This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/Y7Tazn6YrDxMQ6kVYhy_UlqCP5U.roa
File:                     Y7Tazn6YrDxMQ6kVYhy_UlqCP5U.roa (raw, json)
Hash identifier:          3QyWnNQafudh4RGQNPqnRghhPEiOe86MzKxA2lB2MB4=
Subject key identifier:   63:B4:DA:CE:7E:98:AC:3C:4C:43:A9:15:62:1C:BF:52:5A:82:3F:95
Certificate issuer:       /CN=fc4d06978969a8bdab6d6359062d7781e03449ca
Certificate serial:       019B7C80CA1B44B7175355B5D21F2619B8F7
Authority key identifier: FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/Y7Tazn6YrDxMQ6kVYhy_UlqCP5U.roa
Signing time:             Fri 02 Jan 2026 02:19:33 +0000
ROA not before:           Fri 02 Jan 2026 02:19:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5089
IP address blocks:        217.77.24.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:ca:1b:44:b7:17:53:55:b5:d2:1f:26:19:b8:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc4d06978969a8bdab6d6359062d7781e03449ca
        Validity
            Not Before: Jan  2 02:19:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63b4dace7e98ac3c4c43a915621cbf525a823f95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3c:3c:fb:24:c6:79:51:9f:28:be:f8:23:a2:
                    6e:e7:c9:3d:76:8d:7d:01:ae:21:dd:1a:5a:cc:f0:
                    51:c4:7b:0e:61:bf:d8:bd:d4:2c:67:0a:c6:27:42:
                    34:2c:3f:88:b7:cc:05:b5:55:c9:e4:4c:62:15:3f:
                    1b:cb:f9:e3:3e:6d:a4:3e:e6:68:c1:10:30:04:2d:
                    4d:12:63:7c:da:f8:f3:d0:d7:3f:33:43:56:33:53:
                    1b:09:c7:44:5e:b6:9c:4d:4e:7d:44:ea:8b:80:72:
                    21:46:e0:01:5e:da:20:11:da:d9:ad:ea:4c:42:fc:
                    5d:e2:62:4d:1b:21:a4:8e:98:80:06:51:4d:98:01:
                    69:5c:f4:96:d6:99:bf:d4:dd:54:16:f9:42:21:60:
                    37:3d:7f:11:34:9c:f3:a2:c4:34:c5:aa:5d:f7:4e:
                    a5:00:63:b1:56:1d:6c:bc:11:95:49:61:e2:25:66:
                    61:67:c9:45:1f:25:77:12:6d:a7:54:0b:a5:82:44:
                    a0:f1:fb:a1:84:ec:97:ae:19:e7:4b:bb:e0:2a:d4:
                    69:af:d7:14:c1:89:8e:b5:43:fd:c5:1c:57:f3:54:
                    58:0f:ab:54:35:45:56:6d:59:c1:65:61:cb:04:fc:
                    c1:85:15:4c:f1:c1:c0:2d:02:3b:c5:cb:a7:c8:0e:
                    67:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:B4:DA:CE:7E:98:AC:3C:4C:43:A9:15:62:1C:BF:52:5A:82:3F:95
            X509v3 Authority Key Identifier:
                keyid:FC:4D:06:97:89:69:A8:BD:AB:6D:63:59:06:2D:77:81:E0:34:49:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_E0Gl4lpqL2rbWNZBi13geA0Sco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/Y7Tazn6YrDxMQ6kVYhy_UlqCP5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/082c31-f4ef-4acb-90f1-da03bf7a2ec2/1/_E0Gl4lpqL2rbWNZBi13geA0Sco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.77.24.0/21

    Signature Algorithm: sha256WithRSAEncryption
         03:ba:90:66:d0:25:1b:82:bb:6f:b0:91:c6:ea:22:9c:41:69:
         c9:9e:cb:62:d4:c5:9a:3b:cd:e0:ff:36:3c:38:19:fc:63:90:
         75:1f:0a:63:eb:a8:f6:ff:ad:c7:3d:28:56:f8:fd:36:57:09:
         3b:12:e7:13:a0:6f:73:79:eb:2d:92:0a:8e:43:8e:11:ce:34:
         3d:28:d1:47:d5:6f:a1:2f:8a:de:ea:20:de:4d:21:52:2f:e5:
         f2:08:02:5b:6f:c0:e1:13:0e:59:ca:39:81:2e:c1:bc:ea:6b:
         30:4c:cf:79:65:a9:78:a6:95:1c:c5:23:be:eb:a4:20:ed:03:
         32:d6:ae:31:39:de:cf:1f:8a:48:c6:69:56:a7:f7:62:7c:4a:
         73:20:8d:72:fd:ab:81:63:fe:c3:8d:ec:2c:f9:30:e8:dd:35:
         24:a5:f6:2b:86:84:9e:a5:52:b1:e3:2c:05:49:6e:09:51:e4:
         cd:25:87:ac:2a:a8:dd:71:cd:a4:a9:81:71:89:57:fe:8d:4f:
         a5:d3:b6:03:f2:2f:60:e1:0f:e5:c8:4a:83:40:e4:d3:bc:b5:
         25:b3:35:aa:3f:7a:92:d0:dd:d7:7f:be:e7:7e:de:3f:5a:ca:
         63:9d:e2:08:62:ab:11:85:37:ee:c2:00:9b:00:67:93:82:d0:
         12:b0:8a:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gMobRLcXU1W10h8mGbj3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNGQwNjk3ODk2OWE4YmRhYjZkNjM1OTA2MmQ3NzgxZTAz
NDQ5Y2EwHhcNMjYwMTAyMDIxOTMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2I0ZGFjZTdlOThhYzNjNGM0M2E5MTU2MjFjYmY1MjVhODIzZjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTw8+yTGeVGfKL74I6Ju58k9do19
Aa4h3RpazPBRxHsOYb/YvdQsZwrGJ0I0LD+It8wFtVXJ5ExiFT8by/njPm2kPuZo
wRAwBC1NEmN82vjz0Nc/M0NWM1MbCcdEXracTU59ROqLgHIhRuABXtogEdrZrepM
Qvxd4mJNGyGkjpiABlFNmAFpXPSW1pm/1N1UFvlCIWA3PX8RNJzzosQ0xapd906l
AGOxVh1svBGVSWHiJWZhZ8lFHyV3Em2nVAulgkSg8fuhhOyXrhnnS7vgKtRpr9cU
wYmOtUP9xRxX81RYD6tUNUVWbVnBZWHLBPzBhRVM8cHALQI7xcunyA5nGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGO02s5+mKw8TEOpFWIcv1Jagj+VMB8GA1UdIwQY
MBaAFPxNBpeJaai9q21jWQYtd4HgNEnKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEt
ZGEwM2JmN2EyZWMyLzEvWTdUYXpuNllyRHhNUTZrVlloeV9VbHFDUDVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8wODJjMzEtZjRlZi00YWNiLTkwZjEtZGEwM2JmN2EyZWMy
LzEvX0UwR2w0bHBxTDJyYldOWkJpMTNnZUEwU2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2U0YMA0G
CSqGSIb3DQEBCwUAA4IBAQADupBm0CUbgrtvsJHG6iKcQWnJnsti1MWaO83g/zY8
OBn8Y5B1Hwpj66j2/63HPShW+P02Vwk7EucToG9zeestkgqOQ44RzjQ9KNFH1W+h
L4re6iDeTSFSL+XyCAJbb8DhEw5ZyjmBLsG86mswTM95Zal4ppUcxSO+66Qg7QMy
1q4xOd7PH4pIxmlWp/difEpzII1y/auBY/7Djews+TDo3TUkpfYrhoSepVKx4ywF
SW4JUeTNJYesKqjdcc2kqYFxiVf+jU+l07YD8i9g4Q/lyEqDQOTTvLUlszWqP3qS
0N3Xf77nft4/WspjneIIYqsRhTfuwgCbAGeTgtASsIrG
-----END CERTIFICATE-----