This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/G-GZ443-EHFADO4B2PIjruGrydE.roa
File:                     G-GZ443-EHFADO4B2PIjruGrydE.roa (raw, json)
Hash identifier:          1mWeGQkDzF19EY23jEdW/hmm8Hx4UKf+LzFcM45j8wE=
Subject key identifier:   1B:E1:99:E3:8D:FE:10:71:40:0C:EE:01:D8:F2:23:AE:E1:AB:C9:D1
Certificate issuer:       /CN=eac5447c0431a75ee7bb5940a2183c18438eb6b1
Certificate serial:       019B7CEDE14A09ADE1ABC2623A1733611C72
Authority key identifier: EA:C5:44:7C:04:31:A7:5E:E7:BB:59:40:A2:18:3C:18:43:8E:B6:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6sVEfAQxp17nu1lAohg8GEOOtrE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/G-GZ443-EHFADO4B2PIjruGrydE.roa
Signing time:             Fri 02 Jan 2026 04:18:43 +0000
ROA not before:           Fri 02 Jan 2026 04:18:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203421
IP address blocks:        62.3.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/6sVEfAQxp17nu1lAohg8GEOOtrE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/6sVEfAQxp17nu1lAohg8GEOOtrE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6sVEfAQxp17nu1lAohg8GEOOtrE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:e1:4a:09:ad:e1:ab:c2:62:3a:17:33:61:1c:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eac5447c0431a75ee7bb5940a2183c18438eb6b1
        Validity
            Not Before: Jan  2 04:18:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1be199e38dfe1071400cee01d8f223aee1abc9d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a8:5b:e5:75:b9:d6:2a:d7:16:74:fa:72:ab:
                    ee:5a:df:62:e9:c9:83:bf:e3:18:d0:4d:e8:14:01:
                    e6:6f:e9:44:1d:78:53:0b:b0:45:69:36:26:93:12:
                    01:cb:0e:6b:ed:ed:a2:20:e2:8f:65:c3:28:76:e6:
                    2f:0d:f5:11:c4:7a:05:95:53:8c:89:79:1f:60:f3:
                    14:de:ef:f6:db:d2:08:30:c2:9f:1c:8c:3b:da:34:
                    b4:d6:4e:96:74:da:cc:f3:68:c3:16:3e:93:37:b8:
                    e6:eb:bd:40:98:40:a0:42:a5:fa:b3:8d:58:d6:95:
                    4c:2c:78:8b:3c:5c:27:81:bb:d0:7e:45:4b:94:19:
                    40:0f:d6:ce:11:b4:c5:1f:78:a3:f0:9a:45:2a:2f:
                    fe:24:3b:9a:8b:f2:18:20:14:a6:ce:e8:0d:44:ab:
                    b9:67:3c:64:8c:86:51:44:aa:dd:96:8f:6b:b9:9c:
                    62:43:a9:de:e3:a3:c5:22:5f:35:42:06:c3:52:d0:
                    df:01:88:fb:b7:b5:fa:ca:56:5f:1a:77:a8:4f:b6:
                    a0:89:4f:5e:b0:9e:fb:29:3c:44:be:08:d6:19:b9:
                    db:f2:c0:b7:6a:73:d3:13:2c:dd:76:2a:44:04:f6:
                    55:f0:15:cc:28:aa:16:a4:18:07:40:7b:0c:9b:93:
                    a3:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:E1:99:E3:8D:FE:10:71:40:0C:EE:01:D8:F2:23:AE:E1:AB:C9:D1
            X509v3 Authority Key Identifier:
                keyid:EA:C5:44:7C:04:31:A7:5E:E7:BB:59:40:A2:18:3C:18:43:8E:B6:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6sVEfAQxp17nu1lAohg8GEOOtrE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/G-GZ443-EHFADO4B2PIjruGrydE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/77264e-4964-4f68-92e5-ffa4339bce4f/1/6sVEfAQxp17nu1lAohg8GEOOtrE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.3.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:ea:ba:cb:a3:88:8b:33:5c:38:63:28:1a:19:03:b6:55:51:
         d8:b6:63:f3:2d:61:fa:ac:b4:84:15:c6:30:38:60:36:91:8d:
         6c:2b:dc:21:95:da:91:a6:32:2b:a1:e3:ba:be:c1:63:03:9e:
         cb:f0:6a:25:14:94:c0:d6:2c:1b:a2:ee:a8:e9:54:5c:fb:8f:
         93:9c:80:12:8d:4a:9e:5f:f8:a4:c5:85:be:1a:fd:38:12:ef:
         a8:f5:aa:bd:c6:65:84:fc:b2:84:ed:35:de:d4:fc:07:a7:82:
         73:97:26:7b:4f:40:53:4f:7f:9c:bc:f3:b9:04:60:82:95:50:
         0c:a0:8f:4e:31:a4:68:79:9b:09:04:6e:b6:96:41:30:a2:cf:
         b5:a9:ac:9a:63:08:aa:21:01:72:71:ea:de:0a:43:d5:7d:47:
         6b:2a:0c:ac:0b:05:b2:f0:c3:56:c8:88:e8:2b:3a:5d:fa:38:
         dc:ba:08:ab:d5:c0:10:9a:cd:ec:64:a3:e1:c7:43:4b:3e:69:
         f1:bb:82:bc:9c:19:35:44:58:e2:9d:8b:fd:f9:66:8e:f1:be:
         a4:15:42:bf:26:81:80:ea:51:00:38:99:f3:6b:de:2e:f7:e5:
         fd:14:bb:eb:7c:2b:e7:28:78:14:09:35:24:ea:8f:ef:66:38:
         e8:df:00:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87eFKCa3hq8JiOhczYRxyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYzU0NDdjMDQzMWE3NWVlN2JiNTk0MGEyMTgzYzE4NDM4
ZWI2YjEwHhcNMjYwMTAyMDQxODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmUxOTllMzhkZmUxMDcxNDAwY2VlMDFkOGYyMjNhZWUxYWJjOWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqhb5XW51irXFnT6cqvuWt9i6cmD
v+MY0E3oFAHmb+lEHXhTC7BFaTYmkxIByw5r7e2iIOKPZcModuYvDfURxHoFlVOM
iXkfYPMU3u/229IIMMKfHIw72jS01k6WdNrM82jDFj6TN7jm671AmECgQqX6s41Y
1pVMLHiLPFwngbvQfkVLlBlAD9bOEbTFH3ij8JpFKi/+JDuai/IYIBSmzugNRKu5
ZzxkjIZRRKrdlo9ruZxiQ6ne46PFIl81QgbDUtDfAYj7t7X6ylZfGneoT7agiU9e
sJ77KTxEvgjWGbnb8sC3anPTEyzddipEBPZV8BXMKKoWpBgHQHsMm5OjSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvhmeON/hBxQAzuAdjyI67hq8nRMB8GA1UdIwQY
MBaAFOrFRHwEMade57tZQKIYPBhDjraxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnNWRWZBUXhwMTdudTFsQW9oZzhHRU9PdHJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi83NzI2NGUtNDk2NC00ZjY4LTkyZTUt
ZmZhNDMzOWJjZTRmLzEvRy1HWjQ0My1FSEZBRE80QjJQSWpydUdyeWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi83NzI2NGUtNDk2NC00ZjY4LTkyZTUtZmZhNDMzOWJjZTRm
LzEvNnNWRWZBUXhwMTdudTFsQW9oZzhHRU9PdHJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPgM0MA0G
CSqGSIb3DQEBCwUAA4IBAQCq6rrLo4iLM1w4YygaGQO2VVHYtmPzLWH6rLSEFcYw
OGA2kY1sK9whldqRpjIroeO6vsFjA57L8GolFJTA1iwbou6o6VRc+4+TnIASjUqe
X/ikxYW+Gv04Eu+o9aq9xmWE/LKE7TXe1PwHp4JzlyZ7T0BTT3+cvPO5BGCClVAM
oI9OMaRoeZsJBG62lkEwos+1qayaYwiqIQFycereCkPVfUdrKgysCwWy8MNWyIjo
Kzpd+jjcugir1cAQms3sZKPhx0NLPmnxu4K8nBk1RFjinYv9+WaO8b6kFUK/JoGA
6lEAOJnza94u9+X9FLvrfCvnKHgUCTUk6o/vZjjo3wDP
-----END CERTIFICATE-----