This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/GmKON0n4q41F09JbkIeSWlYg2vg.roa
File:                     GmKON0n4q41F09JbkIeSWlYg2vg.roa (raw, json)
Hash identifier:          MA8HRllJQ5XTGjB4uhWUi8OdDfPzCM6iy7P4PReIInE=
Subject key identifier:   1A:62:8E:37:49:F8:AB:8D:45:D3:D2:5B:90:87:92:5A:56:20:DA:F8
Certificate issuer:       /CN=b5f57e49ebf098bc53e8db388881c92369d9bf8c
Certificate serial:       019B7B358E10C47B70D1754F163DE9479397
Authority key identifier: B5:F5:7E:49:EB:F0:98:BC:53:E8:DB:38:88:81:C9:23:69:D9:BF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tfV-SevwmLxT6Ns4iIHJI2nZv4w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/GmKON0n4q41F09JbkIeSWlYg2vg.roa
Signing time:             Thu 01 Jan 2026 20:17:45 +0000
ROA not before:           Thu 01 Jan 2026 20:17:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3342
IP address blocks:        193.163.36.0/22 maxlen: 22
                          193.163.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/tfV-SevwmLxT6Ns4iIHJI2nZv4w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/tfV-SevwmLxT6Ns4iIHJI2nZv4w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tfV-SevwmLxT6Ns4iIHJI2nZv4w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 20:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:8e:10:c4:7b:70:d1:75:4f:16:3d:e9:47:93:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5f57e49ebf098bc53e8db388881c92369d9bf8c
        Validity
            Not Before: Jan  1 20:17:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a628e3749f8ab8d45d3d25b9087925a5620daf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8f:3c:5b:d8:15:18:c8:41:c4:15:60:d0:03:
                    22:2c:82:33:0a:7e:ed:2c:d9:e4:68:d8:dc:d8:95:
                    80:13:d0:62:8e:9b:6c:5b:53:f4:9b:3b:80:38:f9:
                    65:78:f5:b9:9f:c1:27:9a:8b:88:45:00:b0:d2:80:
                    00:c1:06:fd:e1:ae:15:36:7b:6d:66:f1:49:d8:c3:
                    16:a0:63:e8:14:41:c1:2e:b4:a7:b5:a2:ed:51:8f:
                    b3:55:e7:c3:8d:5c:1b:7c:63:71:0f:ca:e9:e7:f1:
                    59:72:68:b9:65:c0:c8:a1:54:42:5d:15:72:9e:64:
                    d5:70:ad:11:aa:ca:13:49:05:a4:c2:c3:ab:b3:3d:
                    82:ae:96:9e:a6:b9:63:0b:18:74:68:e0:7e:a3:d6:
                    fb:1a:28:37:17:56:3d:90:d9:2f:cc:fa:97:60:f5:
                    8c:42:14:62:4a:a1:54:d8:4d:ee:53:d4:df:a5:35:
                    7f:3f:ee:c2:dc:dc:61:4c:6a:f2:15:35:c3:38:c8:
                    c6:8d:c0:6c:02:c9:ed:d1:a3:c4:c4:d7:ed:9b:2e:
                    74:23:83:23:36:c3:e9:c2:e4:cb:70:96:0b:6f:fc:
                    40:74:c3:96:de:98:1c:37:4f:ad:a6:e0:1b:1f:d8:
                    91:11:fb:ac:2f:8c:fd:46:db:14:9c:ee:df:ce:14:
                    64:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:62:8E:37:49:F8:AB:8D:45:D3:D2:5B:90:87:92:5A:56:20:DA:F8
            X509v3 Authority Key Identifier:
                keyid:B5:F5:7E:49:EB:F0:98:BC:53:E8:DB:38:88:81:C9:23:69:D9:BF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tfV-SevwmLxT6Ns4iIHJI2nZv4w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/GmKON0n4q41F09JbkIeSWlYg2vg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/9e9122-bbff-48d9-98c6-0a4286f3cfbe/1/tfV-SevwmLxT6Ns4iIHJI2nZv4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:67:30:f1:f2:86:b7:14:83:26:4d:eb:97:fa:f6:24:73:df:
         86:8d:ba:af:b4:53:a7:86:2f:3d:86:66:b4:22:58:59:85:11:
         3c:53:a3:94:77:6e:e3:9d:d2:6a:b9:20:87:8c:54:ef:20:be:
         a0:88:78:d3:f7:62:08:66:7c:2a:1f:d2:f6:a1:21:22:91:ae:
         fd:20:47:aa:ab:06:c7:18:80:b6:cb:45:26:54:7d:32:79:ce:
         d8:c7:fa:c6:e1:55:72:2a:8e:18:5e:60:a6:42:70:c9:2f:9b:
         53:e1:ed:9d:58:4e:61:f6:c1:01:21:15:d8:2e:e5:17:1c:0b:
         98:61:e4:54:b0:f4:0d:01:1f:48:0c:27:72:cb:3b:ab:df:da:
         4c:25:92:37:4c:82:ab:88:f3:1d:dd:27:e4:06:ea:aa:31:be:
         7c:d9:bf:39:e1:af:be:5b:4c:a1:33:43:ef:9d:6f:99:a9:73:
         b3:23:5b:85:6b:94:25:44:bc:21:ee:54:f8:be:90:06:62:5b:
         a9:ad:1b:b8:2d:76:aa:4d:16:7a:b5:7f:8f:e5:9a:cc:0c:a4:
         ad:20:7b:c8:71:0a:0a:14:fa:84:8c:0f:61:e2:d8:6d:aa:e4:
         5c:ee:f0:25:25:1f:49:6d:de:00:3f:58:aa:58:74:7e:20:b9:
         33:7f:cd:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NY4QxHtw0XVPFj3pR5OXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1ZjU3ZTQ5ZWJmMDk4YmM1M2U4ZGIzODg4ODFjOTIzNjlk
OWJmOGMwHhcNMjYwMTAxMjAxNzQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTYyOGUzNzQ5ZjhhYjhkNDVkM2QyNWI5MDg3OTI1YTU2MjBkYWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwo88W9gVGMhBxBVg0AMiLIIzCn7t
LNnkaNjc2JWAE9BijptsW1P0mzuAOPllePW5n8EnmouIRQCw0oAAwQb94a4VNntt
ZvFJ2MMWoGPoFEHBLrSntaLtUY+zVefDjVwbfGNxD8rp5/FZcmi5ZcDIoVRCXRVy
nmTVcK0RqsoTSQWkwsOrsz2CrpaeprljCxh0aOB+o9b7Gig3F1Y9kNkvzPqXYPWM
QhRiSqFU2E3uU9TfpTV/P+7C3NxhTGryFTXDOMjGjcBsAsnt0aPExNftmy50I4Mj
NsPpwuTLcJYLb/xAdMOW3pgcN0+tpuAbH9iREfusL4z9RtsUnO7fzhRk8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpijjdJ+KuNRdPSW5CHklpWINr4MB8GA1UdIwQY
MBaAFLX1fknr8Ji8U+jbOIiBySNp2b+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGZWLVNldndtTHhUNk5zNGlJSEpJMm5adjR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS85ZTkxMjItYmJmZi00OGQ5LTk4YzYt
MGE0Mjg2ZjNjZmJlLzEvR21LT04wbjRxNDFGMDlKYmtJZVNXbFlnMnZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS85ZTkxMjItYmJmZi00OGQ5LTk4YzYtMGE0Mjg2ZjNjZmJl
LzEvdGZWLVNldndtTHhUNk5zNGlJSEpJMm5adjR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwaMkMA0G
CSqGSIb3DQEBCwUAA4IBAQBvZzDx8oa3FIMmTeuX+vYkc9+GjbqvtFOnhi89hma0
IlhZhRE8U6OUd27jndJquSCHjFTvIL6giHjT92IIZnwqH9L2oSEika79IEeqqwbH
GIC2y0UmVH0yec7Yx/rG4VVyKo4YXmCmQnDJL5tT4e2dWE5h9sEBIRXYLuUXHAuY
YeRUsPQNAR9IDCdyyzur39pMJZI3TIKriPMd3SfkBuqqMb582b854a++W0yhM0Pv
nW+ZqXOzI1uFa5QlRLwh7lT4vpAGYluprRu4LXaqTRZ6tX+P5ZrMDKStIHvIcQoK
FPqEjA9h4thtquRc7vAlJR9Jbd4AP1iqWHR+ILkzf80x
-----END CERTIFICATE-----