This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/APfc6JNEU6PdULzFR5BxZMOlk6o.roa
File:                     APfc6JNEU6PdULzFR5BxZMOlk6o.roa (raw, json)
Hash identifier:          Hd78Iessw8olpkO1cT25elJbp1Ay+8DdMA34bYWrxMs=
Subject key identifier:   00:F7:DC:E8:93:44:53:A3:DD:50:BC:C5:47:90:71:64:C3:A5:93:AA
Certificate issuer:       /CN=0195727f07b758f9868476c13cf977654bf380ee
Certificate serial:       019B7F138BE9354DA14CC3074B9405FF33F7
Authority key identifier: 01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/APfc6JNEU6PdULzFR5BxZMOlk6o.roa
Signing time:             Fri 02 Jan 2026 14:19:06 +0000
ROA not before:           Fri 02 Jan 2026 14:19:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207228
IP address blocks:        77.243.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:8b:e9:35:4d:a1:4c:c3:07:4b:94:05:ff:33:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0195727f07b758f9868476c13cf977654bf380ee
        Validity
            Not Before: Jan  2 14:19:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00f7dce8934453a3dd50bcc547907164c3a593aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:db:84:d8:ed:99:4f:fc:ba:49:bb:76:98:d2:
                    58:42:89:47:d0:2e:3b:ed:86:fd:f5:9f:34:f6:85:
                    95:6f:0c:4a:99:5b:e3:00:a4:2b:5b:e3:06:3e:00:
                    ef:39:23:40:9d:bd:e9:a9:f6:84:92:7f:3d:6c:34:
                    7f:7d:9d:52:4e:a4:ed:1c:10:8d:4c:3d:07:52:b9:
                    6b:b9:42:dd:25:3e:4e:06:0e:e4:70:30:a2:cb:ce:
                    57:a3:34:5b:22:99:23:ad:64:08:13:40:7f:6a:5d:
                    35:48:49:06:62:70:77:1d:40:a8:fa:eb:d9:b0:54:
                    ce:5e:96:fa:fe:6e:41:71:ac:77:f5:f2:f2:f8:30:
                    a5:db:0d:aa:9e:16:e2:93:2f:aa:f5:98:ec:71:fd:
                    10:d3:62:9a:f9:e6:90:e1:54:d7:d2:1d:1b:10:f0:
                    5b:63:a8:69:6c:fd:23:59:2a:3e:bd:e6:ac:b3:b8:
                    5b:20:e5:5b:6d:0c:a0:78:5f:67:2a:99:64:f6:41:
                    30:bf:ec:db:fe:f0:d7:f1:88:b8:64:d9:c8:32:36:
                    6b:85:c5:f7:7d:8c:8d:78:db:e7:7e:49:56:b8:d9:
                    6d:7c:d1:2a:fe:96:96:df:0d:4f:2c:90:ea:0d:00:
                    65:5d:c8:65:eb:f9:11:3d:b2:bb:21:ed:2f:05:5a:
                    8c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:F7:DC:E8:93:44:53:A3:DD:50:BC:C5:47:90:71:64:C3:A5:93:AA
            X509v3 Authority Key Identifier:
                keyid:01:95:72:7F:07:B7:58:F9:86:84:76:C1:3C:F9:77:65:4B:F3:80:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/APfc6JNEU6PdULzFR5BxZMOlk6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/dded95-cb8c-4335-aed0-64838df3977a/1/AZVyfwe3WPmGhHbBPPl3ZUvzgO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.243.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:09:04:6c:49:9d:d8:de:75:ef:7d:02:61:20:ea:b1:a3:6b:
         02:8d:7b:59:99:0e:f2:53:ad:88:63:9b:7a:06:7e:57:fe:d3:
         ec:b3:cc:b3:89:dd:21:b5:61:76:24:2d:23:e7:2b:d7:86:8a:
         7c:2e:ab:a3:ae:24:e9:e2:00:c0:07:da:10:36:d1:c4:f7:bc:
         fc:4c:f1:d9:a1:e2:40:26:13:81:ad:f9:d9:40:ff:81:ee:f9:
         55:cd:4c:e3:28:69:29:72:76:b0:15:5f:76:00:6a:10:e2:1c:
         de:3a:36:6b:3a:36:18:60:51:ad:7a:ef:e1:25:29:b7:e1:72:
         da:3b:42:e0:93:dd:ae:c7:b8:86:2a:4c:ce:19:23:34:c4:d2:
         7e:f8:12:9e:48:56:a4:77:d8:69:8e:13:01:99:c6:c3:0d:c8:
         ea:20:51:19:ec:23:e8:b2:fb:f0:41:ec:c8:5a:a4:ac:44:61:
         63:38:e5:96:0f:f9:e5:0f:bc:5b:87:fb:59:92:a9:ee:08:a9:
         56:70:e4:c3:44:2b:92:09:5c:77:d6:5c:cd:fd:2d:eb:26:24:
         c7:7d:19:56:6b:70:5a:4d:12:bb:56:c5:ad:f6:24:df:d5:bc:
         58:be:9e:ff:08:2d:28:78:65:0c:46:30:b2:2e:7c:38:92:56:
         1a:81:b2:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E4vpNU2hTMMHS5QF/zP3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxOTU3MjdmMDdiNzU4Zjk4Njg0NzZjMTNjZjk3NzY1NGJm
MzgwZWUwHhcNMjYwMTAyMTQxOTA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGY3ZGNlODkzNDQ1M2EzZGQ1MGJjYzU0NzkwNzE2NGMzYTU5M2FhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtuE2O2ZT/y6Sbt2mNJYQolH0C47
7Yb99Z809oWVbwxKmVvjAKQrW+MGPgDvOSNAnb3pqfaEkn89bDR/fZ1STqTtHBCN
TD0HUrlruULdJT5OBg7kcDCiy85XozRbIpkjrWQIE0B/al01SEkGYnB3HUCo+uvZ
sFTOXpb6/m5Bcax39fLy+DCl2w2qnhbiky+q9Zjscf0Q02Ka+eaQ4VTX0h0bEPBb
Y6hpbP0jWSo+veass7hbIOVbbQygeF9nKplk9kEwv+zb/vDX8Yi4ZNnIMjZrhcX3
fYyNeNvnfklWuNltfNEq/paW3w1PLJDqDQBlXchl6/kRPbK7Ie0vBVqMPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAD33OiTRFOj3VC8xUeQcWTDpZOqMB8GA1UdIwQY
MBaAFAGVcn8Ht1j5hoR2wTz5d2VL84DuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAt
NjQ4MzhkZjM5NzdhLzEvQVBmYzZKTkVVNlBkVUx6RlI1QnhaTU9sazZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9kZGVkOTUtY2I4Yy00MzM1LWFlZDAtNjQ4MzhkZjM5Nzdh
LzEvQVpWeWZ3ZTNXUG1HaEhiQlBQbDNaVXZ6Z080LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATfN+MA0G
CSqGSIb3DQEBCwUAA4IBAQAHCQRsSZ3Y3nXvfQJhIOqxo2sCjXtZmQ7yU62IY5t6
Bn5X/tPss8yzid0htWF2JC0j5yvXhop8LqujriTp4gDAB9oQNtHE97z8TPHZoeJA
JhOBrfnZQP+B7vlVzUzjKGkpcnawFV92AGoQ4hzeOjZrOjYYYFGteu/hJSm34XLa
O0Lgk92ux7iGKkzOGSM0xNJ++BKeSFakd9hpjhMBmcbDDcjqIFEZ7CPosvvwQezI
WqSsRGFjOOWWD/nlD7xbh/tZkqnuCKlWcOTDRCuSCVx31lzN/S3rJiTHfRlWa3Ba
TRK7VsWt9iTf1bxYvp7/CC0oeGUMRjCyLnw4klYagbKD
-----END CERTIFICATE-----