This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/OiKiahRWncUV4qUQ1KFRIt-TD2M.roa
File:                     OiKiahRWncUV4qUQ1KFRIt-TD2M.roa (raw, json)
Hash identifier:          QSXXdHxW9bYZOF6nU+F/yAhMAgMNv+ORI1KQvma2glI=
Subject key identifier:   3A:22:A2:6A:14:56:9D:C5:15:E2:A5:10:D4:A1:51:22:DF:93:0F:63
Certificate issuer:       /CN=62117a1e6f699c322b6b983494f42c2209127553
Certificate serial:       019B79ED516DD6602FB1A96F8D067254C987
Authority key identifier: 62:11:7A:1E:6F:69:9C:32:2B:6B:98:34:94:F4:2C:22:09:12:75:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhF6Hm9pnDIra5g0lPQsIgkSdVM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/OiKiahRWncUV4qUQ1KFRIt-TD2M.roa
Signing time:             Thu 01 Jan 2026 14:19:14 +0000
ROA not before:           Thu 01 Jan 2026 14:19:14 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203754
IP address blocks:        185.124.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/YhF6Hm9pnDIra5g0lPQsIgkSdVM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/YhF6Hm9pnDIra5g0lPQsIgkSdVM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhF6Hm9pnDIra5g0lPQsIgkSdVM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:51:6d:d6:60:2f:b1:a9:6f:8d:06:72:54:c9:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62117a1e6f699c322b6b983494f42c2209127553
        Validity
            Not Before: Jan  1 14:19:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3a22a26a14569dc515e2a510d4a15122df930f63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b5:c6:76:7c:c8:07:39:83:6e:38:cd:bf:15:
                    b0:d4:90:92:8f:46:f9:ed:f1:d2:1d:8d:74:1d:e0:
                    dc:de:cf:fa:d0:02:96:f1:ae:fa:7d:7c:08:80:b6:
                    14:c5:a1:d7:79:5a:95:3a:7b:60:0b:eb:93:4a:51:
                    24:50:ef:ff:30:c2:3e:30:16:18:14:9b:0c:a7:bc:
                    41:1e:6d:e2:73:e2:9c:ff:a3:19:19:e4:2f:69:e9:
                    81:cf:7f:7b:1c:9f:32:fd:af:7d:f1:e5:22:ba:27:
                    53:81:0c:d5:ac:37:7e:40:4e:3f:f1:20:ce:76:9d:
                    72:aa:e6:c2:71:1c:aa:5a:a3:50:fc:49:29:f1:f8:
                    d8:94:55:68:24:e3:27:67:22:00:f4:c0:46:d7:d4:
                    f0:96:8d:4a:0a:3d:7e:90:b6:b2:18:bb:6e:e5:43:
                    bf:a0:f3:43:37:c1:74:7b:4a:2e:b1:a4:52:78:b7:
                    b2:ad:c7:59:7e:21:5c:bf:15:28:57:0d:4b:06:30:
                    c3:d4:af:d8:51:8d:b4:d1:22:14:82:41:c9:92:26:
                    22:ec:91:ca:82:02:cb:b0:45:7e:69:af:24:8c:f0:
                    9a:23:98:bc:9f:c4:e1:1b:7d:b0:db:56:b7:23:d0:
                    00:85:76:19:b2:b8:af:40:c7:60:04:51:e1:90:7a:
                    ec:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:22:A2:6A:14:56:9D:C5:15:E2:A5:10:D4:A1:51:22:DF:93:0F:63
            X509v3 Authority Key Identifier:
                keyid:62:11:7A:1E:6F:69:9C:32:2B:6B:98:34:94:F4:2C:22:09:12:75:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhF6Hm9pnDIra5g0lPQsIgkSdVM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/OiKiahRWncUV4qUQ1KFRIt-TD2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/70ee21-d93f-4a71-8474-5bcc8458aa2c/1/YhF6Hm9pnDIra5g0lPQsIgkSdVM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.124.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:89:fb:76:54:d7:ee:f7:49:b7:a7:7b:b4:5f:a3:a8:88:f6:
         07:7b:b1:1c:8f:7a:0b:cb:d9:82:49:b3:1d:e7:b1:d0:9a:f8:
         ac:23:08:0f:85:e8:f7:2e:2a:1d:5f:c6:9c:07:4d:14:c7:45:
         ad:bd:d2:df:43:46:d3:7f:e5:ee:67:71:25:68:0b:a4:fe:c3:
         a8:78:2a:dc:d0:e2:7b:3c:b7:0f:79:11:8b:24:c4:a6:3a:22:
         1c:7d:87:86:d0:bb:61:1d:c5:e3:ec:20:64:ec:9c:59:af:53:
         5b:59:fa:89:34:5a:27:ca:5b:b4:30:b3:a2:27:d8:08:ee:25:
         e2:4d:6f:37:75:14:a5:48:fd:db:71:b6:9c:0f:e3:3e:27:0e:
         35:97:b4:96:2b:7a:98:81:d4:2f:dd:bf:0c:b4:db:34:49:62:
         34:fb:68:76:d8:c5:bb:53:64:f2:b4:63:14:87:47:10:3e:89:
         68:d1:2e:bb:07:fc:00:e9:fa:2c:80:67:99:c7:b2:4c:65:18:
         81:25:22:1d:57:a7:99:c6:e4:56:f6:fe:09:8f:63:59:ab:3c:
         5e:97:ba:f3:5b:3b:4e:04:a2:c6:84:5a:89:9c:54:02:8d:7e:
         b0:db:0a:14:bd:e1:90:e0:3b:84:bf:0f:5f:d1:ab:08:3e:f4:
         35:f7:b8:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57VFt1mAvsalvjQZyVMmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTE3YTFlNmY2OTljMzIyYjZiOTgzNDk0ZjQyYzIyMDkx
Mjc1NTMwHhcNMjYwMTAxMTQxOTE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTIyYTI2YTE0NTY5ZGM1MTVlMmE1MTBkNGExNTEyMmRmOTMwZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7XGdnzIBzmDbjjNvxWw1JCSj0b5
7fHSHY10HeDc3s/60AKW8a76fXwIgLYUxaHXeVqVOntgC+uTSlEkUO//MMI+MBYY
FJsMp7xBHm3ic+Kc/6MZGeQvaemBz397HJ8y/a998eUiuidTgQzVrDd+QE4/8SDO
dp1yqubCcRyqWqNQ/Ekp8fjYlFVoJOMnZyIA9MBG19Twlo1KCj1+kLayGLtu5UO/
oPNDN8F0e0ousaRSeLeyrcdZfiFcvxUoVw1LBjDD1K/YUY200SIUgkHJkiYi7JHK
ggLLsEV+aa8kjPCaI5i8n8ThG32w21a3I9AAhXYZsrivQMdgBFHhkHrszQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDoiomoUVp3FFeKlENShUSLfkw9jMB8GA1UdIwQY
MBaAFGIReh5vaZwyK2uYNJT0LCIJEnVTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhGNkhtOXBuRElyYTVnMGxQUXNJZ2tTZFZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS83MGVlMjEtZDkzZi00YTcxLTg0NzQt
NWJjYzg0NThhYTJjLzEvT2lLaWFoUlduY1VWNHFVUTFLRlJJdC1URDJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS83MGVlMjEtZDkzZi00YTcxLTg0NzQtNWJjYzg0NThhYTJj
LzEvWWhGNkhtOXBuRElyYTVnMGxQUXNJZ2tTZFZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXzMMA0G
CSqGSIb3DQEBCwUAA4IBAQBGift2VNfu90m3p3u0X6OoiPYHe7Ecj3oLy9mCSbMd
57HQmvisIwgPhej3LiodX8acB00Ux0WtvdLfQ0bTf+XuZ3ElaAuk/sOoeCrc0OJ7
PLcPeRGLJMSmOiIcfYeG0LthHcXj7CBk7JxZr1NbWfqJNFonylu0MLOiJ9gI7iXi
TW83dRSlSP3bcbacD+M+Jw41l7SWK3qYgdQv3b8MtNs0SWI0+2h22MW7U2TytGMU
h0cQPolo0S67B/wA6fosgGeZx7JMZRiBJSIdV6eZxuRW9v4Jj2NZqzxel7rzWztO
BKLGhFqJnFQCjX6w2woUveGQ4DuEvw9f0asIPvQ197i/
-----END CERTIFICATE-----