This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/gDUrBxB6wNpkw1auAIeXKcxfpjk.roa
File:                     gDUrBxB6wNpkw1auAIeXKcxfpjk.roa (raw, json)
Hash identifier:          MmMgI7BZHSBDbxCR5wftqfrkAJEiDMDH3YAVO82UluY=
Subject key identifier:   80:35:2B:07:10:7A:C0:DA:64:C3:56:AE:00:87:97:29:CC:5F:A6:39
Certificate issuer:       /CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
Certificate serial:       019B7A5AADBDA13EE89A1A10EA007222B6EA
Authority key identifier: 29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/gDUrBxB6wNpkw1auAIeXKcxfpjk.roa
Signing time:             Thu 01 Jan 2026 16:18:41 +0000
ROA not before:           Thu 01 Jan 2026 16:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24961
IP address blocks:        37.114.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 19:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:ad:bd:a1:3e:e8:9a:1a:10:ea:00:72:22:b6:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=296593b747e76a56492511bb3612e4d5e4cbe7ec
        Validity
            Not Before: Jan  1 16:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80352b07107ac0da64c356ae00879729cc5fa639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:86:40:37:da:c0:ba:ab:31:6e:fa:e9:56:19:
                    6c:3e:26:f4:4a:98:55:b2:01:9f:fc:f1:c5:50:4b:
                    f3:74:34:99:0f:f9:98:4b:59:cc:ae:d7:5b:bc:c5:
                    d4:9b:f8:18:72:22:30:33:00:31:ad:08:4a:c0:07:
                    ab:3e:aa:55:57:ab:f2:ec:1a:03:72:1c:e2:c5:af:
                    71:f1:12:7a:0b:74:2b:af:cf:73:15:35:04:5a:d6:
                    9e:fa:5a:9e:53:2a:4e:14:7c:d5:d7:7e:72:57:b1:
                    96:ea:06:3e:ce:3f:b0:d6:04:cd:dc:4e:06:5b:46:
                    e8:61:8e:97:e7:af:92:46:f5:7e:e3:e4:dc:0a:6d:
                    56:11:69:8c:f4:b1:85:18:47:79:37:98:23:3e:f1:
                    3b:56:30:c5:3e:19:5e:3d:80:63:61:7b:03:24:eb:
                    83:d9:0c:1c:d6:69:8c:17:2e:2a:7a:f1:22:00:9e:
                    65:cd:1d:12:81:85:88:1f:94:75:6b:0d:57:ca:bb:
                    8d:1b:25:b7:3a:d3:d9:4b:dc:e7:cf:fb:68:25:01:
                    65:40:56:b5:67:37:e8:f5:c2:a5:40:2c:61:ec:b3:
                    2d:7e:28:68:56:7d:d9:9a:6e:a9:66:cd:91:80:39:
                    fe:0f:2c:cd:c7:1b:08:f2:34:09:b9:bc:05:ac:74:
                    47:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:35:2B:07:10:7A:C0:DA:64:C3:56:AE:00:87:97:29:CC:5F:A6:39
            X509v3 Authority Key Identifier:
                keyid:29:65:93:B7:47:E7:6A:56:49:25:11:BB:36:12:E4:D5:E4:CB:E7:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWWTt0fnalZJJRG7NhLk1eTL5-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/gDUrBxB6wNpkw1auAIeXKcxfpjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/c58bdc-14e7-499c-9d9c-1b7cbb08d73f/1/KWWTt0fnalZJJRG7NhLk1eTL5-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.114.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:7b:31:6e:09:38:02:08:18:13:54:84:af:6a:77:e2:f0:7b:
         48:c5:af:f4:22:8b:4a:b2:c1:45:6c:33:70:c4:65:4d:cf:9a:
         af:a5:77:2d:a3:21:80:91:94:58:28:04:42:c4:62:fa:d9:ec:
         ed:d5:47:73:7c:30:38:1f:07:22:42:04:6c:a6:e7:59:7b:f0:
         2a:dd:f9:b8:e3:1b:3d:b1:19:9a:55:6d:e3:80:9d:55:1e:a7:
         22:71:99:5d:7d:49:d9:1a:69:9d:05:f9:ba:f2:6a:ce:28:2a:
         ba:fc:ac:e1:58:af:2b:d0:67:68:9e:89:b6:e8:a6:ea:69:ce:
         6f:01:dc:e4:82:9e:51:47:03:22:63:6c:7e:93:5c:bd:a6:fb:
         4c:e4:51:38:92:de:1c:f7:8f:6b:86:50:2b:bc:01:3f:8f:5c:
         c4:95:3d:57:39:06:32:9b:c7:c2:e3:ec:c9:5c:77:5e:ae:2c:
         83:d5:0f:42:cf:2b:36:94:f4:77:61:e0:d8:17:b6:9f:30:09:
         40:05:83:92:a0:79:fa:3e:55:30:70:cd:bc:95:b3:65:d4:ae:
         8b:16:38:18:9b:97:2b:03:81:5c:c5:f4:8d:7c:41:8e:94:7e:
         87:5c:13:ed:f3:4b:82:c4:58:15:71:67:c4:01:0c:56:09:35:
         88:b6:04:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wq29oT7omhoQ6gByIrbqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjU5M2I3NDdlNzZhNTY0OTI1MTFiYjM2MTJlNGQ1ZTRj
YmU3ZWMwHhcNMjYwMTAxMTYxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDM1MmIwNzEwN2FjMGRhNjRjMzU2YWUwMDg3OTcyOWNjNWZhNjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6oZAN9rAuqsxbvrpVhlsPib0SphV
sgGf/PHFUEvzdDSZD/mYS1nMrtdbvMXUm/gYciIwMwAxrQhKwAerPqpVV6vy7BoD
chzixa9x8RJ6C3Qrr89zFTUEWtae+lqeUypOFHzV135yV7GW6gY+zj+w1gTN3E4G
W0boYY6X56+SRvV+4+TcCm1WEWmM9LGFGEd5N5gjPvE7VjDFPhlePYBjYXsDJOuD
2Qwc1mmMFy4qevEiAJ5lzR0SgYWIH5R1aw1XyruNGyW3OtPZS9znz/toJQFlQFa1
Zzfo9cKlQCxh7LMtfihoVn3Zmm6pZs2RgDn+DyzNxxsI8jQJubwFrHRHNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIA1KwcQesDaZMNWrgCHlynMX6Y5MB8GA1UdIwQY
MBaAFCllk7dH52pWSSURuzYS5NXky+fsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMt
MWI3Y2JiMDhkNzNmLzEvZ0RVckJ4QjZ3TnBrdzFhdUFJZVhLY3hmcGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9jNThiZGMtMTRlNy00OTljLTlkOWMtMWI3Y2JiMDhkNzNm
LzEvS1dXVHQwZm5hbFpKSlJHN05oTGsxZVRMNS13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJXIoMA0G
CSqGSIb3DQEBCwUAA4IBAQBTezFuCTgCCBgTVISvanfi8HtIxa/0IotKssFFbDNw
xGVNz5qvpXctoyGAkZRYKARCxGL62ezt1UdzfDA4HwciQgRspudZe/Aq3fm44xs9
sRmaVW3jgJ1VHqcicZldfUnZGmmdBfm68mrOKCq6/KzhWK8r0Gdonom26Kbqac5v
Adzkgp5RRwMiY2x+k1y9pvtM5FE4kt4c949rhlArvAE/j1zElT1XOQYym8fC4+zJ
XHderiyD1Q9Czys2lPR3YeDYF7afMAlABYOSoHn6PlUwcM28lbNl1K6LFjgYm5cr
A4FcxfSNfEGOlH6HXBPt80uCxFgVcWfEAQxWCTWItgQJ
-----END CERTIFICATE-----