This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/0GTsM8kAFhZpAlyNDZxtJHpzNn4.roa
File:                     0GTsM8kAFhZpAlyNDZxtJHpzNn4.roa (raw, json)
Hash identifier:          Yg56yC3AbZPz7JWGKz2u/ARI+g4g7pIp6yuk/X+gJKw=
Subject key identifier:   D0:64:EC:33:C9:00:16:16:69:02:5C:8D:0D:9C:6D:24:7A:73:36:7E
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019B7F14ADD55213C7A7DF10CEB540129E73
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/0GTsM8kAFhZpAlyNDZxtJHpzNn4.roa
Signing time:             Fri 02 Jan 2026 14:20:20 +0000
ROA not before:           Fri 02 Jan 2026 14:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26476
IP address blocks:        77.67.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:ad:d5:52:13:c7:a7:df:10:ce:b5:40:12:9e:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 14:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d064ec33c900161669025c8d0d9c6d247a73367e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b5:6c:28:a4:a8:8e:9d:90:f9:e6:4c:18:6c:
                    49:c1:c1:2c:f4:73:0e:11:b0:86:5c:29:02:ae:93:
                    98:66:24:7f:c5:f7:91:dc:5e:8f:90:39:9b:2a:00:
                    2b:4f:39:a1:cf:c5:b1:1a:ee:16:8a:a1:34:a2:91:
                    35:53:f4:63:4f:6d:06:93:dc:d3:f3:89:b6:2e:0e:
                    c8:8a:42:5e:0b:dd:91:b6:d3:74:e2:8d:be:85:88:
                    f0:42:c0:03:71:c2:c3:e2:26:35:f9:e6:da:58:0c:
                    f7:e2:7c:dd:2f:82:c2:33:fe:8f:47:a8:b5:e1:4e:
                    b8:56:f0:f6:c7:74:d2:3d:9b:17:e5:61:30:43:a4:
                    6c:6c:ed:f2:70:12:91:0c:4e:fc:33:77:e6:aa:6c:
                    ec:39:28:38:82:6c:cc:b6:f6:b1:40:31:f4:c9:5c:
                    36:92:63:d3:7f:20:b9:94:76:76:64:b4:d0:48:5e:
                    5e:8f:81:02:6d:97:b9:a7:24:6e:45:c9:03:d1:01:
                    83:69:2e:26:67:f4:1d:28:fa:5f:65:00:2a:64:06:
                    e5:aa:ce:f3:ad:0c:d3:da:2e:92:6e:7e:09:c5:f1:
                    cb:4c:3a:3b:ea:d7:77:23:2d:cc:45:40:14:9d:ac:
                    08:ec:55:8c:59:e6:56:95:00:9a:2f:87:94:02:bc:
                    22:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:64:EC:33:C9:00:16:16:69:02:5C:8D:0D:9C:6D:24:7A:73:36:7E
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/0GTsM8kAFhZpAlyNDZxtJHpzNn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.67.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:e4:55:01:55:bd:cf:3e:58:b0:01:d9:47:b8:03:6c:dd:1a:
         2a:7b:a0:63:3a:68:77:bf:50:12:c8:c5:75:f9:57:f0:d8:88:
         53:43:b5:78:4c:e8:18:53:66:55:0f:ee:cc:5d:57:e5:f8:07:
         f6:e3:21:78:1e:8f:c7:6e:dd:95:e9:65:ba:2d:e7:12:a5:9f:
         ef:03:a4:58:ea:27:6f:09:99:5b:9f:45:9a:b5:48:fa:3c:77:
         4d:cd:ad:55:28:6e:8f:27:40:c6:88:e7:67:e9:5b:dd:9e:a6:
         ff:eb:c7:1b:67:08:3f:4e:ef:4d:97:3d:20:5a:fe:1e:c5:5b:
         b4:53:fe:a4:27:f6:f4:eb:2a:74:fa:5d:aa:29:97:c7:8c:b1:
         0e:30:ec:19:4c:cd:8c:1e:2b:5f:e0:17:83:ba:97:6d:c8:43:
         ef:83:79:8b:d3:af:0f:b0:5e:0c:b1:80:a6:2d:17:9a:f0:4d:
         3f:09:3c:1e:08:6b:e0:f7:b8:88:07:d9:ef:0d:7a:07:49:f2:
         89:c2:54:2a:91:8d:f1:7d:81:40:8a:53:81:2a:c7:11:89:fa:
         39:d6:50:3e:e6:5b:d3:b5:16:42:54:4c:93:0a:8c:c6:78:a4:
         06:f2:bc:1e:43:34:27:ed:6d:c1:ae:84:8a:a9:32:fd:a1:be:
         56:8b:fe:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FK3VUhPHp98QzrVAEp5zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMTAyMTQyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDY0ZWMzM2M5MDAxNjE2NjkwMjVjOGQwZDljNmQyNDdhNzMzNjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlbVsKKSojp2Q+eZMGGxJwcEs9HMO
EbCGXCkCrpOYZiR/xfeR3F6PkDmbKgArTzmhz8WxGu4WiqE0opE1U/RjT20Gk9zT
84m2Lg7IikJeC92RttN04o2+hYjwQsADccLD4iY1+ebaWAz34nzdL4LCM/6PR6i1
4U64VvD2x3TSPZsX5WEwQ6RsbO3ycBKRDE78M3fmqmzsOSg4gmzMtvaxQDH0yVw2
kmPTfyC5lHZ2ZLTQSF5ej4ECbZe5pyRuRckD0QGDaS4mZ/QdKPpfZQAqZAblqs7z
rQzT2i6Sbn4JxfHLTDo76td3Iy3MRUAUnawI7FWMWeZWlQCaL4eUArwijwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBk7DPJABYWaQJcjQ2cbSR6czZ+MB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvMEdUc004a0FGaFpwQWx5TkRaeHRKSHB6Tm40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUMmMA0G
CSqGSIb3DQEBCwUAA4IBAQCN5FUBVb3PPliwAdlHuANs3Roqe6BjOmh3v1ASyMV1
+Vfw2IhTQ7V4TOgYU2ZVD+7MXVfl+Af24yF4Ho/Hbt2V6WW6LecSpZ/vA6RY6idv
CZlbn0WatUj6PHdNza1VKG6PJ0DGiOdn6Vvdnqb/68cbZwg/Tu9Nlz0gWv4exVu0
U/6kJ/b06yp0+l2qKZfHjLEOMOwZTM2MHitf4BeDupdtyEPvg3mL068PsF4MsYCm
LRea8E0/CTweCGvg97iIB9nvDXoHSfKJwlQqkY3xfYFAilOBKscRifo51lA+5lvT
tRZCVEyTCozGeKQG8rweQzQn7W3BroSKqTL9ob5Wi/4Q
-----END CERTIFICATE-----