This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/GfMPNhFLhmqnawsjqQy5BpzadGk.roa
File:                     GfMPNhFLhmqnawsjqQy5BpzadGk.roa (raw, json)
Hash identifier:          pK4EPBqZkYKq6xfSmPI/msruoe5VONRBfWbL6xFM7Gg=
Subject key identifier:   19:F3:0F:36:11:4B:86:6A:A7:6B:0B:23:A9:0C:B9:06:9C:DA:74:69
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       019B7F8106E4FF69683CEB517C97E163CBC1
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/GfMPNhFLhmqnawsjqQy5BpzadGk.roa
Signing time:             Fri 02 Jan 2026 16:18:40 +0000
ROA not before:           Fri 02 Jan 2026 16:18:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3223
IP address blocks:        45.131.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:06:e4:ff:69:68:3c:eb:51:7c:97:e1:63:cb:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan  2 16:18:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19f30f36114b866aa76b0b23a90cb9069cda7469
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a6:28:94:81:de:4c:6c:a0:e7:a1:25:7f:5d:
                    e7:17:a7:52:d9:85:5b:d1:a7:64:0b:b0:05:8c:81:
                    f1:b2:c0:00:a8:a3:ec:17:b8:a0:5d:b6:4c:7d:f5:
                    41:94:a1:3b:24:0f:2e:fe:d7:57:b1:0b:72:6e:c7:
                    25:7a:01:d1:5f:32:25:fa:42:f5:8a:f6:40:b5:be:
                    1b:8f:7a:a7:25:dc:58:3e:38:ca:e4:52:b2:51:59:
                    4b:03:6f:fc:f4:8e:1e:86:b7:a3:c5:b9:ae:0f:c7:
                    da:26:59:69:47:9b:be:63:31:90:85:b5:53:61:00:
                    77:29:a0:d3:28:64:d0:38:10:fe:26:0a:f7:1c:dc:
                    39:4a:05:0c:fe:af:51:85:dd:51:6a:68:89:74:4b:
                    b6:91:89:89:ce:76:a3:ec:b7:2f:67:93:36:8a:b1:
                    8e:df:57:e9:57:2a:53:3d:44:ab:47:b1:4c:96:ac:
                    5d:14:d0:3d:eb:f9:ee:c6:55:60:3a:49:f4:57:fe:
                    01:88:4b:38:54:d5:81:99:42:f4:19:76:87:fc:09:
                    79:43:f9:14:5f:94:f8:3e:8f:11:58:dd:79:37:a3:
                    03:6e:99:0c:6b:ac:16:80:ea:80:d0:53:86:44:0d:
                    82:f6:85:7a:a2:a3:9d:33:0c:b7:f7:d9:58:9a:7e:
                    25:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F3:0F:36:11:4B:86:6A:A7:6B:0B:23:A9:0C:B9:06:9C:DA:74:69
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/GfMPNhFLhmqnawsjqQy5BpzadGk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:95:99:02:ab:f3:da:06:05:15:4a:4e:65:25:a7:5b:4f:92:
         b1:68:3f:2d:52:1d:9b:f7:af:1a:f8:89:7d:36:17:d8:ed:41:
         6a:7e:8a:15:33:ed:6e:3b:04:76:60:bc:96:8e:cd:10:1b:0f:
         1c:a5:05:ef:24:63:c2:9e:c8:07:00:5a:95:64:90:4d:39:73:
         9c:ae:f2:b0:7e:2d:25:45:82:50:31:c3:17:b1:e7:2a:7d:41:
         ce:4e:c4:6a:f1:bb:9d:44:66:97:41:24:ce:7c:4a:6d:38:87:
         be:ca:4c:42:e4:8c:ef:b5:d3:b6:9c:a3:ff:f4:79:3a:e1:12:
         67:d0:e8:9d:5a:e4:5c:ad:c2:46:49:8e:ab:a6:38:b9:4c:47:
         22:aa:8a:7c:45:c4:06:4e:ca:56:6b:92:ff:27:93:d6:80:6f:
         bb:03:36:66:b6:71:5b:38:57:2f:ec:a2:6d:b9:ed:81:15:f8:
         a3:b3:40:80:97:3b:2c:4c:25:78:3d:3a:0f:11:c7:dd:75:0f:
         5d:b0:c2:ac:09:50:15:e6:98:66:ed:8c:8c:08:0d:11:e0:9a:
         fd:b4:6b:81:cf:22:16:2a:34:22:9a:ea:7d:ec:0b:04:df:7d:
         5f:c1:bd:07:ea:30:eb:7a:cd:55:7e:13:89:36:19:b0:5b:b5:
         8c:c8:d1:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/gQbk/2loPOtRfJfhY8vBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjYwMTAyMTYxODQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWYzMGYzNjExNGI4NjZhYTc2YjBiMjNhOTBjYjkwNjljZGE3NDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqYolIHeTGyg56Elf13nF6dS2YVb
0adkC7AFjIHxssAAqKPsF7igXbZMffVBlKE7JA8u/tdXsQtybsclegHRXzIl+kL1
ivZAtb4bj3qnJdxYPjjK5FKyUVlLA2/89I4ehrejxbmuD8faJllpR5u+YzGQhbVT
YQB3KaDTKGTQOBD+Jgr3HNw5SgUM/q9Rhd1RamiJdEu2kYmJznaj7LcvZ5M2irGO
31fpVypTPUSrR7FMlqxdFNA96/nuxlVgOkn0V/4BiEs4VNWBmUL0GXaH/Al5Q/kU
X5T4Po8RWN15N6MDbpkMa6wWgOqA0FOGRA2C9oV6oqOdMwy399lYmn4lCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnzDzYRS4Zqp2sLI6kMuQac2nRpMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvR2ZNUE5oRkxobXFuYXdzanFReTVCcHphZEdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYNqMA0G
CSqGSIb3DQEBCwUAA4IBAQAvlZkCq/PaBgUVSk5lJadbT5KxaD8tUh2b968a+Il9
NhfY7UFqfooVM+1uOwR2YLyWjs0QGw8cpQXvJGPCnsgHAFqVZJBNOXOcrvKwfi0l
RYJQMcMXsecqfUHOTsRq8budRGaXQSTOfEptOIe+ykxC5IzvtdO2nKP/9Hk64RJn
0OidWuRcrcJGSY6rpji5TEciqop8RcQGTspWa5L/J5PWgG+7AzZmtnFbOFcv7KJt
ue2BFfijs0CAlzssTCV4PToPEcfddQ9dsMKsCVAV5phm7YyMCA0R4Jr9tGuBzyIW
KjQimup97AsE331fwb0H6jDres1VfhOJNhmwW7WMyNF2
-----END CERTIFICATE-----