This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/GxIHXjt6YycYTUa0XRCVghpAj-k.roa
File:                     GxIHXjt6YycYTUa0XRCVghpAj-k.roa (raw, json)
Hash identifier:          HhhKZCdKN9/SlwUoWfOdsnSeB0lEPNK2Xjfhma7psx4=
Subject key identifier:   1B:12:07:5E:3B:7A:63:27:18:4D:46:B4:5D:10:95:82:1A:40:8F:E9
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019B7CEDE49A814FB54B72D73CFE78EFEC8E
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/GxIHXjt6YycYTUa0XRCVghpAj-k.roa
Signing time:             Fri 02 Jan 2026 04:18:43 +0000
ROA not before:           Fri 02 Jan 2026 04:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198100
IP address blocks:        62.72.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 Jan 2026 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:e4:9a:81:4f:b5:4b:72:d7:3c:fe:78:ef:ec:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Jan  2 04:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1b12075e3b7a6327184d46b45d1095821a408fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:f6:73:ac:80:24:e4:1f:b7:c2:00:8a:0c:0c:
                    09:ed:c4:44:c5:5d:ee:d8:fa:42:37:21:cc:60:b7:
                    c3:8f:b0:55:20:56:20:68:a8:f4:19:f4:0a:a1:c1:
                    78:d3:42:64:90:9a:ea:c5:5b:a7:9e:75:a3:56:9e:
                    0a:ad:31:5f:ff:c9:6f:b8:ef:27:5e:a1:30:bd:a9:
                    5c:17:db:d1:91:4c:0a:90:70:47:e5:ba:9d:6c:21:
                    a0:1a:f5:b3:db:b6:01:85:85:a4:ed:6f:4b:4f:e1:
                    f9:5d:71:76:25:0b:cc:28:be:ab:5a:2d:d5:7f:5e:
                    61:90:a7:a9:cd:d4:a9:00:53:ea:80:09:33:cb:0d:
                    4c:f5:99:38:35:41:ad:82:46:5b:bc:4c:71:58:8d:
                    b9:59:5b:43:20:dc:50:af:a7:c6:e2:3c:74:6f:17:
                    88:dc:ce:6d:01:70:ee:0c:50:21:58:11:15:c1:c1:
                    29:9a:03:44:d4:e6:f4:a4:bf:8e:dd:62:a4:36:a3:
                    1e:f6:5f:7f:72:4b:42:57:94:9e:df:96:6a:f7:06:
                    2e:4e:a8:93:8e:3a:4e:70:7c:79:9e:ef:14:3a:fc:
                    84:7c:0d:90:64:03:c9:cb:96:43:ef:11:0b:c8:1e:
                    4d:d7:89:55:26:80:24:e4:2c:59:ba:11:49:02:ed:
                    23:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:12:07:5E:3B:7A:63:27:18:4D:46:B4:5D:10:95:82:1A:40:8F:E9
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/GxIHXjt6YycYTUa0XRCVghpAj-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:2b:78:00:80:54:2d:57:5a:e6:a2:12:06:1d:c4:3d:b3:06:
         2f:47:45:f2:34:21:88:e4:91:60:99:fd:b5:67:fb:16:86:45:
         ae:35:1d:2c:45:0b:56:64:d7:e8:4d:04:c5:0d:2a:ed:c8:f9:
         47:af:57:ec:f1:53:d0:1e:fb:06:41:28:33:9b:53:fd:06:bd:
         9e:b5:15:34:da:dd:06:cf:f0:1a:b8:3f:18:51:66:44:51:f2:
         84:3c:37:77:f6:a0:c6:cc:23:12:db:03:03:d6:9e:34:59:16:
         53:db:14:25:3a:c2:53:82:36:f4:9d:a8:e5:33:ad:e8:8d:94:
         8c:de:86:ca:b5:7b:d6:71:32:ed:ac:f0:58:f9:15:6c:5f:7a:
         4f:d6:3a:fc:9b:d3:2f:33:0b:84:4d:cf:31:54:bd:bc:66:ce:
         2c:f6:49:78:8b:46:18:77:ff:02:fd:2e:ba:43:5f:ae:49:c0:
         44:71:0b:f3:c0:60:d4:58:96:28:cb:2b:61:c5:f1:ee:be:1c:
         38:11:53:b0:27:07:53:87:a2:3a:0d:5e:c3:10:ed:74:aa:74:
         d8:14:63:d0:a8:15:91:9a:47:59:ce:75:83:c1:c5:be:12:6c:
         91:37:0d:42:3f:a6:93:64:91:1c:94:0c:f1:07:7d:38:0a:03:
         24:36:59:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87eSagU+1S3LXPP547+yOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjYwMTAyMDQxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjEyMDc1ZTNiN2E2MzI3MTg0ZDQ2YjQ1ZDEwOTU4MjFhNDA4ZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApvZzrIAk5B+3wgCKDAwJ7cRExV3u
2PpCNyHMYLfDj7BVIFYgaKj0GfQKocF400JkkJrqxVunnnWjVp4KrTFf/8lvuO8n
XqEwvalcF9vRkUwKkHBH5bqdbCGgGvWz27YBhYWk7W9LT+H5XXF2JQvMKL6rWi3V
f15hkKepzdSpAFPqgAkzyw1M9Zk4NUGtgkZbvExxWI25WVtDINxQr6fG4jx0bxeI
3M5tAXDuDFAhWBEVwcEpmgNE1Ob0pL+O3WKkNqMe9l9/cktCV5Se35Zq9wYuTqiT
jjpOcHx5nu8UOvyEfA2QZAPJy5ZD7xELyB5N14lVJoAk5CxZuhFJAu0j/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsSB147emMnGE1GtF0QlYIaQI/pMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvR3hJSFhqdDZZeWNZVFVhMFhSQ1ZnaHBBai1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkijMA0G
CSqGSIb3DQEBCwUAA4IBAQCcK3gAgFQtV1rmohIGHcQ9swYvR0XyNCGI5JFgmf21
Z/sWhkWuNR0sRQtWZNfoTQTFDSrtyPlHr1fs8VPQHvsGQSgzm1P9Br2etRU02t0G
z/AauD8YUWZEUfKEPDd39qDGzCMS2wMD1p40WRZT2xQlOsJTgjb0najlM63ojZSM
3obKtXvWcTLtrPBY+RVsX3pP1jr8m9MvMwuETc8xVL28Zs4s9kl4i0YYd/8C/S66
Q1+uScBEcQvzwGDUWJYoyythxfHuvhw4EVOwJwdTh6I6DV7DEO10qnTYFGPQqBWR
mkdZznWDwcW+EmyRNw1CP6aTZJEclAzxB304CgMkNllJ
-----END CERTIFICATE-----