This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/rxwgRLc2FnsmJfs9PcovIHwcZg4.roa
File:                     rxwgRLc2FnsmJfs9PcovIHwcZg4.roa (raw, json)
Hash identifier:          t0lV2Z4swg+EanJfDUaWO1xVcUWuxECqgU5AQYETkXI=
Subject key identifier:   AF:1C:20:44:B7:36:16:7B:26:25:FB:3D:3D:CA:2F:20:7C:1C:66:0E
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       019B7F149F1A2EEA11FDF7361C8735AAAD3F
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/rxwgRLc2FnsmJfs9PcovIHwcZg4.roa
Signing time:             Fri 02 Jan 2026 14:20:16 +0000
ROA not before:           Fri 02 Jan 2026 14:20:16 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8001
IP address blocks:        77.67.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:9f:1a:2e:ea:11:fd:f7:36:1c:87:35:aa:ad:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 14:20:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af1c2044b736167b2625fb3d3dca2f207c1c660e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:cf:34:a6:08:0c:06:ba:c5:73:4b:0f:a7:b1:
                    a3:b6:6b:fa:62:94:69:09:1a:02:af:b0:bd:69:f9:
                    5f:85:75:4b:79:18:8a:4a:c1:2c:ed:90:95:95:14:
                    29:07:41:e1:48:24:f0:19:4b:71:47:bd:08:b9:92:
                    74:10:47:67:c4:a9:48:39:46:e5:cd:a0:c1:74:47:
                    0e:be:e5:af:fb:13:61:a1:0e:e0:6d:cd:71:1c:5e:
                    9b:70:8c:6b:a5:25:d0:28:45:0f:bf:cd:7d:5f:19:
                    68:16:f9:14:eb:1f:11:d8:b0:e4:28:a9:bf:f4:0c:
                    b0:a6:c1:23:e6:9a:51:fb:43:24:5b:57:2c:ee:93:
                    2a:5a:12:cc:55:d2:6a:f9:51:7b:af:49:79:ea:7d:
                    f0:1c:ba:83:6d:a7:9d:c8:b1:c8:f7:85:71:11:52:
                    36:9f:08:45:b7:60:12:22:48:bd:94:4d:d7:22:63:
                    82:e4:ab:e8:34:f4:e5:f6:fa:98:81:c0:a4:ac:50:
                    bc:10:83:08:49:31:df:7c:83:9b:38:8c:45:3f:07:
                    fa:24:b9:97:35:46:ca:31:97:30:fd:13:48:b1:68:
                    4b:cd:cc:41:4d:46:34:a0:9e:d0:df:f1:5a:5a:0e:
                    12:42:f8:08:d0:e5:27:44:ab:06:01:26:b6:53:14:
                    dc:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:1C:20:44:B7:36:16:7B:26:25:FB:3D:3D:CA:2F:20:7C:1C:66:0E
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/rxwgRLc2FnsmJfs9PcovIHwcZg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.67.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:da:2b:8e:e8:b2:c3:ab:2d:91:88:c2:24:53:41:b5:9a:ab:
         59:2b:03:20:33:1c:d2:cd:a1:f0:83:5e:b6:8b:68:99:91:cf:
         dc:08:af:93:84:ba:4e:0b:57:ce:f1:70:b1:1a:65:9f:88:45:
         f0:7e:c6:75:e3:6e:7d:40:e4:50:26:cb:89:5f:a8:7b:a3:9a:
         b8:5e:58:5a:35:1d:fa:58:dc:29:07:0e:24:4b:e1:10:06:5c:
         75:eb:b6:5b:19:da:4f:36:ff:06:fe:95:ac:ae:53:63:01:0e:
         4e:a1:25:dc:30:e0:48:48:ea:ca:ce:e6:59:d0:67:2b:df:93:
         68:a3:44:fd:3c:0f:4e:d5:2d:92:4e:54:64:92:9b:6d:d5:cb:
         94:d3:9f:4e:25:5d:08:7a:6d:6c:85:43:a9:bd:4b:a2:41:22:
         4e:30:46:be:d8:ec:e9:f3:f3:d7:fc:33:3e:33:a9:9b:4b:38:
         cc:dc:17:6b:f1:22:0e:a1:7b:a1:16:57:f1:30:20:5c:e0:34:
         3b:31:51:f9:fe:9d:ce:ac:97:64:7f:51:da:c0:99:36:52:12:
         4e:00:30:5e:e6:51:e3:37:5d:ae:4d:55:85:92:f1:da:33:57:
         e8:68:2c:ea:64:bc:5b:34:f4:47:45:0b:21:95:b0:78:b5:55:
         be:aa:e6:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/FJ8aLuoR/fc2HIc1qq0/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjYwMTAyMTQyMDE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjFjMjA0NGI3MzYxNjdiMjYyNWZiM2QzZGNhMmYyMDdjMWM2NjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo880pggMBrrFc0sPp7Gjtmv6YpRp
CRoCr7C9aflfhXVLeRiKSsEs7ZCVlRQpB0HhSCTwGUtxR70IuZJ0EEdnxKlIOUbl
zaDBdEcOvuWv+xNhoQ7gbc1xHF6bcIxrpSXQKEUPv819XxloFvkU6x8R2LDkKKm/
9AywpsEj5ppR+0MkW1cs7pMqWhLMVdJq+VF7r0l56n3wHLqDbaedyLHI94VxEVI2
nwhFt2ASIki9lE3XImOC5KvoNPTl9vqYgcCkrFC8EIMISTHffIObOIxFPwf6JLmX
NUbKMZcw/RNIsWhLzcxBTUY0oJ7Q3/FaWg4SQvgI0OUnRKsGASa2UxTcFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8cIES3NhZ7JiX7PT3KLyB8HGYOMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvcnh3Z1JMYzJGbnNtSmZzOVBjb3ZJSHdjWmc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUNlMA0G
CSqGSIb3DQEBCwUAA4IBAQCy2iuO6LLDqy2RiMIkU0G1mqtZKwMgMxzSzaHwg162
i2iZkc/cCK+ThLpOC1fO8XCxGmWfiEXwfsZ14259QORQJsuJX6h7o5q4XlhaNR36
WNwpBw4kS+EQBlx167ZbGdpPNv8G/pWsrlNjAQ5OoSXcMOBISOrKzuZZ0Gcr35No
o0T9PA9O1S2STlRkkptt1cuU059OJV0Iem1shUOpvUuiQSJOMEa+2Ozp8/PX/DM+
M6mbSzjM3Bdr8SIOoXuhFlfxMCBc4DQ7MVH5/p3OrJdkf1HawJk2UhJOADBe5lHj
N12uTVWFkvHaM1foaCzqZLxbNPRHRQshlbB4tVW+quYY
-----END CERTIFICATE-----