This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/eZnbOaWyUU8qYq_o9kkd8phkDY8.roa
File:                     eZnbOaWyUU8qYq_o9kkd8phkDY8.roa (raw, json)
Hash identifier:          MD/JlIaHZx48dm7+HSAnMRvJeNF5GVhVV35UTt9y5MU=
Subject key identifier:   79:99:DB:39:A5:B2:51:4F:2A:62:AF:E8:F6:49:1D:F2:98:64:0D:8F
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       019B7F84241E933FFA5B1469C944D74AF31B
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/eZnbOaWyUU8qYq_o9kkd8phkDY8.roa
Signing time:             Fri 02 Jan 2026 16:22:04 +0000
ROA not before:           Fri 02 Jan 2026 16:22:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200165
IP address blocks:        77.227.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:24:1e:93:3f:fa:5b:14:69:c9:44:d7:4a:f3:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan  2 16:22:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7999db39a5b2514f2a62afe8f6491df298640d8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f9:d8:23:d0:07:76:a0:fc:9c:4c:8a:ca:e1:
                    64:c4:57:8e:5e:9b:b0:5e:50:ce:71:54:ff:57:30:
                    d6:4c:ad:b8:90:3e:e3:e4:39:4f:bd:36:85:39:1c:
                    88:a9:da:88:4a:d7:fa:52:97:f5:0a:6e:73:11:41:
                    6d:fe:8d:26:f5:00:42:51:10:5d:48:21:79:7a:eb:
                    7f:60:8f:cd:48:97:54:69:1c:da:9a:c2:3b:2e:4f:
                    8d:8b:c6:eb:61:0f:07:23:4f:69:94:00:66:cf:a9:
                    a2:5a:f7:f1:20:77:f5:06:a7:a2:25:20:46:2a:04:
                    c9:97:a9:df:76:d5:92:fb:2a:6e:de:23:b5:33:03:
                    ab:50:ec:b3:29:0f:4e:08:a7:4a:4c:b3:e8:4e:41:
                    1b:52:80:b3:22:89:ab:78:44:6e:8b:fd:ad:b9:79:
                    19:89:7d:64:a3:fb:3e:58:0d:e6:94:8d:76:c9:4a:
                    45:f9:e3:4f:70:0e:e8:32:7b:57:ef:39:a3:ea:66:
                    ef:6d:21:a0:5c:a5:45:02:7e:9f:e1:bb:2f:98:b8:
                    61:93:85:e0:8a:d2:89:5f:35:7f:b0:99:ce:a2:2d:
                    1b:60:c4:d2:38:7a:f7:0d:9e:42:bf:80:1e:d8:7d:
                    cc:f9:36:13:1d:73:b9:77:c6:b6:a3:d3:1b:32:3d:
                    60:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:99:DB:39:A5:B2:51:4F:2A:62:AF:E8:F6:49:1D:F2:98:64:0D:8F
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/eZnbOaWyUU8qYq_o9kkd8phkDY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.227.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:2d:26:29:be:be:b1:c5:f9:3d:1b:0e:29:68:78:f4:67:c6:
         b7:34:5a:1c:4b:5c:9a:c6:25:61:59:a7:1c:38:ea:c2:d1:2d:
         e5:1c:ca:13:b0:04:d7:0e:29:eb:e3:e4:ad:49:bb:1d:3b:bf:
         c5:e3:2e:40:7e:7a:2b:e2:2f:c2:cb:40:95:3b:90:56:5c:84:
         cd:0d:b5:9c:ab:6a:04:65:7c:ab:3a:45:fa:b4:05:58:88:aa:
         1c:1a:06:55:c9:12:d5:4d:87:f5:d8:57:5d:6b:ee:97:43:fb:
         58:ba:4d:a7:dc:27:a4:35:04:aa:a4:fa:a2:d9:76:16:c6:47:
         75:ea:83:b3:34:90:62:5a:3f:d4:f1:ba:8d:6e:9a:0a:24:ec:
         a0:eb:30:4d:ac:03:33:1b:32:a1:78:3a:b7:e4:a2:d8:3f:c3:
         ff:a7:d5:22:a0:a9:31:99:eb:b6:e2:72:8b:19:1e:79:b8:07:
         e8:85:49:1e:46:c3:ef:54:08:06:5b:71:f9:6d:49:dd:b2:e9:
         1d:7f:5d:a0:0a:70:59:03:b2:84:cb:e7:4e:38:f1:8f:ea:19:
         7f:2e:a3:67:d3:71:f9:cd:11:0a:23:79:b4:97:19:a6:3e:8e:
         8e:ff:7f:ca:bd:b5:ec:24:3d:d4:75:ba:c5:cd:af:84:cb:f9:
         80:34:2b:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hCQekz/6WxRpyUTXSvMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjYwMTAyMTYyMjA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTk5ZGIzOWE1YjI1MTRmMmE2MmFmZThmNjQ5MWRmMjk4NjQwZDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfnYI9AHdqD8nEyKyuFkxFeOXpuw
XlDOcVT/VzDWTK24kD7j5DlPvTaFORyIqdqIStf6Upf1Cm5zEUFt/o0m9QBCURBd
SCF5eut/YI/NSJdUaRzamsI7Lk+Ni8brYQ8HI09plABmz6miWvfxIHf1BqeiJSBG
KgTJl6nfdtWS+ypu3iO1MwOrUOyzKQ9OCKdKTLPoTkEbUoCzIomreERui/2tuXkZ
iX1ko/s+WA3mlI12yUpF+eNPcA7oMntX7zmj6mbvbSGgXKVFAn6f4bsvmLhhk4Xg
itKJXzV/sJnOoi0bYMTSOHr3DZ5Cv4Ae2H3M+TYTHXO5d8a2o9MbMj1gKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmZ2zmlslFPKmKv6PZJHfKYZA2PMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvZVpuYk9hV3lVVThxWXFfbzlra2Q4cGhrRFk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATeMAMA0G
CSqGSIb3DQEBCwUAA4IBAQA0LSYpvr6xxfk9Gw4paHj0Z8a3NFocS1yaxiVhWacc
OOrC0S3lHMoTsATXDinr4+StSbsdO7/F4y5Afnor4i/Cy0CVO5BWXITNDbWcq2oE
ZXyrOkX6tAVYiKocGgZVyRLVTYf12Fdda+6XQ/tYuk2n3CekNQSqpPqi2XYWxkd1
6oOzNJBiWj/U8bqNbpoKJOyg6zBNrAMzGzKheDq35KLYP8P/p9UioKkxmeu24nKL
GR55uAfohUkeRsPvVAgGW3H5bUndsukdf12gCnBZA7KEy+dOOPGP6hl/LqNn03H5
zREKI3m0lxmmPo6O/3/KvbXsJD3UdbrFza+Ey/mANCva
-----END CERTIFICATE-----