This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/jdeHBbAARHJbzNiwNCOXeI54EUg.roa
File:                     jdeHBbAARHJbzNiwNCOXeI54EUg.roa (raw, json)
Hash identifier:          th8vM6YWc/Ley5toEeaIWxyZTuv2x+5byblkSqcImLo=
Subject key identifier:   8D:D7:87:05:B0:00:44:72:5B:CC:D8:B0:34:23:97:78:8E:78:11:48
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       019B7BA323758B4083D24183B7AC98763C65
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/jdeHBbAARHJbzNiwNCOXeI54EUg.roa
Signing time:             Thu 01 Jan 2026 22:17:27 +0000
ROA not before:           Thu 01 Jan 2026 22:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198178
IP address blocks:        77.91.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:23:75:8b:40:83:d2:41:83:b7:ac:98:76:3c:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Jan  1 22:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8dd78705b00044725bccd8b0342397788e781148
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ed:0d:1c:c0:87:3f:9a:1f:3b:a9:4d:4c:95:
                    09:0d:81:dc:3e:15:da:bc:14:e0:73:d9:93:81:22:
                    52:73:a8:a4:3a:d5:2f:29:a8:24:46:c4:c1:61:de:
                    4b:45:49:30:7b:df:de:8a:23:ad:e6:2f:80:fd:f3:
                    22:10:0f:91:8d:75:91:17:af:de:0c:6f:c2:c0:2a:
                    58:c7:56:31:89:77:29:4a:f9:9c:3b:ab:c6:d0:f7:
                    3d:22:06:f6:f8:2e:68:0a:80:3a:cb:18:12:2e:d5:
                    14:ec:0a:70:db:ea:63:55:56:2b:33:77:49:78:5d:
                    b9:1d:d4:5a:f9:ed:8a:ea:6a:0d:79:c7:46:af:b3:
                    f1:0e:1d:57:9e:47:e2:37:13:ee:b8:5d:3f:d4:54:
                    22:49:19:57:9b:fb:47:ec:da:17:72:43:50:20:74:
                    f0:e8:90:24:ad:0e:47:2c:56:34:1f:26:49:c1:36:
                    1b:88:e0:42:1b:dd:a7:e4:0a:f9:97:ec:eb:0b:fa:
                    cd:ba:f7:b6:95:27:c3:ed:ea:aa:d9:73:66:d3:fe:
                    31:12:31:92:23:06:d1:70:6a:aa:77:7d:cc:a5:a6:
                    a7:89:28:52:79:26:95:4b:08:c7:83:78:9e:8e:ad:
                    73:2f:ad:d0:ee:2e:ba:51:d4:24:3b:5f:a7:9b:e2:
                    db:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:D7:87:05:B0:00:44:72:5B:CC:D8:B0:34:23:97:78:8E:78:11:48
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/jdeHBbAARHJbzNiwNCOXeI54EUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:29:04:c6:a7:82:c3:68:85:d0:bf:06:8d:a5:f9:cc:e9:cb:
         ed:3a:c0:5f:b2:8c:27:e9:a1:fa:6c:55:68:4e:79:96:9b:01:
         c9:83:32:0c:01:f0:b6:d5:1f:2b:d8:33:72:91:83:eb:bf:4b:
         12:94:70:1f:cc:fb:25:ed:a8:ee:ff:5d:44:2d:ef:16:d1:ad:
         5b:f5:1f:b3:a7:93:01:e8:d6:19:99:7e:68:bc:d3:bd:15:fa:
         28:76:20:df:81:79:e9:73:be:ba:c2:50:27:54:c5:a9:97:48:
         97:7e:d6:24:48:36:d6:42:73:69:7c:a3:21:9f:38:75:c0:95:
         d5:25:ea:12:b8:36:1c:5c:4a:bf:5c:fc:6c:af:54:1f:76:04:
         cc:72:c2:97:e9:41:13:ba:0c:97:9a:df:b1:6f:ad:43:8b:3c:
         8f:67:5e:88:78:2a:67:5d:22:c4:fa:bc:ae:6a:98:40:59:3d:
         89:0d:a2:b0:96:7c:92:17:75:6d:74:0c:26:92:b8:85:4b:60:
         e1:cf:3d:1a:d1:d3:01:19:56:6c:b0:18:d0:f8:81:e5:65:7a:
         e8:f6:3e:99:82:33:ed:cc:46:03:0e:0a:43:26:66:9c:58:72:
         d7:8e:c2:43:e0:f6:b6:a8:d1:bc:28:41:cc:7f:43:18:d7:3c:
         26:54:57:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7oyN1i0CD0kGDt6yYdjxlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjYwMTAxMjIxNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGQ3ODcwNWIwMDA0NDcyNWJjY2Q4YjAzNDIzOTc3ODhlNzgxMTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAju0NHMCHP5ofO6lNTJUJDYHcPhXa
vBTgc9mTgSJSc6ikOtUvKagkRsTBYd5LRUkwe9/eiiOt5i+A/fMiEA+RjXWRF6/e
DG/CwCpYx1YxiXcpSvmcO6vG0Pc9Igb2+C5oCoA6yxgSLtUU7Apw2+pjVVYrM3dJ
eF25HdRa+e2K6moNecdGr7PxDh1XnkfiNxPuuF0/1FQiSRlXm/tH7NoXckNQIHTw
6JAkrQ5HLFY0HyZJwTYbiOBCG92n5Ar5l+zrC/rNuve2lSfD7eqq2XNm0/4xEjGS
IwbRcGqqd33MpaaniShSeSaVSwjHg3iejq1zL63Q7i66UdQkO1+nm+LbDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3XhwWwAERyW8zYsDQjl3iOeBFIMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvamRlSEJiQUFSSEpiek5pd05DT1hlSTU0RVVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtEMA0G
CSqGSIb3DQEBCwUAA4IBAQBlKQTGp4LDaIXQvwaNpfnM6cvtOsBfsown6aH6bFVo
TnmWmwHJgzIMAfC21R8r2DNykYPrv0sSlHAfzPsl7aju/11ELe8W0a1b9R+zp5MB
6NYZmX5ovNO9FfoodiDfgXnpc766wlAnVMWpl0iXftYkSDbWQnNpfKMhnzh1wJXV
JeoSuDYcXEq/XPxsr1QfdgTMcsKX6UETugyXmt+xb61DizyPZ16IeCpnXSLE+ryu
aphAWT2JDaKwlnySF3VtdAwmkriFS2Dhzz0a0dMBGVZssBjQ+IHlZXro9j6ZgjPt
zEYDDgpDJmacWHLXjsJD4Pa2qNG8KEHMf0MY1zwmVFcD
-----END CERTIFICATE-----