This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/gkoYWKhPVWJSzZKZ2UhHAj9zfS4.roa
File:                     gkoYWKhPVWJSzZKZ2UhHAj9zfS4.roa (raw, json)
Hash identifier:          2xLLVXq/Jt50epuLgX+yGtG0U3JwB6BPWJQju9wVWPo=
Subject key identifier:   82:4A:18:58:A8:4F:55:62:52:CD:92:99:D9:48:47:02:3F:73:7D:2E
Certificate issuer:       /CN=95b30111b0b720a209f788c8b90f60380b465c2e
Certificate serial:       019B7CED59819687EAC8C1C3275952DD9516
Authority key identifier: 95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/gkoYWKhPVWJSzZKZ2UhHAj9zfS4.roa
Signing time:             Fri 02 Jan 2026 04:18:08 +0000
ROA not before:           Fri 02 Jan 2026 04:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35153
IP address blocks:        185.212.136.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:59:81:96:87:ea:c8:c1:c3:27:59:52:dd:95:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=95b30111b0b720a209f788c8b90f60380b465c2e
        Validity
            Not Before: Jan  2 04:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=824a1858a84f556252cd9299d94847023f737d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:af:6a:1c:05:3d:c9:10:ab:0f:db:3d:31:cb:
                    f7:26:03:c2:65:93:b3:35:df:78:8c:37:ec:a1:a4:
                    61:f1:d7:75:19:d6:1c:8c:6a:43:19:55:1e:3b:11:
                    fd:90:93:ae:e7:04:76:c0:56:56:15:7e:10:6b:eb:
                    32:8b:50:91:a1:1b:f5:c4:39:a3:be:d5:56:91:5e:
                    6e:35:9c:8d:91:52:87:d6:94:31:23:ae:0b:e3:e3:
                    6f:43:e5:60:49:0c:d2:c7:fe:92:19:28:e6:4e:02:
                    19:c3:29:80:19:f2:d4:41:ab:fa:98:ac:e3:d4:ca:
                    e4:2f:ef:4d:b7:5e:72:c6:3a:57:61:97:a1:73:2a:
                    01:83:55:d6:66:39:b1:18:be:54:0f:b7:78:c8:ca:
                    79:9d:80:f6:1a:80:d1:81:c4:ae:f7:71:95:4c:d9:
                    eb:52:d0:1d:31:10:7d:4d:4a:6d:c5:62:ae:70:7f:
                    db:4a:c8:91:4e:4a:c0:97:b0:61:2d:91:53:a9:64:
                    6b:00:33:9b:08:d1:68:9d:f4:b9:64:0d:9c:6f:08:
                    1f:bb:76:08:86:78:46:88:17:bc:4e:4d:24:09:31:
                    71:eb:17:cf:dd:d9:c2:98:6a:7b:d9:48:a6:4f:e2:
                    7a:d5:5d:d5:53:2d:e7:5f:f9:0a:27:98:0a:e2:96:
                    81:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:4A:18:58:A8:4F:55:62:52:CD:92:99:D9:48:47:02:3F:73:7D:2E
            X509v3 Authority Key Identifier:
                keyid:95:B3:01:11:B0:B7:20:A2:09:F7:88:C8:B9:0F:60:38:0B:46:5C:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/gkoYWKhPVWJSzZKZ2UhHAj9zfS4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/03bf28-c55d-4c7a-91bb-91646bf0153d/1/lbMBEbC3IKIJ94jIuQ9gOAtGXC4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         72:b9:cf:f8:b9:a6:b1:d0:f3:83:47:c4:43:ee:2c:67:2b:47:
         8b:8e:6b:5d:63:4c:03:87:1b:22:86:59:e4:c2:4f:b2:0e:11:
         4f:a2:39:a2:1d:e3:84:d7:64:d7:d9:f4:b3:3c:bb:9e:c0:06:
         58:3d:4e:98:ea:a1:cc:bd:91:c5:7c:66:ef:20:d6:10:7c:09:
         3b:bc:4e:67:fe:fc:4a:1a:a3:98:2d:9f:b5:03:f4:20:3b:1a:
         24:56:fe:d2:b5:c2:ef:b4:0f:66:47:2c:31:e3:23:99:71:18:
         c9:60:2f:5d:2c:09:e5:85:d9:6f:ab:a0:9a:fd:ee:94:3f:d3:
         66:5d:c9:f6:b6:19:62:93:56:f5:2e:cd:36:ac:11:e6:92:4d:
         5b:32:bb:31:ad:3c:54:67:59:bb:0b:dc:29:04:b9:c0:15:7b:
         f1:4d:3b:06:d0:ee:62:9a:2a:6a:e1:17:f3:29:6a:d1:8e:3d:
         5e:c2:8a:77:9d:5d:19:6a:b3:c0:ad:86:57:30:c3:e2:6c:f5:
         64:a8:84:b5:5a:a6:da:69:6d:35:a1:84:65:de:eb:2d:4c:69:
         db:62:2f:84:90:ca:c5:a8:79:1c:9b:e7:c4:0f:6a:0d:11:dd:
         28:3b:ac:10:4b:c6:d1:4f:45:0d:6e:c8:0e:7f:5d:87:47:fe:
         3d:eb:87:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87VmBlofqyMHDJ1lS3ZUWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YjMwMTExYjBiNzIwYTIwOWY3ODhjOGI5MGY2MDM4MGI0
NjVjMmUwHhcNMjYwMTAyMDQxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjRhMTg1OGE4NGY1NTYyNTJjZDkyOTlkOTQ4NDcwMjNmNzM3ZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk69qHAU9yRCrD9s9Mcv3JgPCZZOz
Nd94jDfsoaRh8dd1GdYcjGpDGVUeOxH9kJOu5wR2wFZWFX4Qa+syi1CRoRv1xDmj
vtVWkV5uNZyNkVKH1pQxI64L4+NvQ+VgSQzSx/6SGSjmTgIZwymAGfLUQav6mKzj
1MrkL+9Nt15yxjpXYZehcyoBg1XWZjmxGL5UD7d4yMp5nYD2GoDRgcSu93GVTNnr
UtAdMRB9TUptxWKucH/bSsiRTkrAl7BhLZFTqWRrADObCNFonfS5ZA2cbwgfu3YI
hnhGiBe8Tk0kCTFx6xfP3dnCmGp72UimT+J61V3VUy3nX/kKJ5gK4paBZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJKGFioT1ViUs2SmdlIRwI/c30uMB8GA1UdIwQY
MBaAFJWzARGwtyCiCfeIyLkPYDgLRlwuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmIt
OTE2NDZiZjAxNTNkLzEvZ2tvWVdLaFBWV0pTelpLWjJVaEhBajl6ZlM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8wM2JmMjgtYzU1ZC00YzdhLTkxYmItOTE2NDZiZjAxNTNk
LzEvbGJNQkViQzNJS0lKOTRqSXVROWdPQXRHWEM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudSIMA0G
CSqGSIb3DQEBCwUAA4IBAQByuc/4uaax0PODR8RD7ixnK0eLjmtdY0wDhxsihlnk
wk+yDhFPojmiHeOE12TX2fSzPLuewAZYPU6Y6qHMvZHFfGbvINYQfAk7vE5n/vxK
GqOYLZ+1A/QgOxokVv7StcLvtA9mRywx4yOZcRjJYC9dLAnlhdlvq6Ca/e6UP9Nm
Xcn2thlik1b1Ls02rBHmkk1bMrsxrTxUZ1m7C9wpBLnAFXvxTTsG0O5imipq4Rfz
KWrRjj1ewop3nV0ZarPArYZXMMPibPVkqIS1WqbaaW01oYRl3ustTGnbYi+EkMrF
qHkcm+fED2oNEd0oO6wQS8bRT0UNbsgOf12HR/4964fE
-----END CERTIFICATE-----
Generated at Sun Jan 25 19:16:15 2026 by rpki-client