc020/1/ajWUGAq6BMTKrTNOHft42ywINnc.roa
File:                     ajWUGAq6BMTKrTNOHft42ywINnc.roa (raw, json)
Hash identifier:          Oc0Q5MG2sAXuAr4KfyQjmkzbXtqqCBE8bhQRqqONsEQ=
Subject key identifier:   6A:35:94:18:0A:BA:04:C4:CA:AD:33:4E:1D:FB:78:DB:2C:08:36:77
Certificate issuer:       /CN=34883ab799f14028e5b537506e2af878449041c5
Certificate serial:       019B7F15E78127F7A054713C1BD2FCA0740C
Authority key identifier: 34:88:3A:B7:99:F1:40:28:E5:B5:37:50:6E:2A:F8:78:44:90:41:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NIg6t5nxQCjltTdQbir4eESQQcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/f4de11-5239-4ec5-81e6-2648fe9cc020/1/ajWUGAq6BMTKrTNOHft42ywINnc.roa
Signing time:             Fri 02 Jan 2026 14:21:40 +0000
ROA not before:           Fri 02 Jan 2026 14:21:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203084
IP address blocks:        185.145.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/f4de11-5239-4ec5-81e6-2648fe9cc020/1/NIg6t5nxQCjltTdQbir4eESQQcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/f4de11-5239-4ec5-81e6-2648fe9cc020/1/NIg6t5nxQCjltTdQbir4eESQQcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NIg6t5nxQCjltTdQbir4eESQQcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 20:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:e7:81:27:f7:a0:54:71:3c:1b:d2:fc:a0:74:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=34883ab799f14028e5b537506e2af878449041c5
        Validity
            Not Before: Jan  2 14:21:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a3594180aba04c4caad334e1dfb78db2c083677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:95:0a:0d:f1:73:0c:05:99:13:2e:e4:17:13:
                    16:79:61:4c:e2:5f:25:32:51:10:71:d1:c9:01:2b:
                    5b:0e:73:77:91:6b:fb:bc:7f:31:cc:4f:4f:d3:5d:
                    b4:83:3d:bb:ab:45:2e:c7:e4:71:fd:1f:c2:d1:d7:
                    0f:01:4a:e6:b8:6a:38:bf:ad:28:b2:10:b3:05:5f:
                    1e:34:e4:94:11:f8:c9:06:e1:4f:31:67:2d:20:de:
                    7b:b6:49:24:3d:1e:c7:47:f4:18:a1:06:76:6e:b4:
                    54:9c:ed:4b:84:95:86:48:8a:fd:af:0b:e2:32:99:
                    5a:d4:06:41:d0:52:95:11:e0:3d:e2:60:f5:34:69:
                    a7:97:f0:21:69:07:ff:d7:c7:cc:fa:87:d6:81:75:
                    87:fb:9a:9d:61:a2:2b:93:92:b1:92:6a:61:a4:8c:
                    a3:3f:cd:11:05:cc:6c:a3:5a:da:f8:56:d3:1c:60:
                    9f:83:2d:3c:d4:d8:d2:b3:93:f8:6c:47:5a:2b:a7:
                    5a:fc:a8:71:7a:3b:59:54:f1:ba:9a:72:f9:5a:8b:
                    67:a1:5c:84:11:3b:47:7e:27:64:2e:2a:69:36:a2:
                    56:a0:a7:b1:db:1b:8c:82:1a:9c:4e:b9:9a:ff:da:
                    e5:ef:44:45:58:3f:83:35:0f:ab:f6:b1:7a:24:14:
                    57:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:35:94:18:0A:BA:04:C4:CA:AD:33:4E:1D:FB:78:DB:2C:08:36:77
            X509v3 Authority Key Identifier:
                keyid:34:88:3A:B7:99:F1:40:28:E5:B5:37:50:6E:2A:F8:78:44:90:41:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NIg6t5nxQCjltTdQbir4eESQQcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/f4de11-5239-4ec5-81e6-2648fe9cc020/1/ajWUGAq6BMTKrTNOHft42ywINnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/f4de11-5239-4ec5-81e6-2648fe9cc020/1/NIg6t5nxQCjltTdQbir4eESQQcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cb:a6:17:87:34:d7:35:f9:bf:ef:06:04:15:1c:e2:97:6c:70:
         e7:b5:dc:14:ed:f9:b1:fe:88:32:92:c5:bf:f2:9c:87:28:ca:
         21:0f:86:6c:a3:39:e5:19:91:9c:7a:e6:b6:3e:cd:d8:15:a2:
         1b:00:a7:f8:22:36:70:66:9c:ef:6c:40:c1:19:ab:71:b9:ed:
         b8:cf:f3:23:66:4e:7a:f3:c8:b6:6a:ae:9a:77:8c:a1:5f:f8:
         f7:1a:33:26:de:8e:20:15:c5:03:2e:f3:5f:cc:c3:17:f7:5c:
         42:8a:a9:60:14:af:ea:bd:35:18:b0:df:61:d1:cf:c8:21:6f:
         41:65:bd:28:1f:64:93:4b:34:35:80:c7:b6:2e:23:90:a8:3a:
         9e:f3:a9:28:1d:85:e3:69:d1:fb:5c:36:41:6b:da:fe:56:48:
         c5:3a:7f:06:54:26:fc:14:8c:3c:26:42:45:bb:fe:14:5e:a3:
         49:23:32:80:e7:4b:f7:79:38:da:4c:f0:76:4d:b9:2b:ec:c3:
         b8:c4:f8:d6:6f:7d:b0:ef:a4:ac:2a:97:26:57:1a:12:95:ce:
         a3:4d:a4:e1:12:ba:68:64:93:af:6a:e1:2a:f7:bf:b7:ca:20:
         e9:08:e6:2f:64:ea:39:03:c4:a2:93:20:d5:f1:cc:3a:80:79:
         cd:4d:4c:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FeeBJ/egVHE8G9L8oHQMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0ODgzYWI3OTlmMTQwMjhlNWI1Mzc1MDZlMmFmODc4NDQ5
MDQxYzUwHhcNMjYwMTAyMTQyMTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTM1OTQxODBhYmEwNGM0Y2FhZDMzNGUxZGZiNzhkYjJjMDgzNjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZUKDfFzDAWZEy7kFxMWeWFM4l8l
MlEQcdHJAStbDnN3kWv7vH8xzE9P0120gz27q0Uux+Rx/R/C0dcPAUrmuGo4v60o
shCzBV8eNOSUEfjJBuFPMWctIN57tkkkPR7HR/QYoQZ2brRUnO1LhJWGSIr9rwvi
Mpla1AZB0FKVEeA94mD1NGmnl/AhaQf/18fM+ofWgXWH+5qdYaIrk5KxkmphpIyj
P80RBcxso1ra+FbTHGCfgy081NjSs5P4bEdaK6da/KhxejtZVPG6mnL5WotnoVyE
ETtHfidkLippNqJWoKex2xuMghqcTrma/9rl70RFWD+DNQ+r9rF6JBRXUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGo1lBgKugTEyq0zTh37eNssCDZ3MB8GA1UdIwQY
MBaAFDSIOreZ8UAo5bU3UG4q+HhEkEHFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTklnNnQ1bnhRQ2psdFRkUWJpcjRlRVNRUWNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny9mNGRlMTEtNTIzOS00ZWM1LTgxZTYt
MjY0OGZlOWNjMDIwLzEvYWpXVUdBcTZCTVRLclROT0hmdDQyeXdJTm5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny9mNGRlMTEtNTIzOS00ZWM1LTgxZTYtMjY0OGZlOWNjMDIw
LzEvTklnNnQ1bnhRQ2psdFRkUWJpcjRlRVNRUWNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZGQMA0G
CSqGSIb3DQEBCwUAA4IBAQDLpheHNNc1+b/vBgQVHOKXbHDntdwU7fmx/ogyksW/
8pyHKMohD4ZsoznlGZGceua2Ps3YFaIbAKf4IjZwZpzvbEDBGatxue24z/MjZk56
88i2aq6ad4yhX/j3GjMm3o4gFcUDLvNfzMMX91xCiqlgFK/qvTUYsN9h0c/IIW9B
Zb0oH2STSzQ1gMe2LiOQqDqe86koHYXjadH7XDZBa9r+VkjFOn8GVCb8FIw8JkJF
u/4UXqNJIzKA50v3eTjaTPB2Tbkr7MO4xPjWb32w76SsKpcmVxoSlc6jTaThErpo
ZJOvauEq97+3yiDpCOYvZOo5A8SikyDV8cw6gHnNTUwx
-----END CERTIFICATE-----