This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/GOVhumxEPoL4neQZjjckJeN-KNI.roa
File:                     GOVhumxEPoL4neQZjjckJeN-KNI.roa (raw, json)
Hash identifier:          z0Kl7cRQ4EqgIEyAr3hQ9onG9NvsLkz7qIrC+ywOwnQ=
Subject key identifier:   18:E5:61:BA:6C:44:3E:82:F8:9D:E4:19:8E:37:24:25:E3:7E:28:D2
Certificate issuer:       /CN=93ece780dfda43ab4a841727eb20d71fc76528bc
Certificate serial:       019B7A5A9EDBB7D63253999993003AD3EE3C
Authority key identifier: 93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/GOVhumxEPoL4neQZjjckJeN-KNI.roa
Signing time:             Thu 01 Jan 2026 16:18:37 +0000
ROA not before:           Thu 01 Jan 2026 16:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36666
IP address blocks:        62.169.158.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:9e:db:b7:d6:32:53:99:99:93:00:3a:d3:ee:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93ece780dfda43ab4a841727eb20d71fc76528bc
        Validity
            Not Before: Jan  1 16:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=18e561ba6c443e82f89de4198e372425e37e28d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:6e:79:db:04:00:04:02:b2:32:44:bf:7b:7d:
                    cf:00:63:e1:e7:f8:f9:50:f3:f9:98:d4:31:b4:e8:
                    a7:43:b7:7c:f1:67:3e:4b:0b:57:2a:fd:61:96:d1:
                    ca:94:f8:e7:d9:13:70:f1:ec:70:0b:ea:bd:0c:db:
                    d7:7a:1d:5c:da:17:82:bc:fb:60:5c:6c:9d:78:5f:
                    d6:90:62:17:ab:b0:cf:47:a0:38:83:99:33:bf:5d:
                    2e:0f:ac:55:7e:53:05:f6:c7:9f:50:c9:aa:f5:21:
                    35:ee:8b:4e:61:6a:a0:c9:88:8c:a1:36:56:fe:5e:
                    e1:50:34:ee:d6:e5:15:7d:8d:dc:da:86:46:dc:24:
                    4f:59:b1:68:30:86:c4:37:f0:62:40:4c:2f:82:c0:
                    1e:bb:04:10:09:52:b9:f0:95:78:35:ae:8d:ca:0d:
                    a3:41:0e:07:30:bf:64:4d:19:1d:8d:3a:f2:51:5f:
                    ed:a3:ec:b4:15:f9:4c:ee:f2:08:24:c3:58:18:ee:
                    ef:7d:45:aa:70:80:a0:5e:b7:09:05:68:fe:92:05:
                    0c:5b:1d:df:21:ef:41:e7:06:ee:ce:41:22:b8:ce:
                    04:f7:97:b6:c1:09:66:db:a2:16:a9:63:ae:3d:a6:
                    6f:ad:ce:ca:e3:fc:33:f6:3c:6a:c5:d6:0a:f2:de:
                    79:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:E5:61:BA:6C:44:3E:82:F8:9D:E4:19:8E:37:24:25:E3:7E:28:D2
            X509v3 Authority Key Identifier:
                keyid:93:EC:E7:80:DF:DA:43:AB:4A:84:17:27:EB:20:D7:1F:C7:65:28:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-zngN_aQ6tKhBcn6yDXH8dlKLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/GOVhumxEPoL4neQZjjckJeN-KNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7fa943-9ea6-4068-b6ae-a4d413d7f89c/1/k-zngN_aQ6tKhBcn6yDXH8dlKLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.169.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:bc:b8:c3:bb:91:5a:aa:04:61:f5:d9:bf:22:b3:40:d7:16:
         91:67:cb:26:43:34:9a:48:24:cb:37:b2:71:50:31:51:80:62:
         8a:13:51:07:7a:a2:5c:37:46:81:8e:23:38:c4:e1:e1:54:9b:
         60:aa:69:12:1c:bb:d1:b6:6d:b2:ff:3a:e9:8e:33:56:1d:5e:
         a4:9c:ed:bc:f5:62:84:be:be:5a:1f:85:dd:0e:d1:50:e4:90:
         93:ef:d0:bf:0a:5a:ca:7b:fe:bf:ea:5f:5b:0a:ee:97:1f:b1:
         1d:bb:1c:e2:1f:52:81:1f:75:43:40:c1:63:32:26:c4:42:a9:
         ec:f4:11:bc:e4:87:e9:fc:e3:1a:2f:bb:d9:b0:f2:72:2f:e9:
         08:96:ef:fa:37:c4:a9:cb:3c:31:ae:c1:16:c8:0b:e4:c8:c2:
         a6:d0:cb:dc:57:20:05:4d:3a:e2:a6:73:f3:3c:e9:c1:63:fd:
         06:4d:6d:50:9a:5c:66:61:b6:25:da:d1:45:d5:db:de:25:3f:
         b6:93:07:c0:21:dd:57:6a:72:3c:5a:7b:c4:9b:67:ea:bb:50:
         a8:16:2c:25:0d:45:3d:45:d8:c6:81:03:f4:94:f3:b0:da:0e:
         8e:77:e0:37:1d:22:c8:d4:52:2c:65:b1:11:81:81:a5:71:c9:
         fe:16:2e:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Wp7bt9YyU5mZkwA60+48MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZWNlNzgwZGZkYTQzYWI0YTg0MTcyN2ViMjBkNzFmYzc2
NTI4YmMwHhcNMjYwMTAxMTYxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOGU1NjFiYTZjNDQzZTgyZjg5ZGU0MTk4ZTM3MjQyNWUzN2UyOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArm552wQABAKyMkS/e33PAGPh5/j5
UPP5mNQxtOinQ7d88Wc+SwtXKv1hltHKlPjn2RNw8exwC+q9DNvXeh1c2heCvPtg
XGydeF/WkGIXq7DPR6A4g5kzv10uD6xVflMF9sefUMmq9SE17otOYWqgyYiMoTZW
/l7hUDTu1uUVfY3c2oZG3CRPWbFoMIbEN/BiQEwvgsAeuwQQCVK58JV4Na6Nyg2j
QQ4HML9kTRkdjTryUV/to+y0FflM7vIIJMNYGO7vfUWqcICgXrcJBWj+kgUMWx3f
Ie9B5wbuzkEiuM4E95e2wQlm26IWqWOuPaZvrc7K4/wz9jxqxdYK8t55ZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBjlYbpsRD6C+J3kGY43JCXjfijSMB8GA1UdIwQY
MBaAFJPs54Df2kOrSoQXJ+sg1x/HZSi8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUt
YTRkNDEzZDdmODljLzEvR09WaHVteEVQb0w0bmVRWmpqY2tKZU4tS05JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83ZmE5NDMtOWVhNi00MDY4LWI2YWUtYTRkNDEzZDdmODlj
LzEvay16bmdOX2FRNnRLaEJjbjZ5RFhIOGRsS0x3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBPqmeMA0G
CSqGSIb3DQEBCwUAA4IBAQA4vLjDu5FaqgRh9dm/IrNA1xaRZ8smQzSaSCTLN7Jx
UDFRgGKKE1EHeqJcN0aBjiM4xOHhVJtgqmkSHLvRtm2y/zrpjjNWHV6knO289WKE
vr5aH4XdDtFQ5JCT79C/ClrKe/6/6l9bCu6XH7EduxziH1KBH3VDQMFjMibEQqns
9BG85Ifp/OMaL7vZsPJyL+kIlu/6N8SpyzwxrsEWyAvkyMKm0MvcVyAFTTripnPz
POnBY/0GTW1QmlxmYbYl2tFF1dveJT+2kwfAId1XanI8WnvEm2fqu1CoFiwlDUU9
RdjGgQP0lPOw2g6Od+A3HSLI1FIsZbERgYGlccn+Fi5B
-----END CERTIFICATE-----