This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/GsRkXOSW1fdFu3DPwvlbZ7bJfrs.roa
File:                     GsRkXOSW1fdFu3DPwvlbZ7bJfrs.roa (raw, json)
Hash identifier:          LrZFy74UOAGrG2L260gD+OSmEU83mjEYLFF/UUa8s7U=
Subject key identifier:   1A:C4:64:5C:E4:96:D5:F7:45:BB:70:CF:C2:F9:5B:67:B6:C9:7E:BB
Certificate issuer:       /CN=af85bb8a50443e504c4853cce025ef58341c1d50
Certificate serial:       019B7EA68F0A8E91B21AE1A54FEC69B25473
Authority key identifier: AF:85:BB:8A:50:44:3E:50:4C:48:53:CC:E0:25:EF:58:34:1C:1D:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4W7ilBEPlBMSFPM4CXvWDQcHVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/GsRkXOSW1fdFu3DPwvlbZ7bJfrs.roa
Signing time:             Fri 02 Jan 2026 12:20:03 +0000
ROA not before:           Fri 02 Jan 2026 12:20:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34376
IP address blocks:        91.199.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/r4W7ilBEPlBMSFPM4CXvWDQcHVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/r4W7ilBEPlBMSFPM4CXvWDQcHVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4W7ilBEPlBMSFPM4CXvWDQcHVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:8f:0a:8e:91:b2:1a:e1:a5:4f:ec:69:b2:54:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af85bb8a50443e504c4853cce025ef58341c1d50
        Validity
            Not Before: Jan  2 12:20:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ac4645ce496d5f745bb70cfc2f95b67b6c97ebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:08:8f:58:2f:4c:d0:aa:1c:35:41:79:a0:6f:
                    54:7a:83:b3:0f:ad:48:61:dd:9f:5c:18:46:c5:2b:
                    37:e0:be:02:62:90:e2:4b:7f:08:ee:4a:2d:58:e5:
                    37:f5:ed:0a:af:7f:e2:06:65:d4:15:d9:e8:e6:af:
                    c3:ee:aa:b1:72:1e:7e:c9:ba:a7:2a:22:f7:77:09:
                    b3:60:69:09:61:96:ef:e0:4e:cf:79:f8:7d:21:44:
                    3f:3b:91:29:1d:43:28:f9:d4:13:42:62:e2:a7:e4:
                    1c:f3:0f:b5:99:f0:8f:0a:c7:90:b2:82:25:e6:cc:
                    e5:3f:ff:1d:4e:ff:cc:3c:df:b1:0e:13:81:bd:42:
                    67:fd:bc:60:16:10:be:71:cb:6b:f5:4c:4f:ce:9b:
                    ac:60:48:68:92:26:fd:00:a8:25:c5:63:d1:32:2c:
                    ab:cf:d4:15:c0:11:5f:d3:fb:23:ea:6b:db:d1:e4:
                    7c:4b:2c:67:53:ef:d8:0b:bd:73:35:61:63:ac:5b:
                    25:0c:89:30:b8:4b:94:12:ee:c2:8a:d6:fa:53:8f:
                    57:50:61:2f:d9:fc:b1:fe:9f:f4:23:cc:1b:55:a7:
                    e0:7a:09:52:b2:6e:e8:c0:a9:c8:e0:49:8b:d5:40:
                    e1:91:50:0e:ea:6b:55:d3:b9:9e:d9:d5:36:b5:7d:
                    07:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:C4:64:5C:E4:96:D5:F7:45:BB:70:CF:C2:F9:5B:67:B6:C9:7E:BB
            X509v3 Authority Key Identifier:
                keyid:AF:85:BB:8A:50:44:3E:50:4C:48:53:CC:E0:25:EF:58:34:1C:1D:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4W7ilBEPlBMSFPM4CXvWDQcHVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/GsRkXOSW1fdFu3DPwvlbZ7bJfrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/3df0b6-47c9-40fe-8358-fdebbc927d40/1/r4W7ilBEPlBMSFPM4CXvWDQcHVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:90:c0:64:fc:c6:60:71:47:c4:66:e9:66:4f:f0:8d:1f:1c:
         bc:c5:fa:15:c9:bf:f3:5a:3e:e6:6c:bb:ec:5b:ef:c5:ec:9b:
         e8:7b:45:66:9e:69:ce:3f:02:62:e9:97:ae:90:83:70:60:e4:
         11:a6:f5:81:38:1d:ea:62:f4:18:9c:eb:a2:fe:4c:35:5f:ff:
         ab:d6:83:12:70:d0:1d:f3:49:a8:28:00:87:7c:e6:95:e6:2c:
         05:e5:59:74:59:09:fe:ec:a4:ba:9a:67:0e:09:6a:d0:10:61:
         95:13:65:12:bb:d1:95:47:2d:ad:20:1e:95:60:d6:fa:93:c4:
         f5:c7:a5:42:1b:a2:94:b4:6f:f5:3a:8e:f6:82:38:d2:1b:0b:
         a5:29:74:aa:e3:3f:b0:13:d6:7a:a0:f1:71:fc:61:54:71:e1:
         7b:44:fa:35:ca:84:4f:96:62:68:88:ab:04:bd:65:af:fb:fa:
         60:d9:8a:e3:e7:4a:77:c3:2e:04:25:b3:37:41:0f:9d:37:80:
         27:81:95:4f:b7:43:bf:12:30:25:13:24:fe:fa:60:51:5c:60:
         e6:66:7c:55:b8:f0:aa:6c:91:9c:b9:6a:88:6a:f6:20:61:3c:
         7d:6c:b0:db:92:8a:8f:53:20:cb:a6:bf:33:6d:3e:b4:61:a8:
         93:9b:3a:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+po8KjpGyGuGlT+xpslRzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODViYjhhNTA0NDNlNTA0YzQ4NTNjY2UwMjVlZjU4MzQx
YzFkNTAwHhcNMjYwMTAyMTIyMDAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWM0NjQ1Y2U0OTZkNWY3NDViYjcwY2ZjMmY5NWI2N2I2Yzk3ZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAiPWC9M0KocNUF5oG9UeoOzD61I
Yd2fXBhGxSs34L4CYpDiS38I7kotWOU39e0Kr3/iBmXUFdno5q/D7qqxch5+ybqn
KiL3dwmzYGkJYZbv4E7Pefh9IUQ/O5EpHUMo+dQTQmLip+Qc8w+1mfCPCseQsoIl
5szlP/8dTv/MPN+xDhOBvUJn/bxgFhC+cctr9UxPzpusYEhokib9AKglxWPRMiyr
z9QVwBFf0/sj6mvb0eR8SyxnU+/YC71zNWFjrFslDIkwuEuUEu7Citb6U49XUGEv
2fyx/p/0I8wbVafgeglSsm7owKnI4EmL1UDhkVAO6mtV07me2dU2tX0HcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBrEZFzkltX3Rbtwz8L5W2e2yX67MB8GA1UdIwQY
MBaAFK+Fu4pQRD5QTEhTzOAl71g0HB1QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRXN2lsQkVQbEJNU0ZQTTRDWHZXRFFjSFZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8zZGYwYjYtNDdjOS00MGZlLTgzNTgt
ZmRlYmJjOTI3ZDQwLzEvR3NSa1hPU1cxZmRGdTNEUHd2bGJaN2JKZnJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8zZGYwYjYtNDdjOS00MGZlLTgzNTgtZmRlYmJjOTI3ZDQw
LzEvcjRXN2lsQkVQbEJNU0ZQTTRDWHZXRFFjSFZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8eAMA0G
CSqGSIb3DQEBCwUAA4IBAQBgkMBk/MZgcUfEZulmT/CNHxy8xfoVyb/zWj7mbLvs
W+/F7Jvoe0VmnmnOPwJi6ZeukINwYOQRpvWBOB3qYvQYnOui/kw1X/+r1oMScNAd
80moKACHfOaV5iwF5Vl0WQn+7KS6mmcOCWrQEGGVE2USu9GVRy2tIB6VYNb6k8T1
x6VCG6KUtG/1Oo72gjjSGwulKXSq4z+wE9Z6oPFx/GFUceF7RPo1yoRPlmJoiKsE
vWWv+/pg2Yrj50p3wy4EJbM3QQ+dN4AngZVPt0O/EjAlEyT++mBRXGDmZnxVuPCq
bJGcuWqIavYgYTx9bLDbkoqPUyDLpr8zbT60YaiTmzr5
-----END CERTIFICATE-----