This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/GWKGsKkyqPgCVhvEekAbAJHoccI.roa
File:                     GWKGsKkyqPgCVhvEekAbAJHoccI.roa (raw, json)
Hash identifier:          8o24uGrSYeShVoT2bRrTtvlPBWg6y1jvlCLfv0jLDVc=
Subject key identifier:   19:62:86:B0:A9:32:A8:F8:02:56:1B:C4:7A:40:1B:00:91:E8:71:C2
Certificate issuer:       /CN=08828bc7dd784850b896ed7ded9483db5f01e059
Certificate serial:       019B7EA4CF96112936490DB48018B9C8AFD2
Authority key identifier: 08:82:8B:C7:DD:78:48:50:B8:96:ED:7D:ED:94:83:DB:5F:01:E0:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIKLx914SFC4lu197ZSD218B4Fk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/GWKGsKkyqPgCVhvEekAbAJHoccI.roa
Signing time:             Fri 02 Jan 2026 12:18:08 +0000
ROA not before:           Fri 02 Jan 2026 12:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49981
IP address blocks:        89.248.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/CIKLx914SFC4lu197ZSD218B4Fk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/CIKLx914SFC4lu197ZSD218B4Fk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIKLx914SFC4lu197ZSD218B4Fk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a4:cf:96:11:29:36:49:0d:b4:80:18:b9:c8:af:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08828bc7dd784850b896ed7ded9483db5f01e059
        Validity
            Not Before: Jan  2 12:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=196286b0a932a8f802561bc47a401b0091e871c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ff:7c:ea:9d:b1:3c:00:7f:23:f3:c4:60:10:
                    02:3d:0e:4f:b3:48:a0:f8:a4:f0:7d:27:b3:24:eb:
                    e0:52:bc:f0:eb:9b:f8:9a:05:95:00:f4:18:c2:e6:
                    2f:15:c3:21:21:f9:ea:28:57:65:06:25:0d:f0:94:
                    84:51:5b:d6:bb:2b:41:ca:9d:f9:41:a7:ea:58:4c:
                    db:20:b3:18:13:98:a5:99:49:2b:5c:a1:61:fb:06:
                    bf:c6:dd:db:a4:d4:b6:58:86:01:86:20:44:d9:35:
                    25:a0:b5:28:cc:7d:8d:57:c9:fa:ef:0c:9a:18:1a:
                    2a:43:99:de:b4:16:13:9e:52:f4:f5:2d:84:8d:f7:
                    9e:b8:11:b1:a5:96:bf:5e:e5:44:96:a8:94:32:3d:
                    8d:7e:43:68:5f:b8:c2:9d:34:62:dd:93:76:40:74:
                    7a:fa:fa:f2:45:2b:c4:52:06:f1:2b:b1:1a:97:3e:
                    44:f1:13:02:e5:ad:28:fe:6f:0c:91:54:7d:a8:20:
                    a9:9e:e4:4e:6a:23:a2:0d:81:36:a6:2b:5a:13:18:
                    43:f8:dd:cc:ed:fd:8a:4b:22:bd:17:4a:ce:3a:53:
                    9a:4a:9c:b8:5e:27:c2:09:2f:4d:5c:9f:42:f3:a8:
                    9c:1e:b4:bd:a3:86:20:44:75:0a:c3:c1:67:52:fb:
                    f2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:62:86:B0:A9:32:A8:F8:02:56:1B:C4:7A:40:1B:00:91:E8:71:C2
            X509v3 Authority Key Identifier:
                keyid:08:82:8B:C7:DD:78:48:50:B8:96:ED:7D:ED:94:83:DB:5F:01:E0:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIKLx914SFC4lu197ZSD218B4Fk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/GWKGsKkyqPgCVhvEekAbAJHoccI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/866754-f0ef-4900-8dd0-6c0403c9a440/1/CIKLx914SFC4lu197ZSD218B4Fk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.248.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:48:14:e4:f0:54:95:ea:26:c6:8c:d6:a3:14:93:25:3f:ec:
         27:53:23:0c:55:4d:07:77:fd:3f:81:d8:4b:5e:37:96:40:99:
         42:43:bc:03:23:b6:f0:39:46:25:21:58:6c:46:23:2e:b2:2c:
         4e:68:67:e8:6c:50:1c:6d:6d:30:c1:98:b2:14:30:eb:e9:1d:
         db:16:a8:de:82:9f:69:c4:b7:21:ad:4f:08:f7:e2:cd:c4:49:
         00:1f:26:22:6a:9e:95:8e:2c:73:af:cb:ee:3d:ed:94:e9:15:
         2f:bf:41:01:ef:d1:a7:dc:ff:95:03:bb:c9:af:fb:64:b5:5c:
         a1:fe:85:d5:c7:c5:94:79:a3:b3:90:5e:29:11:53:4c:c2:d5:
         f6:67:97:a2:57:5c:ad:50:d3:9c:8b:fc:04:7f:80:a6:6b:e2:
         44:6a:08:71:08:e6:d7:2c:f3:a9:28:f2:b2:68:aa:b8:22:b4:
         5b:5c:fd:ce:95:c3:90:a2:81:66:c9:e0:52:c4:b0:a6:65:d1:
         d6:b3:eb:9f:25:b2:35:34:07:ae:9a:d1:73:51:06:78:e2:e6:
         1d:b7:15:d7:7f:f3:de:bc:bf:2f:25:08:49:78:18:90:7b:a2:
         82:6b:3c:2e:1e:e1:1d:6f:59:7d:40:bf:0d:48:02:0e:a7:6e:
         c5:99:52:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pM+WESk2SQ20gBi5yK/SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODI4YmM3ZGQ3ODQ4NTBiODk2ZWQ3ZGVkOTQ4M2RiNWYw
MWUwNTkwHhcNMjYwMTAyMTIxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTYyODZiMGE5MzJhOGY4MDI1NjFiYzQ3YTQwMWIwMDkxZTg3MWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0v986p2xPAB/I/PEYBACPQ5Ps0ig
+KTwfSezJOvgUrzw65v4mgWVAPQYwuYvFcMhIfnqKFdlBiUN8JSEUVvWuytByp35
QafqWEzbILMYE5ilmUkrXKFh+wa/xt3bpNS2WIYBhiBE2TUloLUozH2NV8n67wya
GBoqQ5netBYTnlL09S2EjfeeuBGxpZa/XuVElqiUMj2NfkNoX7jCnTRi3ZN2QHR6
+vryRSvEUgbxK7Ealz5E8RMC5a0o/m8MkVR9qCCpnuROaiOiDYE2pitaExhD+N3M
7f2KSyK9F0rOOlOaSpy4XifCCS9NXJ9C86icHrS9o4YgRHUKw8FnUvvyBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlihrCpMqj4AlYbxHpAGwCR6HHCMB8GA1UdIwQY
MBaAFAiCi8fdeEhQuJbtfe2Ug9tfAeBZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lLTHg5MTRTRkM0bHUxOTdaU0QyMThCNEZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy84NjY3NTQtZjBlZi00OTAwLThkZDAt
NmMwNDAzYzlhNDQwLzEvR1dLR3NLa3lxUGdDVmh2RWVrQWJBSkhvY2NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy84NjY3NTQtZjBlZi00OTAwLThkZDAtNmMwNDAzYzlhNDQw
LzEvQ0lLTHg5MTRTRkM0bHUxOTdaU0QyMThCNEZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWfhCMA0G
CSqGSIb3DQEBCwUAA4IBAQBkSBTk8FSV6ibGjNajFJMlP+wnUyMMVU0Hd/0/gdhL
XjeWQJlCQ7wDI7bwOUYlIVhsRiMusixOaGfobFAcbW0wwZiyFDDr6R3bFqjegp9p
xLchrU8I9+LNxEkAHyYiap6Vjixzr8vuPe2U6RUvv0EB79Gn3P+VA7vJr/tktVyh
/oXVx8WUeaOzkF4pEVNMwtX2Z5eiV1ytUNOci/wEf4Cma+JEaghxCObXLPOpKPKy
aKq4IrRbXP3OlcOQooFmyeBSxLCmZdHWs+ufJbI1NAeumtFzUQZ44uYdtxXXf/Pe
vL8vJQhJeBiQe6KCazwuHuEdb1l9QL8NSAIOp27FmVIx
-----END CERTIFICATE-----