This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/G-BgSgA1DvY02PMsHCU-rGoXRQo.roa
File:                     G-BgSgA1DvY02PMsHCU-rGoXRQo.roa (raw, json)
Hash identifier:          PS8e/lwF9c6L43N47uqYtfOx0c2N/MEHbFT+QBvkfks=
Subject key identifier:   1B:E0:60:4A:00:35:0E:F6:34:D8:F3:2C:1C:25:3E:AC:6A:17:45:0A
Certificate issuer:       /CN=0637d1ce5dc3fa800e1d1dcfbdaa841fddd43905
Certificate serial:       019B77595E037AA133508F0FEC183F3352A8
Authority key identifier: 06:37:D1:CE:5D:C3:FA:80:0E:1D:1D:CF:BD:AA:84:1F:DD:D4:39:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BjfRzl3D-oAOHR3PvaqEH93UOQU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/G-BgSgA1DvY02PMsHCU-rGoXRQo.roa
Signing time:             Thu 01 Jan 2026 02:18:24 +0000
ROA not before:           Thu 01 Jan 2026 02:18:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198389
IP address blocks:        176.103.168.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/BjfRzl3D-oAOHR3PvaqEH93UOQU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/BjfRzl3D-oAOHR3PvaqEH93UOQU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BjfRzl3D-oAOHR3PvaqEH93UOQU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:5e:03:7a:a1:33:50:8f:0f:ec:18:3f:33:52:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0637d1ce5dc3fa800e1d1dcfbdaa841fddd43905
        Validity
            Not Before: Jan  1 02:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1be0604a00350ef634d8f32c1c253eac6a17450a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d0:2c:0b:e3:f8:b9:d5:15:d5:a1:3c:3b:c9:
                    aa:69:0c:d4:16:5b:25:e6:09:a9:4e:8f:d6:77:04:
                    66:9b:75:2f:61:7a:45:c2:77:4b:97:4a:a8:ce:37:
                    51:73:d7:91:0a:82:95:7f:10:e2:24:21:2d:dd:78:
                    e0:82:a7:c9:3a:ba:06:2d:f7:04:74:58:c0:4a:ad:
                    ab:3d:2d:ca:50:af:86:b2:d5:19:6e:c7:3c:95:39:
                    61:4b:8c:fc:30:e2:a0:2c:0b:cb:d4:c9:bf:c6:a0:
                    21:3a:d7:cf:fa:78:e9:11:6a:c7:93:61:4f:e9:11:
                    18:a7:a6:fb:9e:f6:0f:90:35:96:7b:e2:5b:3f:6d:
                    b7:eb:d9:8d:88:a1:27:06:7e:3f:ed:04:5d:b8:b7:
                    8b:98:60:2e:a6:b0:67:02:2b:5f:39:f0:40:37:b7:
                    64:7a:57:e1:ac:14:74:71:73:c0:73:1b:52:f7:b8:
                    c0:dc:c0:ab:5d:c1:ae:cc:a7:bf:88:50:7a:28:d1:
                    a2:12:34:43:46:73:4f:c1:b7:09:55:36:6c:32:c4:
                    5a:61:ce:55:09:fa:28:a0:93:8d:c1:ca:73:09:9b:
                    66:e6:27:74:98:b6:d8:41:0f:18:ac:2d:e9:71:d0:
                    cf:63:fc:5c:f7:a7:a8:cd:cb:31:f2:0e:43:bb:cb:
                    d6:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:E0:60:4A:00:35:0E:F6:34:D8:F3:2C:1C:25:3E:AC:6A:17:45:0A
            X509v3 Authority Key Identifier:
                keyid:06:37:D1:CE:5D:C3:FA:80:0E:1D:1D:CF:BD:AA:84:1F:DD:D4:39:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BjfRzl3D-oAOHR3PvaqEH93UOQU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/G-BgSgA1DvY02PMsHCU-rGoXRQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/BjfRzl3D-oAOHR3PvaqEH93UOQU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         35:4f:28:91:53:23:23:c5:77:c7:00:3d:00:8e:8d:7a:62:82:
         3d:b1:76:00:0f:05:10:d3:cf:37:0c:1f:f3:24:97:5e:22:9e:
         05:9f:40:82:88:d6:0b:50:01:7d:7c:28:65:76:28:02:90:e3:
         03:d1:7c:3c:34:60:23:df:ab:e2:49:c1:f2:e3:c6:de:99:f6:
         fc:6e:10:71:ec:80:d4:36:47:aa:50:4f:d0:48:e8:89:8f:87:
         0d:6e:b0:94:bd:73:44:00:ae:ad:e5:16:42:b7:d5:37:fd:e4:
         76:a1:30:71:0c:81:7e:23:9b:59:d2:6b:49:f0:d5:3c:2d:95:
         9e:f3:ab:d9:11:6f:f9:10:5a:c8:47:d3:7f:8a:fb:13:73:7d:
         60:06:6f:1c:6c:8c:00:80:67:ce:51:f7:d7:a3:c9:ab:9e:bb:
         92:54:d2:c8:4c:9f:07:d8:90:52:50:df:14:90:54:1d:05:14:
         66:3c:79:e7:80:bf:fa:0d:d9:e9:d4:dd:7b:a9:aa:d0:21:ca:
         ca:d8:68:ec:4f:80:36:fd:11:90:2b:56:8a:9a:a4:67:25:03:
         d9:96:ca:fd:84:7a:71:5f:ca:dd:a3:d7:8b:e6:48:ec:ef:fb:
         ce:18:20:cf:a0:2d:a4:3c:a7:e1:fb:da:dc:95:9c:3a:dc:ca:
         4a:01:0f:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WV4DeqEzUI8P7Bg/M1KoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MzdkMWNlNWRjM2ZhODAwZTFkMWRjZmJkYWE4NDFmZGRk
NDM5MDUwHhcNMjYwMTAxMDIxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmUwNjA0YTAwMzUwZWY2MzRkOGYzMmMxYzI1M2VhYzZhMTc0NTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutAsC+P4udUV1aE8O8mqaQzUFlsl
5gmpTo/WdwRmm3UvYXpFwndLl0qozjdRc9eRCoKVfxDiJCEt3XjggqfJOroGLfcE
dFjASq2rPS3KUK+GstUZbsc8lTlhS4z8MOKgLAvL1Mm/xqAhOtfP+njpEWrHk2FP
6REYp6b7nvYPkDWWe+JbP22369mNiKEnBn4/7QRduLeLmGAuprBnAitfOfBAN7dk
elfhrBR0cXPAcxtS97jA3MCrXcGuzKe/iFB6KNGiEjRDRnNPwbcJVTZsMsRaYc5V
CfoooJONwcpzCZtm5id0mLbYQQ8YrC3pcdDPY/xc96eozcsx8g5Du8vW8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvgYEoANQ72NNjzLBwlPqxqF0UKMB8GA1UdIwQY
MBaAFAY30c5dw/qADh0dz72qhB/d1DkFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmpmUnpsM0Qtb0FPSFIzUHZhcUVIOTNVT1FVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9lYWE2MDItMmEzZi00ZjMyLWFiY2Ut
M2Q4MGQ2ODZlNzQ3LzEvRy1CZ1NnQTFEdlkwMlBNc0hDVS1yR29YUlFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9lYWE2MDItMmEzZi00ZjMyLWFiY2UtM2Q4MGQ2ODZlNzQ3
LzEvQmpmUnpsM0Qtb0FPSFIzUHZhcUVIOTNVT1FVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDsGeoMA0G
CSqGSIb3DQEBCwUAA4IBAQA1TyiRUyMjxXfHAD0Ajo16YoI9sXYADwUQ0883DB/z
JJdeIp4Fn0CCiNYLUAF9fChldigCkOMD0Xw8NGAj36viScHy48bemfb8bhBx7IDU
NkeqUE/QSOiJj4cNbrCUvXNEAK6t5RZCt9U3/eR2oTBxDIF+I5tZ0mtJ8NU8LZWe
86vZEW/5EFrIR9N/ivsTc31gBm8cbIwAgGfOUffXo8mrnruSVNLITJ8H2JBSUN8U
kFQdBRRmPHnngL/6Ddnp1N17qarQIcrK2GjsT4A2/RGQK1aKmqRnJQPZlsr9hHpx
X8rdo9eL5kjs7/vOGCDPoC2kPKfh+9rclZw63MpKAQ8g
-----END CERTIFICATE-----