This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/GW-mgrkC2qHmg8J3nx6PeRKzEBc.roa
File:                     GW-mgrkC2qHmg8J3nx6PeRKzEBc.roa (raw, json)
Hash identifier:          a7oSpDeuu87ts3iraFziHlN07Uw1/CGe6NiNXT4qqYA=
Subject key identifier:   19:6F:A6:82:B9:02:DA:A1:E6:83:C2:77:9F:1E:8F:79:12:B3:10:17
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       019B797EA18A2887D579012171B07012034B
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/GW-mgrkC2qHmg8J3nx6PeRKzEBc.roa
Signing time:             Thu 01 Jan 2026 12:18:20 +0000
ROA not before:           Thu 01 Jan 2026 12:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61350
IP address blocks:        2a0e:aa07:e038::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 14:32:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:a1:8a:28:87:d5:79:01:21:71:b0:70:12:03:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Jan  1 12:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=196fa682b902daa1e683c2779f1e8f7912b31017
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:dc:88:6e:c3:58:a6:c8:23:9e:85:b3:e3:c1:
                    6b:61:5b:4a:ba:ff:9f:b3:89:25:73:ec:40:1c:af:
                    66:e1:9f:72:64:c3:93:18:9a:4e:fe:1a:b7:27:4a:
                    71:01:38:4c:d3:24:4e:c0:de:9d:25:d1:87:1f:fe:
                    29:34:1d:8b:b5:22:50:53:fb:7a:71:92:88:57:5c:
                    85:90:98:60:d2:99:cf:c8:4a:ff:85:31:ac:d1:83:
                    75:f6:fb:ff:a8:20:4c:9a:25:e7:5f:f0:9a:6e:d9:
                    32:ae:33:bf:39:80:0a:94:96:e6:b0:b6:d8:49:b1:
                    57:38:6e:7a:8c:3d:11:7e:ad:9e:31:c9:d4:f5:8c:
                    e5:1a:2f:3f:a6:48:95:ef:b1:84:63:5f:c4:a9:6f:
                    69:f9:b7:b9:ad:5f:1d:47:79:6a:b5:f7:aa:2d:a5:
                    24:f3:06:5d:0b:d9:03:cd:91:eb:11:4e:29:0c:3e:
                    f7:b8:e8:6e:0e:c2:bd:d5:5d:b9:f2:40:47:bd:d3:
                    e1:06:93:f9:f9:4f:41:c4:e3:e7:11:92:4d:b3:1d:
                    72:38:d4:2c:77:30:f0:b1:8e:3b:db:20:94:84:5e:
                    48:13:3c:d0:cd:a8:bb:cc:47:27:d1:4e:13:e1:10:
                    96:1c:48:2b:d8:76:52:94:87:b2:ff:f9:79:3e:49:
                    35:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:6F:A6:82:B9:02:DA:A1:E6:83:C2:77:9F:1E:8F:79:12:B3:10:17
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/GW-mgrkC2qHmg8J3nx6PeRKzEBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e038::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:89:38:49:66:8c:59:80:f1:ba:b2:5f:a4:2c:20:65:2a:29:
         83:aa:a4:3c:d6:e2:eb:45:7d:e8:ea:c6:af:7d:29:9f:7f:c7:
         e5:76:17:0c:e5:4e:40:61:19:00:95:79:c6:af:40:d9:9d:42:
         89:27:e2:11:b3:54:88:ef:8d:a1:13:23:1d:12:c6:da:f2:5c:
         16:50:2b:43:db:3b:a2:4e:1e:ec:27:09:e6:2d:3c:a2:c4:ca:
         5f:f4:f5:3f:ea:4d:ce:8f:7d:0c:8c:9a:74:af:5c:ca:a9:6f:
         b8:04:1b:c2:76:93:12:38:86:00:48:7f:b2:4e:79:9e:1b:8c:
         80:fd:13:6b:12:63:cf:4f:d4:f1:eb:69:f8:01:18:71:8e:9b:
         63:44:cb:7b:84:e1:27:e3:9b:73:2d:89:18:32:f1:16:1e:ee:
         b4:2a:04:6d:0f:da:2b:9d:0b:79:01:9b:9a:29:6f:1b:7d:2a:
         f2:0a:21:a7:67:f7:ad:17:c2:56:44:ce:55:fa:0b:9f:57:8c:
         7f:d6:f2:86:3c:16:90:ac:24:c6:de:b7:a7:05:48:53:49:39:
         b8:bb:f7:92:bb:3c:d9:0c:8f:a5:3e:3e:0e:11:e3:1b:d1:54:
         b4:2c:ac:7e:e5:1e:de:88:86:76:ed:e6:c0:88:5c:f9:b7:cb:
         68:15:be:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5fqGKKIfVeQEhcbBwEgNLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjYwMTAxMTIxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTZmYTY4MmI5MDJkYWExZTY4M2MyNzc5ZjFlOGY3OTEyYjMxMDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdyIbsNYpsgjnoWz48FrYVtKuv+f
s4klc+xAHK9m4Z9yZMOTGJpO/hq3J0pxAThM0yROwN6dJdGHH/4pNB2LtSJQU/t6
cZKIV1yFkJhg0pnPyEr/hTGs0YN19vv/qCBMmiXnX/CabtkyrjO/OYAKlJbmsLbY
SbFXOG56jD0Rfq2eMcnU9YzlGi8/pkiV77GEY1/EqW9p+be5rV8dR3lqtfeqLaUk
8wZdC9kDzZHrEU4pDD73uOhuDsK91V258kBHvdPhBpP5+U9BxOPnEZJNsx1yONQs
dzDwsY472yCUhF5IEzzQzai7zEcn0U4T4RCWHEgr2HZSlIey//l5Pkk14wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBlvpoK5Atqh5oPCd58ej3kSsxAXMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvR1ctbWdya0MycUhtZzhKM254NlBlUkt6RUJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6qB+A4
MA0GCSqGSIb3DQEBCwUAA4IBAQBFiThJZoxZgPG6sl+kLCBlKimDqqQ81uLrRX3o
6savfSmff8fldhcM5U5AYRkAlXnGr0DZnUKJJ+IRs1SI742hEyMdEsba8lwWUCtD
2zuiTh7sJwnmLTyixMpf9PU/6k3Oj30MjJp0r1zKqW+4BBvCdpMSOIYASH+yTnme
G4yA/RNrEmPPT9Tx62n4ARhxjptjRMt7hOEn45tzLYkYMvEWHu60KgRtD9ornQt5
AZuaKW8bfSryCiGnZ/etF8JWRM5V+gufV4x/1vKGPBaQrCTG3renBUhTSTm4u/eS
uzzZDI+lPj4OEeMb0VS0LKx+5R7eiIZ27ebAiFz5t8toFb5c
-----END CERTIFICATE-----