This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/77UuERyh3Z3AUcULCIiJEdc-fQo.roa
File:                     77UuERyh3Z3AUcULCIiJEdc-fQo.roa (raw, json)
Hash identifier:          DnHBthnf/STbIAi1O3tZFh2P5fMOYtzdif9FPjsRkXU=
Subject key identifier:   EF:B5:2E:11:1C:A1:DD:9D:C0:51:C5:0B:08:88:89:11:D7:3E:7D:0A
Certificate issuer:       /CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
Certificate serial:       019B7F8595317CD5F8E966CDBA9D8CE1008B
Authority key identifier: 94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/77UuERyh3Z3AUcULCIiJEdc-fQo.roa
Signing time:             Fri 02 Jan 2026 16:23:39 +0000
ROA not before:           Fri 02 Jan 2026 16:23:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57344
IP address blocks:        194.24.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:95:31:7c:d5:f8:e9:66:cd:ba:9d:8c:e1:00:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=940a10a256728f11a4bbaadc3204b7f0a35a5000
        Validity
            Not Before: Jan  2 16:23:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=efb52e111ca1dd9dc051c50b08888911d73e7d0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:81:00:4c:6d:49:b7:84:2c:8c:a9:38:73:b4:
                    09:ef:c0:a1:49:48:86:01:a3:f5:1c:ca:bf:08:43:
                    05:00:a2:10:2e:ff:0a:35:44:53:bc:78:b9:a6:48:
                    4f:59:35:78:ad:cb:32:0c:ae:bc:0b:ef:69:74:99:
                    7c:ed:f4:54:14:30:5d:f6:31:d8:d3:82:1f:cf:8d:
                    43:be:3f:70:6b:16:cd:b5:f0:d5:d1:11:17:df:83:
                    b1:10:87:7b:d5:c7:d1:70:2b:e8:a8:da:51:e5:23:
                    ec:35:e1:94:0d:00:3c:2b:b0:b5:b0:8b:a8:95:b3:
                    22:6d:90:49:56:d5:45:6e:2b:15:e6:a9:b5:8e:24:
                    99:6c:94:26:1b:91:d9:a7:7d:88:e7:1d:7a:d9:07:
                    f0:9e:bf:13:22:8a:cd:a1:05:62:45:1e:af:a2:b5:
                    db:1a:74:a6:28:15:f1:e7:a4:b1:03:2f:a2:0a:37:
                    fc:e2:8d:88:95:a7:6f:de:9a:d7:6c:c9:e8:f4:48:
                    9c:fe:78:64:1d:bb:bc:12:ee:e9:c6:52:ef:61:69:
                    3d:56:08:34:ff:da:5a:10:d6:f7:5e:4a:2f:f0:b0:
                    61:94:78:e8:6a:98:ac:bb:b3:05:7d:99:d4:6e:ed:
                    10:7b:66:3a:56:eb:97:b3:2b:d1:ea:ba:8b:ab:54:
                    cf:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:B5:2E:11:1C:A1:DD:9D:C0:51:C5:0B:08:88:89:11:D7:3E:7D:0A
            X509v3 Authority Key Identifier:
                keyid:94:0A:10:A2:56:72:8F:11:A4:BB:AA:DC:32:04:B7:F0:A3:5A:50:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lAoQolZyjxGku6rcMgS38KNaUAA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/77UuERyh3Z3AUcULCIiJEdc-fQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a1ae75-2d6b-4cc6-acef-dce6d6909247/1/lAoQolZyjxGku6rcMgS38KNaUAA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.24.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:c8:10:11:2c:80:2d:ff:02:96:73:d7:9e:15:e1:06:05:51:
         0c:26:6c:cb:9b:85:96:00:b4:f9:7b:71:84:67:70:5a:0e:5a:
         a8:44:33:1f:7f:b0:08:df:21:44:f0:34:bb:37:77:d0:62:29:
         44:78:98:fc:c0:a4:15:c2:57:68:a8:0e:20:86:60:83:37:97:
         36:58:54:c3:e0:24:52:40:1b:b9:18:ee:8a:9b:d2:81:f8:a5:
         8b:79:12:28:9d:b5:57:99:5b:91:a3:64:0f:36:20:37:cf:f9:
         0d:b3:c3:45:d8:7b:92:27:a7:b0:57:03:a0:8a:8f:9c:a3:cf:
         cc:69:00:c8:82:89:bb:cd:e3:d8:54:bd:47:8d:e7:12:70:c3:
         d2:52:db:0b:fd:59:19:2d:c6:1c:59:f0:a1:0a:31:70:a9:2a:
         81:01:63:f1:c1:5c:6f:9f:b3:08:c5:42:c4:fa:31:24:96:d1:
         1d:e6:38:50:12:ee:f9:d9:ad:6d:73:b1:74:f8:16:63:d4:85:
         8e:88:cc:a1:df:02:85:83:46:d7:ce:c1:d6:1f:f5:e8:24:66:
         8e:8c:69:f9:f9:65:c6:3c:c0:87:b9:24:99:df:3f:82:96:7e:
         7d:41:93:a3:35:31:bc:14:de:3e:30:2a:0c:93:ee:aa:41:6e:
         03:ae:16:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/hZUxfNX46WbNup2M4QCLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MGExMGEyNTY3MjhmMTFhNGJiYWFkYzMyMDRiN2YwYTM1
YTUwMDAwHhcNMjYwMTAyMTYyMzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmI1MmUxMTFjYTFkZDlkYzA1MWM1MGIwODg4ODkxMWQ3M2U3ZDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs4EATG1Jt4QsjKk4c7QJ78ChSUiG
AaP1HMq/CEMFAKIQLv8KNURTvHi5pkhPWTV4rcsyDK68C+9pdJl87fRUFDBd9jHY
04Ifz41Dvj9waxbNtfDV0REX34OxEId71cfRcCvoqNpR5SPsNeGUDQA8K7C1sIuo
lbMibZBJVtVFbisV5qm1jiSZbJQmG5HZp32I5x162Qfwnr8TIorNoQViRR6vorXb
GnSmKBXx56SxAy+iCjf84o2Iladv3prXbMno9Eic/nhkHbu8Eu7pxlLvYWk9Vgg0
/9paENb3Xkov8LBhlHjoapisu7MFfZnUbu0Qe2Y6VuuXsyvR6rqLq1TPtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+1LhEcod2dwFHFCwiIiRHXPn0KMB8GA1UdIwQY
MBaAFJQKEKJWco8RpLuq3DIEt/CjWlAAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYt
ZGNlNmQ2OTA5MjQ3LzEvNzdVdUVSeWgzWjNBVWNVTENJaUpFZGMtZlFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMWFlNzUtMmQ2Yi00Y2M2LWFjZWYtZGNlNmQ2OTA5MjQ3
LzEvbEFvUW9sWnlqeEdrdTZyY01nUzM4S05hVUFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhi9MA0G
CSqGSIb3DQEBCwUAA4IBAQAwyBARLIAt/wKWc9eeFeEGBVEMJmzLm4WWALT5e3GE
Z3BaDlqoRDMff7AI3yFE8DS7N3fQYilEeJj8wKQVwldoqA4ghmCDN5c2WFTD4CRS
QBu5GO6Km9KB+KWLeRIonbVXmVuRo2QPNiA3z/kNs8NF2HuSJ6ewVwOgio+co8/M
aQDIgom7zePYVL1HjecScMPSUtsL/VkZLcYcWfChCjFwqSqBAWPxwVxvn7MIxULE
+jEkltEd5jhQEu752a1tc7F0+BZj1IWOiMyh3wKFg0bXzsHWH/XoJGaOjGn5+WXG
PMCHuSSZ3z+Cln59QZOjNTG8FN4+MCoMk+6qQW4DrhYp
-----END CERTIFICATE-----