This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/GNGk2dk3owBh0t7XjA8lYKtdBNY.roa
File:                     GNGk2dk3owBh0t7XjA8lYKtdBNY.roa (raw, json)
Hash identifier:          C0SSoQPsvhCvPcaamLjO8oeUMsL4lVyuJZ6NEzbK8t8=
Subject key identifier:   18:D1:A4:D9:D9:37:A3:00:61:D2:DE:D7:8C:0F:25:60:AB:5D:04:D6
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       019B7910596B3D82D7A2F1993F98DA4C583B
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/GNGk2dk3owBh0t7XjA8lYKtdBNY.roa
Signing time:             Thu 01 Jan 2026 10:17:53 +0000
ROA not before:           Thu 01 Jan 2026 10:17:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     32167
IP address blocks:        188.191.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 15:30:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:59:6b:3d:82:d7:a2:f1:99:3f:98:da:4c:58:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Jan  1 10:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=18d1a4d9d937a30061d2ded78c0f2560ab5d04d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:12:9a:b5:ed:ba:0f:94:ba:13:02:e1:4e:e1:
                    31:60:05:68:9c:15:70:03:f7:d8:d3:af:bc:8d:8f:
                    c4:7e:56:9d:bc:1c:05:8a:ec:b7:77:c5:bc:ee:cc:
                    8e:56:56:a3:75:a0:6e:27:a5:0c:84:16:4f:8e:af:
                    6b:38:5d:34:a8:db:8d:42:e7:51:7c:4c:5b:d1:df:
                    85:07:10:36:b9:3a:11:c9:bb:fb:1d:92:cc:9e:20:
                    ee:91:20:97:c4:04:2f:ff:ac:f3:0c:96:7f:de:60:
                    d3:19:2b:a9:77:04:8b:b3:ed:b2:24:87:68:21:17:
                    a1:5a:9c:ba:fc:f3:ca:47:59:72:9f:82:b4:4e:90:
                    f6:8e:d8:7a:a4:28:b3:00:e4:76:c1:63:f6:9c:cf:
                    76:7f:38:2c:66:f7:1a:64:51:ec:22:e8:f7:f2:b2:
                    d9:87:5a:73:cf:69:b7:af:54:6c:e5:d5:f4:43:00:
                    88:e9:92:ac:dd:ab:07:80:23:1e:75:ec:e6:21:6b:
                    72:4f:81:b1:f2:49:1b:4f:32:72:54:65:da:d6:5c:
                    6b:a9:b6:9a:37:a8:b7:77:01:f1:04:b7:c6:93:6d:
                    63:c8:b4:b9:8d:e7:2a:d1:de:6b:c6:a3:00:6d:c5:
                    24:63:31:98:fc:3d:41:93:c4:8e:21:44:c4:07:01:
                    c0:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:D1:A4:D9:D9:37:A3:00:61:D2:DE:D7:8C:0F:25:60:AB:5D:04:D6
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/GNGk2dk3owBh0t7XjA8lYKtdBNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.191.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:29:b7:64:6e:68:64:20:a0:7d:64:41:f6:6f:c9:67:b6:c7:
         80:0a:d1:49:22:cd:3f:8e:5d:79:b0:89:e1:c7:3b:0f:e7:d5:
         a7:f6:17:c4:3c:f5:a7:b7:be:64:aa:a5:ec:10:e7:33:b4:91:
         c4:32:21:a4:50:c7:4b:79:1a:0f:d0:00:3d:84:d6:7f:70:a2:
         07:38:2a:e9:ce:7f:46:26:29:2a:b5:65:0c:14:74:cc:9f:38:
         40:2f:d9:1e:af:8b:a2:ad:78:8b:a7:48:a8:1d:e1:29:be:e3:
         5f:66:b8:fd:9d:d7:fc:9b:5c:83:88:36:ee:b5:67:0f:bb:b1:
         78:26:5f:a5:6d:bc:3d:c1:a9:a1:99:6f:a3:b5:38:ea:e5:83:
         00:9f:7e:a1:53:ec:3b:c6:80:45:8f:cf:c0:23:f5:62:6c:d5:
         52:18:f0:7c:a1:57:aa:56:97:a6:a5:7b:9c:1f:7e:e6:dc:74:
         71:67:31:92:fe:f9:00:51:c1:e3:25:7a:1a:20:eb:d8:c2:25:
         31:4c:30:25:c7:e3:3a:9c:4a:37:43:05:11:e6:63:bc:3e:99:
         7d:98:0b:8f:20:fb:09:d4:1a:76:2b:01:c7:a7:01:3a:d6:72:
         54:77:e9:13:2a:51:32:94:c2:84:8b:00:15:8f:60:65:9d:38:
         b2:c5:19:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EFlrPYLXovGZP5jaTFg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjYwMTAxMTAxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGQxYTRkOWQ5MzdhMzAwNjFkMmRlZDc4YzBmMjU2MGFiNWQwNGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BKate26D5S6EwLhTuExYAVonBVw
A/fY06+8jY/EfladvBwFiuy3d8W87syOVlajdaBuJ6UMhBZPjq9rOF00qNuNQudR
fExb0d+FBxA2uToRybv7HZLMniDukSCXxAQv/6zzDJZ/3mDTGSupdwSLs+2yJIdo
IRehWpy6/PPKR1lyn4K0TpD2jth6pCizAOR2wWP2nM92fzgsZvcaZFHsIuj38rLZ
h1pzz2m3r1Rs5dX0QwCI6ZKs3asHgCMedezmIWtyT4Gx8kkbTzJyVGXa1lxrqbaa
N6i3dwHxBLfGk21jyLS5jecq0d5rxqMAbcUkYzGY/D1Bk8SOIUTEBwHAbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjRpNnZN6MAYdLe14wPJWCrXQTWMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvR05HazJkazNvd0JoMHQ3WGpBOGxZS3RkQk5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvL9vMA0G
CSqGSIb3DQEBCwUAA4IBAQBLKbdkbmhkIKB9ZEH2b8lntseACtFJIs0/jl15sInh
xzsP59Wn9hfEPPWnt75kqqXsEOcztJHEMiGkUMdLeRoP0AA9hNZ/cKIHOCrpzn9G
JikqtWUMFHTMnzhAL9ker4uirXiLp0ioHeEpvuNfZrj9ndf8m1yDiDbutWcPu7F4
Jl+lbbw9wamhmW+jtTjq5YMAn36hU+w7xoBFj8/AI/VibNVSGPB8oVeqVpempXuc
H37m3HRxZzGS/vkAUcHjJXoaIOvYwiUxTDAlx+M6nEo3QwUR5mO8Ppl9mAuPIPsJ
1Bp2KwHHpwE61nJUd+kTKlEylMKEiwAVj2BlnTiyxRlb
-----END CERTIFICATE-----