This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/G7Hma6nUtWNMTUebKr928wBDQl8.roa
File:                     G7Hma6nUtWNMTUebKr928wBDQl8.roa (raw, json)
Hash identifier:          EW2wzlsa10eztfXERBjGA6CaQUfZOGQqrETBpURFSi4=
Subject key identifier:   1B:B1:E6:6B:A9:D4:B5:63:4C:4D:47:9B:2A:BF:76:F3:00:43:42:5F
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019B791140B3F0C179D2A5326978CC32E871
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/G7Hma6nUtWNMTUebKr928wBDQl8.roa
Signing time:             Thu 01 Jan 2026 10:18:52 +0000
ROA not before:           Thu 01 Jan 2026 10:18:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22653
IP address blocks:        64.137.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 Jan 2026 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:11:40:b3:f0:c1:79:d2:a5:32:69:78:cc:32:e8:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jan  1 10:18:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1bb1e66ba9d4b5634c4d479b2abf76f30043425f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fd:69:60:24:ba:2a:7c:d4:6d:65:35:15:46:
                    c2:23:54:1f:f1:68:05:8e:0f:d9:5a:32:fd:b2:5a:
                    af:79:19:63:5e:71:9a:3f:dd:b1:31:93:5a:fa:e3:
                    af:e6:35:85:93:b8:7a:c2:8c:b8:e7:10:a5:65:86:
                    10:08:bb:eb:36:d0:ce:2f:75:24:c2:b7:d6:62:28:
                    15:46:5a:0d:7b:ee:2a:9c:6d:46:34:55:cf:31:3e:
                    ae:8b:e7:de:0a:74:5d:fd:ff:53:30:ef:ca:1d:d6:
                    42:31:92:95:32:d4:d1:78:4b:ba:24:d0:90:30:99:
                    1e:ba:e5:a4:ea:aa:35:8d:a7:55:aa:1a:1f:69:6b:
                    9a:e6:f2:34:bd:ae:a6:1e:b2:92:da:e7:fe:3a:1b:
                    30:a4:80:73:9c:02:01:85:c1:0f:8e:82:41:47:79:
                    65:ab:30:9c:4a:cd:e7:9f:52:57:f3:56:c9:bc:64:
                    63:22:91:1b:a4:dd:c5:cb:3c:22:08:02:5c:b5:c4:
                    b9:3a:08:a9:da:cc:68:39:6b:15:61:e2:69:8a:76:
                    be:14:bc:15:0f:e3:1a:eb:66:d7:8b:cb:20:c3:93:
                    f7:2b:d9:fd:fe:13:69:d2:14:04:fc:9c:cd:31:13:
                    12:96:ff:dd:a8:4d:11:7a:06:01:13:11:d5:00:ec:
                    ab:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:B1:E6:6B:A9:D4:B5:63:4C:4D:47:9B:2A:BF:76:F3:00:43:42:5F
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/G7Hma6nUtWNMTUebKr928wBDQl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  64.137.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:43:45:83:d5:85:a6:14:74:cd:fa:99:20:5e:eb:c5:6c:20:
         e2:ab:7e:16:10:19:50:d5:79:b2:73:6a:2d:80:49:60:a1:64:
         98:ce:61:f7:69:dd:aa:51:11:92:17:d3:a5:98:c3:68:e6:3f:
         01:c5:70:52:79:de:b8:1f:2a:80:6e:1e:38:18:bc:ec:e5:39:
         9d:90:9e:7a:2f:9b:c6:3a:0d:86:c1:ce:f6:d8:02:a9:0b:dc:
         33:bc:af:fa:1d:5b:12:5a:31:6c:1f:48:e1:a7:5e:71:a7:68:
         f9:21:2c:1e:aa:53:fa:d6:d2:4c:ab:ee:63:12:4b:85:c3:9c:
         29:f2:c4:04:92:94:dd:a2:16:0a:29:66:af:5b:e0:ae:de:0a:
         75:63:82:fc:44:f0:28:b0:b4:ed:96:41:b5:76:c7:60:de:bb:
         82:1f:be:2d:81:8a:f3:7f:22:3d:8f:b0:50:24:92:2e:36:4b:
         b3:81:b4:66:fd:5b:34:b4:be:1c:12:3f:00:d5:7a:22:ce:9c:
         50:a4:d2:2b:88:77:94:b3:24:ef:42:c0:97:4c:f3:7e:d6:89:
         54:35:b2:42:24:8b:40:5b:90:44:19:a4:8f:73:dd:f6:36:b0:
         4e:0f:84:5e:82:f4:a8:84:95:77:c9:99:b2:51:23:28:82:eb:
         fc:62:0a:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EUCz8MF50qUyaXjMMuhxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjYwMTAxMTAxODUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmIxZTY2YmE5ZDRiNTYzNGM0ZDQ3OWIyYWJmNzZmMzAwNDM0MjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/1pYCS6KnzUbWU1FUbCI1Qf8WgF
jg/ZWjL9slqveRljXnGaP92xMZNa+uOv5jWFk7h6woy45xClZYYQCLvrNtDOL3Uk
wrfWYigVRloNe+4qnG1GNFXPMT6ui+feCnRd/f9TMO/KHdZCMZKVMtTReEu6JNCQ
MJkeuuWk6qo1jadVqhofaWua5vI0va6mHrKS2uf+OhswpIBznAIBhcEPjoJBR3ll
qzCcSs3nn1JX81bJvGRjIpEbpN3FyzwiCAJctcS5Ogip2sxoOWsVYeJpina+FLwV
D+Ma62bXi8sgw5P3K9n9/hNp0hQE/JzNMRMSlv/dqE0RegYBExHVAOyrAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBux5mup1LVjTE1Hmyq/dvMAQ0JfMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvRzdIbWE2blV0V05NVFVlYktyOTI4d0JEUWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAQIk2MA0G
CSqGSIb3DQEBCwUAA4IBAQALQ0WD1YWmFHTN+pkgXuvFbCDiq34WEBlQ1Xmyc2ot
gElgoWSYzmH3ad2qURGSF9OlmMNo5j8BxXBSed64HyqAbh44GLzs5TmdkJ56L5vG
Og2Gwc722AKpC9wzvK/6HVsSWjFsH0jhp15xp2j5ISweqlP61tJMq+5jEkuFw5wp
8sQEkpTdohYKKWavW+Cu3gp1Y4L8RPAosLTtlkG1dsdg3ruCH74tgYrzfyI9j7BQ
JJIuNkuzgbRm/Vs0tL4cEj8A1XoizpxQpNIriHeUsyTvQsCXTPN+1olUNbJCJItA
W5BEGaSPc932NrBOD4RegvSohJV3yZmyUSMoguv8Ygqp
-----END CERTIFICATE-----