This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.


Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/GkG94oLLyaWn0LlA7PecrXl0W9M.roa
File:                     GkG94oLLyaWn0LlA7PecrXl0W9M.roa (raw, json)
Hash identifier:          Vz1DhIY+rwizM8CF8BSBpl44BncSNC0p93dQaqvmHIk=
Subject key identifier:   1A:41:BD:E2:82:CB:C9:A5:A7:D0:B9:40:EC:F7:9C:AD:79:74:5B:D3
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       019B7A5B350B0EE194593E440691CC71FBCF
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/GkG94oLLyaWn0LlA7PecrXl0W9M.roa
Signing time:             Thu 01 Jan 2026 16:19:16 +0000
ROA not before:           Thu 01 Jan 2026 16:19:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210558
IP address blocks:        45.152.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:02:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:35:0b:0e:e1:94:59:3e:44:06:91:cc:71:fb:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 16:19:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a41bde282cbc9a5a7d0b940ecf79cad79745bd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:50:22:4e:cf:9b:8a:eb:ba:55:68:df:a3:a2:
                    e5:83:18:37:f2:f5:a6:79:04:d3:63:5b:29:ab:86:
                    fd:db:6c:16:a6:d9:e0:1a:c0:44:0b:64:ac:a2:a3:
                    83:65:2e:2f:70:d8:a7:eb:21:4e:fa:36:41:2b:1b:
                    5b:f0:80:62:bf:3c:82:48:98:8b:e7:b3:2c:6e:38:
                    75:5a:03:d9:73:3c:65:61:15:7d:37:81:fb:8c:ed:
                    ba:ff:6c:ec:0f:7d:41:73:ce:b8:83:03:04:63:97:
                    96:29:cd:47:79:fb:ab:8b:8a:d5:ee:03:3d:71:55:
                    48:b2:5f:70:fd:32:34:94:30:9a:84:d4:dc:1c:7e:
                    c7:df:7a:b1:af:11:9c:fc:6a:d7:81:ee:c3:fb:96:
                    c6:b6:87:b7:79:f2:80:e4:d7:44:5e:dc:90:ee:bf:
                    85:d8:e8:d6:95:59:15:9d:c0:0a:39:11:77:79:db:
                    c6:0e:73:e4:de:c1:5a:f6:c2:b9:3e:77:e9:5e:4b:
                    d1:71:05:13:30:be:dd:b4:de:95:5e:d5:4e:60:a6:
                    3c:3c:b3:86:a9:40:d6:f3:d7:30:f2:b8:b1:66:4d:
                    3a:8f:71:0c:34:38:74:e5:1b:d3:a5:ba:02:08:f9:
                    29:07:b8:51:47:f5:a5:2e:b8:42:a4:68:a3:9f:7a:
                    15:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:41:BD:E2:82:CB:C9:A5:A7:D0:B9:40:EC:F7:9C:AD:79:74:5B:D3
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/GkG94oLLyaWn0LlA7PecrXl0W9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:fb:f9:74:f8:f9:0b:42:49:9d:e6:e5:ae:4e:1c:e2:e7:a4:
         fe:2d:32:66:bc:aa:fd:12:8d:22:14:35:a5:28:7f:2e:ff:41:
         2e:32:d6:72:9b:e3:e9:33:c8:ab:84:21:ed:a0:2e:e8:f2:9a:
         1e:85:c4:4f:84:1b:64:0e:ed:ed:d2:b2:90:b7:05:d3:23:e2:
         eb:59:f3:19:0e:28:08:e5:de:92:7a:6c:2c:81:b8:39:72:ff:
         87:ff:61:18:b2:f3:38:ba:b1:76:41:6c:76:20:a2:26:28:28:
         09:61:1c:ac:7d:8b:2b:dc:a0:75:a7:bf:c5:24:54:f2:0c:b3:
         d5:49:52:bc:e2:4e:72:53:ee:76:ce:c0:e5:c8:e1:61:a7:1f:
         bf:40:a0:e6:bf:54:ab:a6:3b:aa:29:9c:55:17:71:74:f5:63:
         19:3a:f9:af:f6:4a:f5:4d:d9:b2:16:06:05:01:5d:b6:66:5e:
         dc:b4:35:47:63:d6:be:f4:e4:55:1b:0f:23:80:f2:c6:58:1e:
         1e:93:c7:02:72:fd:cf:54:89:33:b0:cf:41:39:67:a6:55:6e:
         22:97:af:8c:9d:9f:93:81:8e:fc:c9:ed:bd:0a:66:7e:10:d4:
         50:28:8c:7a:8e:30:7f:b1:0b:99:bb:9b:49:5c:47:6b:37:10:
         cf:37:8c:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WzULDuGUWT5EBpHMcfvPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjYwMTAxMTYxOTE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTQxYmRlMjgyY2JjOWE1YTdkMGI5NDBlY2Y3OWNhZDc5NzQ1YmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmVAiTs+biuu6VWjfo6Llgxg38vWm
eQTTY1spq4b922wWptngGsBEC2SsoqODZS4vcNin6yFO+jZBKxtb8IBivzyCSJiL
57Msbjh1WgPZczxlYRV9N4H7jO26/2zsD31Bc864gwMEY5eWKc1Hefuri4rV7gM9
cVVIsl9w/TI0lDCahNTcHH7H33qxrxGc/GrXge7D+5bGtoe3efKA5NdEXtyQ7r+F
2OjWlVkVncAKORF3edvGDnPk3sFa9sK5PnfpXkvRcQUTML7dtN6VXtVOYKY8PLOG
qUDW89cw8rixZk06j3EMNDh05RvTpboCCPkpB7hRR/WlLrhCpGijn3oVTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBpBveKCy8mlp9C5QOz3nK15dFvTMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvR2tHOTRvTEx5YVduMExsQTdQZWNyWGwwVzlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZiVMA0G
CSqGSIb3DQEBCwUAA4IBAQB4+/l0+PkLQkmd5uWuThzi56T+LTJmvKr9Eo0iFDWl
KH8u/0EuMtZym+PpM8irhCHtoC7o8poehcRPhBtkDu3t0rKQtwXTI+LrWfMZDigI
5d6Semwsgbg5cv+H/2EYsvM4urF2QWx2IKImKCgJYRysfYsr3KB1p7/FJFTyDLPV
SVK84k5yU+52zsDlyOFhpx+/QKDmv1SrpjuqKZxVF3F09WMZOvmv9kr1TdmyFgYF
AV22Zl7ctDVHY9a+9ORVGw8jgPLGWB4ek8cCcv3PVIkzsM9BOWemVW4il6+MnZ+T
gY78ye29CmZ+ENRQKIx6jjB/sQuZu5tJXEdrNxDPN4z7
-----END CERTIFICATE-----
Generated at Mon Jan 19 20:00:51 2026 by rpki-client