This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/GaGDncuQddyUxnzn8D0gEmgcUEE.roa
File:                     GaGDncuQddyUxnzn8D0gEmgcUEE.roa (raw, json)
Hash identifier:          5ThaU+xDf9Ra2G+8uR4FvGW5DGrRvoM6yThrW6Rng8I=
Subject key identifier:   19:A1:83:9D:CB:90:75:DC:94:C6:7C:E7:F0:3D:20:12:68:1C:50:41
Certificate issuer:       /CN=50399d4435bb85fae910abe38e68533204dfd60b
Certificate serial:       019B7DC95AACF72E01A19290F6B6F24D49C3
Authority key identifier: 50:39:9D:44:35:BB:85:FA:E9:10:AB:E3:8E:68:53:32:04:DF:D6:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/GaGDncuQddyUxnzn8D0gEmgcUEE.roa
Signing time:             Fri 02 Jan 2026 08:18:26 +0000
ROA not before:           Fri 02 Jan 2026 08:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4826
IP address blocks:        185.167.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:5a:ac:f7:2e:01:a1:92:90:f6:b6:f2:4d:49:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50399d4435bb85fae910abe38e68533204dfd60b
        Validity
            Not Before: Jan  2 08:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19a1839dcb9075dc94c67ce7f03d2012681c5041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3e:b4:0c:68:fa:06:08:b2:c5:32:b3:e5:a4:
                    3d:31:0a:67:4e:4f:c5:24:5b:5b:3a:c9:06:72:12:
                    85:25:b1:77:2c:44:4b:12:79:1a:c3:1f:b1:41:1b:
                    33:7a:da:84:31:95:8c:2b:e9:04:c2:31:1b:36:b9:
                    60:4d:57:91:97:68:da:ca:b6:b6:a3:37:64:c5:c5:
                    11:c0:a1:08:64:8f:9f:c8:f8:23:dd:7d:2f:d3:da:
                    f4:21:eb:0a:9d:11:33:be:da:18:3f:f2:03:85:c9:
                    09:2d:cf:bd:76:a0:89:4e:fd:52:de:c2:7f:bb:08:
                    33:05:1c:4d:76:ba:e3:67:e8:ba:b6:2f:3b:fa:00:
                    7d:15:30:5c:08:41:09:84:31:70:93:19:62:86:fc:
                    9f:e1:dc:76:cb:b9:21:f9:2a:79:da:ad:c5:85:66:
                    26:ae:64:61:68:e6:ba:ef:33:21:1d:4f:f5:9d:e9:
                    e4:38:d0:d4:20:73:12:26:04:33:e8:86:9a:a1:2e:
                    35:b5:d8:a5:aa:47:83:e8:83:c9:0f:50:2a:4b:dd:
                    ff:7e:66:f0:35:d3:49:8c:2a:e4:bf:7e:cb:7c:0e:
                    38:df:86:49:7b:09:14:8b:16:99:9d:bc:ef:c7:8c:
                    20:ec:ac:63:d7:2c:8f:f7:4d:1c:4d:d6:bf:e6:c7:
                    c7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:A1:83:9D:CB:90:75:DC:94:C6:7C:E7:F0:3D:20:12:68:1C:50:41
            X509v3 Authority Key Identifier:
                keyid:50:39:9D:44:35:BB:85:FA:E9:10:AB:E3:8E:68:53:32:04:DF:D6:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/GaGDncuQddyUxnzn8D0gEmgcUEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:7a:0a:d5:3e:5c:7f:db:41:ea:b7:01:39:21:ea:ca:b6:23:
         db:44:c4:68:db:b6:52:d7:c0:0f:a3:33:7a:58:60:c2:ab:ec:
         06:9b:a6:81:a3:f3:d9:25:99:db:4e:d0:4c:62:d7:ed:dc:83:
         88:55:80:1d:c3:43:66:49:12:59:11:08:94:61:82:55:d1:df:
         68:13:c8:b5:8c:ae:a1:21:35:43:51:f8:12:a3:f3:1d:de:53:
         a0:6c:85:1a:9d:5d:50:0f:4e:3f:59:62:78:0c:5e:55:1c:f1:
         aa:75:59:41:0a:38:2f:b7:ee:71:95:87:76:ab:36:ca:fb:a0:
         14:df:51:c1:3b:56:66:73:aa:2c:67:61:8c:61:f4:ad:d1:1e:
         bf:96:78:d6:d3:a1:0a:0a:00:85:5a:cc:00:52:a8:e2:f4:4e:
         6f:72:6c:a8:48:4c:df:6a:d7:59:20:3b:81:d4:ad:2d:3e:9b:
         81:7b:11:d0:2d:6b:08:56:38:27:e0:5e:c0:dd:ba:55:56:03:
         7e:17:0f:e6:07:e9:93:b6:55:cc:05:3d:61:3c:a2:41:9e:fc:
         b0:e1:e5:d8:30:32:f4:ff:9a:20:76:08:ab:e6:b5:06:0b:31:
         d9:7e:fd:51:57:27:f2:cb:07:6c:e2:19:f9:be:dd:05:73:f9:
         68:0b:42:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9yVqs9y4BoZKQ9rbyTUnDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMzk5ZDQ0MzViYjg1ZmFlOTEwYWJlMzhlNjg1MzMyMDRk
ZmQ2MGIwHhcNMjYwMTAyMDgxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWExODM5ZGNiOTA3NWRjOTRjNjdjZTdmMDNkMjAxMjY4MWM1MDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD60DGj6BgiyxTKz5aQ9MQpnTk/F
JFtbOskGchKFJbF3LERLEnkawx+xQRszetqEMZWMK+kEwjEbNrlgTVeRl2jayra2
ozdkxcURwKEIZI+fyPgj3X0v09r0IesKnREzvtoYP/IDhckJLc+9dqCJTv1S3sJ/
uwgzBRxNdrrjZ+i6ti87+gB9FTBcCEEJhDFwkxlihvyf4dx2y7kh+Sp52q3FhWYm
rmRhaOa67zMhHU/1nenkONDUIHMSJgQz6IaaoS41tdilqkeD6IPJD1AqS93/fmbw
NdNJjCrkv37LfA4434ZJewkUixaZnbzvx4wg7Kxj1yyP900cTda/5sfHrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmhg53LkHXclMZ85/A9IBJoHFBBMB8GA1UdIwQY
MBaAFFA5nUQ1u4X66RCr445oUzIE39YLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVURtZFJEVzdoZnJwRUt2amptaFRNZ1RmMWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi80ZjNmMDgtOTg2Yi00OGU0LTg1ZGQt
MzRmZmRiNDQyMTEzLzEvR2FHRG5jdVFkZHlVeG56bjhEMGdFbWdjVUVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi80ZjNmMDgtOTg2Yi00OGU0LTg1ZGQtMzRmZmRiNDQyMTEz
LzEvVURtZFJEVzdoZnJwRUt2amptaFRNZ1RmMWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuae/MA0G
CSqGSIb3DQEBCwUAA4IBAQCXegrVPlx/20HqtwE5IerKtiPbRMRo27ZS18APozN6
WGDCq+wGm6aBo/PZJZnbTtBMYtft3IOIVYAdw0NmSRJZEQiUYYJV0d9oE8i1jK6h
ITVDUfgSo/Md3lOgbIUanV1QD04/WWJ4DF5VHPGqdVlBCjgvt+5xlYd2qzbK+6AU
31HBO1Zmc6osZ2GMYfSt0R6/lnjW06EKCgCFWswAUqji9E5vcmyoSEzfatdZIDuB
1K0tPpuBexHQLWsIVjgn4F7A3bpVVgN+Fw/mB+mTtlXMBT1hPKJBnvyw4eXYMDL0
/5ogdgir5rUGCzHZfv1RVyfyywds4hn5vt0Fc/loC0KC
-----END CERTIFICATE-----