This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/IGazZEaa03q0gZwkZa-a01KbsAE.roa
File:                     IGazZEaa03q0gZwkZa-a01KbsAE.roa (raw, json)
Hash identifier:          kHgUBuHcjhycij9YJiSSXrr0v5v65zQmDRpctF0dSM8=
Subject key identifier:   20:66:B3:64:46:9A:D3:7A:B4:81:9C:24:65:AF:9A:D3:52:9B:B0:01
Certificate issuer:       /CN=ae8ed33b70be6cc20c89fbbac77a59ca3b4c0934
Certificate serial:       019B7BA468D41507B5122A2877361EDB6891
Authority key identifier: AE:8E:D3:3B:70:BE:6C:C2:0C:89:FB:BA:C7:7A:59:CA:3B:4C:09:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/IGazZEaa03q0gZwkZa-a01KbsAE.roa
Signing time:             Thu 01 Jan 2026 22:18:50 +0000
ROA not before:           Thu 01 Jan 2026 22:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212451
IP address blocks:        178.213.48.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:68:d4:15:07:b5:12:2a:28:77:36:1e:db:68:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae8ed33b70be6cc20c89fbbac77a59ca3b4c0934
        Validity
            Not Before: Jan  1 22:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2066b364469ad37ab4819c2465af9ad3529bb001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:92:af:f6:61:c6:27:cb:67:94:21:88:27:7c:
                    b4:12:3f:8a:0d:46:79:5d:9a:16:c2:d3:54:3a:58:
                    d8:f7:75:3c:6c:15:d8:d3:46:e0:e2:84:95:a7:7f:
                    c3:b2:03:52:47:ac:d6:8e:4c:b0:1f:82:e5:6d:27:
                    fa:14:c7:70:4f:9d:56:bb:f9:55:4d:77:3f:b2:b4:
                    b3:2f:d6:5e:af:cc:ff:57:b8:f8:ca:ae:2d:13:47:
                    34:6f:68:38:52:2c:ef:85:0f:b7:14:01:be:43:3e:
                    cb:a5:eb:2b:9d:47:0e:bd:33:80:dc:8e:c4:1e:fb:
                    7e:74:2e:db:99:63:42:57:a3:81:22:6d:99:7d:1e:
                    de:7f:e2:b2:89:0c:65:87:27:78:9c:0c:10:9c:d9:
                    9d:83:dc:8a:45:16:eb:f6:31:e4:5b:6f:b9:8c:83:
                    e9:da:27:66:4e:bc:5a:9d:86:40:71:55:e3:14:09:
                    d3:6a:d7:40:1c:ce:70:68:90:37:8b:7f:e8:53:d1:
                    1f:db:d8:6c:3a:9e:a3:dd:d7:bf:b2:dd:44:aa:e0:
                    f4:da:63:be:2d:9c:85:27:84:d7:26:0e:24:79:22:
                    a3:fc:c2:84:86:cc:8e:c6:00:f9:22:0a:bf:45:19:
                    b5:08:89:bf:d2:64:28:ff:88:2a:61:95:f2:c5:87:
                    26:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:66:B3:64:46:9A:D3:7A:B4:81:9C:24:65:AF:9A:D3:52:9B:B0:01
            X509v3 Authority Key Identifier:
                keyid:AE:8E:D3:3B:70:BE:6C:C2:0C:89:FB:BA:C7:7A:59:CA:3B:4C:09:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ro7TO3C-bMIMifu6x3pZyjtMCTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/IGazZEaa03q0gZwkZa-a01KbsAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/b71d9f-f1da-400a-b485-04dbc9ac1444/1/ro7TO3C-bMIMifu6x3pZyjtMCTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.213.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6f:14:5e:3b:fc:f1:b3:b4:55:b7:04:72:64:b7:ec:92:21:e3:
         8e:35:d7:a1:ff:ec:0a:46:b7:77:ef:3c:cf:3e:89:05:69:83:
         85:94:87:8a:79:10:c1:b7:39:6a:36:1a:42:c0:08:7e:97:29:
         5f:e8:fd:d4:e4:90:1e:8a:29:e5:5e:36:3b:de:47:ac:9f:c1:
         08:4f:de:b8:23:c4:35:a8:97:d7:4a:7c:5a:e2:b7:f7:90:ab:
         40:f4:5f:75:d4:0f:4e:63:42:37:c6:1f:36:91:fb:e6:2c:b7:
         cf:38:5a:6f:0e:d5:ea:cf:23:29:8e:4a:23:9c:8c:1d:b9:e8:
         6c:e1:83:b1:33:ae:8b:22:c9:e8:da:4b:98:7f:9f:5a:32:fa:
         c0:69:90:f8:3f:78:9e:37:35:0b:c0:d6:39:4f:d3:73:4f:5b:
         ec:63:0b:6b:55:13:21:f0:5d:cb:83:0b:71:51:49:b4:d5:d6:
         4f:27:75:7a:f9:ce:a9:fe:5c:4e:4a:31:43:cf:18:e9:3d:cc:
         7e:20:d1:e6:6c:3a:d4:79:ba:ce:1e:4f:c9:38:39:92:8a:7f:
         c8:b6:36:cf:f0:99:ea:f5:b2:bb:5c:0f:25:c2:b2:5f:8b:03:
         d0:48:a2:0c:8e:53:bc:7f:e4:c3:51:f2:bf:07:39:f0:28:da:
         43:c6:c4:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pGjUFQe1EioodzYe22iRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlOGVkMzNiNzBiZTZjYzIwYzg5ZmJiYWM3N2E1OWNhM2I0
YzA5MzQwHhcNMjYwMTAxMjIxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDY2YjM2NDQ2OWFkMzdhYjQ4MTljMjQ2NWFmOWFkMzUyOWJiMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ZKv9mHGJ8tnlCGIJ3y0Ej+KDUZ5
XZoWwtNUOljY93U8bBXY00bg4oSVp3/DsgNSR6zWjkywH4LlbSf6FMdwT51Wu/lV
TXc/srSzL9Zer8z/V7j4yq4tE0c0b2g4UizvhQ+3FAG+Qz7LpesrnUcOvTOA3I7E
Hvt+dC7bmWNCV6OBIm2ZfR7ef+KyiQxlhyd4nAwQnNmdg9yKRRbr9jHkW2+5jIPp
2idmTrxanYZAcVXjFAnTatdAHM5waJA3i3/oU9Ef29hsOp6j3de/st1EquD02mO+
LZyFJ4TXJg4keSKj/MKEhsyOxgD5Igq/RRm1CIm/0mQo/4gqYZXyxYcm0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBms2RGmtN6tIGcJGWvmtNSm7ABMB8GA1UdIwQY
MBaAFK6O0ztwvmzCDIn7usd6Wco7TAk0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm83VE8zQy1iTUlNaWZ1NngzcFp5anRNQ1RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy9iNzFkOWYtZjFkYS00MDBhLWI0ODUt
MDRkYmM5YWMxNDQ0LzEvSUdhelpFYWEwM3EwZ1p3a1phLWEwMUtic0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy9iNzFkOWYtZjFkYS00MDBhLWI0ODUtMDRkYmM5YWMxNDQ0
LzEvcm83VE8zQy1iTUlNaWZ1NngzcFp5anRNQ1RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDstUwMA0G
CSqGSIb3DQEBCwUAA4IBAQBvFF47/PGztFW3BHJkt+ySIeOONdeh/+wKRrd37zzP
PokFaYOFlIeKeRDBtzlqNhpCwAh+lylf6P3U5JAeiinlXjY73kesn8EIT964I8Q1
qJfXSnxa4rf3kKtA9F911A9OY0I3xh82kfvmLLfPOFpvDtXqzyMpjkojnIwduehs
4YOxM66LIsno2kuYf59aMvrAaZD4P3ieNzULwNY5T9NzT1vsYwtrVRMh8F3Lgwtx
UUm01dZPJ3V6+c6p/lxOSjFDzxjpPcx+INHmbDrUebrOHk/JODmSin/ItjbP8Jnq
9bK7XA8lwrJfiwPQSKIMjlO8f+TDUfK/BznwKNpDxsRN
-----END CERTIFICATE-----