This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/Gcvg1TOFDjpajp7odbqwFDKpBAs.roa
File:                     Gcvg1TOFDjpajp7odbqwFDKpBAs.roa (raw, json)
Hash identifier:          UMt5peYripqOkorgu+LitEPMKkctWUjnSWw9aPRzg/0=
Subject key identifier:   19:CB:E0:D5:33:85:0E:3A:5A:8E:9E:E8:75:BA:B0:14:32:A9:04:0B
Certificate issuer:       /CN=36a32e14a2ffece5679f3ed117c30ff77b45b0f4
Certificate serial:       019B7F8593B7A7B6136F045C4EE0064EBEF8
Authority key identifier: 36:A3:2E:14:A2:FF:EC:E5:67:9F:3E:D1:17:C3:0F:F7:7B:45:B0:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NqMuFKL_7OVnnz7RF8MP93tFsPQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/Gcvg1TOFDjpajp7odbqwFDKpBAs.roa
Signing time:             Fri 02 Jan 2026 16:23:39 +0000
ROA not before:           Fri 02 Jan 2026 16:23:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21413
IP address blocks:        185.217.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/NqMuFKL_7OVnnz7RF8MP93tFsPQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/NqMuFKL_7OVnnz7RF8MP93tFsPQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NqMuFKL_7OVnnz7RF8MP93tFsPQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 10:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:93:b7:a7:b6:13:6f:04:5c:4e:e0:06:4e:be:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36a32e14a2ffece5679f3ed117c30ff77b45b0f4
        Validity
            Not Before: Jan  2 16:23:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19cbe0d533850e3a5a8e9ee875bab01432a9040b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e8:8e:7b:ee:e9:c0:50:a6:fc:ae:c2:39:c6:
                    df:67:45:13:56:db:e4:5c:13:79:9c:0b:cb:34:65:
                    82:69:6c:02:a6:7e:15:b4:5b:9d:a1:db:e1:50:39:
                    75:cb:0d:8c:69:99:fb:c3:cc:e2:da:66:de:64:e8:
                    88:80:e0:3d:c2:88:5c:9a:41:97:61:1a:1a:b6:b4:
                    03:ed:24:e4:75:2d:27:bd:94:82:44:ed:ea:7b:39:
                    39:e4:9f:52:a9:fe:d8:3b:d1:ab:30:f4:83:7e:fd:
                    95:89:36:c2:55:46:87:c2:a5:4b:70:21:df:e8:bd:
                    34:a2:d6:3b:d5:6f:3b:90:f0:b7:51:9e:4f:d6:6a:
                    2d:da:60:53:84:86:d0:05:fb:64:7f:9e:df:85:98:
                    4a:56:6c:77:d0:99:cc:f4:1e:b8:d9:63:09:f5:fd:
                    72:a4:d5:8f:8b:46:5c:17:5a:d6:94:64:b1:c2:16:
                    f9:80:3e:51:ae:47:cd:d9:56:2f:39:bf:99:d7:cf:
                    23:99:6a:dc:d7:2e:67:b6:da:68:7f:cc:91:6c:7b:
                    7a:8e:6a:d6:24:0e:71:8c:60:c1:22:08:17:67:d7:
                    4e:87:49:24:b0:5d:42:9a:75:12:db:ae:bf:7c:cf:
                    39:87:e7:f6:5b:ef:e6:77:45:df:c4:d6:44:02:90:
                    70:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:CB:E0:D5:33:85:0E:3A:5A:8E:9E:E8:75:BA:B0:14:32:A9:04:0B
            X509v3 Authority Key Identifier:
                keyid:36:A3:2E:14:A2:FF:EC:E5:67:9F:3E:D1:17:C3:0F:F7:7B:45:B0:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NqMuFKL_7OVnnz7RF8MP93tFsPQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/Gcvg1TOFDjpajp7odbqwFDKpBAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/2d6237-e584-4bef-9c35-7ef24099db85/1/NqMuFKL_7OVnnz7RF8MP93tFsPQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:24:a7:86:28:0d:cf:35:4a:06:96:95:18:a6:6c:f1:84:56:
         e1:8d:27:94:a7:5a:c3:dd:51:93:8f:26:43:62:44:92:5c:fd:
         94:51:52:b1:6a:b6:0b:e5:b2:73:c4:d2:ec:e2:3e:ce:88:cf:
         40:f7:03:3d:c7:c3:8a:83:08:06:6c:7a:0c:50:6d:96:b0:57:
         7b:90:f1:bb:77:84:5e:cc:e5:0b:44:4d:32:00:7e:82:ba:fc:
         1b:ac:ce:23:32:8b:3c:b6:0f:94:33:07:ee:35:02:0f:2f:6b:
         d9:ac:28:09:7b:4b:28:aa:2c:76:a4:52:55:62:f6:87:ee:32:
         fd:44:95:87:41:59:3e:7f:22:3b:8f:7f:19:fc:7c:d2:57:ce:
         b4:1f:e5:3d:6b:63:35:99:2d:f6:78:85:9e:9a:30:de:cf:fa:
         2d:87:fa:32:7c:19:52:8f:92:6a:81:5e:8b:8b:fc:75:43:83:
         91:42:2c:d0:7f:37:6b:9b:52:52:bc:09:1f:bc:84:52:ba:6c:
         53:13:58:84:10:c9:23:8b:0c:02:8c:9f:48:ec:30:b2:13:fe:
         e1:4d:14:5b:bb:4a:41:d1:2f:85:a9:68:a1:a2:e8:c6:91:0f:
         3b:e9:3b:41:b2:d2:23:65:68:af:dc:77:7a:88:9e:04:e9:19:
         f7:6c:8f:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hZO3p7YTbwRcTuAGTr74MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YTMyZTE0YTJmZmVjZTU2NzlmM2VkMTE3YzMwZmY3N2I0
NWIwZjQwHhcNMjYwMTAyMTYyMzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWNiZTBkNTMzODUwZTNhNWE4ZTllZTg3NWJhYjAxNDMyYTkwNDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eiOe+7pwFCm/K7COcbfZ0UTVtvk
XBN5nAvLNGWCaWwCpn4VtFudodvhUDl1yw2MaZn7w8zi2mbeZOiIgOA9wohcmkGX
YRoatrQD7STkdS0nvZSCRO3qezk55J9Sqf7YO9GrMPSDfv2ViTbCVUaHwqVLcCHf
6L00otY71W87kPC3UZ5P1mot2mBThIbQBftkf57fhZhKVmx30JnM9B642WMJ9f1y
pNWPi0ZcF1rWlGSxwhb5gD5RrkfN2VYvOb+Z188jmWrc1y5nttpof8yRbHt6jmrW
JA5xjGDBIggXZ9dOh0kksF1CmnUS266/fM85h+f2W+/md0XfxNZEApBwFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnL4NUzhQ46Wo6e6HW6sBQyqQQLMB8GA1UdIwQY
MBaAFDajLhSi/+zlZ58+0RfDD/d7RbD0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnFNdUZLTF83T1Zubno3UkY4TVA5M3RGc1BRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS8yZDYyMzctZTU4NC00YmVmLTljMzUt
N2VmMjQwOTlkYjg1LzEvR2N2ZzFUT0ZEanBhanA3b2RicXdGREtwQkFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS8yZDYyMzctZTU4NC00YmVmLTljMzUtN2VmMjQwOTlkYjg1
LzEvTnFNdUZLTF83T1Zubno3UkY4TVA5M3RGc1BRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudmwMA0G
CSqGSIb3DQEBCwUAA4IBAQAkJKeGKA3PNUoGlpUYpmzxhFbhjSeUp1rD3VGTjyZD
YkSSXP2UUVKxarYL5bJzxNLs4j7OiM9A9wM9x8OKgwgGbHoMUG2WsFd7kPG7d4Re
zOULRE0yAH6CuvwbrM4jMos8tg+UMwfuNQIPL2vZrCgJe0soqix2pFJVYvaH7jL9
RJWHQVk+fyI7j38Z/HzSV860H+U9a2M1mS32eIWemjDez/oth/oyfBlSj5JqgV6L
i/x1Q4ORQizQfzdrm1JSvAkfvIRSumxTE1iEEMkjiwwCjJ9I7DCyE/7hTRRbu0pB
0S+FqWihoujGkQ876TtBstIjZWiv3Hd6iJ4E6Rn3bI8M
-----END CERTIFICATE-----