This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/99a2b1-1144-4f9c-8fdf-43e4d56d4043/1/gM2StpLZVmvayJcUvILE4XZXuLw.roa
File:                     gM2StpLZVmvayJcUvILE4XZXuLw.roa (raw, json)
Hash identifier:          KQMOAlvZrGCc1yTty62TEDax5SGCNvxrkbvizSS1atc=
Subject key identifier:   80:CD:92:B6:92:D9:56:6B:DA:C8:97:14:BC:82:C4:E1:76:57:B8:BC
Certificate issuer:       /CN=0f90b80b3d4893c9c1ec7d01c29bf3b450bb851d
Certificate serial:       019B7F14D74ECC5A67054D0AB5E364A1F937
Authority key identifier: 0F:90:B8:0B:3D:48:93:C9:C1:EC:7D:01:C2:9B:F3:B4:50:BB:85:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D5C4Cz1Ik8nB7H0BwpvztFC7hR0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/99a2b1-1144-4f9c-8fdf-43e4d56d4043/1/gM2StpLZVmvayJcUvILE4XZXuLw.roa
Signing time:             Fri 02 Jan 2026 14:20:30 +0000
ROA not before:           Fri 02 Jan 2026 14:20:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213157
IP address blocks:        91.218.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/99a2b1-1144-4f9c-8fdf-43e4d56d4043/1/D5C4Cz1Ik8nB7H0BwpvztFC7hR0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/99a2b1-1144-4f9c-8fdf-43e4d56d4043/1/D5C4Cz1Ik8nB7H0BwpvztFC7hR0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D5C4Cz1Ik8nB7H0BwpvztFC7hR0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:d7:4e:cc:5a:67:05:4d:0a:b5:e3:64:a1:f9:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f90b80b3d4893c9c1ec7d01c29bf3b450bb851d
        Validity
            Not Before: Jan  2 14:20:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=80cd92b692d9566bdac89714bc82c4e17657b8bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:80:03:1e:51:73:88:81:5f:be:ae:62:b0:4c:
                    74:e1:bb:68:a0:a3:ed:da:b4:9f:60:c1:7c:4c:73:
                    72:03:c3:42:b6:81:42:9b:2c:96:d6:c0:2c:a6:66:
                    21:e7:a2:d3:c2:df:c4:10:e4:6d:f9:b6:c0:54:1e:
                    85:c5:93:c2:49:e1:52:e6:47:2d:cd:dd:b3:af:63:
                    4d:09:e7:fe:28:72:8e:00:1d:79:89:6f:eb:35:6d:
                    49:b9:96:56:41:83:64:f0:a2:dc:79:d5:cd:6a:e3:
                    15:03:d8:c0:a4:6c:d6:1f:52:b9:f0:e2:d9:c5:86:
                    b4:ff:a2:c2:7a:07:0d:82:7c:f6:8a:3e:c4:48:76:
                    38:ad:f4:d4:0a:e3:e7:0d:4d:fd:e4:15:55:bb:ed:
                    4e:f3:7d:c1:f7:3d:fa:6a:7e:17:19:b3:6c:ee:1e:
                    3c:d9:61:56:d1:cb:57:6c:b6:9d:f0:e4:31:3b:0e:
                    9e:cd:d6:66:93:56:ee:d4:24:36:3f:00:91:e7:a9:
                    1e:3f:fa:6c:10:72:74:81:88:29:1b:fc:bb:7f:53:
                    04:10:ad:2d:3d:9e:ce:e5:9f:8b:a4:96:a2:b9:18:
                    60:77:9f:83:66:19:be:0d:8a:ad:e2:10:4f:a5:c4:
                    ca:c9:e4:13:58:40:c8:bf:1c:ab:3e:74:8d:03:0c:
                    22:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:CD:92:B6:92:D9:56:6B:DA:C8:97:14:BC:82:C4:E1:76:57:B8:BC
            X509v3 Authority Key Identifier:
                keyid:0F:90:B8:0B:3D:48:93:C9:C1:EC:7D:01:C2:9B:F3:B4:50:BB:85:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D5C4Cz1Ik8nB7H0BwpvztFC7hR0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/99a2b1-1144-4f9c-8fdf-43e4d56d4043/1/gM2StpLZVmvayJcUvILE4XZXuLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/99a2b1-1144-4f9c-8fdf-43e4d56d4043/1/D5C4Cz1Ik8nB7H0BwpvztFC7hR0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:25:de:8b:d4:c5:93:ab:98:35:a3:e8:11:31:4f:d1:d6:52:
         b4:aa:96:b8:54:e9:3d:db:98:74:cf:87:5d:7d:af:e1:61:a8:
         7f:9b:aa:30:b7:9f:68:7d:37:04:98:83:00:38:d8:1c:b9:52:
         c5:19:3f:ce:35:f6:db:2b:f2:81:35:f4:40:f2:45:77:ce:35:
         32:3a:44:a3:a9:3a:29:99:9c:19:17:15:f2:bc:d3:0d:84:4d:
         bd:6e:a2:b0:50:45:4b:6d:dd:64:9c:58:2e:16:27:90:5d:e9:
         1a:57:4f:cc:79:95:cb:37:31:70:42:f9:60:47:b5:0d:3f:a8:
         be:64:59:c1:d9:1d:83:34:04:05:0c:8e:2c:33:da:a8:5b:d6:
         96:bd:4b:33:0b:b5:90:af:01:da:63:8a:5f:da:70:67:3b:a8:
         c8:f9:ac:2a:5d:e5:1f:18:e8:82:62:66:ff:78:5d:74:48:ce:
         8e:ca:88:29:ca:2c:4b:c3:36:d0:41:b3:66:b6:d0:0a:b6:14:
         26:f8:a2:31:f8:b2:2a:bc:e3:d2:15:39:47:97:5a:ef:e4:99:
         d2:ee:f1:f8:e0:d1:79:3a:47:1c:b5:55:b6:fb:13:7b:36:90:
         1d:ac:b4:7a:8a:32:0b:9f:75:c9:d2:ff:42:f4:2f:54:ad:17:
         5c:b3:4a:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FNdOzFpnBU0KteNkofk3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmOTBiODBiM2Q0ODkzYzljMWVjN2QwMWMyOWJmM2I0NTBi
Yjg1MWQwHhcNMjYwMTAyMTQyMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGNkOTJiNjkyZDk1NjZiZGFjODk3MTRiYzgyYzRlMTc2NTdiOGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoADHlFziIFfvq5isEx04btooKPt
2rSfYMF8THNyA8NCtoFCmyyW1sAspmYh56LTwt/EEORt+bbAVB6FxZPCSeFS5kct
zd2zr2NNCef+KHKOAB15iW/rNW1JuZZWQYNk8KLcedXNauMVA9jApGzWH1K58OLZ
xYa0/6LCegcNgnz2ij7ESHY4rfTUCuPnDU395BVVu+1O833B9z36an4XGbNs7h48
2WFW0ctXbLad8OQxOw6ezdZmk1bu1CQ2PwCR56keP/psEHJ0gYgpG/y7f1MEEK0t
PZ7O5Z+LpJaiuRhgd5+DZhm+DYqt4hBPpcTKyeQTWEDIvxyrPnSNAwwiMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDNkraS2VZr2siXFLyCxOF2V7i8MB8GA1UdIwQY
MBaAFA+QuAs9SJPJwex9AcKb87RQu4UdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDVDNEN6MUlrOG5CN0gwQndwdnp0RkM3aFIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy85OWEyYjEtMTE0NC00ZjljLThmZGYt
NDNlNGQ1NmQ0MDQzLzEvZ00yU3RwTFpWbXZheUpjVXZJTEU0WFpYdUx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy85OWEyYjEtMTE0NC00ZjljLThmZGYtNDNlNGQ1NmQ0MDQz
LzEvRDVDNEN6MUlrOG5CN0gwQndwdnp0RkM3aFIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9oVMA0G
CSqGSIb3DQEBCwUAA4IBAQBWJd6L1MWTq5g1o+gRMU/R1lK0qpa4VOk925h0z4dd
fa/hYah/m6owt59ofTcEmIMAONgcuVLFGT/ONfbbK/KBNfRA8kV3zjUyOkSjqTop
mZwZFxXyvNMNhE29bqKwUEVLbd1knFguFieQXekaV0/MeZXLNzFwQvlgR7UNP6i+
ZFnB2R2DNAQFDI4sM9qoW9aWvUszC7WQrwHaY4pf2nBnO6jI+awqXeUfGOiCYmb/
eF10SM6OyogpyixLwzbQQbNmttAKthQm+KIx+LIqvOPSFTlHl1rv5JnS7vH44NF5
OkcctVW2+xN7NpAdrLR6ijILn3XJ0v9C9C9UrRdcs0rq
-----END CERTIFICATE-----