This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/d68f7b-2df7-4aff-bd16-7624dd6d7d30/1/gBhIlR2Vy9wZybBnJlISzDPwKZ8.roa
File:                     gBhIlR2Vy9wZybBnJlISzDPwKZ8.roa (raw, json)
Hash identifier:          1heXPqmld/OvbyWoLXACStGWieBaqsBslRtSrtYIOUw=
Subject key identifier:   80:18:48:95:1D:95:CB:DC:19:C9:B0:67:26:52:12:CC:33:F0:29:9F
Certificate issuer:       /CN=8c30d896f2c5d0770fb8d1c9140b059f19ff6ce9
Certificate serial:       019BFF0EFB013E28B22A86CC522789029ACB
Authority key identifier: 8C:30:D8:96:F2:C5:D0:77:0F:B8:D1:C9:14:0B:05:9F:19:FF:6C:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jDDYlvLF0HcPuNHJFAsFnxn_bOk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/d68f7b-2df7-4aff-bd16-7624dd6d7d30/1/gBhIlR2Vy9wZybBnJlISzDPwKZ8.roa
Signing time:             Tue 27 Jan 2026 10:45:30 +0000
ROA not before:           Tue 27 Jan 2026 10:45:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212399
IP address blocks:        185.209.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/d68f7b-2df7-4aff-bd16-7624dd6d7d30/1/jDDYlvLF0HcPuNHJFAsFnxn_bOk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/d68f7b-2df7-4aff-bd16-7624dd6d7d30/1/jDDYlvLF0HcPuNHJFAsFnxn_bOk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jDDYlvLF0HcPuNHJFAsFnxn_bOk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 29 Jan 2026 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:ff:0e:fb:01:3e:28:b2:2a:86:cc:52:27:89:02:9a:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c30d896f2c5d0770fb8d1c9140b059f19ff6ce9
        Validity
            Not Before: Jan 27 10:45:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=801848951d95cbdc19c9b067265212cc33f0299f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c0:64:15:7b:a0:ff:dc:be:56:f6:ba:8c:52:
                    9c:10:61:9b:6f:53:aa:47:b1:f8:4a:b0:01:5c:04:
                    68:5c:82:d3:b9:dd:5b:cd:35:07:ef:74:22:79:5a:
                    26:b2:a4:1a:75:da:58:33:90:6a:0e:fd:d7:3e:d1:
                    70:80:e1:88:1f:f6:1f:c2:39:c0:c1:a3:b4:cc:f3:
                    a4:6e:f2:2d:b2:35:df:3d:94:08:4e:a9:26:0b:10:
                    75:a7:a6:03:07:d5:23:b3:9d:7b:8e:13:eb:29:31:
                    7c:ca:bd:be:9c:3c:92:7a:d5:74:34:2d:e2:8c:7e:
                    7d:9d:d7:82:c7:e3:9d:87:a7:68:76:8a:65:9e:7b:
                    a2:27:f3:22:e5:6e:fc:94:21:fb:82:c8:d5:39:44:
                    03:c3:72:87:95:f4:e6:77:6f:41:73:52:72:81:9e:
                    a9:85:cc:ce:d6:0a:27:2e:d1:b0:11:ac:16:0f:84:
                    d8:df:ea:82:1e:ee:a4:4f:7e:e6:e9:52:9b:34:4f:
                    d6:99:0a:6c:e6:26:5a:f5:a0:b6:3b:a1:1b:b1:bb:
                    c5:35:c0:37:e7:2c:76:14:90:03:11:8c:7d:56:ed:
                    00:1d:bb:42:0e:65:4c:d2:49:81:65:90:c2:96:56:
                    ce:aa:2b:fa:63:c0:44:c9:b2:0f:4b:38:13:73:e3:
                    ca:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:18:48:95:1D:95:CB:DC:19:C9:B0:67:26:52:12:CC:33:F0:29:9F
            X509v3 Authority Key Identifier:
                keyid:8C:30:D8:96:F2:C5:D0:77:0F:B8:D1:C9:14:0B:05:9F:19:FF:6C:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jDDYlvLF0HcPuNHJFAsFnxn_bOk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/d68f7b-2df7-4aff-bd16-7624dd6d7d30/1/gBhIlR2Vy9wZybBnJlISzDPwKZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/d68f7b-2df7-4aff-bd16-7624dd6d7d30/1/jDDYlvLF0HcPuNHJFAsFnxn_bOk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:da:64:10:7d:cc:2b:d2:2e:0a:f8:69:25:75:98:fd:6f:64:
         23:dd:40:b8:92:e5:2f:64:b9:50:0f:ba:e0:17:27:cc:bf:0a:
         6c:91:a1:77:e4:8a:42:80:cf:87:57:e7:b8:bd:50:fe:09:dd:
         12:08:ae:76:6d:65:f3:f7:a9:7b:88:2f:32:25:3c:12:75:8b:
         fc:e7:f4:7e:a2:40:85:05:58:6e:2f:4b:de:eb:4a:ac:bc:f8:
         80:c9:92:33:a5:b0:65:07:5b:7b:3d:3f:03:9d:83:76:7f:5a:
         44:93:0f:92:55:fa:54:5f:bd:82:4a:14:ef:f7:39:a8:8b:c6:
         ea:e6:b4:0f:27:8e:e1:d9:9e:15:b7:73:74:86:0b:20:91:73:
         57:48:58:c5:38:ab:41:0c:cb:9e:bd:ee:ec:b5:31:01:04:b1:
         2b:a5:dc:bf:c6:02:1d:a7:ee:9d:84:ee:09:0f:c6:fb:f6:58:
         cf:43:fa:7d:7a:ce:63:7f:4e:d8:92:78:5e:91:3c:ab:86:3c:
         2d:f6:83:2f:63:ca:b8:f6:4d:79:0b:49:61:cb:9b:63:5d:4b:
         b6:fc:3a:8d:e5:e1:6a:30:27:ff:7a:ec:6f:81:93:3a:83:18:
         86:7b:9f:44:81:56:ff:d5:46:a0:2b:08:ae:82:ee:b8:38:5a:
         ae:4a:fc:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZv/DvsBPiiyKobMUieJAprLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMzBkODk2ZjJjNWQwNzcwZmI4ZDFjOTE0MGIwNTlmMTlm
ZjZjZTkwHhcNMjYwMTI3MTA0NTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDE4NDg5NTFkOTVjYmRjMTljOWIwNjcyNjUyMTJjYzMzZjAyOTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8BkFXug/9y+Vva6jFKcEGGbb1Oq
R7H4SrABXARoXILTud1bzTUH73QieVomsqQaddpYM5BqDv3XPtFwgOGIH/YfwjnA
waO0zPOkbvItsjXfPZQITqkmCxB1p6YDB9Ujs517jhPrKTF8yr2+nDySetV0NC3i
jH59ndeCx+Odh6dodoplnnuiJ/Mi5W78lCH7gsjVOUQDw3KHlfTmd29Bc1JygZ6p
hczO1gonLtGwEawWD4TY3+qCHu6kT37m6VKbNE/WmQps5iZa9aC2O6EbsbvFNcA3
5yx2FJADEYx9Vu0AHbtCDmVM0kmBZZDCllbOqiv6Y8BEybIPSzgTc+PK6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIAYSJUdlcvcGcmwZyZSEswz8CmfMB8GA1UdIwQY
MBaAFIww2JbyxdB3D7jRyRQLBZ8Z/2zpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakREWWx2TEYwSGNQdU5ISkZBc0ZueG5fYk9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC9kNjhmN2ItMmRmNy00YWZmLWJkMTYt
NzYyNGRkNmQ3ZDMwLzEvZ0JoSWxSMlZ5OXdaeWJCbkpsSVN6RFB3S1o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC9kNjhmN2ItMmRmNy00YWZmLWJkMTYtNzYyNGRkNmQ3ZDMw
LzEvakREWWx2TEYwSGNQdU5ISkZBc0ZueG5fYk9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudHyMA0G
CSqGSIb3DQEBCwUAA4IBAQBq2mQQfcwr0i4K+GkldZj9b2Qj3UC4kuUvZLlQD7rg
FyfMvwpskaF35IpCgM+HV+e4vVD+Cd0SCK52bWXz96l7iC8yJTwSdYv85/R+okCF
BVhuL0ve60qsvPiAyZIzpbBlB1t7PT8DnYN2f1pEkw+SVfpUX72CShTv9zmoi8bq
5rQPJ47h2Z4Vt3N0hgsgkXNXSFjFOKtBDMueve7stTEBBLErpdy/xgIdp+6dhO4J
D8b79ljPQ/p9es5jf07YknhekTyrhjwt9oMvY8q49k15C0lhy5tjXUu2/DqN5eFq
MCf/euxvgZM6gxiGe59EgVb/1UagKwiugu64OFquSvwg
-----END CERTIFICATE-----