This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/gAEobSYXeBTkpjhr1NGGBygqZvA.roa
File:                     gAEobSYXeBTkpjhr1NGGBygqZvA.roa (raw, json)
Hash identifier:          UAsheFQAdNFM95KSSftG0uZENkjtk9zrTcPB/F/4eEU=
Subject key identifier:   80:01:28:6D:26:17:78:14:E4:A6:38:6B:D4:D1:86:07:28:2A:66:F0
Certificate issuer:       /CN=a3ca7b1c13a7d7b31231412b8fb6947a1747db9d
Certificate serial:       019B76EB98CF53C24E83E3E504340C0ADAF6
Authority key identifier: A3:CA:7B:1C:13:A7:D7:B3:12:31:41:2B:8F:B6:94:7A:17:47:DB:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o8p7HBOn17MSMUErj7aUehdH250.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/gAEobSYXeBTkpjhr1NGGBygqZvA.roa
Signing time:             Thu 01 Jan 2026 00:18:30 +0000
ROA not before:           Thu 01 Jan 2026 00:18:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48601
IP address blocks:        91.197.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/o8p7HBOn17MSMUErj7aUehdH250.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/o8p7HBOn17MSMUErj7aUehdH250.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o8p7HBOn17MSMUErj7aUehdH250.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 08 Jan 2026 09:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:98:cf:53:c2:4e:83:e3:e5:04:34:0c:0a:da:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3ca7b1c13a7d7b31231412b8fb6947a1747db9d
        Validity
            Not Before: Jan  1 00:18:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8001286d26177814e4a6386bd4d18607282a66f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:05:67:73:8d:42:7c:5b:21:4a:cf:d6:f4:ae:
                    63:11:61:9a:a7:0f:8a:44:42:b3:71:16:cd:8b:22:
                    66:b8:66:ee:67:09:0e:1a:34:96:3c:9f:86:41:b5:
                    ef:a8:14:8f:3e:20:07:03:d6:8c:41:3d:26:1d:db:
                    54:e8:25:92:49:57:10:bf:7b:2c:8e:9a:84:f8:cc:
                    f0:c6:f3:ac:96:03:20:57:d4:19:ca:cf:f4:c6:d1:
                    b7:e9:8d:24:85:30:83:fb:9d:0b:86:c6:4d:45:05:
                    49:e8:ea:63:1b:fa:d2:0b:ce:26:bf:c7:7f:83:6d:
                    e2:c8:d3:76:8d:4c:c3:98:fc:b8:55:d8:d1:02:1d:
                    2f:06:2d:7d:d3:9f:0d:a0:d3:69:54:49:2c:5f:3d:
                    13:00:8c:bf:24:c0:9e:cd:14:25:06:ab:5f:9f:66:
                    82:ea:f8:1c:6c:0e:64:9d:bb:dd:5b:28:c8:b1:32:
                    22:27:68:cd:10:03:02:ba:78:41:4c:74:5f:08:83:
                    99:22:89:36:6c:d8:21:cd:3c:a8:d0:81:f2:a8:db:
                    3b:7c:60:42:cc:16:b2:8a:79:af:f0:e3:23:59:c5:
                    52:52:96:87:46:8b:bc:72:32:bd:b8:30:6e:46:22:
                    19:fe:80:6e:4b:d5:51:80:44:35:b8:3c:d7:56:5e:
                    30:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:01:28:6D:26:17:78:14:E4:A6:38:6B:D4:D1:86:07:28:2A:66:F0
            X509v3 Authority Key Identifier:
                keyid:A3:CA:7B:1C:13:A7:D7:B3:12:31:41:2B:8F:B6:94:7A:17:47:DB:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o8p7HBOn17MSMUErj7aUehdH250.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/gAEobSYXeBTkpjhr1NGGBygqZvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/bcdcca-f06b-40cf-8e21-2145220994ce/1/o8p7HBOn17MSMUErj7aUehdH250.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:8d:85:c8:56:2d:01:66:e3:9b:de:b6:77:70:76:24:bc:dd:
         a3:c6:71:b1:85:85:cb:cb:b5:ec:59:e3:53:57:b8:fa:a8:80:
         b7:f7:1b:34:1c:ed:18:46:a2:a4:71:21:56:b6:1f:97:c3:b0:
         d7:b7:66:2d:db:5a:99:c9:b3:f4:0a:9c:b2:51:1e:ff:46:84:
         fb:4d:a7:fb:77:fe:97:67:98:d9:ce:ac:40:29:cc:73:f1:1b:
         fe:77:04:4e:2d:2e:3b:85:00:9f:31:9c:16:13:fa:5a:54:50:
         1f:1e:30:68:08:09:32:90:b0:12:2f:9f:e2:60:0c:f4:4f:69:
         73:b2:71:49:16:f3:8d:4a:39:47:df:7f:0f:f5:9d:77:cd:35:
         81:75:92:e6:45:55:21:0b:e3:8f:e3:03:78:80:b3:e8:eb:17:
         3d:87:92:b7:4b:e5:44:c7:78:4d:f8:5d:d9:a9:99:51:a9:b7:
         71:55:35:1e:fb:1a:5f:1d:7d:29:04:2d:ef:30:17:54:99:ac:
         a9:05:b0:30:e2:2a:f5:b2:49:77:57:c5:28:ed:74:8c:2d:6b:
         31:5b:e1:09:dd:ac:1b:a5:f6:44:0b:15:cd:42:5a:db:64:89:
         cb:b7:38:26:01:ce:fd:ef:45:50:35:0e:b8:be:d7:47:eb:40:
         ec:a4:c4:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt265jPU8JOg+PlBDQMCtr2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzY2E3YjFjMTNhN2Q3YjMxMjMxNDEyYjhmYjY5NDdhMTc0
N2RiOWQwHhcNMjYwMTAxMDAxODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDAxMjg2ZDI2MTc3ODE0ZTRhNjM4NmJkNGQxODYwNzI4MmE2NmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gVnc41CfFshSs/W9K5jEWGapw+K
REKzcRbNiyJmuGbuZwkOGjSWPJ+GQbXvqBSPPiAHA9aMQT0mHdtU6CWSSVcQv3ss
jpqE+MzwxvOslgMgV9QZys/0xtG36Y0khTCD+50LhsZNRQVJ6OpjG/rSC84mv8d/
g23iyNN2jUzDmPy4VdjRAh0vBi19058NoNNpVEksXz0TAIy/JMCezRQlBqtfn2aC
6vgcbA5knbvdWyjIsTIiJ2jNEAMCunhBTHRfCIOZIok2bNghzTyo0IHyqNs7fGBC
zBayinmv8OMjWcVSUpaHRou8cjK9uDBuRiIZ/oBuS9VRgEQ1uDzXVl4wjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIABKG0mF3gU5KY4a9TRhgcoKmbwMB8GA1UdIwQY
MBaAFKPKexwTp9ezEjFBK4+2lHoXR9udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzhwN0hCT24xN01TTVVFcmo3YVVlaGRIMjUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iY2RjY2EtZjA2Yi00MGNmLThlMjEt
MjE0NTIyMDk5NGNlLzEvZ0FFb2JTWVhlQlRrcGpocjFOR0dCeWdxWnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iY2RjY2EtZjA2Yi00MGNmLThlMjEtMjE0NTIyMDk5NGNl
LzEvbzhwN0hCT24xN01TTVVFcmo3YVVlaGRIMjUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8XyMA0G
CSqGSIb3DQEBCwUAA4IBAQCIjYXIVi0BZuOb3rZ3cHYkvN2jxnGxhYXLy7XsWeNT
V7j6qIC39xs0HO0YRqKkcSFWth+Xw7DXt2Yt21qZybP0CpyyUR7/RoT7Taf7d/6X
Z5jZzqxAKcxz8Rv+dwROLS47hQCfMZwWE/paVFAfHjBoCAkykLASL5/iYAz0T2lz
snFJFvONSjlH338P9Z13zTWBdZLmRVUhC+OP4wN4gLPo6xc9h5K3S+VEx3hN+F3Z
qZlRqbdxVTUe+xpfHX0pBC3vMBdUmaypBbAw4ir1skl3V8Uo7XSMLWsxW+EJ3awb
pfZECxXNQlrbZInLtzgmAc7970VQNQ64vtdH60DspMQb
-----END CERTIFICATE-----