This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/gCGcCbBQjBcYyaiITKOUYK_gxrg.roa
File:                     gCGcCbBQjBcYyaiITKOUYK_gxrg.roa (raw, json)
Hash identifier:          ByAM+CxUxOjQ3yJjOd/HS0qwDuHciPFWW0+8VzRaqPU=
Subject key identifier:   80:21:9C:09:B0:50:8C:17:18:C9:A8:88:4C:A3:94:60:AF:E0:C6:B8
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       019B797E3EAE27AD8B95B822BDA2883644B9
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/gCGcCbBQjBcYyaiITKOUYK_gxrg.roa
Signing time:             Thu 01 Jan 2026 12:17:55 +0000
ROA not before:           Thu 01 Jan 2026 12:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211194
IP address blocks:        128.0.116.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 12:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:3e:ae:27:ad:8b:95:b8:22:bd:a2:88:36:44:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 12:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80219c09b0508c1718c9a8884ca39460afe0c6b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fa:4f:a6:75:21:e9:b9:d0:ed:81:36:d1:9c:
                    18:b6:5f:bb:89:ce:ca:ff:6a:87:e4:cd:c6:f7:62:
                    75:a0:78:71:bc:99:72:e3:66:fc:ea:83:93:47:16:
                    38:6a:b8:5b:ee:1b:fc:df:72:07:28:98:32:53:72:
                    7c:e1:24:b3:9f:a0:5f:db:5e:9d:d4:f6:92:e0:2a:
                    2b:35:99:83:5a:ec:e9:53:e6:29:ec:19:08:61:6b:
                    f3:bd:44:01:6c:ca:e6:9f:da:6e:11:7c:b8:a8:81:
                    46:a7:ba:34:c2:9b:9b:a3:bb:6a:08:3a:96:03:3e:
                    d0:b8:c1:0d:90:a1:ae:4f:5f:ca:ec:c2:f1:92:d2:
                    7b:1f:6f:af:40:91:fb:59:73:58:31:49:c5:64:20:
                    32:dd:32:da:22:f9:f0:4a:9b:02:6e:20:71:7b:6a:
                    78:00:c6:dd:11:4c:86:26:e2:f4:a3:10:8d:96:c4:
                    a5:8c:d8:69:95:81:35:48:22:53:09:46:00:3d:9a:
                    36:b2:b2:8a:0a:b7:5b:53:a3:69:34:81:a9:91:c4:
                    6a:d8:12:61:c9:fd:f4:00:71:bc:c4:3f:87:d3:e7:
                    ec:db:47:1b:f5:90:6e:ff:c2:ec:2b:51:a6:e4:84:
                    4c:8a:3d:08:69:c3:ba:1b:7d:a7:04:91:80:a9:84:
                    86:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:21:9C:09:B0:50:8C:17:18:C9:A8:88:4C:A3:94:60:AF:E0:C6:B8
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/gCGcCbBQjBcYyaiITKOUYK_gxrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.0.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:0e:ae:47:14:ec:39:6b:03:19:e5:76:62:33:48:a0:8a:ed:
         1d:2c:aa:5a:d7:d2:ea:96:3e:ea:92:f3:e0:a5:13:53:5f:ca:
         93:66:ed:8c:50:5d:c7:98:00:81:4d:4e:ff:3e:6a:b9:5e:ac:
         04:56:c9:81:14:04:1e:ed:0f:ec:fe:5b:68:dd:72:2e:5b:d8:
         b1:db:9f:98:e4:37:a6:35:a9:86:57:7d:b5:23:df:78:75:eb:
         22:61:ae:23:bf:22:61:c8:b5:5d:10:2e:aa:fc:9f:52:0b:63:
         5f:7b:aa:4e:64:ef:b0:30:29:f5:08:c2:65:b6:b1:06:8c:fc:
         a1:58:3a:80:11:3c:e8:e7:dd:47:ef:3d:05:51:d7:3e:16:43:
         fe:5f:6b:f9:07:39:d5:38:9b:f2:cf:37:13:24:13:59:58:35:
         71:a0:c7:3d:12:ad:10:dc:37:91:32:fb:ff:d4:da:fe:86:1d:
         a3:62:aa:09:52:fd:d3:76:ef:50:54:6e:c6:a7:8f:7c:89:1d:
         75:d9:88:32:65:97:56:e5:ca:8d:df:b0:92:2c:f4:aa:7f:fe:
         33:2e:11:27:68:9f:e7:a0:5d:d9:47:18:7c:6b:d6:fe:c6:54:
         27:15:d2:58:4e:88:ae:d5:94:a0:0c:29:a8:90:22:26:d4:0f:
         b2:76:c4:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5fj6uJ62LlbgivaKINkS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjYwMTAxMTIxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDIxOWMwOWIwNTA4YzE3MThjOWE4ODg0Y2EzOTQ2MGFmZTBjNmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvPpPpnUh6bnQ7YE20ZwYtl+7ic7K
/2qH5M3G92J1oHhxvJly42b86oOTRxY4arhb7hv833IHKJgyU3J84SSzn6Bf216d
1PaS4CorNZmDWuzpU+Yp7BkIYWvzvUQBbMrmn9puEXy4qIFGp7o0wpubo7tqCDqW
Az7QuMENkKGuT1/K7MLxktJ7H2+vQJH7WXNYMUnFZCAy3TLaIvnwSpsCbiBxe2p4
AMbdEUyGJuL0oxCNlsSljNhplYE1SCJTCUYAPZo2srKKCrdbU6NpNIGpkcRq2BJh
yf30AHG8xD+H0+fs20cb9ZBu/8LsK1Gm5IRMij0IacO6G32nBJGAqYSGLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIAhnAmwUIwXGMmoiEyjlGCv4Ma4MB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvZ0NHY0NiQlFqQmNZeWFpSVRLT1VZS19neHJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAgAB0MA0G
CSqGSIb3DQEBCwUAA4IBAQDCDq5HFOw5awMZ5XZiM0igiu0dLKpa19Lqlj7qkvPg
pRNTX8qTZu2MUF3HmACBTU7/Pmq5XqwEVsmBFAQe7Q/s/lto3XIuW9ix25+Y5Dem
NamGV321I994desiYa4jvyJhyLVdEC6q/J9SC2Nfe6pOZO+wMCn1CMJltrEGjPyh
WDqAETzo591H7z0FUdc+FkP+X2v5BznVOJvyzzcTJBNZWDVxoMc9Eq0Q3DeRMvv/
1Nr+hh2jYqoJUv3Tdu9QVG7Gp498iR112YgyZZdW5cqN37CSLPSqf/4zLhEnaJ/n
oF3ZRxh8a9b+xlQnFdJYToiu1ZSgDCmokCIm1A+ydsSJ
-----END CERTIFICATE-----