This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/GZsPzmbA--FYrc4SNgLcVzZUS58.roa
File:                     GZsPzmbA--FYrc4SNgLcVzZUS58.roa (raw, json)
Hash identifier:          gCmBdutjh3s8CjQ+XZ5HjES4JuiIxCATlIX/+TCZL7A=
Subject key identifier:   19:9B:0F:CE:66:C0:FB:E1:58:AD:CE:12:36:02:DC:57:36:54:4B:9F
Certificate issuer:       /CN=65d66329576c9c01b3cd8285f4b54b0170d8c39a
Certificate serial:       019B7834A6FE74333D22581FA1D33AF14356
Authority key identifier: 65:D6:63:29:57:6C:9C:01:B3:CD:82:85:F4:B5:4B:01:70:D8:C3:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/GZsPzmbA--FYrc4SNgLcVzZUS58.roa
Signing time:             Thu 01 Jan 2026 06:17:55 +0000
ROA not before:           Thu 01 Jan 2026 06:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31317
IP address blocks:        2001:67c:2048::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:a6:fe:74:33:3d:22:58:1f:a1:d3:3a:f1:43:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=65d66329576c9c01b3cd8285f4b54b0170d8c39a
        Validity
            Not Before: Jan  1 06:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=199b0fce66c0fbe158adce123602dc5736544b9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:73:d8:af:70:cc:06:77:25:37:bd:18:43:a8:
                    5b:3d:61:24:d1:eb:8e:f0:79:eb:8b:26:cb:a6:e4:
                    22:09:e2:71:b7:12:11:df:5f:85:af:ab:d9:2a:dd:
                    d6:4d:10:b8:da:95:60:fa:a0:78:17:ae:51:b5:81:
                    91:4d:79:82:23:f2:51:a5:ed:8d:a4:16:4b:86:6a:
                    ef:d1:e4:38:85:da:6d:bf:a3:14:50:06:5f:52:63:
                    d4:fc:bc:6c:f5:bd:e2:97:37:47:00:af:19:69:d6:
                    83:c9:e4:bf:50:60:3e:ea:56:2d:7a:e3:0c:43:22:
                    a4:06:cf:c5:ea:6e:63:12:3d:85:b5:7e:fd:17:ad:
                    88:70:38:f4:a9:43:0d:09:c0:9e:a0:bc:d5:ae:1d:
                    23:5c:d1:10:2d:7c:2b:d7:70:2b:a3:b5:57:45:d1:
                    ce:ae:80:7c:76:a2:fb:0d:a0:30:9b:9e:07:95:89:
                    4f:db:a7:fa:cc:9d:6c:ca:c5:c4:34:98:e8:94:0c:
                    3e:5d:b6:55:06:ba:77:4b:4d:6e:da:55:b5:28:b9:
                    1b:1b:57:7f:39:98:0d:7b:46:ab:70:87:57:11:c6:
                    93:81:b5:dc:8a:a1:61:e2:ec:d9:84:b5:25:ad:83:
                    c3:d5:62:bf:d7:60:c1:13:c2:fc:e4:4a:b9:26:12:
                    ab:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:9B:0F:CE:66:C0:FB:E1:58:AD:CE:12:36:02:DC:57:36:54:4B:9F
            X509v3 Authority Key Identifier:
                keyid:65:D6:63:29:57:6C:9C:01:B3:CD:82:85:F4:B5:4B:01:70:D8:C3:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/GZsPzmbA--FYrc4SNgLcVzZUS58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/d527f8-e5af-4820-a248-1e66505131ca/1/ZdZjKVdsnAGzzYKF9LVLAXDYw5o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2048::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:03:3b:90:8b:10:d0:dc:a1:8c:33:75:07:4b:d4:88:08:b0:
         ea:e9:39:34:04:f3:23:0b:cf:0c:31:1c:e7:fc:d5:55:52:32:
         9d:8a:77:f4:aa:d2:c6:6a:bc:ff:ec:db:f8:dc:83:ad:4b:c3:
         7a:35:d0:67:e9:6b:37:b4:b4:c4:82:33:8f:37:42:3b:c4:d2:
         33:8e:c8:f5:f2:73:61:82:c8:d0:27:a4:6c:38:95:04:be:32:
         5b:cd:2b:5d:59:8e:6c:f2:d1:d9:d0:ca:9a:9f:61:23:fd:9d:
         31:37:71:29:07:b0:df:6b:74:88:de:80:2e:97:0c:c1:27:e5:
         6b:82:28:1b:58:51:6d:79:dc:de:17:27:c6:2a:98:cc:e3:07:
         6b:e3:18:a7:98:89:fb:d4:d3:3f:1f:46:81:ee:e5:65:97:80:
         9a:bf:c4:23:62:d8:ea:26:02:fc:55:64:64:98:db:f0:81:ab:
         e1:d4:88:3f:c8:e3:70:80:ea:a6:7e:e8:e7:89:1f:d7:40:82:
         72:6e:2a:cb:3b:86:e2:4f:90:49:6b:12:15:b5:97:fa:c4:c5:
         f2:cc:83:ac:51:ee:b7:76:c1:89:c6:fe:e5:44:00:5d:93:e8:
         18:bf:61:99:c7:d7:a6:12:81:ef:88:ac:db:4c:d7:0c:09:4e:
         2c:c0:7f:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4NKb+dDM9IlgfodM68UNWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ZDY2MzI5NTc2YzljMDFiM2NkODI4NWY0YjU0YjAxNzBk
OGMzOWEwHhcNMjYwMTAxMDYxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTliMGZjZTY2YzBmYmUxNThhZGNlMTIzNjAyZGM1NzM2NTQ0YjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HPYr3DMBnclN70YQ6hbPWEk0euO
8HnriybLpuQiCeJxtxIR31+Fr6vZKt3WTRC42pVg+qB4F65RtYGRTXmCI/JRpe2N
pBZLhmrv0eQ4hdptv6MUUAZfUmPU/Lxs9b3ilzdHAK8ZadaDyeS/UGA+6lYteuMM
QyKkBs/F6m5jEj2FtX79F62IcDj0qUMNCcCeoLzVrh0jXNEQLXwr13Aro7VXRdHO
roB8dqL7DaAwm54HlYlP26f6zJ1sysXENJjolAw+XbZVBrp3S01u2lW1KLkbG1d/
OZgNe0arcIdXEcaTgbXciqFh4uzZhLUlrYPD1WK/12DBE8L85Eq5JhKr2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBmbD85mwPvhWK3OEjYC3Fc2VEufMB8GA1UdIwQY
MBaAFGXWYylXbJwBs82ChfS1SwFw2MOaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmRaaktWZHNuQUd6ellLRjlMVkxBWERZdzVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9kNTI3ZjgtZTVhZi00ODIwLWEyNDgt
MWU2NjUwNTEzMWNhLzEvR1pzUHptYkEtLUZZcmM0U05nTGNWelpVUzU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9kNTI3ZjgtZTVhZi00ODIwLWEyNDgtMWU2NjUwNTEzMWNh
LzEvWmRaaktWZHNuQUd6ellLRjlMVkxBWERZdzVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCBI
MA0GCSqGSIb3DQEBCwUAA4IBAQCGAzuQixDQ3KGMM3UHS9SICLDq6Tk0BPMjC88M
MRzn/NVVUjKdinf0qtLGarz/7Nv43IOtS8N6NdBn6Ws3tLTEgjOPN0I7xNIzjsj1
8nNhgsjQJ6RsOJUEvjJbzStdWY5s8tHZ0Mqan2Ej/Z0xN3EpB7Dfa3SI3oAulwzB
J+VrgigbWFFtedzeFyfGKpjM4wdr4xinmIn71NM/H0aB7uVll4Cav8QjYtjqJgL8
VWRkmNvwgavh1Ig/yONwgOqmfujniR/XQIJybirLO4biT5BJaxIVtZf6xMXyzIOs
Ue63dsGJxv7lRABdk+gYv2GZx9emEoHviKzbTNcMCU4swH/b
-----END CERTIFICATE-----