This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/gn4jpmqvHPR6rBGCBxZHXL4XW7Q.roa
File:                     gn4jpmqvHPR6rBGCBxZHXL4XW7Q.roa (raw, json)
Hash identifier:          zEyp0ISXI99Ue+kTnL8hqnoTwJyraQRvQCykId/nY+Q=
Subject key identifier:   82:7E:23:A6:6A:AF:1C:F4:7A:AC:11:82:07:16:47:5C:BE:17:5B:B4
Certificate issuer:       /CN=aaebc9bfef2b4d23f19513bfd4d60bb798f5a59d
Certificate serial:       019B7DC9F6EC14E8DCA99E6E361788CCAE57
Authority key identifier: AA:EB:C9:BF:EF:2B:4D:23:F1:95:13:BF:D4:D6:0B:B7:98:F5:A5:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/quvJv-8rTSPxlRO_1NYLt5j1pZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/gn4jpmqvHPR6rBGCBxZHXL4XW7Q.roa
Signing time:             Fri 02 Jan 2026 08:19:06 +0000
ROA not before:           Fri 02 Jan 2026 08:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21859
IP address blocks:        84.33.16.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/quvJv-8rTSPxlRO_1NYLt5j1pZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/quvJv-8rTSPxlRO_1NYLt5j1pZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/quvJv-8rTSPxlRO_1NYLt5j1pZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 Jan 2026 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:f6:ec:14:e8:dc:a9:9e:6e:36:17:88:cc:ae:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaebc9bfef2b4d23f19513bfd4d60bb798f5a59d
        Validity
            Not Before: Jan  2 08:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=827e23a66aaf1cf47aac11820716475cbe175bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:54:bc:d6:db:97:df:9f:a4:ff:02:bd:4c:da:
                    23:9a:9e:67:c1:bb:ae:77:12:1f:a8:a2:aa:cf:59:
                    ca:bc:6a:f8:3a:88:96:44:4f:f0:b7:46:a8:f4:cb:
                    ed:de:b8:ed:28:d8:4c:b7:f5:6a:0d:f4:e0:a7:ab:
                    cb:9f:40:5f:ba:29:74:0d:71:6e:46:63:87:ab:da:
                    9b:d4:47:0d:96:31:58:c2:39:a3:63:91:d5:82:d5:
                    ad:6e:88:73:f4:99:97:4b:cf:53:a4:c9:15:9e:17:
                    31:cb:11:52:a6:5b:9d:3a:af:1a:f3:d3:8b:7a:07:
                    8b:45:ad:44:f2:9f:2e:bd:60:6a:68:01:d8:01:f5:
                    ca:1f:be:55:66:fe:b0:85:2c:57:cf:cc:31:12:a1:
                    fc:4a:8e:93:b2:98:7b:99:9a:e5:79:0a:ef:cc:13:
                    3e:34:72:d2:f8:88:ed:37:49:23:e7:45:b2:a0:c8:
                    71:47:b9:c2:ac:9b:86:d2:bb:2e:25:fc:35:a4:58:
                    75:74:38:66:29:76:05:69:3b:b1:d8:98:14:ac:58:
                    39:2b:2f:c3:c5:e9:6a:bf:bd:20:c7:83:6b:2c:18:
                    42:6d:42:f2:2b:5a:93:27:8b:d8:04:26:53:21:a2:
                    f0:e5:21:17:3d:50:f3:89:57:52:6b:78:da:05:79:
                    af:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:7E:23:A6:6A:AF:1C:F4:7A:AC:11:82:07:16:47:5C:BE:17:5B:B4
            X509v3 Authority Key Identifier:
                keyid:AA:EB:C9:BF:EF:2B:4D:23:F1:95:13:BF:D4:D6:0B:B7:98:F5:A5:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/quvJv-8rTSPxlRO_1NYLt5j1pZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/gn4jpmqvHPR6rBGCBxZHXL4XW7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/fb1289-4d14-40f0-9679-11afb4992eef/1/quvJv-8rTSPxlRO_1NYLt5j1pZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.33.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         bd:f7:11:3d:fb:74:a1:1f:e6:49:09:9e:bf:49:aa:9b:61:14:
         d6:e8:64:e1:ec:4f:d2:51:2f:82:0a:8d:7f:90:65:97:0a:73:
         33:fa:d2:07:8b:9b:6e:db:48:03:a7:70:dc:e6:b2:00:58:3d:
         ed:97:4f:0e:e9:ac:fd:d0:4f:af:7f:3c:1b:ef:dc:9e:06:9f:
         99:0e:77:41:59:f0:73:48:0d:2d:9d:0c:28:2e:53:68:b7:92:
         fd:00:ae:cf:a9:2a:f9:7e:86:d3:b6:c3:c3:2f:4e:ac:80:e9:
         03:74:ca:b6:d3:f9:3b:88:cf:32:90:65:d1:5a:2c:f3:4c:8c:
         4f:d2:f2:30:ca:02:bc:a4:59:6f:2c:d6:d3:a8:9a:35:fd:f8:
         a5:c8:35:73:15:d4:94:79:91:64:ee:97:0f:f9:00:77:2a:50:
         b7:a5:58:16:60:91:62:80:2f:52:9b:96:a7:66:f1:58:d0:f0:
         ca:9b:2d:30:7a:22:4e:7e:74:dd:ea:f8:ed:0f:81:58:dc:ce:
         cb:21:55:e1:dc:e0:b8:aa:3c:cf:4e:fe:ae:25:34:70:5c:6a:
         64:8f:8a:95:d2:93:a0:b0:e6:76:8c:78:7a:cd:a1:20:0c:09:
         b7:48:45:aa:90:d0:02:18:9c:87:56:6c:b1:90:d2:76:58:b9:
         6d:6e:08:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yfbsFOjcqZ5uNheIzK5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZWJjOWJmZWYyYjRkMjNmMTk1MTNiZmQ0ZDYwYmI3OThm
NWE1OWQwHhcNMjYwMTAyMDgxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjdlMjNhNjZhYWYxY2Y0N2FhYzExODIwNzE2NDc1Y2JlMTc1YmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VS81tuX35+k/wK9TNojmp5nwbuu
dxIfqKKqz1nKvGr4OoiWRE/wt0ao9Mvt3rjtKNhMt/VqDfTgp6vLn0Bfuil0DXFu
RmOHq9qb1EcNljFYwjmjY5HVgtWtbohz9JmXS89TpMkVnhcxyxFSpludOq8a89OL
egeLRa1E8p8uvWBqaAHYAfXKH75VZv6whSxXz8wxEqH8So6Tsph7mZrleQrvzBM+
NHLS+IjtN0kj50WyoMhxR7nCrJuG0rsuJfw1pFh1dDhmKXYFaTux2JgUrFg5Ky/D
xelqv70gx4NrLBhCbULyK1qTJ4vYBCZTIaLw5SEXPVDziVdSa3jaBXmvwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIJ+I6Zqrxz0eqwRggcWR1y+F1u0MB8GA1UdIwQY
MBaAFKrryb/vK00j8ZUTv9TWC7eY9aWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXV2SnYtOHJUU1B4bFJPXzFOWUx0NWoxcFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9mYjEyODktNGQxNC00MGYwLTk2Nzkt
MTFhZmI0OTkyZWVmLzEvZ240anBtcXZIUFI2ckJHQ0J4WkhYTDRYVzdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9mYjEyODktNGQxNC00MGYwLTk2NzktMTFhZmI0OTkyZWVm
LzEvcXV2SnYtOHJUU1B4bFJPXzFOWUx0NWoxcFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVCEQMA0G
CSqGSIb3DQEBCwUAA4IBAQC99xE9+3ShH+ZJCZ6/SaqbYRTW6GTh7E/SUS+CCo1/
kGWXCnMz+tIHi5tu20gDp3Dc5rIAWD3tl08O6az90E+vfzwb79yeBp+ZDndBWfBz
SA0tnQwoLlNot5L9AK7PqSr5fobTtsPDL06sgOkDdMq20/k7iM8ykGXRWizzTIxP
0vIwygK8pFlvLNbTqJo1/filyDVzFdSUeZFk7pcP+QB3KlC3pVgWYJFigC9Sm5an
ZvFY0PDKmy0weiJOfnTd6vjtD4FY3M7LIVXh3OC4qjzPTv6uJTRwXGpkj4qV0pOg
sOZ2jHh6zaEgDAm3SEWqkNACGJyHVmyxkNJ2WLltbgjg
-----END CERTIFICATE-----