This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/gbXDsiNdxBaUhxv49w2vT3LD9l0.roa
File:                     gbXDsiNdxBaUhxv49w2vT3LD9l0.roa (raw, json)
Hash identifier:          6OV/NyBuu0vMZPB1ob1ByGnlaJTl7MqtMQWTJAc2c3o=
Subject key identifier:   81:B5:C3:B2:23:5D:C4:16:94:87:1B:F8:F7:0D:AF:4F:72:C3:F6:5D
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019B77C6B0E5EFE3862FCC25BD9C22C3223D
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/gbXDsiNdxBaUhxv49w2vT3LD9l0.roa
Signing time:             Thu 01 Jan 2026 04:17:48 +0000
ROA not before:           Thu 01 Jan 2026 04:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207451
IP address blocks:        188.130.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:b0:e5:ef:e3:86:2f:cc:25:bd:9c:22:c3:22:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 04:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=81b5c3b2235dc41694871bf8f70daf4f72c3f65d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:77:2a:b6:34:84:c5:3e:bf:07:ba:7d:ef:ab:
                    da:7e:5c:7d:d9:b4:18:f5:27:fc:4e:68:02:f3:1f:
                    83:9c:a2:2e:8e:6e:23:ce:5c:aa:84:3f:d4:a9:36:
                    19:92:67:c5:26:81:1a:12:57:87:35:73:0a:38:ba:
                    29:79:c3:a4:54:df:ae:2e:84:17:ce:58:c5:00:bf:
                    8c:a1:4f:c7:74:0e:41:59:c0:73:92:ba:13:46:8b:
                    13:3b:3d:46:4d:c5:5e:5d:81:30:46:bd:37:d3:32:
                    c0:c4:a8:43:55:92:5d:a0:c7:cb:7d:ae:57:6c:52:
                    7a:20:ba:07:9f:bb:01:c4:27:7b:a0:81:e0:c9:c3:
                    e4:3c:b8:37:b6:26:ca:a1:2b:79:fa:e7:69:85:66:
                    5a:35:5c:ff:cf:30:f3:11:1f:4b:4c:52:d5:f5:18:
                    7c:b7:b1:42:b7:3a:c9:aa:9e:1a:06:6e:db:32:61:
                    bc:bc:77:d9:45:8c:3b:0e:e2:66:27:62:08:a8:ac:
                    de:55:3e:04:37:a0:ce:63:a5:89:fa:ff:93:8e:c0:
                    74:11:d3:79:4a:9c:16:fb:e1:c9:6c:a9:c5:a6:98:
                    ed:38:9c:a5:c1:cf:b2:2a:55:bb:a1:88:90:88:a3:
                    2f:fa:d1:df:a0:b2:d8:1d:84:e9:29:a2:45:6b:37:
                    dd:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:B5:C3:B2:23:5D:C4:16:94:87:1B:F8:F7:0D:AF:4F:72:C3:F6:5D
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/gbXDsiNdxBaUhxv49w2vT3LD9l0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.130.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:3e:de:0f:cc:38:c9:2e:e8:42:9d:12:e6:63:b4:ef:df:da:
         4e:99:5f:49:59:8e:fd:3b:76:09:ce:c1:33:c8:dc:25:fa:ed:
         91:13:fd:6f:9a:7c:2f:d2:9e:69:9d:32:0f:fa:ba:f5:7a:36:
         80:53:b7:04:c8:de:3f:6c:b1:37:1b:13:c2:06:30:a7:77:55:
         ce:95:7a:2a:81:43:2e:e1:29:91:59:36:fc:74:16:b6:fd:8e:
         12:e7:af:11:22:81:06:7a:27:4a:83:48:75:76:d9:80:ab:2b:
         65:af:f9:d9:30:d8:41:87:17:4c:a9:5c:f7:85:b1:2e:93:00:
         0d:85:e6:d6:5a:51:fa:eb:02:53:17:e4:e9:ec:56:85:67:33:
         3b:6b:a0:78:81:85:5a:b6:af:de:21:2a:0a:dc:c3:a2:75:c7:
         d1:2f:0a:3b:fa:91:53:e8:7e:7c:63:d6:3a:d6:4b:4e:b7:df:
         74:fc:93:ff:bd:85:1e:9f:f5:fc:1d:a7:5d:dc:4a:4f:87:9f:
         36:15:1c:e8:92:be:96:63:7f:04:ab:ba:18:da:d5:5b:ba:87:
         3e:36:f9:3f:5b:9a:a8:8f:b0:20:92:9f:3f:cc:1c:2e:8f:63:
         70:ea:6f:e7:4a:ff:cc:8b:29:48:87:b1:ec:de:4f:ac:67:37:
         82:67:65:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xrDl7+OGL8wlvZwiwyI9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMTAxMDQxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWI1YzNiMjIzNWRjNDE2OTQ4NzFiZjhmNzBkYWY0ZjcyYzNmNjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3cqtjSExT6/B7p976vaflx92bQY
9Sf8TmgC8x+DnKIujm4jzlyqhD/UqTYZkmfFJoEaEleHNXMKOLopecOkVN+uLoQX
zljFAL+MoU/HdA5BWcBzkroTRosTOz1GTcVeXYEwRr030zLAxKhDVZJdoMfLfa5X
bFJ6ILoHn7sBxCd7oIHgycPkPLg3tibKoSt5+udphWZaNVz/zzDzER9LTFLV9Rh8
t7FCtzrJqp4aBm7bMmG8vHfZRYw7DuJmJ2IIqKzeVT4EN6DOY6WJ+v+TjsB0EdN5
SpwW++HJbKnFppjtOJylwc+yKlW7oYiQiKMv+tHfoLLYHYTpKaJFazfd7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIG1w7IjXcQWlIcb+PcNr09yw/ZdMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvZ2JYRHNpTmR4QmFVaHh2NDl3MnZUM0xEOWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvILoMA0G
CSqGSIb3DQEBCwUAA4IBAQATPt4PzDjJLuhCnRLmY7Tv39pOmV9JWY79O3YJzsEz
yNwl+u2RE/1vmnwv0p5pnTIP+rr1ejaAU7cEyN4/bLE3GxPCBjCnd1XOlXoqgUMu
4SmRWTb8dBa2/Y4S568RIoEGeidKg0h1dtmAqytlr/nZMNhBhxdMqVz3hbEukwAN
hebWWlH66wJTF+Tp7FaFZzM7a6B4gYVatq/eISoK3MOidcfRLwo7+pFT6H58Y9Y6
1ktOt990/JP/vYUen/X8Hadd3EpPh582FRzokr6WY38Eq7oY2tVbuoc+Nvk/W5qo
j7Agkp8/zBwuj2Nw6m/nSv/MiylIh7Hs3k+sZzeCZ2Vz
-----END CERTIFICATE-----