This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/7RoJ9VAFHyX-FagiKQIhkGQ_c-Q.roa
File:                     7RoJ9VAFHyX-FagiKQIhkGQ_c-Q.roa (raw, json)
Hash identifier:          HkhHBOyfDP+gjtdcVY9wa2Y21nfYECLjXeRT5/sYvk0=
Subject key identifier:   ED:1A:09:F5:50:05:1F:25:FE:15:A8:22:29:02:21:90:64:3F:73:E4
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       019B7BA3274BEF6522142184469FC6AD2365
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/7RoJ9VAFHyX-FagiKQIhkGQ_c-Q.roa
Signing time:             Thu 01 Jan 2026 22:17:28 +0000
ROA not before:           Thu 01 Jan 2026 22:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214417
IP address blocks:        77.91.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:27:4b:ef:65:22:14:21:84:46:9f:c6:ad:23:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Jan  1 22:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ed1a09f550051f25fe15a82229022190643f73e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c2:df:cc:dc:e5:ce:2a:66:5d:f5:50:44:ac:
                    bd:c2:b9:99:ca:e7:96:7d:6f:f5:07:b4:31:fb:03:
                    ca:c7:20:48:10:a1:18:f9:e7:5f:65:6d:d8:6e:a5:
                    fc:4c:27:14:6e:91:81:8d:96:d6:4f:31:17:bd:dd:
                    4c:8f:a8:a6:14:b9:45:07:d2:09:ed:43:92:53:0c:
                    4f:8e:b2:f1:40:4b:fe:8c:41:5e:2a:be:32:5d:3e:
                    e8:b0:26:61:3f:23:64:95:ee:0f:11:46:eb:20:05:
                    33:f7:33:ae:1d:ee:af:9f:a5:9e:01:d7:56:20:b2:
                    70:d3:f7:85:24:ef:5e:84:86:88:23:75:5a:25:11:
                    0b:6b:c4:e5:e7:37:dc:23:b7:1a:df:69:b8:25:5d:
                    36:9f:31:bb:24:0c:69:a0:ff:a5:a4:3e:8e:ff:dc:
                    43:bf:35:74:4a:7f:22:45:57:ce:86:d7:39:86:79:
                    77:b5:01:29:c1:0c:58:0c:00:c5:08:ea:87:a4:d6:
                    0d:cb:9e:af:6d:13:a9:93:b9:0d:ae:b3:ca:8c:7b:
                    e5:eb:7e:64:fd:90:b5:9c:bd:c0:3a:36:38:ff:b1:
                    74:a1:8a:e7:91:f9:05:11:19:52:5b:cc:23:f0:f2:
                    5f:7f:4c:57:90:76:12:23:b4:fd:e6:1b:98:fd:59:
                    ce:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:1A:09:F5:50:05:1F:25:FE:15:A8:22:29:02:21:90:64:3F:73:E4
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/7RoJ9VAFHyX-FagiKQIhkGQ_c-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:54:d7:bc:be:56:b2:a7:0f:87:43:35:60:bf:e1:3e:c0:77:
         4b:35:28:61:d8:4b:24:33:4f:23:ce:0d:70:b7:c8:ab:77:bb:
         47:11:ac:ee:4c:42:1a:83:20:8c:3c:b0:62:92:62:b0:ca:9d:
         de:5e:16:dc:53:75:82:8a:e4:6a:55:da:3e:5a:e8:d0:88:0b:
         de:5c:6d:9c:46:fe:f0:02:e9:7e:f9:9a:cf:ac:6d:30:d4:f8:
         81:c6:04:3b:dd:f4:28:33:53:74:16:67:fb:4c:fe:d4:f7:22:
         e1:d4:8f:ff:3f:bf:46:13:0f:b4:2b:a1:21:c3:d7:90:ee:58:
         6c:bf:9d:d8:c0:c4:85:6e:a6:6f:a8:6c:a1:18:8d:aa:17:3e:
         a2:4d:09:17:0f:e6:be:77:45:e8:3b:22:04:1b:0c:ed:00:d2:
         cd:b8:1b:26:e9:c1:32:34:a2:8d:1c:b8:05:c9:1d:5a:d4:f8:
         d3:a8:d8:98:e6:ef:5a:04:eb:d3:bc:af:a7:53:ae:2e:c1:8a:
         bb:dc:65:81:06:96:6d:6b:0d:c2:d8:af:6f:c4:bf:0d:9e:61:
         15:cf:3b:3d:3a:41:bf:2f:74:72:09:b1:07:b9:a0:ab:4c:21:
         23:6f:6a:5e:4c:78:4f:16:11:ca:55:a2:80:74:01:be:48:4b:
         c6:20:9c:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7oydL72UiFCGERp/GrSNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjYwMTAxMjIxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDFhMDlmNTUwMDUxZjI1ZmUxNWE4MjIyOTAyMjE5MDY0M2Y3M2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosLfzNzlzipmXfVQRKy9wrmZyueW
fW/1B7Qx+wPKxyBIEKEY+edfZW3YbqX8TCcUbpGBjZbWTzEXvd1Mj6imFLlFB9IJ
7UOSUwxPjrLxQEv+jEFeKr4yXT7osCZhPyNkle4PEUbrIAUz9zOuHe6vn6WeAddW
ILJw0/eFJO9ehIaII3VaJRELa8Tl5zfcI7ca32m4JV02nzG7JAxpoP+lpD6O/9xD
vzV0Sn8iRVfOhtc5hnl3tQEpwQxYDADFCOqHpNYNy56vbROpk7kNrrPKjHvl635k
/ZC1nL3AOjY4/7F0oYrnkfkFERlSW8wj8PJff0xXkHYSI7T95huY/VnOCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO0aCfVQBR8l/hWoIikCIZBkP3PkMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvN1JvSjlWQUZIeVgtRmFnaUtRSWhrR1FfYy1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtCMA0G
CSqGSIb3DQEBCwUAA4IBAQCDVNe8vlaypw+HQzVgv+E+wHdLNShh2EskM08jzg1w
t8ird7tHEazuTEIagyCMPLBikmKwyp3eXhbcU3WCiuRqVdo+WujQiAveXG2cRv7w
Aul++ZrPrG0w1PiBxgQ73fQoM1N0Fmf7TP7U9yLh1I//P79GEw+0K6Ehw9eQ7lhs
v53YwMSFbqZvqGyhGI2qFz6iTQkXD+a+d0XoOyIEGwztANLNuBsm6cEyNKKNHLgF
yR1a1PjTqNiY5u9aBOvTvK+nU64uwYq73GWBBpZtaw3C2K9vxL8NnmEVzzs9OkG/
L3RyCbEHuaCrTCEjb2peTHhPFhHKVaKAdAG+SEvGIJxR
-----END CERTIFICATE-----