This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gNi6-DsbW0llKAHMrfK0CxEcgiw.roa
File:                     gNi6-DsbW0llKAHMrfK0CxEcgiw.roa (raw, json)
Hash identifier:          TuNhMzioZ+kalaNyTRcUrYdZHwK4unUfK0qy2mLrCWU=
Subject key identifier:   80:D8:BA:F8:3B:1B:5B:49:65:28:01:CC:AD:F2:B4:0B:11:1C:82:2C
Certificate issuer:       /CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
Certificate serial:       019B7F854743B7EEFB57011D0DF03F1FD1CE
Authority key identifier: 35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gNi6-DsbW0llKAHMrfK0CxEcgiw.roa
Signing time:             Fri 02 Jan 2026 16:23:19 +0000
ROA not before:           Fri 02 Jan 2026 16:23:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34470
IP address blocks:        192.124.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:47:43:b7:ee:fb:57:01:1d:0d:f0:3f:1f:d1:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=35690f5e32d5c86af1e1349dfd4e8ceeb70e1ac7
        Validity
            Not Before: Jan  2 16:23:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80d8baf83b1b5b49652801ccadf2b40b111c822c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:a1:17:fc:11:c2:50:08:eb:a1:c6:8c:7d:ac:
                    d4:d6:3a:a1:79:a5:7f:ed:b3:d0:14:d9:67:7f:5f:
                    bf:3a:22:6d:e1:67:80:82:33:3a:22:08:0f:0b:7c:
                    f3:f6:c2:48:a3:48:55:48:50:da:c2:eb:88:ef:86:
                    a2:55:a5:28:17:5c:be:06:af:df:5d:0a:08:eb:80:
                    ee:f4:12:25:b7:b9:ec:2c:67:af:17:07:db:59:77:
                    2a:b4:75:ee:c1:3e:ae:26:bb:8a:12:71:78:dc:e9:
                    71:bc:00:9e:c1:cf:76:2c:1a:48:a2:f4:7a:d0:6b:
                    c4:07:a3:d8:27:4c:b3:0c:3b:8d:26:3e:4a:3c:25:
                    4d:9e:97:33:19:1f:57:c4:42:f9:4a:10:96:d4:ee:
                    ed:d6:a2:57:0e:4d:53:9f:ed:b3:16:4f:b6:e2:c6:
                    8c:de:b6:61:ed:09:3f:98:11:02:bc:55:e2:33:3c:
                    74:e3:f4:93:8b:b6:c4:47:1b:6b:12:e6:b6:e9:06:
                    fb:b6:55:d7:6c:b8:cc:3f:7d:c0:d7:1c:f1:c7:aa:
                    2a:2a:98:b1:85:36:de:23:01:16:7d:ce:67:51:0a:
                    fb:e1:95:9d:1a:5c:cd:48:ed:8c:7a:8f:14:0a:99:
                    7a:a4:8d:6d:e2:91:e7:85:bf:94:cf:2b:95:2e:b0:
                    f9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:D8:BA:F8:3B:1B:5B:49:65:28:01:CC:AD:F2:B4:0B:11:1C:82:2C
            X509v3 Authority Key Identifier:
                keyid:35:69:0F:5E:32:D5:C8:6A:F1:E1:34:9D:FD:4E:8C:EE:B7:0E:1A:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NWkPXjLVyGrx4TSd_U6M7rcOGsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/gNi6-DsbW0llKAHMrfK0CxEcgiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e1447a-8f18-4a80-a422-5a42428f1143/1/NWkPXjLVyGrx4TSd_U6M7rcOGsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.124.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:68:2e:65:c9:d0:6b:77:a3:16:de:79:60:81:59:bc:30:08:
         e8:4f:66:2e:6b:31:c2:0d:ca:26:05:87:a6:ed:1b:d5:08:43:
         05:26:84:73:1c:51:70:94:de:98:81:b3:25:44:e6:1d:0b:cd:
         03:40:db:6e:85:86:72:59:85:c6:05:4a:a1:29:29:6a:2c:9b:
         e0:d1:6c:0d:29:88:e3:7b:6d:3d:9f:5d:6a:89:49:a3:9f:f6:
         8e:38:e6:a6:e6:39:2d:16:77:b8:77:af:0b:23:66:55:d3:2a:
         da:b3:62:be:11:79:69:d3:9d:46:f9:af:7e:02:ca:d0:e6:8f:
         85:41:8f:08:18:c6:fb:6d:6d:83:4a:d9:a6:34:f9:e7:5f:5e:
         8b:79:01:25:03:b4:ca:f6:55:87:9b:a3:b2:2e:bf:08:1a:a7:
         a6:c6:92:5e:d8:ce:77:d9:3a:fe:42:9e:f6:02:a4:73:2c:3c:
         cc:2f:cc:53:bf:49:6d:60:93:65:21:96:50:32:32:3b:42:1b:
         27:97:73:2a:49:4a:10:3f:24:15:6d:21:50:ea:d9:6c:fb:79:
         10:6e:eb:c6:52:74:a6:47:ed:86:a0:bd:d1:cf:65:bf:98:88:
         9c:d3:a9:6a:d6:10:8a:4d:1b:a2:3c:b3:d9:a3:bd:a2:81:48:
         39:95:9c:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hUdDt+77VwEdDfA/H9HOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NjkwZjVlMzJkNWM4NmFmMWUxMzQ5ZGZkNGU4Y2VlYjcw
ZTFhYzcwHhcNMjYwMTAyMTYyMzE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGQ4YmFmODNiMWI1YjQ5NjUyODAxY2NhZGYyYjQwYjExMWM4MjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8KEX/BHCUAjrocaMfazU1jqheaV/
7bPQFNlnf1+/OiJt4WeAgjM6IggPC3zz9sJIo0hVSFDawuuI74aiVaUoF1y+Bq/f
XQoI64Du9BIlt7nsLGevFwfbWXcqtHXuwT6uJruKEnF43OlxvACewc92LBpIovR6
0GvEB6PYJ0yzDDuNJj5KPCVNnpczGR9XxEL5ShCW1O7t1qJXDk1Tn+2zFk+24saM
3rZh7Qk/mBECvFXiMzx04/STi7bERxtrEua26Qb7tlXXbLjMP33A1xzxx6oqKpix
hTbeIwEWfc5nUQr74ZWdGlzNSO2Meo8UCpl6pI1t4pHnhb+UzyuVLrD5HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDYuvg7G1tJZSgBzK3ytAsRHIIsMB8GA1UdIwQY
MBaAFDVpD14y1chq8eE0nf1OjO63DhrHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjIt
NWE0MjQyOGYxMTQzLzEvZ05pNi1Ec2JXMGxsS0FITXJmSzBDeEVjZ2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lMTQ0N2EtOGYxOC00YTgwLWE0MjItNWE0MjQyOGYxMTQz
LzEvTldrUFhqTFZ5R3J4NFRTZF9VNk03cmNPR3NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwHyrMA0G
CSqGSIb3DQEBCwUAA4IBAQAOaC5lydBrd6MW3nlggVm8MAjoT2YuazHCDcomBYem
7RvVCEMFJoRzHFFwlN6YgbMlROYdC80DQNtuhYZyWYXGBUqhKSlqLJvg0WwNKYjj
e209n11qiUmjn/aOOOam5jktFne4d68LI2ZV0yras2K+EXlp051G+a9+AsrQ5o+F
QY8IGMb7bW2DStmmNPnnX16LeQElA7TK9lWHm6OyLr8IGqemxpJe2M532Tr+Qp72
AqRzLDzML8xTv0ltYJNlIZZQMjI7Qhsnl3MqSUoQPyQVbSFQ6tls+3kQbuvGUnSm
R+2GoL3Rz2W/mIic06lq1hCKTRuiPLPZo72igUg5lZyZ
-----END CERTIFICATE-----