This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/onJwIsBG_TlNzJPQVYzWvXnQYTU.roa
File:                     onJwIsBG_TlNzJPQVYzWvXnQYTU.roa (raw, json)
Hash identifier:          CF4OHpZC0xd0XR18QoBgWTx8t9RwFhji6OFqhQG0Qog=
Subject key identifier:   A2:72:70:22:C0:46:FD:39:4D:CC:93:D0:55:8C:D6:BD:79:D0:61:35
Certificate issuer:       /CN=df895a3ee2211b6ee2df7202f09a426680d66269
Certificate serial:       019B7D5B70E240801CC3101402392D20C86B
Authority key identifier: DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/onJwIsBG_TlNzJPQVYzWvXnQYTU.roa
Signing time:             Fri 02 Jan 2026 06:18:23 +0000
ROA not before:           Fri 02 Jan 2026 06:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209242
IP address blocks:        77.105.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:70:e2:40:80:1c:c3:10:14:02:39:2d:20:c8:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df895a3ee2211b6ee2df7202f09a426680d66269
        Validity
            Not Before: Jan  2 06:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2727022c046fd394dcc93d0558cd6bd79d06135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:fb:7b:ae:eb:92:7b:88:e3:c3:4d:60:d9:54:
                    97:a7:83:78:f1:a6:98:f6:12:89:86:69:db:3a:a4:
                    6e:9f:27:89:7b:51:bd:df:05:af:24:a9:fd:22:61:
                    bb:36:d7:42:22:bf:59:11:07:c2:33:62:4f:d0:9f:
                    0e:7d:48:fc:0f:55:91:c4:8b:f7:60:bf:9b:af:38:
                    8e:c7:6b:86:90:f8:bf:c2:67:c8:17:d5:b5:52:02:
                    e5:97:b2:aa:26:d6:8a:21:02:58:f7:be:af:bb:a6:
                    03:7a:30:c3:cf:bb:e0:e8:b1:9d:42:68:da:d6:71:
                    09:65:bb:cf:f7:a1:f3:5c:17:10:08:0c:dd:17:08:
                    82:8b:d9:06:a8:fe:57:f4:50:4e:a6:71:38:85:45:
                    8c:21:dd:22:da:c1:7b:41:af:aa:ff:6f:2f:47:e1:
                    d9:4b:29:5b:ff:c6:01:d4:bf:1e:93:0f:07:bc:36:
                    5a:90:97:cc:db:83:07:c8:3c:37:3f:48:92:58:5e:
                    fe:7d:85:19:60:b7:9c:a6:e3:04:19:57:18:92:d4:
                    76:50:d3:c9:7f:e5:65:28:27:fd:b9:0e:84:6c:ae:
                    51:d1:e4:89:17:e3:d8:f8:18:97:85:2f:50:15:ab:
                    62:73:1d:7d:f8:af:28:06:3c:43:4c:8e:21:33:5e:
                    89:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:72:70:22:C0:46:FD:39:4D:CC:93:D0:55:8C:D6:BD:79:D0:61:35
            X509v3 Authority Key Identifier:
                keyid:DF:89:5A:3E:E2:21:1B:6E:E2:DF:72:02:F0:9A:42:66:80:D6:62:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34laPuIhG27i33IC8JpCZoDWYmk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/onJwIsBG_TlNzJPQVYzWvXnQYTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/1a72a7-277d-44f5-87de-70b2ebd51438/1/34laPuIhG27i33IC8JpCZoDWYmk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:5e:d2:87:89:29:1d:8b:54:c9:e3:69:3e:86:6a:28:d4:7e:
         1d:2e:4a:66:64:81:76:50:71:1d:5f:4f:ac:b7:0b:6c:34:bb:
         97:4d:ce:9b:fd:7f:f5:40:bb:ac:e9:24:db:cd:6c:87:69:3c:
         d7:e4:dd:15:d2:ae:c0:8d:18:cb:e6:01:ee:3d:7a:87:8f:9f:
         7e:5f:9d:4d:46:46:8f:12:f2:74:49:6d:f6:85:da:4d:2c:e8:
         a7:3c:04:ad:72:d6:a6:94:5d:dd:2e:04:fd:38:48:f1:a5:f9:
         23:97:f6:75:e7:ad:3b:69:cf:38:9a:50:27:87:c4:0f:05:f4:
         e0:ec:5c:02:fe:0e:75:f1:66:38:f4:1b:0c:2f:99:95:47:6d:
         be:b0:7a:15:8e:17:1d:0b:60:2b:48:62:5c:83:2d:76:e3:2c:
         82:bc:6e:d4:51:a7:f7:cc:3d:1f:69:71:6c:a0:b6:7e:37:fd:
         a0:b5:27:45:b8:8a:aa:62:7d:d5:75:61:c2:ee:82:ce:f1:69:
         f2:5f:cc:31:b1:07:23:fd:9b:9b:82:5a:ba:3b:c2:38:e8:b5:
         c7:02:2f:03:d3:8d:98:53:34:b9:ba:8a:17:60:b7:ee:fe:8c:
         76:03:01:17:05:b6:99:1f:f4:35:3e:24:fc:50:27:78:98:50:
         69:48:99:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9W3DiQIAcwxAUAjktIMhrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmODk1YTNlZTIyMTFiNmVlMmRmNzIwMmYwOWE0MjY2ODBk
NjYyNjkwHhcNMjYwMTAyMDYxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjcyNzAyMmMwNDZmZDM5NGRjYzkzZDA1NThjZDZiZDc5ZDA2MTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vt7ruuSe4jjw01g2VSXp4N48aaY
9hKJhmnbOqRunyeJe1G93wWvJKn9ImG7NtdCIr9ZEQfCM2JP0J8OfUj8D1WRxIv3
YL+brziOx2uGkPi/wmfIF9W1UgLll7KqJtaKIQJY976vu6YDejDDz7vg6LGdQmja
1nEJZbvP96HzXBcQCAzdFwiCi9kGqP5X9FBOpnE4hUWMId0i2sF7Qa+q/28vR+HZ
Sylb/8YB1L8ekw8HvDZakJfM24MHyDw3P0iSWF7+fYUZYLecpuMEGVcYktR2UNPJ
f+VlKCf9uQ6EbK5R0eSJF+PY+BiXhS9QFaticx19+K8oBjxDTI4hM16JzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJycCLARv05TcyT0FWM1r150GE1MB8GA1UdIwQY
MBaAFN+JWj7iIRtu4t9yAvCaQmaA1mJpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUt
NzBiMmViZDUxNDM4LzEvb25Kd0lzQkdfVGxOekpQUVZZeld2WG5RWVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8xYTcyYTctMjc3ZC00NGY1LTg3ZGUtNzBiMmViZDUxNDM4
LzEvMzRsYVB1SWhHMjdpMzNJQzhKcENab0RXWW1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATWmjMA0G
CSqGSIb3DQEBCwUAA4IBAQAhXtKHiSkdi1TJ42k+hmoo1H4dLkpmZIF2UHEdX0+s
twtsNLuXTc6b/X/1QLus6STbzWyHaTzX5N0V0q7AjRjL5gHuPXqHj59+X51NRkaP
EvJ0SW32hdpNLOinPAStctamlF3dLgT9OEjxpfkjl/Z15607ac84mlAnh8QPBfTg
7FwC/g518WY49BsML5mVR22+sHoVjhcdC2ArSGJcgy124yyCvG7UUaf3zD0faXFs
oLZ+N/2gtSdFuIqqYn3VdWHC7oLO8WnyX8wxsQcj/Zubglq6O8I46LXHAi8D042Y
UzS5uooXYLfu/ox2AwEXBbaZH/Q1PiT8UCd4mFBpSJkM
-----END CERTIFICATE-----