This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/ao-j9y2eNyjzBF-56aZku4fCkqU.roa
File:                     ao-j9y2eNyjzBF-56aZku4fCkqU.roa (raw, json)
Hash identifier:          jH5V+oJ22nO5z/wTNW5PeTwWZKC2MlE64btkDmNQ5Vc=
Subject key identifier:   6A:8F:A3:F7:2D:9E:37:28:F3:04:5F:B9:E9:A6:64:BB:87:C2:92:A5
Certificate issuer:       /CN=6af3aa0140b7983500ea829f3c36bbfb65af9972
Certificate serial:       019B7CEE2AAC28382AA0ED4CE6B5CC5559DA
Authority key identifier: 6A:F3:AA:01:40:B7:98:35:00:EA:82:9F:3C:36:BB:FB:65:AF:99:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/avOqAUC3mDUA6oKfPDa7-2WvmXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/ao-j9y2eNyjzBF-56aZku4fCkqU.roa
Signing time:             Fri 02 Jan 2026 04:19:01 +0000
ROA not before:           Fri 02 Jan 2026 04:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6730
IP address blocks:        185.126.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/avOqAUC3mDUA6oKfPDa7-2WvmXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/avOqAUC3mDUA6oKfPDa7-2WvmXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/avOqAUC3mDUA6oKfPDa7-2WvmXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:2a:ac:28:38:2a:a0:ed:4c:e6:b5:cc:55:59:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6af3aa0140b7983500ea829f3c36bbfb65af9972
        Validity
            Not Before: Jan  2 04:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a8fa3f72d9e3728f3045fb9e9a664bb87c292a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:79:0f:18:69:b6:2f:8a:39:82:6d:ae:52:97:
                    54:10:4f:e6:93:d8:01:b3:1f:2f:ce:1e:43:f9:c5:
                    3b:7b:c9:cc:7d:10:5c:89:16:4c:2f:cf:fb:91:20:
                    a0:45:ee:bd:78:cb:2d:2e:ce:80:a9:09:ed:78:e8:
                    ff:4d:5d:6d:2a:2e:32:b6:2a:38:56:07:f3:f1:35:
                    4e:29:7a:0e:90:0a:b0:9d:8f:49:4e:f9:cd:27:37:
                    db:2e:03:0c:21:c7:3f:eb:f8:13:4b:fe:0b:32:f0:
                    98:33:e4:5f:81:0d:27:8d:0c:51:71:77:f4:1c:f0:
                    f3:c0:41:f8:ca:1e:b8:66:89:b6:7a:6b:93:c9:91:
                    5a:7d:9f:ee:74:e1:5d:ed:9e:43:ac:be:13:c0:f2:
                    b3:87:c9:4d:86:e4:5b:d9:ad:cd:94:42:26:2e:1d:
                    69:64:6e:31:42:e3:7b:d9:15:4a:16:8b:be:dc:f5:
                    09:2e:7e:7b:52:13:95:7c:c2:2e:07:b8:c3:5e:d2:
                    57:0c:68:d2:c0:ff:df:9e:87:f6:b5:ff:45:70:68:
                    65:fa:ba:a4:0a:26:18:9e:0f:18:5f:6f:8b:44:15:
                    93:22:0c:8e:cf:d3:53:93:4c:78:15:e9:7e:2f:fb:
                    48:fb:82:5c:10:df:e8:92:f5:22:5d:0d:f7:02:f2:
                    64:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:8F:A3:F7:2D:9E:37:28:F3:04:5F:B9:E9:A6:64:BB:87:C2:92:A5
            X509v3 Authority Key Identifier:
                keyid:6A:F3:AA:01:40:B7:98:35:00:EA:82:9F:3C:36:BB:FB:65:AF:99:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/avOqAUC3mDUA6oKfPDa7-2WvmXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/ao-j9y2eNyjzBF-56aZku4fCkqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/32b1ac-4189-49fd-a999-b8f3b779e54b/1/avOqAUC3mDUA6oKfPDa7-2WvmXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:35:ac:ad:78:04:36:17:d8:29:b8:8d:b5:63:e1:03:9e:b5:
         d3:ac:1c:42:af:1c:76:e5:bc:58:25:28:57:91:f8:5c:0d:4d:
         b7:72:48:9e:c9:83:c3:78:0a:1f:27:f9:12:8b:70:2d:b9:3e:
         64:f7:b8:5c:a9:b6:a7:76:8f:d4:15:26:5c:ec:bb:3e:7f:8b:
         3f:6b:9f:ef:e3:31:3a:6e:d0:93:4f:ba:82:42:86:72:19:ae:
         d5:fa:d3:f3:22:0e:d7:dc:35:aa:fb:82:61:cd:63:f5:47:be:
         5d:a9:60:8c:ef:16:4d:da:2c:f1:c0:62:5a:3a:fb:e2:b5:5e:
         1d:f7:b7:6b:ed:83:9e:36:21:09:90:79:e4:7d:82:04:ad:65:
         9e:b9:ac:1f:79:53:14:8a:91:4a:0e:09:fc:83:1e:25:1c:29:
         23:1c:89:5e:e6:75:2b:b0:47:9a:2f:66:1a:90:38:8a:01:74:
         d0:27:ee:65:55:61:2c:71:94:6a:c2:29:49:e2:6f:50:88:9d:
         39:c6:1d:da:dc:3d:06:8b:0f:ff:63:29:97:80:d1:75:2c:33:
         0c:14:38:71:a1:e1:2b:83:b7:1d:af:f5:ef:4f:0f:c2:7e:9b:
         7f:1b:e3:60:14:62:20:fc:ac:a6:c7:0a:61:22:6f:a3:fc:4b:
         7d:c1:e3:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87iqsKDgqoO1M5rXMVVnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhZjNhYTAxNDBiNzk4MzUwMGVhODI5ZjNjMzZiYmZiNjVh
Zjk5NzIwHhcNMjYwMTAyMDQxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YThmYTNmNzJkOWUzNzI4ZjMwNDVmYjllOWE2NjRiYjg3YzI5MmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HkPGGm2L4o5gm2uUpdUEE/mk9gB
sx8vzh5D+cU7e8nMfRBciRZML8/7kSCgRe69eMstLs6AqQnteOj/TV1tKi4ytio4
Vgfz8TVOKXoOkAqwnY9JTvnNJzfbLgMMIcc/6/gTS/4LMvCYM+RfgQ0njQxRcXf0
HPDzwEH4yh64Zom2emuTyZFafZ/udOFd7Z5DrL4TwPKzh8lNhuRb2a3NlEImLh1p
ZG4xQuN72RVKFou+3PUJLn57UhOVfMIuB7jDXtJXDGjSwP/fnof2tf9FcGhl+rqk
CiYYng8YX2+LRBWTIgyOz9NTk0x4Fel+L/tI+4JcEN/okvUiXQ33AvJkiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqPo/ctnjco8wRfuemmZLuHwpKlMB8GA1UdIwQY
MBaAFGrzqgFAt5g1AOqCnzw2u/tlr5lyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXZPcUFVQzNtRFVBNm9LZlBEYTctMld2bVhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8zMmIxYWMtNDE4OS00OWZkLWE5OTkt
YjhmM2I3NzllNTRiLzEvYW8tajl5MmVOeWp6QkYtNTZhWmt1NGZDa3FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8zMmIxYWMtNDE4OS00OWZkLWE5OTktYjhmM2I3NzllNTRi
LzEvYXZPcUFVQzNtRFVBNm9LZlBEYTctMld2bVhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX7cMA0G
CSqGSIb3DQEBCwUAA4IBAQAoNayteAQ2F9gpuI21Y+EDnrXTrBxCrxx25bxYJShX
kfhcDU23ckieyYPDeAofJ/kSi3AtuT5k97hcqbando/UFSZc7Ls+f4s/a5/v4zE6
btCTT7qCQoZyGa7V+tPzIg7X3DWq+4JhzWP1R75dqWCM7xZN2izxwGJaOvvitV4d
97dr7YOeNiEJkHnkfYIErWWeuawfeVMUipFKDgn8gx4lHCkjHIle5nUrsEeaL2Ya
kDiKAXTQJ+5lVWEscZRqwilJ4m9QiJ05xh3a3D0Giw//YymXgNF1LDMMFDhxoeEr
g7cdr/XvTw/Cfpt/G+NgFGIg/KymxwphIm+j/Et9wePB
-----END CERTIFICATE-----