This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/GSheiqG0sKaOK_fFmZYJC3QfvLo.roa
File:                     GSheiqG0sKaOK_fFmZYJC3QfvLo.roa (raw, json)
Hash identifier:          5B6cRBlSKlHWSJH0+zxK6L6MtaJyKkMFEXEoN+t2Rxk=
Subject key identifier:   19:28:5E:8A:A1:B4:B0:A6:8E:2B:F7:C5:99:96:09:0B:74:1F:BC:BA
Certificate issuer:       /CN=97c60d4d458cec3b8d618a01300642b588c3173b
Certificate serial:       019B7F154AB576667869242D05131C74932F
Authority key identifier: 97:C6:0D:4D:45:8C:EC:3B:8D:61:8A:01:30:06:42:B5:88:C3:17:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l8YNTUWM7DuNYYoBMAZCtYjDFzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/GSheiqG0sKaOK_fFmZYJC3QfvLo.roa
Signing time:             Fri 02 Jan 2026 14:21:00 +0000
ROA not before:           Fri 02 Jan 2026 14:21:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58272
IP address blocks:        91.199.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/l8YNTUWM7DuNYYoBMAZCtYjDFzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/l8YNTUWM7DuNYYoBMAZCtYjDFzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l8YNTUWM7DuNYYoBMAZCtYjDFzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:4a:b5:76:66:78:69:24:2d:05:13:1c:74:93:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97c60d4d458cec3b8d618a01300642b588c3173b
        Validity
            Not Before: Jan  2 14:21:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19285e8aa1b4b0a68e2bf7c59996090b741fbcba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:e1:8f:c5:c1:89:e2:c1:90:35:1c:7c:a2:9f:
                    e9:50:26:27:5f:c4:36:f4:2e:ee:7a:44:cc:f8:46:
                    94:b5:87:40:84:d4:9a:a9:b8:66:2a:29:13:d7:9d:
                    de:67:c8:45:2b:eb:e2:a6:53:ec:cb:bf:59:8e:c1:
                    b2:33:c0:fb:b7:dd:96:b9:02:c3:3e:38:ac:38:3f:
                    b7:f0:eb:d0:d5:50:87:f9:c6:0b:dd:be:8a:62:38:
                    93:ef:41:61:a7:2f:db:d5:4b:af:6d:74:6e:69:9f:
                    22:6f:87:e5:61:5f:4b:06:f5:23:20:12:53:9f:c1:
                    2b:79:9d:a1:7c:ff:a3:29:dd:4c:d9:85:7c:19:31:
                    3d:8f:70:a5:19:9a:b8:0e:8a:8a:84:d0:64:42:58:
                    57:ec:61:05:d6:08:02:d0:76:85:5a:82:69:ee:2e:
                    50:8a:1c:07:01:a0:3e:ef:9a:30:41:b4:4d:e5:72:
                    35:40:c6:b3:f2:51:b0:94:4f:00:c0:77:2b:56:2d:
                    3c:46:31:26:75:88:af:8e:3f:15:30:29:1d:f8:06:
                    f7:56:48:e1:56:e7:a3:f2:48:fc:1e:e6:7d:e7:a7:
                    50:51:44:52:41:f5:5e:a7:7a:87:ce:f3:76:bf:6b:
                    1e:48:05:01:43:da:de:6a:54:81:d5:10:f7:bc:57:
                    a8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:28:5E:8A:A1:B4:B0:A6:8E:2B:F7:C5:99:96:09:0B:74:1F:BC:BA
            X509v3 Authority Key Identifier:
                keyid:97:C6:0D:4D:45:8C:EC:3B:8D:61:8A:01:30:06:42:B5:88:C3:17:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l8YNTUWM7DuNYYoBMAZCtYjDFzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/GSheiqG0sKaOK_fFmZYJC3QfvLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/l8YNTUWM7DuNYYoBMAZCtYjDFzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:2e:1d:81:11:11:19:df:83:4b:f0:67:db:c1:ad:25:ba:72:
         74:9d:55:8b:03:f0:f9:d1:68:92:bf:4b:b4:9f:dd:a3:18:11:
         a5:75:32:ce:22:e7:76:20:39:f8:ba:a2:69:37:a2:b4:9a:30:
         63:f7:19:35:7d:a3:fd:a5:0e:8f:96:38:65:ca:5d:4d:02:9d:
         68:fe:23:56:a2:8c:9e:d7:63:9c:d2:75:26:50:66:2c:66:0c:
         b2:1d:3a:d2:8e:0a:f9:fe:a7:70:27:1b:33:ea:05:ba:78:af:
         52:f6:cf:c7:43:31:08:2b:4e:7e:30:ff:c3:fe:08:f2:04:c3:
         df:82:28:ed:87:0a:2e:63:b3:b0:8a:3d:5e:a8:f4:a0:50:17:
         1f:62:95:22:7b:c1:0a:b9:e3:2f:53:eb:86:06:dc:31:99:90:
         43:94:90:42:49:23:0d:f3:ff:63:62:7e:4c:e5:f4:41:5d:52:
         3b:6c:92:2c:d0:7b:76:a3:fb:4b:6d:6b:82:33:b1:da:1c:ae:
         d0:ab:28:40:14:e3:d1:c8:72:72:fd:ea:2c:1d:93:65:85:9d:
         1e:8b:c5:8f:be:87:aa:4f:41:51:3e:89:51:ce:b1:57:32:ba:
         f3:82:3e:48:fc:21:2e:bf:71:07:c9:5b:6a:1f:49:da:57:83:
         76:67:fb:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FUq1dmZ4aSQtBRMcdJMvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YzYwZDRkNDU4Y2VjM2I4ZDYxOGEwMTMwMDY0MmI1ODhj
MzE3M2IwHhcNMjYwMTAyMTQyMTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTI4NWU4YWExYjRiMGE2OGUyYmY3YzU5OTk2MDkwYjc0MWZiY2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2OGPxcGJ4sGQNRx8op/pUCYnX8Q2
9C7uekTM+EaUtYdAhNSaqbhmKikT153eZ8hFK+viplPsy79ZjsGyM8D7t92WuQLD
PjisOD+38OvQ1VCH+cYL3b6KYjiT70Fhpy/b1UuvbXRuaZ8ib4flYV9LBvUjIBJT
n8EreZ2hfP+jKd1M2YV8GTE9j3ClGZq4DoqKhNBkQlhX7GEF1ggC0HaFWoJp7i5Q
ihwHAaA+75owQbRN5XI1QMaz8lGwlE8AwHcrVi08RjEmdYivjj8VMCkd+Ab3Vkjh
Vuej8kj8HuZ956dQUURSQfVep3qHzvN2v2seSAUBQ9realSB1RD3vFeokwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkoXoqhtLCmjiv3xZmWCQt0H7y6MB8GA1UdIwQY
MBaAFJfGDU1FjOw7jWGKATAGQrWIwxc7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDhZTlRVV003RHVOWVlvQk1BWkN0WWpERnpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYjRiMTctYWE2Yi00ZmMyLWEwM2Yt
N2MwMzYxNzgxMjZjLzEvR1NoZWlxRzBzS2FPS19mRm1aWUpDM1FmdkxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYjRiMTctYWE2Yi00ZmMyLWEwM2YtN2MwMzYxNzgxMjZj
LzEvbDhZTlRVV003RHVOWVlvQk1BWkN0WWpERnpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8erMA0G
CSqGSIb3DQEBCwUAA4IBAQBmLh2BEREZ34NL8Gfbwa0lunJ0nVWLA/D50WiSv0u0
n92jGBGldTLOIud2IDn4uqJpN6K0mjBj9xk1faP9pQ6Pljhlyl1NAp1o/iNWooye
12Oc0nUmUGYsZgyyHTrSjgr5/qdwJxsz6gW6eK9S9s/HQzEIK05+MP/D/gjyBMPf
gijthwouY7Owij1eqPSgUBcfYpUie8EKueMvU+uGBtwxmZBDlJBCSSMN8/9jYn5M
5fRBXVI7bJIs0Ht2o/tLbWuCM7HaHK7QqyhAFOPRyHJy/eosHZNlhZ0ei8WPvoeq
T0FRPolRzrFXMrrzgj5I/CEuv3EHyVtqH0naV4N2Z/tb
-----END CERTIFICATE-----