This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/GFKu-Zc9wa6BcCmTlqLPc7qFBa4.roa
File:                     GFKu-Zc9wa6BcCmTlqLPc7qFBa4.roa (raw, json)
Hash identifier:          JegVdUF+3WhKGrEhiEcqXl1nleuxqT9zS97V0x383us=
Subject key identifier:   18:52:AE:F9:97:3D:C1:AE:81:70:29:93:96:A2:CF:73:BA:85:05:AE
Certificate issuer:       /CN=57d0b861afb125b8bc13969d0b49734ce844bd6a
Certificate serial:       019B76EAC9C0AD3BC38AB532F613DB583E2F
Authority key identifier: 57:D0:B8:61:AF:B1:25:B8:BC:13:96:9D:0B:49:73:4C:E8:44:BD:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V9C4Ya-xJbi8E5adC0lzTOhEvWo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/GFKu-Zc9wa6BcCmTlqLPc7qFBa4.roa
Signing time:             Thu 01 Jan 2026 00:17:37 +0000
ROA not before:           Thu 01 Jan 2026 00:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215308
IP address blocks:        185.150.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/V9C4Ya-xJbi8E5adC0lzTOhEvWo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/V9C4Ya-xJbi8E5adC0lzTOhEvWo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V9C4Ya-xJbi8E5adC0lzTOhEvWo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:c9:c0:ad:3b:c3:8a:b5:32:f6:13:db:58:3e:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57d0b861afb125b8bc13969d0b49734ce844bd6a
        Validity
            Not Before: Jan  1 00:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1852aef9973dc1ae8170299396a2cf73ba8505ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:aa:3a:13:30:b6:0a:19:41:61:6f:8b:84:a6:
                    12:2c:8d:92:aa:c0:56:ab:f8:07:2f:9f:94:4b:74:
                    a4:30:7b:23:fc:13:43:10:d6:cc:92:fd:94:8b:d2:
                    ea:79:8b:73:2f:66:2f:72:f4:42:fd:23:d5:57:1f:
                    f9:8b:42:02:01:e5:95:8b:34:69:80:c4:55:98:6f:
                    05:16:ca:6a:a2:54:91:10:0f:e6:ec:9a:b2:da:32:
                    b7:9f:bf:db:02:d6:5b:a1:5f:2b:ba:9a:51:4d:ec:
                    0b:b3:ad:89:c1:dd:49:ee:3b:15:66:68:82:09:50:
                    09:1c:6a:9c:bc:af:f4:27:65:34:47:aa:1d:4d:cc:
                    70:1f:77:99:2b:41:b9:18:05:e2:df:7e:97:99:8a:
                    dd:50:22:8f:39:b4:b4:b6:f1:17:ff:ff:31:0c:b2:
                    32:e3:09:ee:cc:c4:da:58:e5:15:dd:e9:f0:c6:ee:
                    a2:22:1b:96:5b:8f:8f:e9:71:f9:34:e5:30:7b:bd:
                    27:44:25:27:bc:52:73:db:08:a9:6a:c2:da:95:52:
                    16:48:b9:27:00:98:18:fd:71:63:32:88:aa:82:f9:
                    fc:dc:48:bd:f9:3d:2e:bb:35:98:c6:ca:d4:6c:70:
                    0b:9d:a9:d4:0c:72:33:e1:0d:41:28:a4:e2:02:8b:
                    b6:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:52:AE:F9:97:3D:C1:AE:81:70:29:93:96:A2:CF:73:BA:85:05:AE
            X509v3 Authority Key Identifier:
                keyid:57:D0:B8:61:AF:B1:25:B8:BC:13:96:9D:0B:49:73:4C:E8:44:BD:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V9C4Ya-xJbi8E5adC0lzTOhEvWo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/GFKu-Zc9wa6BcCmTlqLPc7qFBa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/09ee66-667e-4cd4-b4fa-f862fdfa3b93/1/V9C4Ya-xJbi8E5adC0lzTOhEvWo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:84:f2:86:2d:da:4a:b5:f2:c3:f0:f4:04:53:28:4e:25:52:
         2c:3e:21:44:ce:1c:99:4e:19:48:73:32:55:6b:0b:06:a5:c4:
         4d:b3:ed:0f:1d:4f:3f:db:34:3d:58:b8:01:50:9a:51:3e:ef:
         c1:63:c1:89:5b:19:d8:1c:05:30:a4:82:b8:f9:90:8c:90:b4:
         93:95:00:41:03:63:7a:ca:34:1f:61:1c:1e:45:f9:3b:55:d9:
         2c:4f:33:bd:78:e9:09:7b:61:5e:bd:2f:de:c3:c6:30:ba:08:
         32:28:a8:7d:a6:bb:9b:5a:f0:d1:3b:63:3e:01:af:ce:b1:68:
         db:7d:f5:75:49:52:33:e3:81:3c:7d:49:cd:10:7b:d7:9f:44:
         40:18:a3:ef:9b:25:68:42:21:c8:d3:0f:8c:6e:04:0d:1c:b2:
         bb:ee:88:a9:1c:89:c6:f6:d4:e1:32:1d:69:79:47:d2:30:78:
         ff:e2:71:47:da:34:b4:b1:34:76:b6:40:93:c2:45:dc:87:63:
         30:cc:84:54:dd:5b:e6:a8:2c:67:45:28:d2:a0:1a:7c:e1:76:
         2a:4d:4f:7c:8f:91:ce:6a:79:dd:e7:83:00:e2:aa:fb:0c:d4:
         1f:64:d6:1d:77:89:b6:48:58:5a:dd:8d:ee:04:45:4b:d6:09:
         65:74:7a:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26snArTvDirUy9hPbWD4vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3ZDBiODYxYWZiMTI1YjhiYzEzOTY5ZDBiNDk3MzRjZTg0
NGJkNmEwHhcNMjYwMTAxMDAxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODUyYWVmOTk3M2RjMWFlODE3MDI5OTM5NmEyY2Y3M2JhODUwNWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6o6EzC2ChlBYW+LhKYSLI2SqsBW
q/gHL5+US3SkMHsj/BNDENbMkv2Ui9LqeYtzL2YvcvRC/SPVVx/5i0ICAeWVizRp
gMRVmG8FFspqolSREA/m7Jqy2jK3n7/bAtZboV8ruppRTewLs62Jwd1J7jsVZmiC
CVAJHGqcvK/0J2U0R6odTcxwH3eZK0G5GAXi336XmYrdUCKPObS0tvEX//8xDLIy
4wnuzMTaWOUV3enwxu6iIhuWW4+P6XH5NOUwe70nRCUnvFJz2wipasLalVIWSLkn
AJgY/XFjMoiqgvn83Ei9+T0uuzWYxsrUbHALnanUDHIz4Q1BKKTiAou2lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhSrvmXPcGugXApk5aiz3O6hQWuMB8GA1UdIwQY
MBaAFFfQuGGvsSW4vBOWnQtJc0zoRL1qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjlDNFlhLXhKYmk4RTVhZEMwbHpUT2hFdldvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy8wOWVlNjYtNjY3ZS00Y2Q0LWI0ZmEt
Zjg2MmZkZmEzYjkzLzEvR0ZLdS1aYzl3YTZCY0NtVGxxTFBjN3FGQmE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy8wOWVlNjYtNjY3ZS00Y2Q0LWI0ZmEtZjg2MmZkZmEzYjkz
LzEvVjlDNFlhLXhKYmk4RTVhZEMwbHpUT2hFdldvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZbUMA0G
CSqGSIb3DQEBCwUAA4IBAQCqhPKGLdpKtfLD8PQEUyhOJVIsPiFEzhyZThlIczJV
awsGpcRNs+0PHU8/2zQ9WLgBUJpRPu/BY8GJWxnYHAUwpIK4+ZCMkLSTlQBBA2N6
yjQfYRweRfk7VdksTzO9eOkJe2FevS/ew8YwuggyKKh9prubWvDRO2M+Aa/OsWjb
ffV1SVIz44E8fUnNEHvXn0RAGKPvmyVoQiHI0w+MbgQNHLK77oipHInG9tThMh1p
eUfSMHj/4nFH2jS0sTR2tkCTwkXch2MwzIRU3VvmqCxnRSjSoBp84XYqTU98j5HO
annd54MA4qr7DNQfZNYdd4m2SFha3Y3uBEVL1glldHqa
-----END CERTIFICATE-----