This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/gGpmcsWE1eZyNMee1NRlA1nhhvY.roa
File:                     gGpmcsWE1eZyNMee1NRlA1nhhvY.roa (raw, json)
Hash identifier:          /R+1mDGIJPwiUjgMqzEayU7QgZR187J1ACp6m3yLtqQ=
Subject key identifier:   80:6A:66:72:C5:84:D5:E6:72:34:C7:9E:D4:D4:65:03:59:E1:86:F6
Certificate issuer:       /CN=60077f22c6428bc889b365b006cb5248d4bf61cf
Certificate serial:       019B7DCAD59A9901809786A4253636EAF3D0
Authority key identifier: 60:07:7F:22:C6:42:8B:C8:89:B3:65:B0:06:CB:52:48:D4:BF:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YAd_IsZCi8iJs2WwBstSSNS_Yc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/gGpmcsWE1eZyNMee1NRlA1nhhvY.roa
Signing time:             Fri 02 Jan 2026 08:20:03 +0000
ROA not before:           Fri 02 Jan 2026 08:20:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41202
IP address blocks:        95.214.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/YAd_IsZCi8iJs2WwBstSSNS_Yc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/YAd_IsZCi8iJs2WwBstSSNS_Yc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YAd_IsZCi8iJs2WwBstSSNS_Yc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 14:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:d5:9a:99:01:80:97:86:a4:25:36:36:ea:f3:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60077f22c6428bc889b365b006cb5248d4bf61cf
        Validity
            Not Before: Jan  2 08:20:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=806a6672c584d5e67234c79ed4d4650359e186f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:0d:02:98:60:c3:a0:25:a5:79:ce:0d:fb:17:
                    eb:86:64:1e:8e:10:95:d0:ee:6f:51:f9:dd:1a:af:
                    77:21:d4:fa:f4:7c:a0:3b:d3:57:aa:b8:89:b4:0f:
                    e1:d1:f5:c3:c1:41:f8:cd:10:1f:52:7e:eb:bf:49:
                    c4:44:40:e2:65:6d:7e:57:d1:39:d9:b4:7c:61:8f:
                    b5:8a:6e:0a:9a:28:53:76:29:79:e9:ec:ea:4a:31:
                    3e:58:91:c3:5f:aa:10:4f:ff:2c:68:9d:17:95:a5:
                    49:21:ef:f6:1d:c3:3c:08:de:93:07:91:9d:d5:a4:
                    6f:92:14:bf:c4:7f:fa:89:d6:4d:b5:53:53:45:11:
                    d1:f2:de:cd:5e:db:e3:e0:f5:62:55:a1:f8:d6:c5:
                    37:55:d9:b7:e9:8e:aa:96:0f:b2:ec:09:2a:e9:34:
                    d8:f1:9b:23:c8:33:6f:a9:bc:50:87:73:e7:83:89:
                    8e:17:64:4d:87:11:79:64:db:d9:b1:34:56:cc:a0:
                    11:5f:26:4c:b4:38:3d:95:a6:93:65:96:6c:03:95:
                    bb:74:d5:d6:16:5f:b4:5c:79:b1:dd:99:62:2c:ca:
                    13:cb:22:3b:b3:44:5f:87:14:c1:fe:82:64:9c:44:
                    29:f3:46:aa:27:94:33:01:17:e5:50:09:44:c8:69:
                    32:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:6A:66:72:C5:84:D5:E6:72:34:C7:9E:D4:D4:65:03:59:E1:86:F6
            X509v3 Authority Key Identifier:
                keyid:60:07:7F:22:C6:42:8B:C8:89:B3:65:B0:06:CB:52:48:D4:BF:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YAd_IsZCi8iJs2WwBstSSNS_Yc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/gGpmcsWE1eZyNMee1NRlA1nhhvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/YAd_IsZCi8iJs2WwBstSSNS_Yc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:de:ce:13:80:74:b4:a7:c5:c9:b1:fd:c4:79:39:93:e2:b1:
         24:95:94:91:f4:2f:e1:ae:b4:08:55:04:9e:fe:f6:69:3c:a4:
         82:13:9c:7d:62:7f:1d:cc:b6:74:28:73:0c:bd:4f:1c:3e:31:
         c0:30:89:1e:83:1a:8a:5b:af:fd:bc:d3:91:0a:3a:86:a5:19:
         37:02:bb:80:fd:45:b8:18:98:f6:49:77:70:ef:b1:e6:4a:9b:
         ca:6a:9a:81:cc:34:1e:23:7e:fb:a9:14:b9:32:d6:3a:1d:3b:
         98:90:db:cf:ee:50:32:6e:7a:51:85:14:b1:59:d7:99:f7:eb:
         90:f9:20:68:c7:9a:ed:c9:e7:e9:49:d8:12:7e:f4:cd:49:7a:
         78:9d:29:f8:fc:7d:06:59:13:54:c6:2a:bb:aa:f7:aa:71:89:
         a6:2a:1d:25:7e:5c:9d:bb:cd:68:c4:0c:c8:0f:33:4b:f2:fe:
         2f:cc:69:36:49:e3:56:b3:ef:12:55:e8:a8:e3:20:aa:8d:57:
         bb:97:fc:1b:81:d6:66:b4:ea:f3:85:5a:d8:67:ec:37:b0:53:
         52:3b:49:fc:12:fa:f5:de:47:76:67:64:1a:27:67:c9:06:1f:
         0d:a6:b4:9b:72:09:68:16:8c:25:61:18:be:fa:c5:2f:57:51:
         49:bb:16:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ytWamQGAl4akJTY26vPQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMDc3ZjIyYzY0MjhiYzg4OWIzNjViMDA2Y2I1MjQ4ZDRi
ZjYxY2YwHhcNMjYwMTAyMDgyMDAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDZhNjY3MmM1ODRkNWU2NzIzNGM3OWVkNGQ0NjUwMzU5ZTE4NmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2w0CmGDDoCWlec4N+xfrhmQejhCV
0O5vUfndGq93IdT69HygO9NXqriJtA/h0fXDwUH4zRAfUn7rv0nEREDiZW1+V9E5
2bR8YY+1im4KmihTdil56ezqSjE+WJHDX6oQT/8saJ0XlaVJIe/2HcM8CN6TB5Gd
1aRvkhS/xH/6idZNtVNTRRHR8t7NXtvj4PViVaH41sU3Vdm36Y6qlg+y7Akq6TTY
8ZsjyDNvqbxQh3Png4mOF2RNhxF5ZNvZsTRWzKARXyZMtDg9laaTZZZsA5W7dNXW
Fl+0XHmx3ZliLMoTyyI7s0RfhxTB/oJknEQp80aqJ5QzARflUAlEyGky4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBqZnLFhNXmcjTHntTUZQNZ4Yb2MB8GA1UdIwQY
MBaAFGAHfyLGQovIibNlsAbLUkjUv2HPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUFkX0lzWkNpOGlKczJXd0JzdFNTTlNfWWM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC84NDdlZTAtYmEyYS00ZmQyLTg5ZDct
ODdmZTJlNTRiYTc5LzEvZ0dwbWNzV0UxZVp5Tk1lZTFOUmxBMW5oaHZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC84NDdlZTAtYmEyYS00ZmQyLTg5ZDctODdmZTJlNTRiYTc5
LzEvWUFkX0lzWkNpOGlKczJXd0JzdFNTTlNfWWM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX9bQMA0G
CSqGSIb3DQEBCwUAA4IBAQBS3s4TgHS0p8XJsf3EeTmT4rEklZSR9C/hrrQIVQSe
/vZpPKSCE5x9Yn8dzLZ0KHMMvU8cPjHAMIkegxqKW6/9vNORCjqGpRk3AruA/UW4
GJj2SXdw77HmSpvKapqBzDQeI377qRS5MtY6HTuYkNvP7lAybnpRhRSxWdeZ9+uQ
+SBox5rtyefpSdgSfvTNSXp4nSn4/H0GWRNUxiq7qveqcYmmKh0lflydu81oxAzI
DzNL8v4vzGk2SeNWs+8SVeio4yCqjVe7l/wbgdZmtOrzhVrYZ+w3sFNSO0n8Evr1
3kd2Z2QaJ2fJBh8NprSbcgloFowlYRi++sUvV1FJuxag
-----END CERTIFICATE-----