This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1Z7qW_RfkoIBrURmNEuHrq6DOHk.roa
File:                     1Z7qW_RfkoIBrURmNEuHrq6DOHk.roa (raw, json)
Hash identifier:          ajNWGG/gNmN0Aql6il8lKTYizFKCNl6+YSV1MgaAJqw=
Subject key identifier:   D5:9E:EA:5B:F4:5F:92:82:01:AD:44:66:34:4B:87:AE:AE:83:38:79
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       019B7759144369183A0E136F76278D3C4265
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1Z7qW_RfkoIBrURmNEuHrq6DOHk.roa
Signing time:             Thu 01 Jan 2026 02:18:05 +0000
ROA not before:           Thu 01 Jan 2026 02:18:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210379
IP address blocks:        77.65.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:14:43:69:18:3a:0e:13:6f:76:27:8d:3c:42:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  1 02:18:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d59eea5bf45f928201ad4466344b87aeae833879
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:09:f4:b7:fe:10:14:a9:2c:d0:ee:06:73:19:
                    9d:d2:2d:9a:54:f5:16:24:b7:1e:61:d6:69:76:01:
                    61:5d:4a:0e:54:38:06:85:7e:a3:34:5a:8c:de:cb:
                    cc:20:e8:51:6e:b9:4e:29:c2:75:29:e0:a7:15:2e:
                    b6:e3:5b:78:cb:dd:3b:b0:18:fd:9c:e4:97:f3:cb:
                    87:bb:73:a2:17:a2:99:32:38:95:53:f5:39:f6:ad:
                    7a:03:8a:c2:5b:ad:ac:ad:83:e2:75:3f:94:6b:18:
                    31:34:24:c7:61:6d:d7:74:db:98:5e:39:9e:8c:2d:
                    64:7e:3f:40:0f:0d:a6:70:39:59:b5:ad:01:ec:55:
                    f0:92:71:c5:d9:f9:88:5e:c1:06:1b:b8:e9:c6:9d:
                    11:d7:43:ca:ba:48:3c:98:ef:c9:ad:cd:d7:c5:da:
                    f5:0b:24:7f:14:6d:3a:39:65:67:17:c4:93:3c:85:
                    c0:52:78:41:1e:94:ab:49:fb:c6:35:54:35:9d:ee:
                    b4:64:3c:31:96:a9:9b:00:9f:d9:9a:52:7d:46:df:
                    b3:65:c8:4a:c5:b0:48:74:25:cd:29:e3:e7:84:90:
                    58:22:d7:a1:0c:ed:92:54:3f:1d:ce:d1:76:39:fe:
                    fd:92:6a:d2:04:27:65:ab:c7:23:2e:c8:78:96:f4:
                    e5:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:9E:EA:5B:F4:5F:92:82:01:AD:44:66:34:4B:87:AE:AE:83:38:79
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/1Z7qW_RfkoIBrURmNEuHrq6DOHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.65.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:0b:52:9b:e3:e5:4f:bd:d3:08:34:c8:18:f6:9d:fd:17:ef:
         8e:a5:d4:d3:54:96:61:79:4b:02:cb:0b:79:10:37:d1:80:ae:
         f9:df:ba:d9:a1:7f:72:7f:a6:a5:f4:2f:22:95:07:9f:37:ed:
         fb:b9:4d:b0:d1:fd:d4:c4:8f:7a:46:70:5b:e2:9b:2f:d1:83:
         a4:6b:15:7f:76:20:37:64:ef:ad:89:cb:fd:0d:b7:65:fb:c7:
         43:60:c9:dc:20:9e:a8:a6:6c:ba:18:7e:7b:04:93:e5:8e:f9:
         0d:f4:f6:23:b6:dc:70:9e:3e:aa:1c:1b:f3:4f:75:81:a0:43:
         c4:24:02:6f:84:a8:8a:a3:d9:e2:12:41:b2:7c:19:fe:19:ef:
         e6:07:0d:2e:29:68:43:d0:c2:01:04:32:0c:88:21:20:b4:59:
         c8:19:8b:78:25:52:34:82:5b:98:03:38:47:2c:77:3c:c8:d5:
         db:34:80:c3:d1:24:bb:ab:e7:d8:19:ae:1b:d0:b8:a4:99:62:
         a2:03:c3:46:9b:0d:70:ef:b8:26:8f:99:7d:03:5d:69:d5:69:
         10:17:1e:4a:73:c8:73:65:67:a8:10:a3:3c:02:1b:38:c4:a3:
         e7:e6:67:51:97:49:eb:61:ab:0e:ec:a8:a5:c2:f5:eb:19:e4:
         40:55:6c:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WRRDaRg6DhNvdieNPEJlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjYwMTAxMDIxODA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTllZWE1YmY0NWY5MjgyMDFhZDQ0NjYzNDRiODdhZWFlODMzODc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0gn0t/4QFKks0O4Gcxmd0i2aVPUW
JLceYdZpdgFhXUoOVDgGhX6jNFqM3svMIOhRbrlOKcJ1KeCnFS6241t4y907sBj9
nOSX88uHu3OiF6KZMjiVU/U59q16A4rCW62srYPidT+UaxgxNCTHYW3XdNuYXjme
jC1kfj9ADw2mcDlZta0B7FXwknHF2fmIXsEGG7jpxp0R10PKukg8mO/Jrc3Xxdr1
CyR/FG06OWVnF8STPIXAUnhBHpSrSfvGNVQ1ne60ZDwxlqmbAJ/ZmlJ9Rt+zZchK
xbBIdCXNKePnhJBYItehDO2SVD8dztF2Of79kmrSBCdlq8cjLsh4lvTlowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNWe6lv0X5KCAa1EZjRLh66ugzh5MB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvMVo3cVdfUmZrb0lCclVSbU5FdUhycTZET0hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTUHUMA0G
CSqGSIb3DQEBCwUAA4IBAQBFC1Kb4+VPvdMINMgY9p39F++OpdTTVJZheUsCywt5
EDfRgK7537rZoX9yf6al9C8ilQefN+37uU2w0f3UxI96RnBb4psv0YOkaxV/diA3
ZO+ticv9Dbdl+8dDYMncIJ6opmy6GH57BJPljvkN9PYjttxwnj6qHBvzT3WBoEPE
JAJvhKiKo9niEkGyfBn+Ge/mBw0uKWhD0MIBBDIMiCEgtFnIGYt4JVI0gluYAzhH
LHc8yNXbNIDD0SS7q+fYGa4b0LikmWKiA8NGmw1w77gmj5l9A11p1WkQFx5Kc8hz
ZWeoEKM8Ahs4xKPn5mdRl0nrYasO7KilwvXrGeRAVWyw
-----END CERTIFICATE-----