This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/gtbETOybprgnBnsdOcXReqiJdJg.roa
File:                     gtbETOybprgnBnsdOcXReqiJdJg.roa (raw, json)
Hash identifier:          MHBLEVDbm/5/3P4t1AJ9tw9OGawy0RxaBcMDfw8zw9M=
Subject key identifier:   82:D6:C4:4C:EC:9B:A6:B8:27:06:7B:1D:39:C5:D1:7A:A8:89:74:98
Certificate issuer:       /CN=0283a8c69a2630cd8f6fa70af2a53fe019f2cc07
Certificate serial:       019B77C686AB22F0656899417994B9BD003F
Authority key identifier: 02:83:A8:C6:9A:26:30:CD:8F:6F:A7:0A:F2:A5:3F:E0:19:F2:CC:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AoOoxpomMM2Pb6cK8qU_4BnyzAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/gtbETOybprgnBnsdOcXReqiJdJg.roa
Signing time:             Thu 01 Jan 2026 04:17:37 +0000
ROA not before:           Thu 01 Jan 2026 04:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205550
IP address blocks:        185.120.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/AoOoxpomMM2Pb6cK8qU_4BnyzAc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/AoOoxpomMM2Pb6cK8qU_4BnyzAc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AoOoxpomMM2Pb6cK8qU_4BnyzAc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 07:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:86:ab:22:f0:65:68:99:41:79:94:b9:bd:00:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0283a8c69a2630cd8f6fa70af2a53fe019f2cc07
        Validity
            Not Before: Jan  1 04:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=82d6c44cec9ba6b827067b1d39c5d17aa8897498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:dc:e7:a2:6c:f3:35:4a:be:17:d0:93:e3:b3:
                    67:ae:43:7e:39:51:cb:be:10:b9:55:61:ff:a4:04:
                    83:a5:c6:ba:3b:d0:9c:aa:16:48:44:b6:2d:cd:c1:
                    e5:33:bf:23:5a:ac:d4:ad:de:4d:e0:c6:58:c7:04:
                    26:ad:57:95:cd:f9:4f:8c:82:b0:b3:4c:bb:fd:04:
                    20:ae:ba:e8:49:a1:89:b2:dd:a1:87:eb:c4:64:60:
                    5b:76:18:1f:12:a6:95:d0:f6:68:f6:22:f6:22:62:
                    55:9d:5d:ed:e7:67:bf:3e:b7:48:80:f7:2a:6f:54:
                    81:84:32:22:a8:d1:20:5b:6b:98:47:c8:be:24:74:
                    f2:a1:c2:e0:47:6b:5e:fa:3d:f3:72:ce:bb:bb:2f:
                    51:a9:0a:15:75:9b:f1:13:d2:b1:b8:4f:71:fb:37:
                    31:1c:b7:70:0e:2e:cd:fd:e9:b6:92:de:5d:21:7f:
                    31:a1:53:c9:f2:c5:58:04:07:72:d8:66:bc:ef:21:
                    13:de:88:9f:3f:e7:db:22:9d:4d:f1:95:b2:6d:5b:
                    87:91:b5:3f:75:56:e5:31:dd:c6:60:54:e5:94:4b:
                    b0:44:de:7a:a6:cf:14:89:2f:fd:f4:36:10:ab:82:
                    b7:56:57:39:a2:f6:03:d3:b3:da:9b:ad:32:6f:b5:
                    5d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:D6:C4:4C:EC:9B:A6:B8:27:06:7B:1D:39:C5:D1:7A:A8:89:74:98
            X509v3 Authority Key Identifier:
                keyid:02:83:A8:C6:9A:26:30:CD:8F:6F:A7:0A:F2:A5:3F:E0:19:F2:CC:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AoOoxpomMM2Pb6cK8qU_4BnyzAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/gtbETOybprgnBnsdOcXReqiJdJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/AoOoxpomMM2Pb6cK8qU_4BnyzAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:f5:e5:a3:67:f3:59:83:96:38:e2:e3:83:a8:fb:38:93:f4:
         11:46:f8:bd:8b:67:59:7c:29:1d:71:9c:ad:89:ba:20:07:ad:
         a0:03:56:2c:73:69:6b:1b:e2:3f:66:18:cd:34:10:5a:c4:27:
         2a:4f:0f:3a:c3:e7:56:45:61:19:f0:fd:1e:3c:3b:87:6d:2a:
         56:d7:2e:4d:8d:59:3c:06:d5:b4:d7:1d:fb:ba:50:2c:5a:08:
         ca:c0:60:a2:db:d0:85:f8:62:c8:9f:b8:a0:30:0e:a1:d3:ed:
         ba:ac:90:55:a8:09:72:97:06:3a:21:cb:86:6f:75:19:2a:a5:
         a0:d1:6c:b2:a0:0d:68:b5:5b:ce:6f:c7:7e:a9:06:61:cc:5b:
         78:54:db:91:36:2d:98:41:40:f6:44:a7:a8:a6:19:31:08:b6:
         28:94:62:4f:c8:00:52:d9:dd:7c:f9:ad:f4:2d:c2:cf:ad:35:
         3e:31:3d:b0:0d:ba:b1:61:a2:3a:85:da:da:f8:b9:39:4b:e3:
         0f:0b:d9:d5:4a:9c:d3:b9:ae:ca:76:ca:be:39:40:aa:c9:08:
         5c:6a:6d:6a:2d:fc:7c:83:e0:63:d7:53:07:6e:fc:01:8a:d3:
         77:b0:c9:e4:97:50:6a:1b:3a:9f:1c:61:82:ac:46:cb:28:64:
         72:65:cd:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xoarIvBlaJlBeZS5vQA/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyODNhOGM2OWEyNjMwY2Q4ZjZmYTcwYWYyYTUzZmUwMTlm
MmNjMDcwHhcNMjYwMTAxMDQxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmQ2YzQ0Y2VjOWJhNmI4MjcwNjdiMWQzOWM1ZDE3YWE4ODk3NDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtznomzzNUq+F9CT47NnrkN+OVHL
vhC5VWH/pASDpca6O9CcqhZIRLYtzcHlM78jWqzUrd5N4MZYxwQmrVeVzflPjIKw
s0y7/QQgrrroSaGJst2hh+vEZGBbdhgfEqaV0PZo9iL2ImJVnV3t52e/PrdIgPcq
b1SBhDIiqNEgW2uYR8i+JHTyocLgR2te+j3zcs67uy9RqQoVdZvxE9KxuE9x+zcx
HLdwDi7N/em2kt5dIX8xoVPJ8sVYBAdy2Ga87yET3oifP+fbIp1N8ZWybVuHkbU/
dVblMd3GYFTllEuwRN56ps8UiS/99DYQq4K3Vlc5ovYD07Pam60yb7VdhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFILWxEzsm6a4JwZ7HTnF0XqoiXSYMB8GA1UdIwQY
MBaAFAKDqMaaJjDNj2+nCvKlP+AZ8swHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW9Pb3hwb21NTTJQYjZjSzhxVV80Qm55ekFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8xYzI0YWQtMjRiNC00Yzk4LWE2NTkt
NTkyYzBkY2RhZjc5LzEvZ3RiRVRPeWJwcmduQm5zZE9jWFJlcWlKZEpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8xYzI0YWQtMjRiNC00Yzk4LWE2NTktNTkyYzBkY2RhZjc5
LzEvQW9Pb3hwb21NTTJQYjZjSzhxVV80Qm55ekFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXirMA0G
CSqGSIb3DQEBCwUAA4IBAQAH9eWjZ/NZg5Y44uODqPs4k/QRRvi9i2dZfCkdcZyt
ibogB62gA1Ysc2lrG+I/ZhjNNBBaxCcqTw86w+dWRWEZ8P0ePDuHbSpW1y5NjVk8
BtW01x37ulAsWgjKwGCi29CF+GLIn7igMA6h0+26rJBVqAlylwY6IcuGb3UZKqWg
0WyyoA1otVvOb8d+qQZhzFt4VNuRNi2YQUD2RKeophkxCLYolGJPyABS2d18+a30
LcLPrTU+MT2wDbqxYaI6hdra+Lk5S+MPC9nVSpzTua7Kdsq+OUCqyQhcam1qLfx8
g+Bj11MHbvwBitN3sMnkl1BqGzqfHGGCrEbLKGRyZc0o
-----END CERTIFICATE-----