This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/gb92OyPtFV8ggf63vEi-KCDdf-s.roa
File:                     gb92OyPtFV8ggf63vEi-KCDdf-s.roa (raw, json)
Hash identifier:          +rhI/ux5CfxH5KWi60cOU2i3sB6AO/30yOzY/E/1xts=
Subject key identifier:   81:BF:76:3B:23:ED:15:5F:20:81:FE:B7:BC:48:BE:28:20:DD:7F:EB
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       019B77C675D7411A3438C2877B0CC884D136
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/gb92OyPtFV8ggf63vEi-KCDdf-s.roa
Signing time:             Thu 01 Jan 2026 04:17:33 +0000
ROA not before:           Thu 01 Jan 2026 04:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59709
IP address blocks:        151.252.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 04:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:75:d7:41:1a:34:38:c2:87:7b:0c:c8:84:d1:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  1 04:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=81bf763b23ed155f2081feb7bc48be2820dd7feb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d5:b2:07:0a:ca:15:85:f2:d4:bc:2b:01:8a:
                    fc:a2:53:8b:66:41:c4:39:c4:61:be:93:e4:d4:a2:
                    7f:df:b0:06:ae:0d:5d:2c:d2:71:de:dd:29:58:14:
                    b1:f3:29:f9:44:4a:0a:3e:68:68:79:ba:8e:c5:3d:
                    2b:d2:1e:23:66:6f:95:99:aa:57:c7:89:c6:26:34:
                    6a:d0:c1:25:25:ff:13:09:02:91:ee:06:32:92:8a:
                    14:b1:76:cf:4e:4c:6f:b3:8e:a8:1d:7a:95:aa:e4:
                    58:43:7b:c6:6c:af:db:32:e6:79:cf:80:e8:0b:55:
                    a1:20:f8:ab:01:35:55:7b:66:97:95:e0:6e:95:62:
                    a0:23:14:3b:8f:67:15:d5:b3:1f:d9:bd:0e:dc:57:
                    0d:cd:26:6e:83:15:48:fc:0b:2d:48:76:57:6c:29:
                    e5:e3:e3:fb:aa:55:21:40:4e:f0:24:cb:64:23:dc:
                    25:a9:fd:dd:e1:a3:f6:78:3d:6b:70:54:f2:a0:8f:
                    68:72:b6:af:48:a5:61:57:fd:b0:c9:0c:69:b8:6e:
                    16:60:2a:58:3c:40:9c:a7:52:27:ab:b9:8d:ab:ba:
                    a4:e2:9a:cf:80:ca:42:f2:79:1b:4c:8e:2f:69:c5:
                    91:a8:01:ea:03:05:fe:15:08:40:65:af:3f:06:26:
                    cf:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:BF:76:3B:23:ED:15:5F:20:81:FE:B7:BC:48:BE:28:20:DD:7F:EB
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/gb92OyPtFV8ggf63vEi-KCDdf-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.252.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:ec:a4:8b:17:d8:5f:01:46:cc:f6:9e:57:9a:fe:6b:23:09:
         7b:49:20:8f:9c:3b:54:c1:0d:93:ec:9e:81:44:e5:72:a7:44:
         b5:52:92:a4:c0:4b:7e:00:4e:0b:8a:c9:05:d8:40:ad:a2:0f:
         8a:a5:66:99:55:09:9a:6b:34:8b:e3:5b:80:b1:c2:1e:a4:05:
         26:35:a5:e2:56:d3:47:05:94:aa:c0:bf:74:03:5e:f8:17:b8:
         0d:0d:0b:c9:95:60:2a:e5:7b:be:fc:dd:8d:28:31:65:ae:3c:
         54:bd:c3:06:79:88:77:22:61:cd:2c:ad:58:36:16:16:ca:4a:
         bd:69:7c:97:34:d4:33:4d:f5:23:2d:6c:f9:11:c6:a2:78:ea:
         c4:95:2a:8d:06:e0:e7:80:77:fd:09:cb:a9:cd:84:03:a3:9e:
         61:e7:5c:1e:89:83:da:08:e5:4f:16:b6:03:fa:21:26:72:df:
         9e:58:ec:41:0a:68:98:cd:b4:27:54:57:e9:94:24:75:b5:57:
         58:7d:90:db:b3:4c:5c:cd:39:92:38:65:45:46:99:00:bd:f0:
         20:b0:a0:31:47:16:0c:37:c0:10:75:f8:43:d0:b8:1d:a6:22:
         44:87:1b:72:6e:03:0a:90:3b:2c:dc:fe:ce:80:73:95:ab:73:
         1f:98:91:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xnXXQRo0OMKHewzIhNE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjYwMTAxMDQxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWJmNzYzYjIzZWQxNTVmMjA4MWZlYjdiYzQ4YmUyODIwZGQ3ZmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAudWyBwrKFYXy1LwrAYr8olOLZkHE
OcRhvpPk1KJ/37AGrg1dLNJx3t0pWBSx8yn5REoKPmhoebqOxT0r0h4jZm+VmapX
x4nGJjRq0MElJf8TCQKR7gYykooUsXbPTkxvs46oHXqVquRYQ3vGbK/bMuZ5z4Do
C1WhIPirATVVe2aXleBulWKgIxQ7j2cV1bMf2b0O3FcNzSZugxVI/AstSHZXbCnl
4+P7qlUhQE7wJMtkI9wlqf3d4aP2eD1rcFTyoI9ocravSKVhV/2wyQxpuG4WYCpY
PECcp1Inq7mNq7qk4prPgMpC8nkbTI4vacWRqAHqAwX+FQhAZa8/BibPnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIG/djsj7RVfIIH+t7xIvigg3X/rMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvZ2I5Mk95UHRGVjhnZ2Y2M3ZFaS1LQ0RkZi1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/zGMA0G
CSqGSIb3DQEBCwUAA4IBAQAv7KSLF9hfAUbM9p5Xmv5rIwl7SSCPnDtUwQ2T7J6B
ROVyp0S1UpKkwEt+AE4LiskF2ECtog+KpWaZVQmaazSL41uAscIepAUmNaXiVtNH
BZSqwL90A174F7gNDQvJlWAq5Xu+/N2NKDFlrjxUvcMGeYh3ImHNLK1YNhYWykq9
aXyXNNQzTfUjLWz5EcaieOrElSqNBuDngHf9CcupzYQDo55h51weiYPaCOVPFrYD
+iEmct+eWOxBCmiYzbQnVFfplCR1tVdYfZDbs0xczTmSOGVFRpkAvfAgsKAxRxYM
N8AQdfhD0LgdpiJEhxtybgMKkDss3P7OgHOVq3MfmJEN
-----END CERTIFICATE-----