This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/gErETpLkL1Wulh1Sd26eyD56QTQ.roa
File:                     gErETpLkL1Wulh1Sd26eyD56QTQ.roa (raw, json)
Hash identifier:          8oSrkQlx9IB4UN1/Zqqdf0UUPBBcBw5//CQWtwVqrR8=
Subject key identifier:   80:4A:C4:4E:92:E4:2F:55:AE:96:1D:52:77:6E:9E:C8:3E:7A:41:34
Certificate issuer:       /CN=e8b3eed1c7aca636d6245852b802e0e73754df63
Certificate serial:       019B7BA502D5CB796E748260662620C836C9
Authority key identifier: E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/gErETpLkL1Wulh1Sd26eyD56QTQ.roa
Signing time:             Thu 01 Jan 2026 22:19:30 +0000
ROA not before:           Thu 01 Jan 2026 22:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     271932
IP address blocks:        37.148.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:02:d5:cb:79:6e:74:82:60:66:26:20:c8:36:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8b3eed1c7aca636d6245852b802e0e73754df63
        Validity
            Not Before: Jan  1 22:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=804ac44e92e42f55ae961d52776e9ec83e7a4134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:86:4a:78:3b:02:6c:3f:41:0c:cd:b9:4a:3e:
                    32:02:a2:24:b4:04:6d:4a:ac:bd:db:77:4f:31:84:
                    a1:7e:af:1e:15:ab:fd:8e:f6:5d:a2:8f:ab:07:ad:
                    b5:e2:29:d1:07:33:07:2a:01:10:72:5b:ba:15:0b:
                    7f:55:54:c4:d6:34:a6:56:c9:49:b4:6d:92:09:f2:
                    11:b3:3c:00:4f:79:6a:ce:ba:55:58:9d:bb:24:a1:
                    02:1c:c8:5c:cd:d6:20:cf:e0:81:5d:70:c9:38:1f:
                    51:cd:87:9d:e0:51:b9:db:2c:1f:c6:60:cb:81:3f:
                    39:34:c9:9c:a2:cc:a4:be:bd:93:d7:c7:9d:89:9f:
                    f6:9c:d3:b9:23:54:1b:51:39:21:c4:52:76:dd:26:
                    14:58:5b:de:9d:ae:33:4f:5e:65:8d:fb:7c:73:75:
                    51:15:49:ed:dd:8f:19:a2:1a:ad:5e:4a:fa:17:0a:
                    86:66:b6:13:ff:a8:fd:dc:df:91:81:1a:1a:98:6d:
                    26:ff:46:66:af:71:63:62:54:28:8b:d9:f3:31:70:
                    0e:82:6d:30:7a:d9:53:c3:e1:c1:30:cc:db:ca:29:
                    b6:82:b4:52:4e:e8:d8:06:b1:d8:c4:41:5d:4c:d1:
                    f7:43:c9:ec:18:7d:5c:25:08:ec:a1:47:12:6f:b7:
                    60:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:4A:C4:4E:92:E4:2F:55:AE:96:1D:52:77:6E:9E:C8:3E:7A:41:34
            X509v3 Authority Key Identifier:
                keyid:E8:B3:EE:D1:C7:AC:A6:36:D6:24:58:52:B8:02:E0:E7:37:54:DF:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6LPu0cespjbWJFhSuALg5zdU32M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/gErETpLkL1Wulh1Sd26eyD56QTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/177329-28cd-4864-9e16-946404ec1aa4/1/6LPu0cespjbWJFhSuALg5zdU32M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.148.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         47:84:f9:1a:90:1f:42:db:38:bc:c0:c7:8e:24:a4:c5:28:ac:
         1f:eb:80:e6:f9:33:5f:9f:25:67:4e:e2:e0:86:0d:b7:a9:ab:
         c4:b7:c5:e2:6d:24:b7:84:60:f2:5c:1e:2a:46:95:07:46:81:
         f0:59:3e:e1:d5:48:04:2f:d0:30:e2:60:70:c3:bc:23:fb:36:
         c0:7c:a8:fa:46:da:e9:3a:9d:06:15:0c:8a:30:a7:43:00:5b:
         04:e7:a1:a2:13:c3:5a:8f:b0:52:eb:d3:d9:7c:2b:99:bb:ce:
         74:c3:35:41:5f:69:15:1a:32:2f:86:e0:d2:db:30:b8:a7:63:
         f4:5c:1a:ae:27:d0:45:03:66:37:6c:6e:a5:eb:6c:77:da:65:
         c9:ef:b8:67:e4:61:7b:1d:06:f6:55:ea:81:ce:3d:5b:d0:6e:
         50:4e:c2:a5:4a:d7:d4:ad:4a:e1:d5:46:0f:d9:3d:58:7c:1a:
         ed:96:ab:43:a4:00:91:90:a4:7d:54:50:00:f1:19:75:46:94:
         47:3d:47:ee:25:01:a8:a4:c9:85:64:f4:2e:ea:85:3d:80:2f:
         76:cd:cc:26:8f:03:a3:11:b6:8d:3e:46:d0:6f:8d:9c:26:ee:
         11:d8:8f:72:8c:71:53:59:04:4c:16:27:91:23:83:9e:d6:82:
         3e:c7:7f:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pQLVy3ludIJgZiYgyDbJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YjNlZWQxYzdhY2E2MzZkNjI0NTg1MmI4MDJlMGU3Mzc1
NGRmNjMwHhcNMjYwMTAxMjIxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDRhYzQ0ZTkyZTQyZjU1YWU5NjFkNTI3NzZlOWVjODNlN2E0MTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA34ZKeDsCbD9BDM25Sj4yAqIktARt
Sqy923dPMYShfq8eFav9jvZdoo+rB6214inRBzMHKgEQclu6FQt/VVTE1jSmVslJ
tG2SCfIRszwAT3lqzrpVWJ27JKECHMhczdYgz+CBXXDJOB9RzYed4FG52ywfxmDL
gT85NMmcosykvr2T18ediZ/2nNO5I1QbUTkhxFJ23SYUWFvena4zT15ljft8c3VR
FUnt3Y8ZohqtXkr6FwqGZrYT/6j93N+RgRoamG0m/0Zmr3FjYlQoi9nzMXAOgm0w
etlTw+HBMMzbyim2grRSTujYBrHYxEFdTNH3Q8nsGH1cJQjsoUcSb7dgoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBKxE6S5C9VrpYdUndunsg+ekE0MB8GA1UdIwQY
MBaAFOiz7tHHrKY21iRYUrgC4Oc3VN9jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYt
OTQ2NDA0ZWMxYWE0LzEvZ0VyRVRwTGtMMVd1bGgxU2QyNmV5RDU2UVRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi8xNzczMjktMjhjZC00ODY0LTllMTYtOTQ2NDA0ZWMxYWE0
LzEvNkxQdTBjZXNwamJXSkZoU3VBTGc1emRVMzJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJZTYMA0G
CSqGSIb3DQEBCwUAA4IBAQBHhPkakB9C2zi8wMeOJKTFKKwf64Dm+TNfnyVnTuLg
hg23qavEt8XibSS3hGDyXB4qRpUHRoHwWT7h1UgEL9Aw4mBww7wj+zbAfKj6Rtrp
Op0GFQyKMKdDAFsE56GiE8Naj7BS69PZfCuZu850wzVBX2kVGjIvhuDS2zC4p2P0
XBquJ9BFA2Y3bG6l62x32mXJ77hn5GF7HQb2VeqBzj1b0G5QTsKlStfUrUrh1UYP
2T1YfBrtlqtDpACRkKR9VFAA8Rl1RpRHPUfuJQGopMmFZPQu6oU9gC92zcwmjwOj
EbaNPkbQb42cJu4R2I9yjHFTWQRMFieRI4Oe1oI+x3/R
-----END CERTIFICATE-----