This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/GwHZp-kEEMMSmgcidpvuauk-EA0.roa
File:                     GwHZp-kEEMMSmgcidpvuauk-EA0.roa (raw, json)
Hash identifier:          Xjp5Kh43d0lOVK+MDX99KJIgb/gfu211S8//K3ogwuU=
Subject key identifier:   1B:01:D9:A7:E9:04:10:C3:12:9A:07:22:76:9B:EE:6A:E9:3E:10:0D
Certificate issuer:       /CN=d5d1cd47a53ef57ebb567bc882ad2986faac5f0d
Certificate serial:       019B7F800838F0AEACEDF6D68BA153391A30
Authority key identifier: D5:D1:CD:47:A5:3E:F5:7E:BB:56:7B:C8:82:AD:29:86:FA:AC:5F:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/GwHZp-kEEMMSmgcidpvuauk-EA0.roa
Signing time:             Fri 02 Jan 2026 16:17:35 +0000
ROA not before:           Fri 02 Jan 2026 16:17:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212213
IP address blocks:        185.59.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:80:08:38:f0:ae:ac:ed:f6:d6:8b:a1:53:39:1a:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5d1cd47a53ef57ebb567bc882ad2986faac5f0d
        Validity
            Not Before: Jan  2 16:17:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1b01d9a7e90410c3129a0722769bee6ae93e100d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:19:fa:f1:5a:e5:0a:80:cc:7f:49:70:ca:03:
                    c4:5c:42:00:f9:a9:6a:9f:63:6a:dc:f2:aa:a8:32:
                    af:e0:6e:0b:77:b1:a0:97:77:f2:af:60:b8:d0:87:
                    65:85:8a:8a:a0:ca:3b:22:a2:18:03:49:df:7f:e8:
                    a5:3b:8b:a9:fe:48:68:da:fb:22:1a:49:f9:1f:29:
                    09:e3:1b:90:3f:be:9c:c4:cc:9c:3b:ed:b5:d8:80:
                    0b:f7:90:d0:8a:d2:1c:bc:8f:b3:02:7a:9f:cc:a5:
                    08:11:fa:92:57:51:47:ea:39:01:c7:45:21:e5:c1:
                    62:61:f2:4c:01:3e:5d:d7:9e:9b:6e:1b:75:7d:eb:
                    88:8c:f9:37:d5:34:79:62:0c:76:4c:43:58:fa:c2:
                    3f:a8:55:a5:57:19:0e:27:51:c3:33:84:81:49:71:
                    3d:9f:6f:a4:59:c1:f3:f7:65:a6:b1:45:f4:d7:b2:
                    79:1d:aa:02:0f:59:cd:35:4a:e4:88:40:22:9f:f1:
                    01:62:4f:cf:03:cd:17:83:18:dd:70:97:b9:f5:c5:
                    71:70:8a:7a:8e:f4:a4:5c:58:3a:b2:c0:ab:ff:69:
                    38:28:24:9e:c4:85:b6:15:64:3f:06:73:ec:41:60:
                    46:a0:2d:6a:1c:d8:dd:17:76:e5:12:2e:77:32:5d:
                    82:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:01:D9:A7:E9:04:10:C3:12:9A:07:22:76:9B:EE:6A:E9:3E:10:0D
            X509v3 Authority Key Identifier:
                keyid:D5:D1:CD:47:A5:3E:F5:7E:BB:56:7B:C8:82:AD:29:86:FA:AC:5F:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1dHNR6U-9X67VnvIgq0phvqsXw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/GwHZp-kEEMMSmgcidpvuauk-EA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/861953-5f65-4465-9046-f4d071f50f1d/1/1dHNR6U-9X67VnvIgq0phvqsXw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:c8:10:2e:1c:8f:0a:40:3e:88:ef:3f:4b:6d:b9:c3:4f:d1:
         fc:79:f0:42:84:b2:1e:f5:f2:3b:31:5f:39:24:a5:23:6d:7b:
         45:c4:22:ca:59:59:37:94:a9:1e:10:f9:8e:4f:70:d8:e6:4e:
         e9:a3:6a:87:43:0c:18:42:ec:43:d2:26:5a:85:de:b0:93:a3:
         e0:52:6e:2a:fb:6b:fc:4c:95:70:59:01:08:03:72:34:b8:09:
         c3:83:0a:35:4c:70:3d:06:1f:12:e3:87:e5:88:cd:75:9c:2b:
         ad:7e:ea:df:bb:2b:08:b4:ed:34:17:2e:6c:f5:61:36:21:5f:
         f1:c9:34:29:6d:4a:bd:a7:e7:5a:1f:e3:54:77:c6:b8:6d:a1:
         76:5d:8d:5d:e5:e2:0f:93:22:6a:1a:e8:d2:d7:89:e4:76:49:
         ff:6c:8d:71:64:15:68:fd:44:50:2c:13:f5:fa:b7:b5:80:68:
         16:52:2a:c6:6b:3b:56:bb:56:22:fc:7d:0c:a3:3c:48:d3:bd:
         31:e7:66:10:23:0b:7c:14:4a:2b:96:86:9f:42:de:58:50:87:
         d5:0f:40:7f:f7:85:97:87:b0:c0:cb:42:52:3a:61:11:52:86:
         55:e2:8d:0e:3a:8f:b5:58:33:0e:fb:fd:75:26:66:49:9d:a3:
         ab:21:64:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gAg48K6s7fbWi6FTORowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ZDFjZDQ3YTUzZWY1N2ViYjU2N2JjODgyYWQyOTg2ZmFh
YzVmMGQwHhcNMjYwMTAyMTYxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjAxZDlhN2U5MDQxMGMzMTI5YTA3MjI3NjliZWU2YWU5M2UxMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBn68VrlCoDMf0lwygPEXEIA+alq
n2Nq3PKqqDKv4G4Ld7Ggl3fyr2C40IdlhYqKoMo7IqIYA0nff+ilO4up/kho2vsi
Gkn5HykJ4xuQP76cxMycO+212IAL95DQitIcvI+zAnqfzKUIEfqSV1FH6jkBx0Uh
5cFiYfJMAT5d156bbht1feuIjPk31TR5Ygx2TENY+sI/qFWlVxkOJ1HDM4SBSXE9
n2+kWcHz92WmsUX017J5HaoCD1nNNUrkiEAin/EBYk/PA80XgxjdcJe59cVxcIp6
jvSkXFg6ssCr/2k4KCSexIW2FWQ/BnPsQWBGoC1qHNjdF3blEi53Ml2CHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsB2afpBBDDEpoHInab7mrpPhANMB8GA1UdIwQY
MBaAFNXRzUelPvV+u1Z7yIKtKYb6rF8NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWRITlI2VS05WDY3Vm52SWdxMHBodnFzWHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84NjE5NTMtNWY2NS00NDY1LTkwNDYt
ZjRkMDcxZjUwZjFkLzEvR3dIWnAta0VFTU1TbWdjaWRwdnVhdWstRUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84NjE5NTMtNWY2NS00NDY1LTkwNDYtZjRkMDcxZjUwZjFk
LzEvMWRITlI2VS05WDY3Vm52SWdxMHBodnFzWHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTvZMA0G
CSqGSIb3DQEBCwUAA4IBAQB3yBAuHI8KQD6I7z9LbbnDT9H8efBChLIe9fI7MV85
JKUjbXtFxCLKWVk3lKkeEPmOT3DY5k7po2qHQwwYQuxD0iZahd6wk6PgUm4q+2v8
TJVwWQEIA3I0uAnDgwo1THA9Bh8S44fliM11nCutfurfuysItO00Fy5s9WE2IV/x
yTQpbUq9p+daH+NUd8a4baF2XY1d5eIPkyJqGujS14nkdkn/bI1xZBVo/URQLBP1
+re1gGgWUirGaztWu1Yi/H0MozxI070x52YQIwt8FEorloafQt5YUIfVD0B/94WX
h7DAy0JSOmERUoZV4o0OOo+1WDMO+/11JmZJnaOrIWQS
-----END CERTIFICATE-----