This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/GTVqbTKpMcFzIh1F_Ji9ZME_Hdo.roa
File:                     GTVqbTKpMcFzIh1F_Ji9ZME_Hdo.roa (raw, json)
Hash identifier:          1pfRnFfoQLN3tusAgko0GPNTTyT/pl+laXjuWcPlOLo=
Subject key identifier:   19:35:6A:6D:32:A9:31:C1:73:22:1D:45:FC:98:BD:64:C1:3F:1D:DA
Certificate issuer:       /CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
Certificate serial:       019B7F8398B2FEC27DB363D9BC0BAE55EF03
Authority key identifier: 58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/GTVqbTKpMcFzIh1F_Ji9ZME_Hdo.roa
Signing time:             Fri 02 Jan 2026 16:21:29 +0000
ROA not before:           Fri 02 Jan 2026 16:21:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     24774
IP address blocks:        37.230.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:98:b2:fe:c2:7d:b3:63:d9:bc:0b:ae:55:ef:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5885e884c2fc7a75d12dd1dea49ce2349c47067e
        Validity
            Not Before: Jan  2 16:21:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19356a6d32a931c173221d45fc98bd64c13f1dda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3c:d6:b4:91:ce:43:a0:6f:7f:25:91:c6:c2:
                    d1:a0:c3:44:ea:e2:65:1b:db:77:b2:c8:ba:1e:55:
                    e5:fa:8b:7c:90:cd:64:a2:e6:f8:07:d3:ad:66:f3:
                    dc:c9:9b:f2:b0:92:49:e4:ef:be:dd:fb:e4:c9:70:
                    c1:65:cb:3e:84:d1:95:95:a6:59:e1:f7:23:b8:2c:
                    71:d5:d2:d4:d6:fa:40:2d:75:e4:e4:1a:42:be:9b:
                    e0:a2:7f:4e:8e:f7:69:d7:18:5d:54:55:6d:41:c5:
                    24:6f:3f:1a:0e:6e:97:62:b6:ca:56:4a:4e:2a:02:
                    39:3a:c7:97:dc:16:88:3d:88:2f:a3:3d:ee:f6:bb:
                    a3:9e:fe:cd:6d:2f:72:6b:74:52:f4:1e:70:ad:62:
                    e4:4c:43:4b:21:fd:93:15:17:45:a4:dd:6f:9b:c1:
                    ca:3b:6c:bd:cc:64:df:36:60:4f:bc:df:64:67:98:
                    e6:0a:f6:0d:92:bb:00:45:6b:08:8b:2a:19:63:ea:
                    a4:dc:36:44:8a:d0:d7:44:aa:7e:64:79:14:cb:71:
                    5a:c2:7f:8b:98:39:2e:6b:a7:d9:e3:dd:f9:48:dc:
                    79:88:07:56:40:2a:33:a7:79:8a:bd:64:44:b3:b4:
                    5b:26:11:e9:af:18:16:e6:68:71:71:ff:d9:9e:ba:
                    27:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:35:6A:6D:32:A9:31:C1:73:22:1D:45:FC:98:BD:64:C1:3F:1D:DA
            X509v3 Authority Key Identifier:
                keyid:58:85:E8:84:C2:FC:7A:75:D1:2D:D1:DE:A4:9C:E2:34:9C:47:06:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WIXohML8enXRLdHepJziNJxHBn4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/GTVqbTKpMcFzIh1F_Ji9ZME_Hdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/6c0bf7-5f13-44a2-9989-8c9581d96d8f/1/WIXohML8enXRLdHepJziNJxHBn4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.230.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:e8:86:10:e7:10:74:7b:a7:84:cf:dc:2b:a9:42:f3:1b:1f:
         cd:a6:60:44:f8:5f:a7:b7:ab:15:03:4d:4e:bb:ea:85:ae:cf:
         1b:6e:94:7b:17:32:63:60:7c:6a:64:6e:82:1a:5f:28:2f:f3:
         7f:ce:2d:48:35:78:d3:ac:7f:17:02:77:a0:c1:e2:cf:59:b5:
         16:07:70:e7:0b:90:22:68:a5:b0:c7:46:68:ff:0e:65:f9:e0:
         35:5f:13:fd:af:87:5f:86:b7:73:6c:c7:54:03:0e:53:9f:35:
         aa:ee:b6:42:d0:69:33:39:d3:10:5c:59:ad:7a:a7:a2:43:98:
         b4:f6:80:d9:09:31:ac:77:5f:58:44:63:61:28:51:da:c6:9c:
         2f:35:dd:e8:ba:f5:51:81:dc:44:fa:9d:b2:c0:b3:ec:fd:50:
         cc:46:f0:df:76:4f:70:2b:5a:0e:55:8a:17:e2:1c:88:6d:7b:
         c7:c1:d0:88:77:dc:bd:f2:5b:aa:7f:d6:ff:f8:a0:ce:03:e9:
         59:70:7e:82:dd:85:19:50:99:1f:1a:e4:34:d0:a1:aa:88:b8:
         9e:a6:46:96:b4:8c:c9:d2:84:15:54:f2:75:b4:14:3d:ce:cb:
         04:21:a1:48:70:ad:e4:0b:88:3e:b1:e4:67:c0:ed:11:2b:0d:
         6d:10:34:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g5iy/sJ9s2PZvAuuVe8DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ODVlODg0YzJmYzdhNzVkMTJkZDFkZWE0OWNlMjM0OWM0
NzA2N2UwHhcNMjYwMTAyMTYyMTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTM1NmE2ZDMyYTkzMWMxNzMyMjFkNDVmYzk4YmQ2NGMxM2YxZGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlDzWtJHOQ6BvfyWRxsLRoMNE6uJl
G9t3ssi6HlXl+ot8kM1koub4B9OtZvPcyZvysJJJ5O++3fvkyXDBZcs+hNGVlaZZ
4fcjuCxx1dLU1vpALXXk5BpCvpvgon9Ojvdp1xhdVFVtQcUkbz8aDm6XYrbKVkpO
KgI5OseX3BaIPYgvoz3u9rujnv7NbS9ya3RS9B5wrWLkTENLIf2TFRdFpN1vm8HK
O2y9zGTfNmBPvN9kZ5jmCvYNkrsARWsIiyoZY+qk3DZEitDXRKp+ZHkUy3Fawn+L
mDkua6fZ4935SNx5iAdWQCozp3mKvWREs7RbJhHprxgW5mhxcf/Znron0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBk1am0yqTHBcyIdRfyYvWTBPx3aMB8GA1UdIwQY
MBaAFFiF6ITC/Hp10S3R3qSc4jScRwZ+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODkt
OGM5NTgxZDk2ZDhmLzEvR1RWcWJUS3BNY0Z6SWgxRl9KaTlaTUVfSGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni82YzBiZjctNWYxMy00NGEyLTk5ODktOGM5NTgxZDk2ZDhm
LzEvV0lYb2hNTDhlblhSTGRIZXBKemlOSnhIQm40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJeahMA0G
CSqGSIb3DQEBCwUAA4IBAQCm6IYQ5xB0e6eEz9wrqULzGx/NpmBE+F+nt6sVA01O
u+qFrs8bbpR7FzJjYHxqZG6CGl8oL/N/zi1INXjTrH8XAnegweLPWbUWB3DnC5Ai
aKWwx0Zo/w5l+eA1XxP9r4dfhrdzbMdUAw5TnzWq7rZC0GkzOdMQXFmteqeiQ5i0
9oDZCTGsd19YRGNhKFHaxpwvNd3ouvVRgdxE+p2ywLPs/VDMRvDfdk9wK1oOVYoX
4hyIbXvHwdCId9y98luqf9b/+KDOA+lZcH6C3YUZUJkfGuQ00KGqiLiepkaWtIzJ
0oQVVPJ1tBQ9zssEIaFIcK3kC4g+seRnwO0RKw1tEDT1
-----END CERTIFICATE-----