This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/0Gko6c53kLVWB_-Ep3trJGgSOAg.roa
File:                     0Gko6c53kLVWB_-Ep3trJGgSOAg.roa (raw, json)
Hash identifier:          U+3EO35+t56yp1n/H718Py9yitebAGngljv4M1btjxA=
Subject key identifier:   D0:69:28:E9:CE:77:90:B5:56:07:FF:84:A7:7B:6B:24:68:12:38:08
Certificate issuer:       /CN=2811818f95be6690e8aabc5befa217346abcd574
Certificate serial:       019B22F043C1D8BF97CCD39010A394877A86
Authority key identifier: 28:11:81:8F:95:BE:66:90:E8:AA:BC:5B:EF:A2:17:34:6A:BC:D5:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBGBj5W-ZpDoqrxb76IXNGq81XQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/0Gko6c53kLVWB_-Ep3trJGgSOAg.roa
Signing time:             Mon 15 Dec 2025 16:55:29 +0000
ROA not before:           Mon 15 Dec 2025 16:55:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216472
IP address blocks:        212.108.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/KBGBj5W-ZpDoqrxb76IXNGq81XQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/KBGBj5W-ZpDoqrxb76IXNGq81XQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBGBj5W-ZpDoqrxb76IXNGq81XQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Dec 2025 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:22:f0:43:c1:d8:bf:97:cc:d3:90:10:a3:94:87:7a:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2811818f95be6690e8aabc5befa217346abcd574
        Validity
            Not Before: Dec 15 16:55:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d06928e9ce7790b55607ff84a77b6b2468123808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b6:1d:c1:b8:75:be:25:cd:b0:d9:cd:59:17:
                    ef:f0:1f:03:04:e5:01:8d:fd:48:d8:49:18:4b:b3:
                    f8:f9:ef:52:63:9e:82:ad:98:ee:97:0c:6c:f2:e5:
                    f5:69:c0:d7:5a:33:b5:0d:2c:81:79:84:28:9f:9e:
                    7b:26:9c:4e:34:66:c4:93:af:08:18:4e:e4:9b:e1:
                    0f:b9:31:84:78:0b:a7:22:92:e3:21:a9:62:74:4d:
                    19:4f:03:a8:a9:ab:2f:b7:9f:c4:0c:6b:bd:c1:19:
                    c3:f7:b8:15:15:46:dc:60:8f:12:64:46:6a:10:9d:
                    7a:49:85:0f:b2:cb:fd:02:b3:8e:79:a0:c2:d8:12:
                    ac:01:29:d0:5b:34:ce:5d:8c:d8:aa:78:89:4b:b4:
                    ff:a6:71:b3:25:8e:98:bb:ef:82:45:11:6d:ad:b5:
                    69:e8:40:74:c9:5b:ff:4d:b6:52:99:81:13:46:a9:
                    61:2a:d7:10:7a:bb:3b:f8:69:58:67:96:c8:d2:09:
                    c6:e4:e0:15:22:0e:1a:ad:bc:45:b5:a3:2f:50:f8:
                    ed:a4:7f:b0:7b:fd:3f:cd:bc:cd:6c:d8:01:41:50:
                    32:1f:62:44:5e:a1:fe:4d:ab:a8:ae:6f:9c:58:22:
                    34:55:6c:e2:fb:4d:89:74:66:6a:06:ab:1a:d1:18:
                    84:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:69:28:E9:CE:77:90:B5:56:07:FF:84:A7:7B:6B:24:68:12:38:08
            X509v3 Authority Key Identifier:
                keyid:28:11:81:8F:95:BE:66:90:E8:AA:BC:5B:EF:A2:17:34:6A:BC:D5:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBGBj5W-ZpDoqrxb76IXNGq81XQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/0Gko6c53kLVWB_-Ep3trJGgSOAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/89e655-bd79-4984-b649-42e57ef6000a/1/KBGBj5W-ZpDoqrxb76IXNGq81XQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:58:47:df:a6:1e:b9:f9:e9:cb:f0:6c:a8:73:f6:4f:d5:bd:
         33:fc:f7:db:c4:b5:67:3b:c0:f7:ee:c9:91:af:86:4a:b7:ad:
         34:2a:d0:b5:ed:05:08:8e:09:8e:cf:36:5e:42:63:5e:4b:85:
         69:91:a7:82:df:cb:ca:01:3c:ab:ca:b3:3f:86:9a:39:de:9b:
         33:54:06:26:68:04:41:5a:58:b7:c5:44:a2:e7:4d:24:a8:de:
         88:42:ce:81:e0:21:55:89:6b:b5:3d:37:7c:14:1e:80:52:a2:
         5e:5a:f2:62:2a:50:68:fb:2b:00:a9:e9:3c:f0:2a:cc:26:6d:
         9f:ef:98:36:54:b2:72:c5:81:e3:02:72:3c:dd:83:9d:82:49:
         27:ce:e1:4e:be:83:12:d7:2e:76:1c:96:42:26:dc:80:4f:06:
         68:2c:37:3c:05:af:91:d4:5b:e0:1a:e0:8f:3b:56:07:46:30:
         dd:7e:51:8c:1f:64:c0:2c:68:2c:31:86:b7:4d:06:8c:c9:b1:
         e7:fa:23:0b:f4:36:b5:e0:69:ee:dd:b1:c2:ac:03:00:a3:26:
         c2:1e:78:11:13:e6:13:66:57:aa:58:da:f6:54:51:6b:dd:71:
         be:75:9e:f6:ef:e8:04:f7:b4:dd:0d:1f:38:40:30:7e:4d:22:
         6e:49:23:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZsi8EPB2L+XzNOQEKOUh3qGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTE4MThmOTViZTY2OTBlOGFhYmM1YmVmYTIxNzM0NmFi
Y2Q1NzQwHhcNMjUxMjE1MTY1NTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDY5MjhlOWNlNzc5MGI1NTYwN2ZmODRhNzdiNmIyNDY4MTIzODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLYdwbh1viXNsNnNWRfv8B8DBOUB
jf1I2EkYS7P4+e9SY56CrZjulwxs8uX1acDXWjO1DSyBeYQon557JpxONGbEk68I
GE7km+EPuTGEeAunIpLjIalidE0ZTwOoqasvt5/EDGu9wRnD97gVFUbcYI8SZEZq
EJ16SYUPssv9ArOOeaDC2BKsASnQWzTOXYzYqniJS7T/pnGzJY6Yu++CRRFtrbVp
6EB0yVv/TbZSmYETRqlhKtcQers7+GlYZ5bI0gnG5OAVIg4arbxFtaMvUPjtpH+w
e/0/zbzNbNgBQVAyH2JEXqH+Tauorm+cWCI0VWzi+02JdGZqBqsa0RiEcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBpKOnOd5C1Vgf/hKd7ayRoEjgIMB8GA1UdIwQY
MBaAFCgRgY+VvmaQ6Kq8W++iFzRqvNV0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JHQmo1Vy1acERvcXJ4Yjc2SVhOR3E4MVhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS84OWU2NTUtYmQ3OS00OTg0LWI2NDkt
NDJlNTdlZjYwMDBhLzEvMEdrbzZjNTNrTFZXQl8tRXAzdHJKR2dTT0FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS84OWU2NTUtYmQ3OS00OTg0LWI2NDktNDJlNTdlZjYwMDBh
LzEvS0JHQmo1Vy1acERvcXJ4Yjc2SVhOR3E4MVhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxyMA0G
CSqGSIb3DQEBCwUAA4IBAQBMWEffph65+enL8Gyoc/ZP1b0z/PfbxLVnO8D37smR
r4ZKt600KtC17QUIjgmOzzZeQmNeS4VpkaeC38vKATyryrM/hpo53pszVAYmaARB
Wli3xUSi500kqN6IQs6B4CFViWu1PTd8FB6AUqJeWvJiKlBo+ysAqek88CrMJm2f
75g2VLJyxYHjAnI83YOdgkknzuFOvoMS1y52HJZCJtyATwZoLDc8Ba+R1FvgGuCP
O1YHRjDdflGMH2TALGgsMYa3TQaMybHn+iML9Da14Gnu3bHCrAMAoybCHngRE+YT
ZleqWNr2VFFr3XG+dZ727+gE97TdDR84QDB+TSJuSSMM
-----END CERTIFICATE-----