This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/cddb61-12a0-46bd-9fb7-3e781dc1e7e9/1/GjbkJ49m1ylK_4cEmIWXPszPEDM.roa
File:                     GjbkJ49m1ylK_4cEmIWXPszPEDM.roa (raw, json)
Hash identifier:          gxfEhCbhLA8o8by+I0tdbjJ2UvnCGKEhH4gj7vfErb0=
Subject key identifier:   1A:36:E4:27:8F:66:D7:29:4A:FF:87:04:98:85:97:3E:CC:CF:10:33
Certificate issuer:       /CN=04e65b83d21315f8ba7578e88bdf3813295dde0a
Certificate serial:       019B7DCAD52F537BDD37D06CD5F50A9965E9
Authority key identifier: 04:E6:5B:83:D2:13:15:F8:BA:75:78:E8:8B:DF:38:13:29:5D:DE:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BOZbg9ITFfi6dXjoi984Eyld3go.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/cddb61-12a0-46bd-9fb7-3e781dc1e7e9/1/GjbkJ49m1ylK_4cEmIWXPszPEDM.roa
Signing time:             Fri 02 Jan 2026 08:20:03 +0000
ROA not before:           Fri 02 Jan 2026 08:20:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197512
IP address blocks:        195.20.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/cddb61-12a0-46bd-9fb7-3e781dc1e7e9/1/BOZbg9ITFfi6dXjoi984Eyld3go.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/cddb61-12a0-46bd-9fb7-3e781dc1e7e9/1/BOZbg9ITFfi6dXjoi984Eyld3go.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BOZbg9ITFfi6dXjoi984Eyld3go.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:d5:2f:53:7b:dd:37:d0:6c:d5:f5:0a:99:65:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04e65b83d21315f8ba7578e88bdf3813295dde0a
        Validity
            Not Before: Jan  2 08:20:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a36e4278f66d7294aff87049885973ecccf1033
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:b2:79:c6:d2:c8:70:68:72:86:8f:af:53:6e:
                    e7:d3:29:ce:7c:f0:6f:62:04:b1:3f:89:26:5c:b3:
                    d7:62:49:85:19:04:b6:a8:25:27:68:d5:fe:89:b2:
                    2a:f9:b6:3f:b5:d9:a5:ec:ef:bc:8b:99:45:64:5a:
                    9a:e3:35:7a:3a:c3:03:4e:25:6c:b5:5f:c6:f7:40:
                    78:92:99:75:d5:da:16:95:1c:6a:54:ba:bd:2c:e0:
                    96:67:54:6d:72:a2:ce:3f:13:30:97:d3:96:d1:86:
                    25:b8:7a:89:61:42:8b:91:e0:a9:e8:1a:86:aa:83:
                    9a:63:a3:70:13:66:f1:37:8c:f8:dc:62:57:bf:4e:
                    e9:cf:a5:b4:36:6b:da:91:bf:17:5b:7d:21:42:53:
                    24:cd:bf:3d:d5:e9:56:f0:84:7d:f0:0a:e9:b7:16:
                    08:80:9f:dd:71:c9:76:01:b3:86:6b:18:d2:0f:8f:
                    db:4e:54:b7:f4:aa:d0:c3:6c:69:80:f2:f8:07:ea:
                    99:bf:e9:86:bb:8d:91:0e:02:fe:b8:6e:6f:07:cb:
                    19:de:63:be:7f:a5:bb:b2:a4:f4:4f:41:35:82:21:
                    3d:16:0c:31:db:b6:b6:e8:90:b2:ea:35:2f:c2:de:
                    9c:0e:88:3b:5c:5e:2b:06:98:0e:e5:b1:39:f1:a1:
                    27:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:36:E4:27:8F:66:D7:29:4A:FF:87:04:98:85:97:3E:CC:CF:10:33
            X509v3 Authority Key Identifier:
                keyid:04:E6:5B:83:D2:13:15:F8:BA:75:78:E8:8B:DF:38:13:29:5D:DE:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BOZbg9ITFfi6dXjoi984Eyld3go.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/cddb61-12a0-46bd-9fb7-3e781dc1e7e9/1/GjbkJ49m1ylK_4cEmIWXPszPEDM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/cddb61-12a0-46bd-9fb7-3e781dc1e7e9/1/BOZbg9ITFfi6dXjoi984Eyld3go.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.20.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ee:29:a4:a5:87:48:0d:86:fc:96:96:00:2c:0a:d4:40:c6:
         54:83:9a:66:23:fd:a4:e5:a4:ea:bc:10:0c:8d:71:d8:a7:64:
         b2:e6:89:61:ef:71:dc:3a:e3:bf:c1:9c:9f:12:1b:a8:ea:97:
         e5:63:e7:9a:f9:4e:78:0f:a3:df:5c:28:96:e1:45:57:c8:ec:
         ab:a8:d6:7d:fc:95:e1:08:77:09:69:3f:0b:af:25:03:b6:0a:
         a6:b6:26:b5:74:e4:3c:15:9e:20:af:05:57:7e:c8:43:2a:1e:
         84:08:8c:fe:07:de:ab:5c:b1:2a:9a:1d:9b:e3:a5:09:ad:79:
         4b:00:b5:d2:3e:31:b6:24:c9:d0:2b:78:91:de:58:7d:b4:31:
         10:54:fa:aa:6a:eb:e5:9f:4b:cc:ef:81:57:44:79:60:da:32:
         7d:85:31:36:8c:ff:0b:2f:bd:0c:31:36:9c:a2:a9:94:18:fc:
         fd:49:c9:76:1c:b1:5a:4f:36:3d:8a:7c:4e:3c:80:fc:fc:c8:
         19:1f:fd:e6:d4:11:4f:88:67:50:2b:87:da:10:cb:76:8a:d9:
         d1:53:7b:3c:51:a5:03:a8:87:e3:63:d6:96:81:f2:64:4a:9a:
         a4:8e:9e:a0:93:fe:9c:4c:31:cd:ee:b6:68:f1:66:0d:b9:67:
         5a:fc:54:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9ytUvU3vdN9Bs1fUKmWXpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZTY1YjgzZDIxMzE1ZjhiYTc1NzhlODhiZGYzODEzMjk1
ZGRlMGEwHhcNMjYwMTAyMDgyMDAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTM2ZTQyNzhmNjZkNzI5NGFmZjg3MDQ5ODg1OTczZWNjY2YxMDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7bJ5xtLIcGhyho+vU27n0ynOfPBv
YgSxP4kmXLPXYkmFGQS2qCUnaNX+ibIq+bY/tdml7O+8i5lFZFqa4zV6OsMDTiVs
tV/G90B4kpl11doWlRxqVLq9LOCWZ1RtcqLOPxMwl9OW0YYluHqJYUKLkeCp6BqG
qoOaY6NwE2bxN4z43GJXv07pz6W0Nmvakb8XW30hQlMkzb891elW8IR98ArptxYI
gJ/dccl2AbOGaxjSD4/bTlS39KrQw2xpgPL4B+qZv+mGu42RDgL+uG5vB8sZ3mO+
f6W7sqT0T0E1giE9Fgwx27a26JCy6jUvwt6cDog7XF4rBpgO5bE58aEnfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBo25CePZtcpSv+HBJiFlz7MzxAzMB8GA1UdIwQY
MBaAFATmW4PSExX4unV46IvfOBMpXd4KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk9aYmc5SVRGZmk2ZFhqb2k5ODRFeWxkM2dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9jZGRiNjEtMTJhMC00NmJkLTlmYjct
M2U3ODFkYzFlN2U5LzEvR2pia0o0OW0xeWxLXzRjRW1JV1hQc3pQRURNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9jZGRiNjEtMTJhMC00NmJkLTlmYjctM2U3ODFkYzFlN2U5
LzEvQk9aYmc5SVRGZmk2ZFhqb2k5ODRFeWxkM2dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxSCMA0G
CSqGSIb3DQEBCwUAA4IBAQAq7imkpYdIDYb8lpYALArUQMZUg5pmI/2k5aTqvBAM
jXHYp2Sy5olh73HcOuO/wZyfEhuo6pflY+ea+U54D6PfXCiW4UVXyOyrqNZ9/JXh
CHcJaT8LryUDtgqmtia1dOQ8FZ4grwVXfshDKh6ECIz+B96rXLEqmh2b46UJrXlL
ALXSPjG2JMnQK3iR3lh9tDEQVPqqauvln0vM74FXRHlg2jJ9hTE2jP8LL70MMTac
oqmUGPz9Scl2HLFaTzY9inxOPID8/MgZH/3m1BFPiGdQK4faEMt2itnRU3s8UaUD
qIfjY9aWgfJkSpqkjp6gk/6cTDHN7rZo8WYNuWda/FTa
-----END CERTIFICATE-----