This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/GKI0oMGPc_ao96H_Pxppo6dkqjU.roa
File:                     GKI0oMGPc_ao96H_Pxppo6dkqjU.roa (raw, json)
Hash identifier:          zkKvY4dzGqAm86wlj6w2FQOXQJkkmZRclubHEKVhIrs=
Subject key identifier:   18:A2:34:A0:C1:8F:73:F6:A8:F7:A1:FF:3F:1A:69:A3:A7:64:AA:35
Certificate issuer:       /CN=8e987039b3f3b2db9b298ae0d8d0eb348969ad62
Certificate serial:       019B79105234E18000852BFD7BE094F03E60
Authority key identifier: 8E:98:70:39:B3:F3:B2:DB:9B:29:8A:E0:D8:D0:EB:34:89:69:AD:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/GKI0oMGPc_ao96H_Pxppo6dkqjU.roa
Signing time:             Thu 01 Jan 2026 10:17:51 +0000
ROA not before:           Thu 01 Jan 2026 10:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        193.134.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:52:34:e1:80:00:85:2b:fd:7b:e0:94:f0:3e:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e987039b3f3b2db9b298ae0d8d0eb348969ad62
        Validity
            Not Before: Jan  1 10:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=18a234a0c18f73f6a8f7a1ff3f1a69a3a764aa35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8f:a0:63:a8:8c:4b:1e:e2:70:0d:3c:4c:4b:
                    a2:df:f1:e7:db:66:a8:6d:e4:22:89:f2:ad:54:a7:
                    cb:2b:14:4b:0b:aa:3b:49:11:f0:0c:3c:e9:f3:32:
                    8c:cc:ba:00:ef:38:af:61:b4:21:e3:a4:c6:04:a8:
                    30:e2:d6:5f:03:75:e3:62:ec:99:e5:f4:81:65:62:
                    84:e1:7f:6d:72:6c:d8:fd:99:7a:fe:52:36:d8:e0:
                    2a:f4:3b:1e:ff:5a:2f:95:07:37:64:77:d5:1b:e7:
                    53:43:7c:37:01:97:31:61:8b:71:0a:75:06:8c:69:
                    62:75:17:36:10:ec:86:dd:ec:66:87:a2:c4:1d:cd:
                    91:0c:6a:2a:6f:b2:a7:cb:98:b6:4e:f5:61:37:88:
                    98:66:7f:6f:e3:1a:52:7e:ed:ae:22:6e:1c:f1:1a:
                    2a:0e:07:c1:9e:c9:39:66:55:ed:ae:33:7b:85:57:
                    73:82:4b:c1:6d:55:74:b7:b6:84:77:dc:ec:e2:c7:
                    c5:ad:bc:75:7f:d4:90:8d:03:1a:38:40:f8:fe:5b:
                    45:04:b8:a0:c5:eb:f7:d6:6c:02:a0:9a:1a:17:2e:
                    ae:a5:b8:8e:33:31:13:ef:51:d6:52:1e:6d:4a:5f:
                    83:17:a4:18:2b:a8:e9:c1:1d:0b:bf:b7:cb:f7:27:
                    2e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:A2:34:A0:C1:8F:73:F6:A8:F7:A1:FF:3F:1A:69:A3:A7:64:AA:35
            X509v3 Authority Key Identifier:
                keyid:8E:98:70:39:B3:F3:B2:DB:9B:29:8A:E0:D8:D0:EB:34:89:69:AD:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jphwObPzstubKYrg2NDrNIlprWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/GKI0oMGPc_ao96H_Pxppo6dkqjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/366560-096e-4835-89fd-563600319a1f/1/jphwObPzstubKYrg2NDrNIlprWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:4d:be:27:9f:ea:b0:30:87:80:26:e7:31:95:fc:6d:1d:93:
         72:e4:03:8b:e4:6e:92:ab:0f:3f:dc:28:9f:0d:0e:c7:a8:27:
         6c:68:b6:c2:b3:a8:1e:b1:4c:7e:a7:70:36:a8:85:59:f0:70:
         26:76:57:5c:cb:99:f0:a7:1c:f9:c3:4e:24:38:91:93:b6:df:
         d3:ea:d4:91:4e:bd:a0:b9:7b:f7:6d:46:89:0d:7e:a3:71:67:
         32:11:56:4f:a2:e0:33:57:6b:53:0b:c7:eb:12:fe:b4:32:e5:
         04:9e:89:d2:8f:76:83:5e:9b:4d:27:f2:18:16:f9:93:f7:70:
         ab:8d:cf:67:39:b7:63:e7:20:0b:84:7e:07:08:b1:0d:c9:f2:
         df:4f:04:59:c5:34:62:fc:07:59:0c:d5:b8:dc:a1:0a:40:ed:
         3b:85:23:4e:e5:74:97:59:74:5c:d2:5e:ee:ae:ac:cf:78:23:
         9a:49:b4:64:d9:7e:d2:a0:89:67:bc:a4:ab:0a:78:98:7a:e8:
         64:5e:7d:01:26:f7:72:41:6e:2b:91:fa:84:6e:ce:45:e8:94:
         c4:b7:a4:2d:05:81:95:4f:de:25:dc:c9:1c:33:ce:a9:6d:d1:
         7a:70:91:0d:6f:e4:0d:97:c5:a9:ea:5f:ad:56:90:5b:3f:45:
         d0:eb:36:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EFI04YAAhSv9e+CU8D5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlOTg3MDM5YjNmM2IyZGI5YjI5OGFlMGQ4ZDBlYjM0ODk2
OWFkNjIwHhcNMjYwMTAxMTAxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGEyMzRhMGMxOGY3M2Y2YThmN2ExZmYzZjFhNjlhM2E3NjRhYTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAso+gY6iMSx7icA08TEui3/Hn22ao
beQiifKtVKfLKxRLC6o7SRHwDDzp8zKMzLoA7zivYbQh46TGBKgw4tZfA3XjYuyZ
5fSBZWKE4X9tcmzY/Zl6/lI22OAq9Dse/1ovlQc3ZHfVG+dTQ3w3AZcxYYtxCnUG
jGlidRc2EOyG3exmh6LEHc2RDGoqb7Kny5i2TvVhN4iYZn9v4xpSfu2uIm4c8Roq
DgfBnsk5ZlXtrjN7hVdzgkvBbVV0t7aEd9zs4sfFrbx1f9SQjQMaOED4/ltFBLig
xev31mwCoJoaFy6upbiOMzET71HWUh5tSl+DF6QYK6jpwR0Lv7fL9ycuwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBiiNKDBj3P2qPeh/z8aaaOnZKo1MB8GA1UdIwQY
MBaAFI6YcDmz87LbmymK4NjQ6zSJaa1iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanBod09iUHpzdHViS1lyZzJORHJOSWxwcldJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC8zNjY1NjAtMDk2ZS00ODM1LTg5ZmQt
NTYzNjAwMzE5YTFmLzEvR0tJMG9NR1BjX2FvOTZIX1B4cHBvNmRrcWpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC8zNjY1NjAtMDk2ZS00ODM1LTg5ZmQtNTYzNjAwMzE5YTFm
LzEvanBod09iUHpzdHViS1lyZzJORHJOSWxwcldJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwYaXMA0G
CSqGSIb3DQEBCwUAA4IBAQDITb4nn+qwMIeAJucxlfxtHZNy5AOL5G6Sqw8/3Cif
DQ7HqCdsaLbCs6gesUx+p3A2qIVZ8HAmdldcy5nwpxz5w04kOJGTtt/T6tSRTr2g
uXv3bUaJDX6jcWcyEVZPouAzV2tTC8frEv60MuUEnonSj3aDXptNJ/IYFvmT93Cr
jc9nObdj5yALhH4HCLENyfLfTwRZxTRi/AdZDNW43KEKQO07hSNO5XSXWXRc0l7u
rqzPeCOaSbRk2X7SoIlnvKSrCniYeuhkXn0BJvdyQW4rkfqEbs5F6JTEt6QtBYGV
T94l3MkcM86pbdF6cJENb+QNl8Wp6l+tVpBbP0XQ6zaU
-----END CERTIFICATE-----