This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/GPHtNa1LkpB1FfVw6cVLTB-Gb4s.roa
File:                     GPHtNa1LkpB1FfVw6cVLTB-Gb4s.roa (raw, json)
Hash identifier:          +gGd31Ly+y7j9QhhSu4Pmao5tnZqyFoc+P7uPTb1vzs=
Subject key identifier:   18:F1:ED:35:AD:4B:92:90:75:15:F5:70:E9:C5:4B:4C:1F:86:6F:8B
Certificate issuer:       /CN=87c37d035d95fefba1d47f98b9ff4973f17df6cd
Certificate serial:       019B7A5AF852C3445D43764C482A183AA32C
Authority key identifier: 87:C3:7D:03:5D:95:FE:FB:A1:D4:7F:98:B9:FF:49:73:F1:7D:F6:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h8N9A12V_vuh1H-Yuf9Jc_F99s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/GPHtNa1LkpB1FfVw6cVLTB-Gb4s.roa
Signing time:             Thu 01 Jan 2026 16:19:00 +0000
ROA not before:           Thu 01 Jan 2026 16:19:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200286
IP address blocks:        185.59.52.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/h8N9A12V_vuh1H-Yuf9Jc_F99s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/h8N9A12V_vuh1H-Yuf9Jc_F99s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h8N9A12V_vuh1H-Yuf9Jc_F99s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:f8:52:c3:44:5d:43:76:4c:48:2a:18:3a:a3:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87c37d035d95fefba1d47f98b9ff4973f17df6cd
        Validity
            Not Before: Jan  1 16:19:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=18f1ed35ad4b92907515f570e9c54b4c1f866f8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:48:2d:68:28:c6:e4:09:f0:67:1b:c1:d8:30:
                    6e:4f:fe:ad:58:33:6f:e3:67:f1:5a:51:72:cb:f3:
                    5b:ee:53:b8:4c:33:22:fc:74:04:9f:1e:eb:10:66:
                    e4:a5:f2:d0:e8:52:ee:d6:be:8b:17:7b:a3:cd:c9:
                    16:dd:36:3f:48:37:9a:09:45:53:e8:4a:29:82:5e:
                    c9:e9:95:14:74:1c:24:aa:94:88:00:05:77:0a:f2:
                    40:e3:39:8b:51:de:19:d7:4c:dd:5f:eb:3f:83:cd:
                    17:8c:63:7f:53:aa:ef:f0:b2:7d:b8:5b:3e:0c:d0:
                    db:a9:8e:49:f9:69:21:9d:b6:cd:de:3d:69:71:40:
                    53:8a:0f:0f:1e:a2:26:3e:e2:0f:52:0c:0c:28:90:
                    e9:3f:36:04:45:3d:56:54:89:5f:58:c6:f4:4d:d2:
                    25:f7:27:94:e6:1a:86:ad:dd:0b:a4:d5:51:7b:f8:
                    9c:69:94:3a:e0:f8:1d:47:59:e3:01:91:85:49:a0:
                    36:2b:19:b8:1a:29:71:ff:0d:c3:b4:77:57:08:43:
                    aa:63:d5:53:9c:66:6a:9a:d2:8f:49:6a:ac:e4:7a:
                    e2:76:11:6a:42:99:b0:56:35:88:dc:0c:6f:dc:24:
                    d1:e6:c7:bb:12:95:52:5d:57:24:34:46:de:93:4b:
                    85:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:F1:ED:35:AD:4B:92:90:75:15:F5:70:E9:C5:4B:4C:1F:86:6F:8B
            X509v3 Authority Key Identifier:
                keyid:87:C3:7D:03:5D:95:FE:FB:A1:D4:7F:98:B9:FF:49:73:F1:7D:F6:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h8N9A12V_vuh1H-Yuf9Jc_F99s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/GPHtNa1LkpB1FfVw6cVLTB-Gb4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/5ef060-f473-4043-b8a2-e1b7c7649fa3/1/h8N9A12V_vuh1H-Yuf9Jc_F99s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.59.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:b6:2d:5c:76:4d:7a:8e:a3:2d:af:94:62:21:f2:e2:b0:f1:
         0c:a3:ae:e2:99:63:7f:17:77:cd:d2:17:0f:ee:96:c8:f9:05:
         32:92:1f:58:f3:1d:61:33:d5:da:53:d5:b3:dd:6d:66:79:5b:
         66:e8:ce:94:5e:e4:d0:ca:31:b1:40:7a:3b:d0:5f:0e:ff:35:
         87:99:af:15:81:a3:e1:5e:6c:7b:eb:1f:ac:19:e4:f8:b1:1b:
         43:92:b1:d4:d6:37:a3:76:38:05:c6:53:c0:b2:af:68:83:33:
         8e:9e:f2:e8:19:e7:4b:ff:37:fd:24:77:7d:3e:28:d2:83:90:
         7a:e8:8f:f0:89:57:ee:8b:7c:95:9a:71:ac:86:22:e8:c6:51:
         10:95:b0:3e:31:b1:1e:c6:66:e6:e6:ed:07:01:fe:19:70:c8:
         59:33:82:66:53:9a:40:10:d5:78:66:1e:f6:a5:52:ce:da:b5:
         05:62:e9:52:23:a3:a3:5a:c3:02:fb:1d:14:3c:bd:9a:44:44:
         1a:eb:53:d0:df:0f:ea:a6:c7:85:26:ea:88:f9:eb:b8:5b:93:
         ac:71:56:f9:80:92:f9:69:cb:4f:fe:52:ba:be:50:e7:85:4f:
         8d:0e:f1:e4:47:03:bb:01:01:09:96:88:60:68:72:b5:4b:e7:
         68:0a:e6:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WvhSw0RdQ3ZMSCoYOqMsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3YzM3ZDAzNWQ5NWZlZmJhMWQ0N2Y5OGI5ZmY0OTczZjE3
ZGY2Y2QwHhcNMjYwMTAxMTYxOTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGYxZWQzNWFkNGI5MjkwNzUxNWY1NzBlOWM1NGI0YzFmODY2ZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkgtaCjG5AnwZxvB2DBuT/6tWDNv
42fxWlFyy/Nb7lO4TDMi/HQEnx7rEGbkpfLQ6FLu1r6LF3ujzckW3TY/SDeaCUVT
6Eopgl7J6ZUUdBwkqpSIAAV3CvJA4zmLUd4Z10zdX+s/g80XjGN/U6rv8LJ9uFs+
DNDbqY5J+WkhnbbN3j1pcUBTig8PHqImPuIPUgwMKJDpPzYERT1WVIlfWMb0TdIl
9yeU5hqGrd0LpNVRe/icaZQ64PgdR1njAZGFSaA2Kxm4Gilx/w3DtHdXCEOqY9VT
nGZqmtKPSWqs5HridhFqQpmwVjWI3Axv3CTR5se7EpVSXVckNEbek0uFwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjx7TWtS5KQdRX1cOnFS0wfhm+LMB8GA1UdIwQY
MBaAFIfDfQNdlf77odR/mLn/SXPxffbNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDhOOUExMlZfdnVoMUgtWXVmOUpjX0Y5OXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS81ZWYwNjAtZjQ3My00MDQzLWI4YTIt
ZTFiN2M3NjQ5ZmEzLzEvR1BIdE5hMUxrcEIxRmZWdzZjVkxUQi1HYjRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS81ZWYwNjAtZjQ3My00MDQzLWI4YTItZTFiN2M3NjQ5ZmEz
LzEvaDhOOUExMlZfdnVoMUgtWXVmOUpjX0Y5OXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuTs0MA0G
CSqGSIb3DQEBCwUAA4IBAQCRti1cdk16jqMtr5RiIfLisPEMo67imWN/F3fN0hcP
7pbI+QUykh9Y8x1hM9XaU9Wz3W1meVtm6M6UXuTQyjGxQHo70F8O/zWHma8VgaPh
Xmx76x+sGeT4sRtDkrHU1jejdjgFxlPAsq9ogzOOnvLoGedL/zf9JHd9PijSg5B6
6I/wiVfui3yVmnGshiLoxlEQlbA+MbEexmbm5u0HAf4ZcMhZM4JmU5pAENV4Zh72
pVLO2rUFYulSI6OjWsMC+x0UPL2aREQa61PQ3w/qpseFJuqI+eu4W5OscVb5gJL5
actP/lK6vlDnhU+NDvHkRwO7AQEJlohgaHK1S+doCuY5
-----END CERTIFICATE-----