This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/gFtvV2Nf6aHPmzajQ5srlB1oKxU.roa
File:                     gFtvV2Nf6aHPmzajQ5srlB1oKxU.roa (raw, json)
Hash identifier:          I4oXKyNPDYtBodXHPnB3VP2AM/PrjjCBgXSPVTROeHw=
Subject key identifier:   80:5B:6F:57:63:5F:E9:A1:CF:9B:36:A3:43:9B:2B:94:1D:68:2B:15
Certificate issuer:       /CN=33c5b0d7c0a9cd24b73cdcb92c8746e85a4a5b8f
Certificate serial:       019B7A5B065F4D52E4F331928CC8C5368942
Authority key identifier: 33:C5:B0:D7:C0:A9:CD:24:B7:3C:DC:B9:2C:87:46:E8:5A:4A:5B:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M8Ww18CpzSS3PNy5LIdG6FpKW48.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/gFtvV2Nf6aHPmzajQ5srlB1oKxU.roa
Signing time:             Thu 01 Jan 2026 16:19:04 +0000
ROA not before:           Thu 01 Jan 2026 16:19:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396073
IP address blocks:        195.149.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/M8Ww18CpzSS3PNy5LIdG6FpKW48.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/M8Ww18CpzSS3PNy5LIdG6FpKW48.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M8Ww18CpzSS3PNy5LIdG6FpKW48.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 Jan 2026 22:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:06:5f:4d:52:e4:f3:31:92:8c:c8:c5:36:89:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33c5b0d7c0a9cd24b73cdcb92c8746e85a4a5b8f
        Validity
            Not Before: Jan  1 16:19:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=805b6f57635fe9a1cf9b36a3439b2b941d682b15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:53:81:a8:22:7f:dc:08:7c:d7:06:b8:47:99:
                    40:e7:aa:64:29:39:27:ea:10:b8:4c:36:6d:d7:62:
                    ab:89:bc:64:b0:3e:84:fb:55:47:03:c4:4e:28:96:
                    54:fb:ff:54:7f:c1:86:84:3d:12:22:e1:34:f5:12:
                    9b:23:1c:a8:c6:7c:65:36:45:dd:70:ca:f0:03:c7:
                    7b:ec:83:21:80:4f:bd:f9:e6:32:37:6b:96:58:9a:
                    92:57:47:8d:28:be:cd:d6:a8:a1:5b:8b:1e:b2:f9:
                    6a:3d:5f:f7:94:27:cb:d2:21:00:28:1e:6d:2a:72:
                    56:4a:1e:00:65:d1:a1:71:65:da:fc:89:19:13:12:
                    57:5a:a9:8f:90:d4:30:77:7f:ba:d9:39:f5:23:80:
                    43:a6:fe:88:b9:71:60:f3:10:2a:80:bf:eb:dc:02:
                    e1:c1:54:e2:96:bf:c4:6c:6c:88:ba:ae:61:8d:ab:
                    ab:e6:ca:02:27:6d:e4:d6:17:db:1b:87:a1:bd:8e:
                    b8:93:df:e8:6a:9a:ff:e2:fc:e0:bd:da:db:ca:74:
                    75:64:ee:89:3a:e3:b2:f6:7e:9d:cf:6a:bb:9e:39:
                    69:3f:69:d5:ef:c8:dd:f8:4c:25:0d:4c:07:5d:ae:
                    11:8f:ea:39:92:fc:dc:66:3b:e4:93:a8:f4:f7:57:
                    88:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:5B:6F:57:63:5F:E9:A1:CF:9B:36:A3:43:9B:2B:94:1D:68:2B:15
            X509v3 Authority Key Identifier:
                keyid:33:C5:B0:D7:C0:A9:CD:24:B7:3C:DC:B9:2C:87:46:E8:5A:4A:5B:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M8Ww18CpzSS3PNy5LIdG6FpKW48.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/gFtvV2Nf6aHPmzajQ5srlB1oKxU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/2581f4-8410-4a43-9186-0fab2269ea8e/1/M8Ww18CpzSS3PNy5LIdG6FpKW48.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:d3:6a:92:e8:ff:c5:0f:55:9d:e6:f2:fc:54:ad:ab:bd:5b:
         a3:bb:71:4b:b6:33:2f:3b:47:0b:15:06:e9:6b:e0:ac:28:0d:
         db:8b:cd:93:97:df:8e:51:a1:16:13:3b:0b:6b:b6:20:c4:d1:
         ba:c1:44:a3:ea:34:95:98:61:55:c5:5d:47:26:cc:7d:83:c7:
         94:02:52:80:d3:7f:36:75:e4:48:25:05:22:ee:36:12:44:48:
         b4:68:a3:76:c3:c1:a8:24:bd:da:ed:9f:44:da:2c:af:55:35:
         d4:6e:d0:8c:6b:e5:67:70:09:59:88:d2:e9:37:9f:af:f9:74:
         35:d5:87:b8:e1:f8:71:72:06:11:df:3d:f3:2a:63:b0:a1:09:
         80:ca:92:1e:e2:9d:02:17:05:16:24:b0:ba:ec:d4:3d:62:78:
         ea:77:f4:47:f2:bb:17:e7:f1:97:fe:a4:c3:b6:6d:f9:cc:b6:
         62:62:41:64:ef:e3:ec:74:c7:ac:6c:0c:08:12:c9:1a:cd:56:
         64:95:d4:4a:24:95:3d:68:03:46:f7:15:8d:3f:66:35:ae:92:
         47:be:ea:b2:44:e7:2d:2b:a0:5f:78:f5:f5:14:d8:22:c0:c7:
         ea:6c:64:df:93:d9:a5:82:94:a0:e0:24:69:ab:2c:b2:e2:fe:
         6d:59:a8:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6WwZfTVLk8zGSjMjFNolCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYzViMGQ3YzBhOWNkMjRiNzNjZGNiOTJjODc0NmU4NWE0
YTViOGYwHhcNMjYwMTAxMTYxOTA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDViNmY1NzYzNWZlOWExY2Y5YjM2YTM0MzliMmI5NDFkNjgyYjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplOBqCJ/3Ah81wa4R5lA56pkKTkn
6hC4TDZt12KribxksD6E+1VHA8ROKJZU+/9Uf8GGhD0SIuE09RKbIxyoxnxlNkXd
cMrwA8d77IMhgE+9+eYyN2uWWJqSV0eNKL7N1qihW4sesvlqPV/3lCfL0iEAKB5t
KnJWSh4AZdGhcWXa/IkZExJXWqmPkNQwd3+62Tn1I4BDpv6IuXFg8xAqgL/r3ALh
wVTilr/EbGyIuq5hjaur5soCJ23k1hfbG4ehvY64k9/oapr/4vzgvdrbynR1ZO6J
OuOy9n6dz2q7njlpP2nV78jd+EwlDUwHXa4Rj+o5kvzcZjvkk6j091eIsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBbb1djX+mhz5s2o0ObK5QdaCsVMB8GA1UdIwQY
MBaAFDPFsNfAqc0ktzzcuSyHRuhaSluPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTThXdzE4Q3B6U1MzUE55NUxJZEc2RnBLVzQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8yNTgxZjQtODQxMC00YTQzLTkxODYt
MGZhYjIyNjllYThlLzEvZ0Z0dlYyTmY2YUhQbXphalE1c3JsQjFvS3hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8yNTgxZjQtODQxMC00YTQzLTkxODYtMGZhYjIyNjllYThl
LzEvTThXdzE4Q3B6U1MzUE55NUxJZEc2RnBLVzQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw5VrMA0G
CSqGSIb3DQEBCwUAA4IBAQAL02qS6P/FD1Wd5vL8VK2rvVuju3FLtjMvO0cLFQbp
a+CsKA3bi82Tl9+OUaEWEzsLa7YgxNG6wUSj6jSVmGFVxV1HJsx9g8eUAlKA0382
deRIJQUi7jYSREi0aKN2w8GoJL3a7Z9E2iyvVTXUbtCMa+VncAlZiNLpN5+v+XQ1
1Ye44fhxcgYR3z3zKmOwoQmAypIe4p0CFwUWJLC67NQ9Ynjqd/RH8rsX5/GX/qTD
tm35zLZiYkFk7+PsdMesbAwIEskazVZkldRKJJU9aANG9xWNP2Y1rpJHvuqyROct
K6BfePX1FNgiwMfqbGTfk9mlgpSg4CRpqyyy4v5tWaiP
-----END CERTIFICATE-----