This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/Q8f2hwrgBcmwsGttOqQFOmmvrlA.roa
File:                     Q8f2hwrgBcmwsGttOqQFOmmvrlA.roa (raw, json)
Hash identifier:          Qf6hBMn0KyYWulfvD0KflJ8dBoq43tVk6EkzMqEGRmM=
Subject key identifier:   43:C7:F6:87:0A:E0:05:C9:B0:B0:6B:6D:3A:A4:05:3A:69:AF:AE:50
Certificate issuer:       /CN=826be1fb71af48d6b318510aa8bdf9a815f33db8
Certificate serial:       019B7E3745C241EB947D573F0E21D21721B7
Authority key identifier: 82:6B:E1:FB:71:AF:48:D6:B3:18:51:0A:A8:BD:F9:A8:15:F3:3D:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/Q8f2hwrgBcmwsGttOqQFOmmvrlA.roa
Signing time:             Fri 02 Jan 2026 10:18:30 +0000
ROA not before:           Fri 02 Jan 2026 10:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58212
IP address blocks:        192.166.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 07:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:45:c2:41:eb:94:7d:57:3f:0e:21:d2:17:21:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826be1fb71af48d6b318510aa8bdf9a815f33db8
        Validity
            Not Before: Jan  2 10:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43c7f6870ae005c9b0b06b6d3aa4053a69afae50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:8b:1f:63:b8:3f:1a:3b:87:76:cb:8c:12:84:
                    06:9c:e7:17:d9:24:fb:82:c2:bd:d2:91:42:fa:af:
                    58:50:70:dc:18:98:e9:c5:05:6c:b7:60:f1:d5:02:
                    b3:ee:ef:f6:be:e4:56:af:09:2b:76:75:11:6c:f2:
                    a5:fe:77:e6:0c:e8:b2:a6:b0:e1:a3:be:f7:be:e9:
                    aa:d0:6d:16:31:28:49:a1:1a:b1:7e:5d:70:e6:b2:
                    be:47:4b:d4:ec:a3:4c:8d:58:2e:2c:a2:2a:61:b2:
                    8f:1c:83:17:eb:fe:ee:bc:41:a8:1d:38:cf:c2:eb:
                    e7:7c:1a:f1:0b:bf:49:7c:50:b7:46:83:e5:45:19:
                    1a:bc:03:ef:95:ac:1a:f9:c1:02:25:6c:c0:9e:64:
                    a3:d9:37:23:72:2c:aa:5b:da:7a:36:50:a7:37:4d:
                    f3:8e:15:99:2e:79:c9:40:3c:37:01:c0:d8:30:05:
                    fc:b2:f9:2b:38:e8:e0:bb:94:cc:d3:8f:df:86:28:
                    02:38:1a:04:e2:7a:1a:bd:e6:6e:bf:86:40:4e:4e:
                    f4:1f:5a:ef:a6:ab:c3:5f:10:9a:6d:ef:f3:28:12:
                    df:1d:7b:f5:46:95:53:7a:55:26:31:d5:84:06:f4:
                    3f:30:7a:8d:6b:1d:a2:91:ec:ef:da:6d:8a:da:99:
                    97:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:C7:F6:87:0A:E0:05:C9:B0:B0:6B:6D:3A:A4:05:3A:69:AF:AE:50
            X509v3 Authority Key Identifier:
                keyid:82:6B:E1:FB:71:AF:48:D6:B3:18:51:0A:A8:BD:F9:A8:15:F3:3D:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/Q8f2hwrgBcmwsGttOqQFOmmvrlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:28:59:40:0e:dd:32:98:53:3b:cc:a7:6e:08:3e:16:c3:05:
         3a:19:a8:fc:48:bc:4f:7b:b1:54:1c:47:bc:2d:09:11:31:ea:
         21:85:13:46:17:fb:a2:0d:b7:8e:36:d8:a0:e3:ce:75:43:0e:
         f4:56:3f:36:ab:63:94:ce:13:fd:05:99:0b:11:dc:8c:3d:fe:
         ec:16:4b:44:e1:79:dc:cf:a6:e8:b3:f2:0d:c9:3e:3c:66:d4:
         84:31:5e:a8:21:e7:88:7c:2c:7d:fd:e1:c0:68:5b:ce:0d:7c:
         6a:ba:3f:4c:f9:2a:14:80:a3:71:0c:a7:f7:cb:68:bf:5f:91:
         94:9c:05:e9:4e:eb:f9:e5:c6:c0:8e:99:86:fe:35:2b:c6:2a:
         9c:c2:e1:30:ff:73:1f:ae:36:1d:3a:6e:5a:60:31:eb:2a:18:
         0a:ca:50:87:19:95:6c:bf:67:d2:c8:ba:3b:ab:15:93:fd:b5:
         c4:4a:fb:93:05:a0:a7:c8:b8:db:a9:2a:5f:c4:64:df:07:e2:
         02:0f:41:18:4f:fa:3b:97:af:1a:a3:6f:8b:fc:c2:45:3b:5b:
         9b:0e:54:c9:5b:21:bb:e0:40:92:76:3e:c7:c2:47:b8:a7:27:
         bb:a8:85:56:a4:14:2a:fd:bd:e1:dc:1d:69:8a:45:97:4d:36:
         e5:fc:11:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N0XCQeuUfVc/DiHSFyG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNmJlMWZiNzFhZjQ4ZDZiMzE4NTEwYWE4YmRmOWE4MTVm
MzNkYjgwHhcNMjYwMTAyMTAxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2M3ZjY4NzBhZTAwNWM5YjBiMDZiNmQzYWE0MDUzYTY5YWZhZTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5osfY7g/GjuHdsuMEoQGnOcX2ST7
gsK90pFC+q9YUHDcGJjpxQVst2Dx1QKz7u/2vuRWrwkrdnURbPKl/nfmDOiyprDh
o773vumq0G0WMShJoRqxfl1w5rK+R0vU7KNMjVguLKIqYbKPHIMX6/7uvEGoHTjP
wuvnfBrxC79JfFC3RoPlRRkavAPvlawa+cECJWzAnmSj2TcjciyqW9p6NlCnN03z
jhWZLnnJQDw3AcDYMAX8svkrOOjgu5TM04/fhigCOBoE4noaveZuv4ZATk70H1rv
pqvDXxCabe/zKBLfHXv1RpVTelUmMdWEBvQ/MHqNax2ikezv2m2K2pmXqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPH9ocK4AXJsLBrbTqkBTppr65QMB8GA1UdIwQY
MBaAFIJr4ftxr0jWsxhRCqi9+agV8z24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ212aC0zR3ZTTmF6R0ZFS3FMMzVxQlh6UGJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9hYzY4OWItMGUzNi00OWZkLThmOWMt
ZGVkNzIwMTQyNzQ0LzEvUThmMmh3cmdCY213c0d0dE9xUUZPbW12cmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9hYzY4OWItMGUzNi00OWZkLThmOWMtZGVkNzIwMTQyNzQ0
LzEvZ212aC0zR3ZTTmF6R0ZFS3FMMzVxQlh6UGJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKbjMA0G
CSqGSIb3DQEBCwUAA4IBAQBVKFlADt0ymFM7zKduCD4WwwU6Gaj8SLxPe7FUHEe8
LQkRMeohhRNGF/uiDbeONtig4851Qw70Vj82q2OUzhP9BZkLEdyMPf7sFktE4Xnc
z6bos/INyT48ZtSEMV6oIeeIfCx9/eHAaFvODXxquj9M+SoUgKNxDKf3y2i/X5GU
nAXpTuv55cbAjpmG/jUrxiqcwuEw/3MfrjYdOm5aYDHrKhgKylCHGZVsv2fSyLo7
qxWT/bXESvuTBaCnyLjbqSpfxGTfB+ICD0EYT/o7l68ao2+L/MJFO1ubDlTJWyG7
4ECSdj7Hwke4pye7qIVWpBQq/b3h3B1pikWXTTbl/BHw
-----END CERTIFICATE-----