This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/GgHRH0prwNN8ZQGIuVwVHoCs_Oo.roa
File:                     GgHRH0prwNN8ZQGIuVwVHoCs_Oo.roa (raw, json)
Hash identifier:          nfBgWwuV35MveKT4/X3Hl4sE53q4roWQsLfebdHztog=
Subject key identifier:   1A:01:D1:1F:4A:6B:C0:D3:7C:65:01:88:B9:5C:15:1E:80:AC:FC:EA
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019B20E5801554E4CBF8C67633915282EBDA
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/GgHRH0prwNN8ZQGIuVwVHoCs_Oo.roa
Signing time:             Mon 15 Dec 2025 07:24:29 +0000
ROA not before:           Mon 15 Dec 2025 07:24:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     22427
IP address blocks:        79.172.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Dec 2025 12:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:20:e5:80:15:54:e4:cb:f8:c6:76:33:91:52:82:eb:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Dec 15 07:24:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a01d11f4a6bc0d37c650188b95c151e80acfcea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f5:92:47:d1:04:a6:0d:79:ba:90:a7:b6:fd:
                    fb:38:4d:15:be:f4:eb:2c:bf:6d:ed:a9:4d:aa:a9:
                    8d:01:1e:ff:f2:78:25:95:9a:fc:43:a7:bf:c1:22:
                    32:52:91:05:3d:e8:f4:10:ac:a6:e0:5f:6a:3a:de:
                    9a:bd:6e:9f:58:a3:91:64:92:80:3c:64:8d:08:07:
                    3e:27:d3:d6:b0:93:7b:f7:89:ed:b5:cd:b0:b2:17:
                    11:3f:64:5e:f8:67:77:4b:8e:e1:5a:32:f8:ff:7c:
                    a3:eb:09:44:7d:a8:3e:e0:dc:64:d3:ed:42:8c:6a:
                    17:a3:d6:bf:37:72:98:af:f7:40:a7:77:46:61:31:
                    1c:21:26:1b:62:50:7c:f1:e9:7c:ed:2c:d5:03:59:
                    e5:26:20:e3:83:fc:dc:f5:2c:55:ce:ee:6a:12:cb:
                    8c:09:f9:0f:b8:e9:4f:09:ce:b5:b9:75:ab:ae:4e:
                    b8:bf:af:7c:47:09:6b:1c:b1:35:4b:61:1b:8d:7b:
                    99:d7:41:fe:9b:54:9b:84:7d:c4:cd:ed:db:ce:22:
                    ca:d5:57:ca:4f:0b:80:26:76:2d:72:a3:13:04:53:
                    68:38:58:4e:b7:21:86:12:91:7a:0e:70:fb:06:74:
                    d7:c7:a6:f9:f9:d4:a2:d0:26:c1:81:88:54:40:0d:
                    7c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:01:D1:1F:4A:6B:C0:D3:7C:65:01:88:B9:5C:15:1E:80:AC:FC:EA
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/GgHRH0prwNN8ZQGIuVwVHoCs_Oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:e9:61:c7:8d:af:be:e4:34:77:27:bd:73:2a:78:02:cd:fb:
         fa:47:18:0d:b4:67:29:5b:46:86:82:d1:e9:a8:43:7a:43:0a:
         43:bc:25:0c:cc:2b:4a:e9:e7:f4:34:6d:f5:b1:a5:83:1a:d6:
         53:70:dc:f6:cf:8e:ca:f1:37:1b:f6:e9:9d:86:6a:86:3e:91:
         cf:ec:f1:c3:0b:77:4c:83:0d:45:e1:a2:f4:e0:10:74:32:31:
         c5:bd:61:62:90:24:e6:c1:ba:fa:d3:2f:b1:d5:fe:76:2c:ce:
         b4:99:44:ac:d5:49:f7:ff:bc:fa:26:17:ac:2f:c8:48:9d:df:
         29:a4:60:f7:3e:38:4a:76:c4:16:ce:bf:c5:52:9e:4d:6c:8d:
         31:5d:bc:ac:ad:4a:ff:14:9e:23:a8:50:77:d9:0c:8f:39:ee:
         4e:3e:d5:4e:b6:5d:43:c3:37:e4:79:78:4f:6a:30:7f:d7:6b:
         b0:54:c3:3c:7e:3c:e9:a9:8c:bf:59:41:9b:0c:ff:1d:cf:f9:
         0c:54:83:5a:06:bc:f8:66:a7:00:fe:ee:8a:b2:8a:d5:51:37:
         62:6d:3d:bd:00:43:97:77:b7:d7:a8:1f:91:64:f4:8a:68:eb:
         a7:28:f9:c0:f1:53:b6:2c:81:6c:e0:30:77:46:28:f4:45:6d:
         78:45:7f:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsg5YAVVOTL+MZ2M5FSguvaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUxMjE1MDcyNDI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTAxZDExZjRhNmJjMGQzN2M2NTAxODhiOTVjMTUxZTgwYWNmY2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvWSR9EEpg15upCntv37OE0VvvTr
LL9t7alNqqmNAR7/8ngllZr8Q6e/wSIyUpEFPej0EKym4F9qOt6avW6fWKORZJKA
PGSNCAc+J9PWsJN794nttc2wshcRP2Re+Gd3S47hWjL4/3yj6wlEfag+4Nxk0+1C
jGoXo9a/N3KYr/dAp3dGYTEcISYbYlB88el87SzVA1nlJiDjg/zc9SxVzu5qEsuM
CfkPuOlPCc61uXWrrk64v698RwlrHLE1S2EbjXuZ10H+m1SbhH3Eze3bziLK1VfK
TwuAJnYtcqMTBFNoOFhOtyGGEpF6DnD7BnTXx6b5+dSi0CbBgYhUQA18/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBoB0R9Ka8DTfGUBiLlcFR6ArPzqMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvR2dIUkgwcHJ3Tk44WlFHSXVWd1ZIb0NzX09vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAT6zJMA0G
CSqGSIb3DQEBCwUAA4IBAQCY6WHHja++5DR3J71zKngCzfv6RxgNtGcpW0aGgtHp
qEN6QwpDvCUMzCtK6ef0NG31saWDGtZTcNz2z47K8Tcb9umdhmqGPpHP7PHDC3dM
gw1F4aL04BB0MjHFvWFikCTmwbr60y+x1f52LM60mUSs1Un3/7z6JhesL8hInd8p
pGD3PjhKdsQWzr/FUp5NbI0xXbysrUr/FJ4jqFB32QyPOe5OPtVOtl1DwzfkeXhP
ajB/12uwVMM8fjzpqYy/WUGbDP8dz/kMVINaBrz4ZqcA/u6KsorVUTdibT29AEOX
d7fXqB+RZPSKaOunKPnA8VO2LIFs4DB3Rij0RW14RX/M
-----END CERTIFICATE-----