This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/A_Gsm_4wOb5bRF9FeIGRJivwiWk.roa
File:                     A_Gsm_4wOb5bRF9FeIGRJivwiWk.roa (raw, json)
Hash identifier:          WONLo4ffdGZ7F3KpQJPg5nA7ymG/aYtdHiv4YFfeuRU=
Subject key identifier:   03:F1:AC:9B:FE:30:39:BE:5B:44:5F:45:78:81:91:26:2B:F0:89:69
Certificate issuer:       /CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
Certificate serial:       019B78350A6264965D769A19A4CAC4CB6CDE
Authority key identifier: 2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/A_Gsm_4wOb5bRF9FeIGRJivwiWk.roa
Signing time:             Thu 01 Jan 2026 06:18:20 +0000
ROA not before:           Thu 01 Jan 2026 06:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212128
IP address blocks:        89.19.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 06:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:0a:62:64:96:5d:76:9a:19:a4:ca:c4:cb:6c:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2eebb691b24f2879253e3a6a45e0b5c52673b09d
        Validity
            Not Before: Jan  1 06:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=03f1ac9bfe3039be5b445f45788191262bf08969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:37:71:89:33:50:64:16:48:18:93:8a:e9:bd:
                    da:ce:99:69:71:63:5d:1f:30:4e:e0:e3:a9:fe:d2:
                    18:2f:38:02:2d:36:0a:fd:d7:90:b6:10:e2:0b:a9:
                    42:f2:7e:26:f8:a9:b3:9a:ec:67:f4:c6:7b:67:9e:
                    ab:c7:3e:24:17:75:46:e9:a5:47:2a:c9:4c:4c:a7:
                    5b:b3:ed:bb:7d:a1:c0:ac:53:4d:13:79:61:43:0b:
                    3e:ba:35:c6:97:b7:54:4e:cb:97:3f:98:23:ef:75:
                    21:4f:dc:bb:61:5e:4f:68:9e:56:bd:ac:62:6d:df:
                    4c:97:10:80:d0:20:33:83:9e:42:68:51:4b:08:b4:
                    ed:80:36:18:a4:b5:b6:8a:9b:0c:9f:62:f0:1d:83:
                    58:62:53:57:a0:68:4c:c7:da:f8:67:42:42:be:f5:
                    5d:8f:ac:82:ab:68:e4:60:30:1c:1f:15:04:02:fa:
                    80:ce:4e:31:69:8a:c5:b4:01:df:8b:f2:0d:2c:9a:
                    cd:32:99:ef:eb:ed:18:cb:2a:71:4b:60:d3:8a:11:
                    26:41:24:d3:f7:1a:e0:09:04:90:30:04:97:21:1c:
                    8c:5b:c5:b6:e6:de:10:b5:1b:a5:91:dc:1e:a5:a3:
                    63:67:a9:d9:58:ff:e1:c3:a4:fd:c9:ad:54:eb:5f:
                    f6:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:F1:AC:9B:FE:30:39:BE:5B:44:5F:45:78:81:91:26:2B:F0:89:69
            X509v3 Authority Key Identifier:
                keyid:2E:EB:B6:91:B2:4F:28:79:25:3E:3A:6A:45:E0:B5:C5:26:73:B0:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Luu2kbJPKHklPjpqReC1xSZzsJ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/A_Gsm_4wOb5bRF9FeIGRJivwiWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/130d95-5641-4ada-80c0-da3e1192cdf6/1/Luu2kbJPKHklPjpqReC1xSZzsJ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:4d:d1:30:86:a9:d9:53:43:ee:b9:55:77:ea:7a:6d:ed:6f:
         64:ee:a6:b9:d9:7e:e8:2d:2f:9a:4b:07:79:4e:c8:28:9f:2b:
         b7:8d:c8:f1:b8:36:c6:85:d0:b0:87:e6:ad:68:39:8e:3e:87:
         a4:b9:24:4b:fc:55:b8:53:87:ad:41:d2:86:69:e0:ff:f8:67:
         f1:08:fe:68:aa:8d:75:0a:20:0a:48:fb:26:d7:2f:16:9c:41:
         a2:81:ae:39:f5:8b:00:ae:f7:6a:1f:1f:0a:b4:b7:c6:d2:e8:
         4e:67:be:3f:2c:f3:02:0d:eb:2a:91:a1:46:e0:dd:94:c0:d1:
         7e:e0:f7:93:ee:ea:97:a1:ee:0e:14:fb:6a:0b:cd:13:36:f5:
         c0:79:f2:6f:d2:6d:9a:3a:6f:d2:89:8f:e2:d5:7c:4a:c2:a2:
         96:26:d5:60:bb:5f:b8:40:20:ce:7e:39:ce:6e:f0:0a:3f:17:
         04:33:19:25:e4:20:69:cf:af:fc:a6:03:f2:2d:e0:6f:19:a5:
         aa:9b:1c:ee:68:31:65:7e:12:04:ad:b3:2c:df:41:fc:3e:7f:
         76:39:f9:8c:86:8d:44:33:55:70:c9:07:1d:fd:5f:aa:47:ea:
         21:55:97:0f:ff:a6:20:9e:63:85:2d:db:dc:96:1d:54:4f:b3:
         db:00:46:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4NQpiZJZddpoZpMrEy2zeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlZWJiNjkxYjI0ZjI4NzkyNTNlM2E2YTQ1ZTBiNWM1MjY3
M2IwOWQwHhcNMjYwMTAxMDYxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2YxYWM5YmZlMzAzOWJlNWI0NDVmNDU3ODgxOTEyNjJiZjA4OTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxjdxiTNQZBZIGJOK6b3azplpcWNd
HzBO4OOp/tIYLzgCLTYK/deQthDiC6lC8n4m+Kmzmuxn9MZ7Z56rxz4kF3VG6aVH
KslMTKdbs+27faHArFNNE3lhQws+ujXGl7dUTsuXP5gj73UhT9y7YV5PaJ5Wvaxi
bd9MlxCA0CAzg55CaFFLCLTtgDYYpLW2ipsMn2LwHYNYYlNXoGhMx9r4Z0JCvvVd
j6yCq2jkYDAcHxUEAvqAzk4xaYrFtAHfi/INLJrNMpnv6+0YyypxS2DTihEmQSTT
9xrgCQSQMASXIRyMW8W25t4QtRulkdwepaNjZ6nZWP/hw6T9ya1U61/2dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPxrJv+MDm+W0RfRXiBkSYr8IlpMB8GA1UdIwQY
MBaAFC7rtpGyTyh5JT46akXgtcUmc7CdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAt
ZGEzZTExOTJjZGY2LzEvQV9Hc21fNHdPYjViUkY5RmVJR1JKaXZ3aVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzBkOTUtNTY0MS00YWRhLTgwYzAtZGEzZTExOTJjZGY2
LzEvTHV1MmtiSlBLSGtsUGpwcVJlQzF4U1p6c0owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRPbMA0G
CSqGSIb3DQEBCwUAA4IBAQAXTdEwhqnZU0PuuVV36npt7W9k7qa52X7oLS+aSwd5
Tsgonyu3jcjxuDbGhdCwh+ataDmOPoekuSRL/FW4U4etQdKGaeD/+GfxCP5oqo11
CiAKSPsm1y8WnEGiga459YsArvdqHx8KtLfG0uhOZ74/LPMCDesqkaFG4N2UwNF+
4PeT7uqXoe4OFPtqC80TNvXAefJv0m2aOm/SiY/i1XxKwqKWJtVgu1+4QCDOfjnO
bvAKPxcEMxkl5CBpz6/8pgPyLeBvGaWqmxzuaDFlfhIErbMs30H8Pn92OfmMho1E
M1VwyQcd/V+qR+ohVZcP/6YgnmOFLdvclh1UT7PbAEb1
-----END CERTIFICATE-----