This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GOP78-7SC9MuDlMbVUxj3lsxQGY.roa
File:                     GOP78-7SC9MuDlMbVUxj3lsxQGY.roa (raw, json)
Hash identifier:          D/ZmM8FGMEvRlhNfrlzLGgmqmBuX01QO1FWCQGSY4c8=
Subject key identifier:   18:E3:FB:F3:EE:D2:0B:D3:2E:0E:53:1B:55:4C:63:DE:5B:31:40:66
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019B282F5A4CC4E3C7B3330E586F993838B0
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GOP78-7SC9MuDlMbVUxj3lsxQGY.roa
Signing time:             Tue 16 Dec 2025 17:22:30 +0000
ROA not before:           Tue 16 Dec 2025 17:22:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212598
IP address blocks:        193.23.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Dec 2025 10:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:28:2f:5a:4c:c4:e3:c7:b3:33:0e:58:6f:99:38:38:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Dec 16 17:22:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18e3fbf3eed20bd32e0e531b554c63de5b314066
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ab:74:a3:0a:a1:f1:be:2a:b2:5d:4b:7e:b4:
                    f6:8c:df:46:45:52:76:b7:b9:d3:79:e1:11:a6:66:
                    92:41:07:bd:2d:8d:a2:cf:b7:e6:75:30:2d:12:dc:
                    82:2b:96:3e:09:e1:c3:ae:a4:59:bf:34:02:76:e9:
                    6b:d1:e5:f1:59:a7:3a:3f:19:31:ac:04:a7:72:9e:
                    d3:13:81:31:4a:0d:6a:a6:74:7c:ef:96:2a:24:e4:
                    d2:fc:6f:6a:5f:43:33:7d:d4:7a:91:f9:9f:78:ec:
                    a3:a3:30:4c:f4:64:4d:c0:20:49:dd:6f:65:4e:2d:
                    9b:e4:e3:ca:e2:38:1e:fc:ca:b2:d5:5a:79:f1:02:
                    df:be:d8:94:ec:2e:eb:34:b4:4b:0f:aa:92:5f:ed:
                    fd:f5:3f:c8:fc:0d:44:5f:40:a1:8c:c2:da:26:56:
                    2b:62:65:1e:1a:60:9f:10:1d:b1:66:9d:14:c7:25:
                    be:f4:69:34:d9:df:7b:8d:66:2f:aa:61:1e:12:11:
                    e4:77:48:78:c1:2f:17:56:21:4e:1a:d7:7f:a3:c1:
                    d0:1b:bb:b0:40:d4:28:6c:cd:f1:3f:84:a2:73:47:
                    45:5c:0e:89:1c:ae:16:0f:a7:36:90:e6:50:88:4b:
                    e1:53:8c:dd:2a:7e:b6:6f:0b:4d:b7:33:24:d8:2e:
                    54:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:E3:FB:F3:EE:D2:0B:D3:2E:0E:53:1B:55:4C:63:DE:5B:31:40:66
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/GOP78-7SC9MuDlMbVUxj3lsxQGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:62:06:7e:99:0c:46:a3:bc:58:2b:8c:da:23:4e:25:ad:2e:
         c8:b8:7c:90:af:0d:93:68:76:8f:a4:81:c7:42:a8:5b:43:6c:
         e7:53:7b:98:f9:53:7d:89:46:ec:ea:de:f8:fa:67:ec:e5:41:
         e7:18:f9:42:58:02:73:17:78:1c:7e:a1:fe:59:d2:f7:13:cf:
         1d:0c:35:f2:08:45:fd:b5:a8:98:6f:ea:e2:db:06:02:89:7a:
         a6:a7:0d:8c:1e:7f:dc:7d:5a:80:a7:e6:02:a3:d0:e2:c2:03:
         07:bc:1d:8d:45:b2:4d:09:e4:c8:fe:43:a1:8b:d2:47:39:47:
         b0:76:fc:dd:1d:25:53:d1:21:a5:ad:1c:46:73:04:b2:84:16:
         6f:78:8e:cb:65:d3:06:30:7b:31:16:19:56:31:38:e6:5d:95:
         15:a3:fc:0f:76:3e:cd:d3:19:54:97:41:dd:5d:48:3f:ac:02:
         98:cd:01:0f:5d:38:9b:89:84:81:91:8b:af:f3:82:16:ca:a3:
         57:ba:61:3c:e8:4f:c1:91:40:cc:74:71:63:57:af:fc:0f:7e:
         10:88:56:93:fe:f3:94:e4:a3:60:c1:ae:13:dc:73:b7:d5:16:
         af:77:90:9b:38:e4:92:14:99:ca:a1:fc:58:0a:cb:7b:fd:bf:
         f1:6c:b7:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsoL1pMxOPHszMOWG+ZODiwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjUxMjE2MTcyMjMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGUzZmJmM2VlZDIwYmQzMmUwZTUzMWI1NTRjNjNkZTViMzE0MDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKt0owqh8b4qsl1LfrT2jN9GRVJ2
t7nTeeERpmaSQQe9LY2iz7fmdTAtEtyCK5Y+CeHDrqRZvzQCdulr0eXxWac6Pxkx
rASncp7TE4ExSg1qpnR875YqJOTS/G9qX0MzfdR6kfmfeOyjozBM9GRNwCBJ3W9l
Ti2b5OPK4jge/Mqy1Vp58QLfvtiU7C7rNLRLD6qSX+399T/I/A1EX0ChjMLaJlYr
YmUeGmCfEB2xZp0UxyW+9Gk02d97jWYvqmEeEhHkd0h4wS8XViFOGtd/o8HQG7uw
QNQobM3xP4Sic0dFXA6JHK4WD6c2kOZQiEvhU4zdKn62bwtNtzMk2C5UywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjj+/Pu0gvTLg5TG1VMY95bMUBmMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvR09QNzgtN1NDOU11RGxNYlZVeGozbHN4UUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRffMA0G
CSqGSIb3DQEBCwUAA4IBAQBaYgZ+mQxGo7xYK4zaI04lrS7IuHyQrw2TaHaPpIHH
QqhbQ2znU3uY+VN9iUbs6t74+mfs5UHnGPlCWAJzF3gcfqH+WdL3E88dDDXyCEX9
taiYb+ri2wYCiXqmpw2MHn/cfVqAp+YCo9DiwgMHvB2NRbJNCeTI/kOhi9JHOUew
dvzdHSVT0SGlrRxGcwSyhBZveI7LZdMGMHsxFhlWMTjmXZUVo/wPdj7N0xlUl0Hd
XUg/rAKYzQEPXTibiYSBkYuv84IWyqNXumE86E/BkUDMdHFjV6/8D34QiFaT/vOU
5KNgwa4T3HO31Ravd5CbOOSSFJnKofxYCst7/b/xbLew
-----END CERTIFICATE-----