This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/m-SQr7hnhmE960j3hH0IgSeLpa0.roa
File:                     m-SQr7hnhmE960j3hH0IgSeLpa0.roa (raw, json)
Hash identifier:          NGsZYn3E8/y+KwalpvGEjudnpYUMa2+kf6D4NeIdWbE=
Subject key identifier:   9B:E4:90:AF:B8:67:86:61:3D:EB:48:F7:84:7D:08:81:27:8B:A5:AD
Certificate issuer:       /CN=18d801de9fe8a6680758817823ae36ba065c610d
Certificate serial:       019B79EC8B9E7EDCD5DB2DE5218C0CF9F386
Authority key identifier: 18:D8:01:DE:9F:E8:A6:68:07:58:81:78:23:AE:36:BA:06:5C:61:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GNgB3p_opmgHWIF4I642ugZcYQ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/m-SQr7hnhmE960j3hH0IgSeLpa0.roa
Signing time:             Thu 01 Jan 2026 14:18:23 +0000
ROA not before:           Thu 01 Jan 2026 14:18:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209917
IP address blocks:        77.72.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/GNgB3p_opmgHWIF4I642ugZcYQ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/GNgB3p_opmgHWIF4I642ugZcYQ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GNgB3p_opmgHWIF4I642ugZcYQ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:8b:9e:7e:dc:d5:db:2d:e5:21:8c:0c:f9:f3:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18d801de9fe8a6680758817823ae36ba065c610d
        Validity
            Not Before: Jan  1 14:18:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9be490afb86786613deb48f7847d0881278ba5ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:7d:23:91:5b:63:ec:c1:9e:9f:c7:4c:f7:13:
                    59:6e:83:e6:33:d9:5f:21:96:cd:aa:05:f3:3f:b9:
                    d8:68:2b:09:4b:6c:a4:40:6e:5b:eb:84:fe:69:0c:
                    e8:09:9b:8f:42:4f:c5:82:a5:20:36:b7:9a:dd:ed:
                    22:dd:84:5c:73:5f:f4:c0:02:5a:ca:f8:0d:f4:ed:
                    cd:94:30:a4:0d:5b:83:f1:50:80:5e:24:d3:e7:b5:
                    40:6b:48:95:6e:60:1c:17:fb:5f:85:22:38:b0:86:
                    1c:44:47:7d:4f:79:86:3c:76:8f:26:c8:d4:51:30:
                    4d:64:7a:c9:70:5d:19:c4:15:e0:1b:26:45:3f:b2:
                    69:a6:3e:82:be:3b:28:63:a3:75:5e:c4:f7:fd:f6:
                    e6:68:66:ce:24:5b:23:2a:df:9e:5e:bc:c2:db:20:
                    09:d3:2f:79:83:12:f8:ec:7e:78:13:44:52:ed:c0:
                    4a:e4:f0:ff:2e:40:f3:cf:cb:f4:e4:de:ca:e4:07:
                    e8:52:41:78:a9:9b:31:ba:7f:9c:c1:e1:15:ae:de:
                    82:46:87:81:59:d2:a1:81:0b:fe:47:17:a2:28:c6:
                    03:1a:73:23:4d:ee:95:82:fc:03:dc:67:63:1e:8e:
                    cd:ea:e6:8b:57:5d:a4:26:36:fa:93:e0:37:84:d8:
                    ce:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:E4:90:AF:B8:67:86:61:3D:EB:48:F7:84:7D:08:81:27:8B:A5:AD
            X509v3 Authority Key Identifier:
                keyid:18:D8:01:DE:9F:E8:A6:68:07:58:81:78:23:AE:36:BA:06:5C:61:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GNgB3p_opmgHWIF4I642ugZcYQ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/m-SQr7hnhmE960j3hH0IgSeLpa0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/95c3c8-6ab1-4951-8f59-65503a9306a0/1/GNgB3p_opmgHWIF4I642ugZcYQ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.72.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:3e:c1:68:20:29:eb:09:48:50:64:85:72:0c:6f:94:e4:8e:
         ac:a1:55:58:26:c9:49:24:f1:61:6f:a1:9d:ee:7c:a5:75:9c:
         0b:b1:8a:f3:71:2e:09:19:bb:dc:eb:6f:98:22:89:dc:bc:8a:
         78:ee:e0:64:8f:04:51:c6:d4:97:14:cf:1b:f7:08:68:9b:74:
         b3:15:b7:15:6a:17:c4:7d:78:e0:53:f3:6b:27:f8:ce:7b:74:
         a2:c0:66:a4:b6:96:c7:ba:2d:3f:10:74:98:6d:b3:28:ef:b4:
         86:1d:bb:9c:69:8e:91:c5:11:61:4c:cc:a7:29:aa:de:83:a3:
         6c:78:7b:0b:48:7b:c5:f0:4d:65:4a:a2:c1:47:b2:b1:74:f1:
         71:2c:b2:7b:fe:86:62:e4:7f:c9:f7:b2:57:02:98:09:15:22:
         88:ea:f3:ce:fd:ba:ac:86:be:af:6b:f3:fa:8f:26:98:6c:ac:
         8f:c4:e2:90:c4:9d:cd:48:c1:df:08:28:20:62:a4:97:e7:c0:
         41:33:d5:b5:3e:a8:f6:8d:6c:61:7a:ad:39:8b:5d:3c:68:ba:
         59:80:e7:79:59:f4:52:0e:75:18:b1:3a:26:a8:47:20:4f:ef:
         f3:15:aa:63:21:01:f1:da:9d:15:1e:63:da:72:7c:82:d7:17:
         a7:57:8f:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57IueftzV2y3lIYwM+fOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4ZDgwMWRlOWZlOGE2NjgwNzU4ODE3ODIzYWUzNmJhMDY1
YzYxMGQwHhcNMjYwMTAxMTQxODIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmU0OTBhZmI4Njc4NjYxM2RlYjQ4Zjc4NDdkMDg4MTI3OGJhNWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA130jkVtj7MGen8dM9xNZboPmM9lf
IZbNqgXzP7nYaCsJS2ykQG5b64T+aQzoCZuPQk/FgqUgNrea3e0i3YRcc1/0wAJa
yvgN9O3NlDCkDVuD8VCAXiTT57VAa0iVbmAcF/tfhSI4sIYcREd9T3mGPHaPJsjU
UTBNZHrJcF0ZxBXgGyZFP7Jppj6CvjsoY6N1XsT3/fbmaGbOJFsjKt+eXrzC2yAJ
0y95gxL47H54E0RS7cBK5PD/LkDzz8v05N7K5AfoUkF4qZsxun+cweEVrt6CRoeB
WdKhgQv+RxeiKMYDGnMjTe6VgvwD3GdjHo7N6uaLV12kJjb6k+A3hNjODwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJvkkK+4Z4ZhPetI94R9CIEni6WtMB8GA1UdIwQY
MBaAFBjYAd6f6KZoB1iBeCOuNroGXGENMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR05nQjNwX29wbWdIV0lGNEk2NDJ1Z1pjWVEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NWMzYzgtNmFiMS00OTUxLThmNTkt
NjU1MDNhOTMwNmEwLzEvbS1TUXI3aG5obUU5NjBqM2hIMElnU2VMcGEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NWMzYzgtNmFiMS00OTUxLThmNTktNjU1MDNhOTMwNmEw
LzEvR05nQjNwX29wbWdIV0lGNEk2NDJ1Z1pjWVEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUjcMA0G
CSqGSIb3DQEBCwUAA4IBAQARPsFoICnrCUhQZIVyDG+U5I6soVVYJslJJPFhb6Gd
7nyldZwLsYrzcS4JGbvc62+YIoncvIp47uBkjwRRxtSXFM8b9whom3SzFbcVahfE
fXjgU/NrJ/jOe3SiwGaktpbHui0/EHSYbbMo77SGHbucaY6RxRFhTMynKareg6Ns
eHsLSHvF8E1lSqLBR7KxdPFxLLJ7/oZi5H/J97JXApgJFSKI6vPO/bqshr6va/P6
jyaYbKyPxOKQxJ3NSMHfCCggYqSX58BBM9W1Pqj2jWxheq05i108aLpZgOd5WfRS
DnUYsTomqEcgT+/zFapjIQHx2p0VHmPacnyC1xenV4/S
-----END CERTIFICATE-----