This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/gkBIXWPDqd5iHgTo6Oq_RIYuttI.roa
File:                     gkBIXWPDqd5iHgTo6Oq_RIYuttI.roa (raw, json)
Hash identifier:          TAAZ/5Q3PgiVYAsyiVs0eY43VCN4PWzuxjaw3+oWC3U=
Subject key identifier:   82:40:48:5D:63:C3:A9:DE:62:1E:04:E8:E8:EA:BF:44:86:2E:B6:D2
Certificate issuer:       /CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
Certificate serial:       019B7CEDC1BF197875ADF5592395341658C9
Authority key identifier: AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/gkBIXWPDqd5iHgTo6Oq_RIYuttI.roa
Signing time:             Fri 02 Jan 2026 04:18:34 +0000
ROA not before:           Fri 02 Jan 2026 04:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212790
IP address blocks:        195.114.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:c1:bf:19:78:75:ad:f5:59:23:95:34:16:58:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abc8dbe52083ad335c9f1fde6016ec8b49293140
        Validity
            Not Before: Jan  2 04:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8240485d63c3a9de621e04e8e8eabf44862eb6d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:ce:7e:56:c6:67:78:44:aa:33:15:af:32:f9:
                    ac:5f:d5:00:4e:0a:83:61:04:83:0f:b5:42:b2:a4:
                    f1:61:eb:8d:c3:a9:4f:9c:f9:fd:bb:47:a5:7b:bc:
                    2f:e4:46:1b:d6:7b:b4:a0:b6:aa:fc:08:10:ac:08:
                    15:f0:a7:b5:28:9d:64:ac:50:ed:57:df:52:ee:2e:
                    a3:a7:e3:fe:1d:af:e0:60:f9:9d:ec:6c:73:05:c2:
                    eb:c4:1e:1b:d0:e7:db:e4:1b:12:fe:1e:23:e5:07:
                    f9:49:fd:a4:b2:2d:05:c7:36:9d:a8:bd:6b:ef:a3:
                    53:cb:ec:41:4d:79:6d:45:77:72:8a:65:a4:30:7f:
                    8f:94:c9:9a:0b:fa:a9:1f:09:3c:94:1d:36:a7:6f:
                    00:01:19:89:44:2b:d6:c4:b5:c5:0e:ab:71:37:1c:
                    f5:ff:d1:31:b8:67:9e:c7:49:8e:fe:6b:e8:33:7c:
                    4e:00:7b:a9:a2:dc:e7:99:8a:89:f1:ed:a5:7a:66:
                    56:2d:47:ae:80:2a:4b:11:5c:cd:78:70:e4:98:95:
                    b7:21:26:87:7d:f9:26:f9:0c:c5:ab:70:2f:ed:36:
                    c6:1d:a9:61:47:db:17:1a:54:a4:df:78:01:45:cf:
                    ce:26:8f:7c:e3:48:9a:49:45:e7:03:3c:ee:47:d8:
                    0a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:40:48:5D:63:C3:A9:DE:62:1E:04:E8:E8:EA:BF:44:86:2E:B6:D2
            X509v3 Authority Key Identifier:
                keyid:AB:C8:DB:E5:20:83:AD:33:5C:9F:1F:DE:60:16:EC:8B:49:29:31:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q8jb5SCDrTNcnx_eYBbsi0kpMUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/gkBIXWPDqd5iHgTo6Oq_RIYuttI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/ce6ccb-25cf-4917-b3cd-3056af9a335e/1/q8jb5SCDrTNcnx_eYBbsi0kpMUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.114.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:d6:a9:5e:ee:65:26:e1:6e:5b:61:bd:77:c9:c6:23:77:e0:
         45:05:9c:7a:e4:1f:04:d7:4e:80:32:53:6c:7b:3d:db:f2:0a:
         f9:b2:dc:9b:c5:a6:6e:13:b9:9d:02:b8:82:fb:8b:19:9b:23:
         ea:3d:ef:6d:39:f2:43:07:57:aa:f6:e7:58:20:70:ec:1f:d2:
         fd:6d:5e:8b:46:4a:0f:d0:01:58:51:8c:83:f6:e3:4d:f5:8b:
         66:f4:00:d8:c8:07:dd:ca:8e:4c:19:22:2a:da:89:a8:fe:7b:
         54:17:a9:4a:a9:3d:22:96:f1:be:cd:bc:84:e4:7f:47:d1:34:
         ac:30:0c:f5:3c:21:df:de:d5:30:aa:b6:70:0f:e9:a4:3a:19:
         83:f1:0b:7f:8c:9f:81:cc:da:81:cf:7f:c7:28:c5:da:0b:76:
         4c:b8:b7:80:e3:be:15:ca:39:56:22:b0:3d:6e:a1:aa:19:d5:
         d4:54:b3:09:fc:4e:67:6e:6b:0c:6f:da:c2:d3:26:96:b0:f4:
         4b:b5:6e:7c:99:81:c1:a3:18:14:87:94:50:d8:a5:c3:6b:38:
         ba:76:1c:36:80:a8:5b:ab:71:41:61:43:02:d3:e5:65:e3:ee:
         90:95:51:a9:fe:f5:9f:bd:25:4b:66:f0:5a:fc:5d:13:39:57:
         37:0b:14:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87cG/GXh1rfVZI5U0FljJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiYzhkYmU1MjA4M2FkMzM1YzlmMWZkZTYwMTZlYzhiNDky
OTMxNDAwHhcNMjYwMTAyMDQxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjQwNDg1ZDYzYzNhOWRlNjIxZTA0ZThlOGVhYmY0NDg2MmViNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAks5+VsZneESqMxWvMvmsX9UATgqD
YQSDD7VCsqTxYeuNw6lPnPn9u0ele7wv5EYb1nu0oLaq/AgQrAgV8Ke1KJ1krFDt
V99S7i6jp+P+Ha/gYPmd7GxzBcLrxB4b0Ofb5BsS/h4j5Qf5Sf2ksi0FxzadqL1r
76NTy+xBTXltRXdyimWkMH+PlMmaC/qpHwk8lB02p28AARmJRCvWxLXFDqtxNxz1
/9ExuGeex0mO/mvoM3xOAHupotznmYqJ8e2lemZWLUeugCpLEVzNeHDkmJW3ISaH
ffkm+QzFq3Av7TbGHalhR9sXGlSk33gBRc/OJo9840iaSUXnAzzuR9gKHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJASF1jw6neYh4E6Ojqv0SGLrbSMB8GA1UdIwQY
MBaAFKvI2+Ugg60zXJ8f3mAW7ItJKTFAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2Qt
MzA1NmFmOWEzMzVlLzEvZ2tCSVhXUERxZDVpSGdUbzZPcV9SSVl1dHRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jZTZjY2ItMjVjZi00OTE3LWIzY2QtMzA1NmFmOWEzMzVl
LzEvcThqYjVTQ0RyVE5jbnhfZVlCYnNpMGtwTVVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw3KIMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ1qle7mUm4W5bYb13ycYjd+BFBZx65B8E106AMlNs
ez3b8gr5stybxaZuE7mdAriC+4sZmyPqPe9tOfJDB1eq9udYIHDsH9L9bV6LRkoP
0AFYUYyD9uNN9Ytm9ADYyAfdyo5MGSIq2omo/ntUF6lKqT0ilvG+zbyE5H9H0TSs
MAz1PCHf3tUwqrZwD+mkOhmD8Qt/jJ+BzNqBz3/HKMXaC3ZMuLeA474VyjlWIrA9
bqGqGdXUVLMJ/E5nbmsMb9rC0yaWsPRLtW58mYHBoxgUh5RQ2KXDazi6dhw2gKhb
q3FBYUMC0+Vl4+6QlVGp/vWfvSVLZvBa/F0TOVc3CxSz
-----END CERTIFICATE-----