This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/b49500-0b74-4c45-a882-0c84fd757990/1/GEViIrp__zd7MRZmIGyBHixASLs.roa
File:                     GEViIrp__zd7MRZmIGyBHixASLs.roa (raw, json)
Hash identifier:          wj88L0dW9LTOq3jf3P0nxH1ftHshlmZInv5nkhzsxdc=
Subject key identifier:   18:45:62:22:BA:7F:FF:37:7B:31:16:66:20:6C:81:1E:2C:40:48:BB
Certificate issuer:       /CN=d0735650526d2bbf5250d9797e49db1d9f1cc27f
Certificate serial:       019B2C2274804004768B72CF37DB131B390F
Authority key identifier: D0:73:56:50:52:6D:2B:BF:52:50:D9:79:7E:49:DB:1D:9F:1C:C2:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0HNWUFJtK79SUNl5fknbHZ8cwn8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/b49500-0b74-4c45-a882-0c84fd757990/1/GEViIrp__zd7MRZmIGyBHixASLs.roa
Signing time:             Wed 17 Dec 2025 11:46:53 +0000
ROA not before:           Wed 17 Dec 2025 11:46:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203014
IP address blocks:        62.220.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/b49500-0b74-4c45-a882-0c84fd757990/1/0HNWUFJtK79SUNl5fknbHZ8cwn8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/b49500-0b74-4c45-a882-0c84fd757990/1/0HNWUFJtK79SUNl5fknbHZ8cwn8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0HNWUFJtK79SUNl5fknbHZ8cwn8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 07:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:2c:22:74:80:40:04:76:8b:72:cf:37:db:13:1b:39:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0735650526d2bbf5250d9797e49db1d9f1cc27f
        Validity
            Not Before: Dec 17 11:46:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18456222ba7fff377b311666206c811e2c4048bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9e:26:6f:5b:ea:c3:bd:38:a1:59:1d:f1:53:
                    5f:7d:c4:48:c2:ae:85:5f:3f:ca:dd:36:48:fe:4e:
                    26:59:10:1a:c5:f9:99:0c:cd:3a:c6:3d:03:df:af:
                    0b:5d:c3:3e:0c:90:8d:df:0a:25:16:e7:e8:7d:e9:
                    7d:01:f7:94:60:77:7a:7c:cd:a2:8b:d7:ae:33:75:
                    56:44:14:69:3d:05:9b:ab:f4:eb:11:0a:b5:53:db:
                    5f:f6:9d:61:e5:d7:e5:c0:5d:a3:6c:34:f4:8c:10:
                    81:c2:08:44:7b:9f:e9:8e:4c:04:a4:2a:ec:fb:e6:
                    0b:7b:32:48:98:91:96:f3:4d:bd:97:37:f6:b4:d1:
                    4f:3b:75:46:70:e2:5a:9f:af:00:6b:25:d0:8d:aa:
                    d8:f9:18:a5:b9:26:3e:d4:da:a0:9b:cf:8c:36:b0:
                    ea:b3:75:03:da:0c:58:da:bf:0a:80:5b:46:6d:e0:
                    72:85:e1:2d:c7:43:1f:3e:ef:1e:13:e5:21:b7:1f:
                    cf:02:f9:95:b3:39:68:3e:de:62:fe:44:c4:3d:a8:
                    65:66:1b:e0:74:45:84:1d:e5:49:0c:ce:ba:1f:d9:
                    2e:f0:67:b1:37:c5:11:d6:95:e3:23:58:4f:c7:fb:
                    b1:63:e8:f7:be:e7:db:06:7c:ee:5e:63:dc:ae:72:
                    c9:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:45:62:22:BA:7F:FF:37:7B:31:16:66:20:6C:81:1E:2C:40:48:BB
            X509v3 Authority Key Identifier:
                keyid:D0:73:56:50:52:6D:2B:BF:52:50:D9:79:7E:49:DB:1D:9F:1C:C2:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0HNWUFJtK79SUNl5fknbHZ8cwn8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b49500-0b74-4c45-a882-0c84fd757990/1/GEViIrp__zd7MRZmIGyBHixASLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/b49500-0b74-4c45-a882-0c84fd757990/1/0HNWUFJtK79SUNl5fknbHZ8cwn8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.220.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:c8:fc:7a:d0:3c:8c:b8:f1:a5:da:2d:e1:31:a2:02:48:eb:
         09:e0:df:0e:45:7b:60:1e:9f:0e:81:25:32:00:4d:44:ae:7c:
         10:e1:3f:ba:8e:8c:2c:8c:1c:c0:2f:97:1b:f4:4f:48:73:e6:
         82:56:60:4d:b1:6c:b2:a9:fe:df:38:82:3b:da:e8:a0:14:aa:
         68:ea:b0:c0:f6:da:7f:50:41:eb:a3:09:cf:3d:f3:55:5d:6e:
         3b:82:38:8f:89:1e:67:83:2f:77:fa:33:31:a8:8d:66:a3:60:
         bc:8f:66:6d:36:72:50:3e:f3:e5:2e:1f:67:7b:29:19:a2:3c:
         b8:a4:cf:1f:2a:70:e2:20:00:af:ea:4e:7e:85:b2:86:c2:9d:
         5c:ea:09:44:e7:eb:7b:df:28:8e:ea:a8:9c:44:44:98:4a:b3:
         5a:12:f5:9d:1c:bf:e6:af:28:75:e9:38:bf:0f:3c:e6:6b:5f:
         9f:a4:95:2d:06:66:f4:d8:ad:8f:8e:b5:f8:e4:5a:b6:4b:c4:
         4b:df:d8:a1:9f:c8:7a:61:9a:8c:9e:e9:b7:55:9c:1f:a7:d3:
         0b:99:74:63:bf:72:df:87:14:5b:09:25:fc:5b:89:c2:2b:3f:
         cc:1c:d5:81:64:14:a8:b0:b0:5d:d5:80:b6:2a:8d:dc:5d:f1:
         20:43:dc:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZssInSAQAR2i3LPN9sTGzkPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNzM1NjUwNTI2ZDJiYmY1MjUwZDk3OTdlNDlkYjFkOWYx
Y2MyN2YwHhcNMjUxMjE3MTE0NjUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODQ1NjIyMmJhN2ZmZjM3N2IzMTE2NjYyMDZjODExZTJjNDA0OGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZ4mb1vqw704oVkd8VNffcRIwq6F
Xz/K3TZI/k4mWRAaxfmZDM06xj0D368LXcM+DJCN3wolFufofel9AfeUYHd6fM2i
i9euM3VWRBRpPQWbq/TrEQq1U9tf9p1h5dflwF2jbDT0jBCBwghEe5/pjkwEpCrs
++YLezJImJGW8029lzf2tNFPO3VGcOJan68AayXQjarY+RiluSY+1Nqgm8+MNrDq
s3UD2gxY2r8KgFtGbeByheEtx0MfPu8eE+Uhtx/PAvmVszloPt5i/kTEPahlZhvg
dEWEHeVJDM66H9ku8GexN8UR1pXjI1hPx/uxY+j3vufbBnzuXmPcrnLJjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBhFYiK6f/83ezEWZiBsgR4sQEi7MB8GA1UdIwQY
MBaAFNBzVlBSbSu/UlDZeX5J2x2fHMJ/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEhOV1VGSnRLNzlTVU5sNWZrbmJIWjhjd244LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9iNDk1MDAtMGI3NC00YzQ1LWE4ODIt
MGM4NGZkNzU3OTkwLzEvR0VWaUlycF9femQ3TVJabUlHeUJIaXhBU0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9iNDk1MDAtMGI3NC00YzQ1LWE4ODItMGM4NGZkNzU3OTkw
LzEvMEhOV1VGSnRLNzlTVU5sNWZrbmJIWjhjd244LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPtxsMA0G
CSqGSIb3DQEBCwUAA4IBAQBWyPx60DyMuPGl2i3hMaICSOsJ4N8ORXtgHp8OgSUy
AE1ErnwQ4T+6jowsjBzAL5cb9E9Ic+aCVmBNsWyyqf7fOII72uigFKpo6rDA9tp/
UEHrownPPfNVXW47gjiPiR5ngy93+jMxqI1mo2C8j2ZtNnJQPvPlLh9neykZojy4
pM8fKnDiIACv6k5+hbKGwp1c6glE5+t73yiO6qicRESYSrNaEvWdHL/mryh16Ti/
Dzzma1+fpJUtBmb02K2PjrX45Fq2S8RL39ihn8h6YZqMnum3VZwfp9MLmXRjv3Lf
hxRbCSX8W4nCKz/MHNWBZBSosLBd1YC2Ko3cXfEgQ9yf
-----END CERTIFICATE-----