This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/35a6e5-3364-4a74-964c-3d4b283f322d/1/gmn2k3f32tfDXu2zwYzVyGe8JSs.roa
File:                     gmn2k3f32tfDXu2zwYzVyGe8JSs.roa (raw, json)
Hash identifier:          W9sjDbpYZWeZAU/ChNMb2ZUNyZYk9yxty8Xm+AfcIh8=
Subject key identifier:   82:69:F6:93:77:F7:DA:D7:C3:5E:ED:B3:C1:8C:D5:C8:67:BC:25:2B
Certificate issuer:       /CN=dc0dea4ea2546d7a019a4ef8243b5eb63565c847
Certificate serial:       019B7E3901FC726CEB98D2574A3EDCAB5610
Authority key identifier: DC:0D:EA:4E:A2:54:6D:7A:01:9A:4E:F8:24:3B:5E:B6:35:65:C8:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3A3qTqJUbXoBmk74JDtetjVlyEc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/35a6e5-3364-4a74-964c-3d4b283f322d/1/gmn2k3f32tfDXu2zwYzVyGe8JSs.roa
Signing time:             Fri 02 Jan 2026 10:20:23 +0000
ROA not before:           Fri 02 Jan 2026 10:20:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     680
IP address blocks:        139.20.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/35a6e5-3364-4a74-964c-3d4b283f322d/1/3A3qTqJUbXoBmk74JDtetjVlyEc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/35a6e5-3364-4a74-964c-3d4b283f322d/1/3A3qTqJUbXoBmk74JDtetjVlyEc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3A3qTqJUbXoBmk74JDtetjVlyEc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:01:fc:72:6c:eb:98:d2:57:4a:3e:dc:ab:56:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc0dea4ea2546d7a019a4ef8243b5eb63565c847
        Validity
            Not Before: Jan  2 10:20:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8269f69377f7dad7c35eedb3c18cd5c867bc252b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:76:64:d9:1f:e5:19:88:10:75:bb:4b:36:21:
                    ed:cb:6d:7e:d6:5c:b5:e2:b8:62:81:92:80:12:2e:
                    6c:c2:8f:4d:8f:dd:e5:44:5e:be:57:33:c5:58:83:
                    ef:f3:21:d2:d3:92:33:ff:81:36:58:53:85:b4:02:
                    c2:2c:6a:25:69:26:85:02:fc:07:e0:af:f9:0e:e9:
                    8f:70:d7:c1:aa:81:60:62:54:d2:0f:7d:21:2c:c1:
                    31:2d:e4:86:f3:4d:64:ed:71:6e:53:9e:3a:be:77:
                    50:4e:2b:74:e2:ad:38:be:55:1e:89:9b:c9:89:a7:
                    46:b2:96:1e:09:ba:eb:6f:a6:67:88:6f:60:72:dc:
                    4d:1a:3a:4f:57:c0:ed:58:ce:eb:98:53:1f:0c:67:
                    b6:02:18:44:95:41:4d:b5:25:36:ad:ce:a7:f3:a4:
                    22:59:2e:08:2a:80:91:9e:7c:93:f4:9b:1d:8f:9e:
                    df:fb:74:46:43:26:ef:9d:c0:d4:7a:a1:a4:53:d1:
                    2f:6f:7f:32:da:b8:36:08:07:52:ea:1b:01:52:a2:
                    51:1b:91:df:98:fc:1c:19:45:ae:97:53:50:8d:7e:
                    6f:f7:b4:3e:9b:07:6c:22:1b:1b:7c:47:8d:8f:78:
                    ca:6a:84:6f:48:c1:f8:f1:00:d8:78:0e:62:68:f8:
                    d9:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:69:F6:93:77:F7:DA:D7:C3:5E:ED:B3:C1:8C:D5:C8:67:BC:25:2B
            X509v3 Authority Key Identifier:
                keyid:DC:0D:EA:4E:A2:54:6D:7A:01:9A:4E:F8:24:3B:5E:B6:35:65:C8:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3A3qTqJUbXoBmk74JDtetjVlyEc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/35a6e5-3364-4a74-964c-3d4b283f322d/1/gmn2k3f32tfDXu2zwYzVyGe8JSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/35a6e5-3364-4a74-964c-3d4b283f322d/1/3A3qTqJUbXoBmk74JDtetjVlyEc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.20.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a2:bb:a9:d0:ad:2f:ba:a9:22:b4:21:dc:67:39:de:af:78:41:
         a6:25:f6:e8:2d:63:b5:57:66:2f:6c:21:14:80:67:80:c7:4d:
         a7:ba:52:46:6c:79:01:32:f2:46:27:74:1d:20:90:a3:d7:67:
         8f:f8:75:2c:0d:e2:cc:aa:3a:45:f3:15:8a:24:27:80:e3:b6:
         a8:78:20:dc:54:b9:b7:bb:17:82:50:e1:16:77:3d:3c:7f:c2:
         70:d4:c5:4f:5a:ad:e9:f4:35:97:f7:2b:14:9b:0a:e6:c2:f6:
         c9:df:4d:47:00:72:3f:a0:3a:e3:fb:ef:25:3a:9d:f8:f2:1d:
         f9:97:75:f3:cd:de:3c:9d:65:bb:99:79:3b:54:07:59:af:72:
         7d:07:c6:8e:74:ba:6f:05:b9:90:5a:90:36:f0:ef:58:0b:4d:
         1e:fc:b3:12:33:7c:cb:c9:9e:ae:52:93:84:98:03:96:de:c9:
         22:21:d1:94:50:d4:d7:0c:0d:f8:5d:5a:75:6b:b6:96:3b:46:
         e4:ab:9c:a3:51:71:8d:fa:e9:11:bc:a7:bf:80:7b:46:8a:ac:
         47:d0:31:4f:01:26:ea:50:ef:71:4e:85:bf:6d:74:87:3f:ee:
         c0:5f:2c:97:22:b4:86:a3:b7:4d:d4:f5:52:a3:b3:15:5b:a4:
         97:f7:48:e1
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt+OQH8cmzrmNJXSj7cq1YQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMGRlYTRlYTI1NDZkN2EwMTlhNGVmODI0M2I1ZWI2MzU2
NWM4NDcwHhcNMjYwMTAyMTAyMDIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjY5ZjY5Mzc3ZjdkYWQ3YzM1ZWVkYjNjMThjZDVjODY3YmMyNTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHZk2R/lGYgQdbtLNiHty21+1ly1
4rhigZKAEi5swo9Nj93lRF6+VzPFWIPv8yHS05Iz/4E2WFOFtALCLGolaSaFAvwH
4K/5DumPcNfBqoFgYlTSD30hLMExLeSG801k7XFuU546vndQTit04q04vlUeiZvJ
iadGspYeCbrrb6ZniG9gctxNGjpPV8DtWM7rmFMfDGe2AhhElUFNtSU2rc6n86Qi
WS4IKoCRnnyT9Jsdj57f+3RGQybvncDUeqGkU9Evb38y2rg2CAdS6hsBUqJRG5Hf
mPwcGUWul1NQjX5v97Q+mwdsIhsbfEeNj3jKaoRvSMH48QDYeA5iaPjZ+QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFIJp9pN399rXw17ts8GM1chnvCUrMB8GA1UdIwQY
MBaAFNwN6k6iVG16AZpO+CQ7XrY1ZchHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0EzcVRxSlViWG9CbWs3NEpEdGV0alZseUVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zNWE2ZTUtMzM2NC00YTc0LTk2NGMt
M2Q0YjI4M2YzMjJkLzEvZ21uMmszZjMydGZEWHUyendZelZ5R2U4SlNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zNWE2ZTUtMzM2NC00YTc0LTk2NGMtM2Q0YjI4M2YzMjJk
LzEvM0EzcVRxSlViWG9CbWs3NEpEdGV0alZseUVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAixQwDQYJ
KoZIhvcNAQELBQADggEBAKK7qdCtL7qpIrQh3Gc53q94QaYl9ugtY7VXZi9sIRSA
Z4DHTae6UkZseQEy8kYndB0gkKPXZ4/4dSwN4syqOkXzFYokJ4Djtqh4INxUube7
F4JQ4RZ3PTx/wnDUxU9aren0NZf3KxSbCubC9snfTUcAcj+gOuP77yU6nfjyHfmX
dfPN3jydZbuZeTtUB1mvcn0Hxo50um8FuZBakDbw71gLTR78sxIzfMvJnq5Sk4SY
A5beySIh0ZRQ1NcMDfhdWnVrtpY7RuSrnKNRcY366RG8p7+Ae0aKrEfQMU8BJupQ
73FOhb9tdIc/7sBfLJcitIajt03U9VKjsxVbpJf3SOE=
-----END CERTIFICATE-----