This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/c3e2c0-d363-46f2-b414-4e9d98a6063b/1/gJAq7RAWddfkHc8Qahe2lyHl21E.roa
File:                     gJAq7RAWddfkHc8Qahe2lyHl21E.roa (raw, json)
Hash identifier:          PtVMUS5RG/3uzc8JjPjTOfc1aw8cOhcT4b5jxsnUPI0=
Subject key identifier:   80:90:2A:ED:10:16:75:D7:E4:1D:CF:10:6A:17:B6:97:21:E5:DB:51
Certificate issuer:       /CN=58e3455746eb72bb576c7b404b046ef460d1ae1c
Certificate serial:       019B7CEE2B1442C035E206262F7E61F25174
Authority key identifier: 58:E3:45:57:46:EB:72:BB:57:6C:7B:40:4B:04:6E:F4:60:D1:AE:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WONFV0brcrtXbHtASwRu9GDRrhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/c3e2c0-d363-46f2-b414-4e9d98a6063b/1/gJAq7RAWddfkHc8Qahe2lyHl21E.roa
Signing time:             Fri 02 Jan 2026 04:19:01 +0000
ROA not before:           Fri 02 Jan 2026 04:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21263
IP address blocks:        158.94.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/c3e2c0-d363-46f2-b414-4e9d98a6063b/1/WONFV0brcrtXbHtASwRu9GDRrhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/c3e2c0-d363-46f2-b414-4e9d98a6063b/1/WONFV0brcrtXbHtASwRu9GDRrhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WONFV0brcrtXbHtASwRu9GDRrhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 01:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:2b:14:42:c0:35:e2:06:26:2f:7e:61:f2:51:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58e3455746eb72bb576c7b404b046ef460d1ae1c
        Validity
            Not Before: Jan  2 04:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80902aed101675d7e41dcf106a17b69721e5db51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4b:42:60:18:2e:23:d8:69:d9:32:91:f4:e5:
                    60:b3:62:a9:db:fd:07:ac:ba:84:08:10:d4:58:2a:
                    7c:60:4b:a3:05:35:b9:c5:99:1b:8f:3d:98:43:61:
                    e0:49:92:d7:ef:c7:6c:34:5a:f6:d0:3b:37:e4:56:
                    c6:09:3f:98:11:40:df:fd:92:7b:8c:db:82:36:91:
                    36:2a:0a:62:99:b9:60:7e:6b:49:62:8d:8a:0d:01:
                    37:7c:bc:5b:20:08:9c:63:64:dc:70:98:29:ea:e7:
                    4b:7f:b9:45:d5:34:fe:46:64:cd:cc:fa:c5:87:a8:
                    3c:20:25:e6:49:55:ce:bc:53:5c:81:b3:24:c6:39:
                    1b:37:80:a5:17:cd:12:23:f8:c5:59:15:13:77:28:
                    3e:03:45:1b:4e:c5:7b:0e:9b:e9:63:53:8a:26:fb:
                    72:07:88:74:3d:24:cf:cc:ce:d9:5c:88:9a:b5:b1:
                    46:cc:43:d2:c0:0d:59:ab:6f:5b:31:d6:5a:72:dd:
                    74:31:c1:a6:d7:b4:66:95:12:90:90:74:1b:1c:2a:
                    ca:8a:9e:b6:74:b4:b6:89:a6:e7:6f:bf:3f:33:bb:
                    b7:2e:87:6d:90:67:60:4f:72:51:f0:41:03:e3:ac:
                    9e:46:9e:ed:9c:90:5f:90:2a:33:64:98:b5:c7:11:
                    96:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:90:2A:ED:10:16:75:D7:E4:1D:CF:10:6A:17:B6:97:21:E5:DB:51
            X509v3 Authority Key Identifier:
                keyid:58:E3:45:57:46:EB:72:BB:57:6C:7B:40:4B:04:6E:F4:60:D1:AE:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WONFV0brcrtXbHtASwRu9GDRrhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c3e2c0-d363-46f2-b414-4e9d98a6063b/1/gJAq7RAWddfkHc8Qahe2lyHl21E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/c3e2c0-d363-46f2-b414-4e9d98a6063b/1/WONFV0brcrtXbHtASwRu9GDRrhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.94.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:a7:c7:f1:dc:3a:d0:bc:5b:ef:8c:9f:e4:8b:ca:5b:55:cf:
         22:51:e0:3b:0b:ec:60:a6:95:00:71:b1:e1:37:f3:37:28:90:
         2d:2d:74:0a:23:6c:12:64:7e:77:88:1e:c7:8e:ac:23:18:be:
         3c:1c:83:ac:1d:55:57:59:c8:84:0f:5b:c2:e3:f3:c5:0c:fc:
         eb:ad:3c:a8:8e:55:fb:70:f0:fb:72:2f:d2:6d:e1:03:90:23:
         41:2b:69:42:e9:e9:2d:db:fb:13:fc:5f:27:2e:2e:47:16:64:
         be:e0:bb:d2:35:95:8a:5a:0c:0e:fb:9d:c0:8f:60:63:ef:95:
         b2:fd:05:db:1a:ab:17:2f:88:e1:ad:90:9c:b6:47:48:ef:37:
         5d:c7:ed:8c:09:4d:65:47:f5:4d:34:6a:e4:84:bb:c9:b3:0b:
         50:23:26:9e:a8:9b:1e:a3:5b:df:95:a4:59:46:86:24:54:6e:
         05:28:cd:74:9d:10:15:64:64:d0:75:fe:f2:e2:0d:3c:84:db:
         ea:18:d4:3a:aa:d8:89:ac:45:a5:24:76:09:2e:6f:04:23:c7:
         b4:95:da:d4:f5:9e:3f:85:63:a9:3c:9f:3f:09:10:82:81:ac:
         40:6d:5d:8c:ff:96:6e:4e:c3:3a:53:52:8a:46:bb:cf:ce:45:
         1c:73:ac:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87isUQsA14gYmL35h8lF0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZTM0NTU3NDZlYjcyYmI1NzZjN2I0MDRiMDQ2ZWY0NjBk
MWFlMWMwHhcNMjYwMTAyMDQxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDkwMmFlZDEwMTY3NWQ3ZTQxZGNmMTA2YTE3YjY5NzIxZTVkYjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUtCYBguI9hp2TKR9OVgs2Kp2/0H
rLqECBDUWCp8YEujBTW5xZkbjz2YQ2HgSZLX78dsNFr20Ds35FbGCT+YEUDf/ZJ7
jNuCNpE2KgpimblgfmtJYo2KDQE3fLxbIAicY2TccJgp6udLf7lF1TT+RmTNzPrF
h6g8ICXmSVXOvFNcgbMkxjkbN4ClF80SI/jFWRUTdyg+A0UbTsV7DpvpY1OKJvty
B4h0PSTPzM7ZXIiatbFGzEPSwA1Zq29bMdZact10McGm17RmlRKQkHQbHCrKip62
dLS2iabnb78/M7u3LodtkGdgT3JR8EED46yeRp7tnJBfkCozZJi1xxGWoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFICQKu0QFnXX5B3PEGoXtpch5dtRMB8GA1UdIwQY
MBaAFFjjRVdG63K7V2x7QEsEbvRg0a4cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV09ORlYwYnJjcnRYYkh0QVN3UnU5R0RScmh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9jM2UyYzAtZDM2My00NmYyLWI0MTQt
NGU5ZDk4YTYwNjNiLzEvZ0pBcTdSQVdkZGZrSGM4UWFoZTJseUhsMjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9jM2UyYzAtZDM2My00NmYyLWI0MTQtNGU5ZDk4YTYwNjNi
LzEvV09ORlYwYnJjcnRYYkh0QVN3UnU5R0RScmh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnl6oMA0G
CSqGSIb3DQEBCwUAA4IBAQCLp8fx3DrQvFvvjJ/ki8pbVc8iUeA7C+xgppUAcbHh
N/M3KJAtLXQKI2wSZH53iB7HjqwjGL48HIOsHVVXWciED1vC4/PFDPzrrTyojlX7
cPD7ci/SbeEDkCNBK2lC6ekt2/sT/F8nLi5HFmS+4LvSNZWKWgwO+53Aj2Bj75Wy
/QXbGqsXL4jhrZCctkdI7zddx+2MCU1lR/VNNGrkhLvJswtQIyaeqJseo1vflaRZ
RoYkVG4FKM10nRAVZGTQdf7y4g08hNvqGNQ6qtiJrEWlJHYJLm8EI8e0ldrU9Z4/
hWOpPJ8/CRCCgaxAbV2M/5ZuTsM6U1KKRrvPzkUcc6zp
-----END CERTIFICATE-----