This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/k45hDQDW5QvPS-wSqExMPGV9b9E.roa
File:                     k45hDQDW5QvPS-wSqExMPGV9b9E.roa (raw, json)
Hash identifier:          rZfIBJAHm9qJyp7jxnj7VeKyOR2YVXy0cyWacYrYiYI=
Subject key identifier:   93:8E:61:0D:00:D6:E5:0B:CF:4B:EC:12:A8:4C:4C:3C:65:7D:6F:D1
Certificate issuer:       /CN=a322f229edc2f314a2fa5ef0d7af1dddb499ea31
Certificate serial:       019B7C807572B1709E83162CCF2E9E5A3015
Authority key identifier: A3:22:F2:29:ED:C2:F3:14:A2:FA:5E:F0:D7:AF:1D:DD:B4:99:EA:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/k45hDQDW5QvPS-wSqExMPGV9b9E.roa
Signing time:             Fri 02 Jan 2026 02:19:11 +0000
ROA not before:           Fri 02 Jan 2026 02:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42309
IP address blocks:        77.240.208.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:75:72:b1:70:9e:83:16:2c:cf:2e:9e:5a:30:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a322f229edc2f314a2fa5ef0d7af1dddb499ea31
        Validity
            Not Before: Jan  2 02:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=938e610d00d6e50bcf4bec12a84c4c3c657d6fd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:3e:d0:cd:72:80:da:6f:51:82:63:6d:60:cb:
                    e2:d1:96:53:c8:fc:78:08:f0:32:d1:1e:6c:1f:26:
                    ff:17:a4:fa:f7:28:3f:93:94:a4:55:51:ed:61:31:
                    92:73:03:20:b9:8c:ff:5e:4d:f5:b6:54:47:1e:76:
                    9b:fa:71:0b:45:31:3a:7b:ce:47:86:3c:38:57:f9:
                    76:86:ab:e4:e3:32:20:fd:55:67:8f:19:b8:e6:81:
                    42:c3:c3:a4:82:78:35:86:0c:02:73:46:cd:89:43:
                    df:17:b3:a0:f9:00:51:79:82:62:64:4a:27:23:84:
                    36:0a:48:af:f0:3d:3f:81:aa:ba:62:df:43:3d:3b:
                    30:6d:53:98:c1:ef:f1:73:d6:d0:e5:d6:fa:70:93:
                    99:32:5e:ee:df:0a:fc:50:4a:d6:07:6a:c1:31:56:
                    2b:dc:e1:66:41:56:6b:0e:22:b4:88:84:8c:97:d8:
                    ca:93:9d:86:7a:94:96:45:85:51:f7:de:b1:08:21:
                    7a:d3:37:b1:bf:08:d7:85:80:69:bd:9b:02:87:19:
                    39:5c:af:13:c6:75:e1:a7:5a:d2:a4:a0:f4:e7:5a:
                    2b:cd:d5:63:48:c9:57:20:20:c6:0f:21:93:d9:34:
                    62:e9:52:32:9b:2b:f0:5f:4b:a8:d3:87:f2:77:55:
                    ac:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:8E:61:0D:00:D6:E5:0B:CF:4B:EC:12:A8:4C:4C:3C:65:7D:6F:D1
            X509v3 Authority Key Identifier:
                keyid:A3:22:F2:29:ED:C2:F3:14:A2:FA:5E:F0:D7:AF:1D:DD:B4:99:EA:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oyLyKe3C8xSi-l7w168d3bSZ6jE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/k45hDQDW5QvPS-wSqExMPGV9b9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/edffbb-1082-4482-8a08-65f8247ffa91/1/oyLyKe3C8xSi-l7w168d3bSZ6jE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.240.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a7:56:5e:c5:20:9b:e9:f8:44:1d:a1:6c:6c:34:97:bf:d0:1e:
         8f:50:d3:ec:e4:2f:b2:4e:48:1d:95:c2:60:43:45:5a:95:f2:
         c7:68:04:89:7b:79:d9:bf:e3:dc:85:d5:77:74:5e:0d:b3:f1:
         f3:c7:3c:e2:56:2f:39:af:88:9b:2b:a1:21:6e:03:2c:6e:5d:
         b4:76:fa:5c:63:0f:80:c5:53:3c:8e:74:00:f0:65:cf:b6:29:
         fe:c0:b4:b5:55:a4:c8:eb:6f:45:dd:eb:f4:c6:50:e3:94:bb:
         eb:ff:1b:15:ff:57:b6:a3:82:bc:5a:e3:d9:14:c5:a9:66:92:
         22:63:69:4a:f6:52:85:1d:6c:fc:d4:9d:b2:eb:97:df:d9:d1:
         b5:e1:64:95:57:ec:1f:4a:8f:24:59:0e:d4:c2:52:38:91:5a:
         b2:66:f5:76:2c:5e:2b:62:56:5a:24:73:e1:9a:ee:3c:47:5f:
         d5:17:45:4e:78:a3:49:ed:0b:8c:e2:4b:3d:2a:57:0f:58:29:
         de:36:79:82:fb:d4:0c:1a:56:26:2a:20:f6:f4:99:3f:00:8b:
         9c:85:32:37:22:88:8e:df:03:96:64:04:97:e7:9d:48:09:5f:
         f3:72:7b:31:ca:25:41:3f:6c:b8:20:4a:f4:70:18:6a:66:7c:
         b8:29:0b:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gHVysXCegxYszy6eWjAVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMjJmMjI5ZWRjMmYzMTRhMmZhNWVmMGQ3YWYxZGRkYjQ5
OWVhMzEwHhcNMjYwMTAyMDIxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzhlNjEwZDAwZDZlNTBiY2Y0YmVjMTJhODRjNGMzYzY1N2Q2ZmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvz7QzXKA2m9RgmNtYMvi0ZZTyPx4
CPAy0R5sHyb/F6T69yg/k5SkVVHtYTGScwMguYz/Xk31tlRHHnab+nELRTE6e85H
hjw4V/l2hqvk4zIg/VVnjxm45oFCw8Okgng1hgwCc0bNiUPfF7Og+QBReYJiZEon
I4Q2Ckiv8D0/gaq6Yt9DPTswbVOYwe/xc9bQ5db6cJOZMl7u3wr8UErWB2rBMVYr
3OFmQVZrDiK0iISMl9jKk52GepSWRYVR996xCCF60zexvwjXhYBpvZsChxk5XK8T
xnXhp1rSpKD051orzdVjSMlXICDGDyGT2TRi6VIymyvwX0uo04fyd1WsNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOOYQ0A1uULz0vsEqhMTDxlfW/RMB8GA1UdIwQY
MBaAFKMi8intwvMUovpe8NevHd20meoxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3lMeUtlM0M4eFNpLWw3dzE2OGQzYlNaNmpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9lZGZmYmItMTA4Mi00NDgyLThhMDgt
NjVmODI0N2ZmYTkxLzEvazQ1aERRRFc1UXZQUy13U3FFeE1QR1Y5YjlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9lZGZmYmItMTA4Mi00NDgyLThhMDgtNjVmODI0N2ZmYTkx
LzEvb3lMeUtlM0M4eFNpLWw3dzE2OGQzYlNaNmpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETfDQMA0G
CSqGSIb3DQEBCwUAA4IBAQCnVl7FIJvp+EQdoWxsNJe/0B6PUNPs5C+yTkgdlcJg
Q0ValfLHaASJe3nZv+PchdV3dF4Ns/HzxzziVi85r4ibK6EhbgMsbl20dvpcYw+A
xVM8jnQA8GXPtin+wLS1VaTI629F3ev0xlDjlLvr/xsV/1e2o4K8WuPZFMWpZpIi
Y2lK9lKFHWz81J2y65ff2dG14WSVV+wfSo8kWQ7UwlI4kVqyZvV2LF4rYlZaJHPh
mu48R1/VF0VOeKNJ7QuM4ks9KlcPWCneNnmC+9QMGlYmKiD29Jk/AIuchTI3IoiO
3wOWZASX551ICV/zcnsxyiVBP2y4IEr0cBhqZny4KQuZ
-----END CERTIFICATE-----