This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/RyIjr7Jp4ZcjSvh4sBLlo42NIjM.roa
File:                     RyIjr7Jp4ZcjSvh4sBLlo42NIjM.roa (raw, json)
Hash identifier:          XspSx2r+2neHytKl7Wotwjjqn+lpkpASlD1IDByUxCI=
Subject key identifier:   47:22:23:AF:B2:69:E1:97:23:4A:F8:78:B0:12:E5:A3:8D:8D:22:33
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019BEBECE957B883FCAD2A83B579143B0FE1
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/RyIjr7Jp4ZcjSvh4sBLlo42NIjM.roa
Signing time:             Fri 23 Jan 2026 17:35:30 +0000
ROA not before:           Fri 23 Jan 2026 17:35:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50131
IP address blocks:        77.239.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:eb:ec:e9:57:b8:83:fc:ad:2a:83:b5:79:14:3b:0f:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan 23 17:35:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=472223afb269e197234af878b012e5a38d8d2233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:e8:4d:a8:77:f1:9f:c0:61:46:e2:77:20:3c:
                    a3:36:53:85:4d:e7:ca:6b:23:66:a0:30:a5:ca:14:
                    07:28:06:92:ff:b5:cc:41:9e:45:f5:10:e5:dd:74:
                    e0:13:18:5c:31:e9:3b:0a:6f:29:09:f7:bb:3d:0d:
                    af:b3:50:ef:c2:e2:96:82:a1:ab:1f:94:7c:6b:64:
                    56:6b:6f:e3:8b:89:92:30:e6:69:d8:36:ef:15:40:
                    31:24:95:b2:06:47:a5:68:f7:98:95:22:9e:d5:f5:
                    38:20:bb:6d:63:63:eb:17:e3:68:6f:ba:76:7e:8e:
                    f8:53:29:a2:60:f6:78:f5:1c:f9:9a:20:d3:c4:3d:
                    e4:41:52:78:3c:64:1f:18:a3:b9:fb:ac:9d:6a:32:
                    49:47:0c:12:12:8c:d6:25:f8:89:bb:c1:f7:c2:65:
                    4b:15:60:f5:1a:91:26:fe:86:24:1c:1e:99:2d:91:
                    31:f1:99:d0:26:b1:23:01:64:ef:f9:81:b7:d4:53:
                    ee:6c:5a:55:ec:71:e4:d2:b0:42:f7:98:52:f0:13:
                    50:df:2d:e0:6a:1d:46:6a:36:26:fa:6c:60:f2:be:
                    6f:60:00:36:df:e6:ab:1b:84:db:8a:a8:37:3a:ee:
                    44:55:a4:a3:2f:66:35:e9:85:b8:5f:2b:93:f6:2c:
                    82:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:22:23:AF:B2:69:E1:97:23:4A:F8:78:B0:12:E5:A3:8D:8D:22:33
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/RyIjr7Jp4ZcjSvh4sBLlo42NIjM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.239.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         05:9b:04:f0:f2:fd:90:70:05:75:a8:17:ee:56:75:0f:a8:94:
         57:5b:67:b5:9e:e9:f5:ab:1e:e5:1b:28:5c:59:66:a4:32:24:
         e8:34:8e:1d:64:ca:11:d8:90:1d:96:b3:58:ee:25:eb:aa:44:
         18:9e:19:ea:7e:50:5a:6d:84:af:08:8e:14:6f:32:ad:ed:18:
         76:85:26:ef:d9:33:1b:ff:0e:03:88:68:7b:e5:18:db:b8:98:
         bd:b8:e3:d3:da:3d:2b:60:49:65:f5:b1:82:ed:e0:0b:09:72:
         d6:30:e6:38:ac:f5:83:55:c0:d4:66:e9:58:73:55:be:f9:ab:
         ec:fe:dc:ac:91:83:41:a9:c8:b4:1a:ba:1b:08:fe:1c:35:e9:
         30:e0:a2:b2:57:68:7b:ac:ab:b0:11:3b:0a:15:96:69:87:ca:
         0e:32:42:37:df:c8:ea:7e:0e:bb:23:fd:70:99:99:bd:10:f3:
         8b:bf:ab:79:51:43:a7:94:2c:70:b6:fe:40:9f:fd:33:73:a3:
         59:fb:32:a0:34:19:f6:70:ba:0a:73:d3:9d:48:47:08:37:8a:
         d7:c1:8e:6f:74:92:e3:49:8a:42:d6:cd:32:4a:e4:28:26:cf:
         86:b9:7b:24:1c:83:9a:70:09:0d:ec:c9:4b:3b:9f:d0:d1:ad:
         07:d2:83:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZvr7OlXuIP8rSqDtXkUOw/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMTIzMTczNTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzIyMjNhZmIyNjllMTk3MjM0YWY4NzhiMDEyZTVhMzhkOGQyMjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuhNqHfxn8BhRuJ3IDyjNlOFTefK
ayNmoDClyhQHKAaS/7XMQZ5F9RDl3XTgExhcMek7Cm8pCfe7PQ2vs1DvwuKWgqGr
H5R8a2RWa2/ji4mSMOZp2DbvFUAxJJWyBkelaPeYlSKe1fU4ILttY2PrF+Nob7p2
fo74UymiYPZ49Rz5miDTxD3kQVJ4PGQfGKO5+6ydajJJRwwSEozWJfiJu8H3wmVL
FWD1GpEm/oYkHB6ZLZEx8ZnQJrEjAWTv+YG31FPubFpV7HHk0rBC95hS8BNQ3y3g
ah1GajYm+mxg8r5vYAA23+arG4Tbiqg3Ou5EVaSjL2Y16YW4XyuT9iyCXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEciI6+yaeGXI0r4eLAS5aONjSIzMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvUnlJanI3SnA0WmNqU3ZoNHNCTGxvNDJOSWpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCTe90MA0G
CSqGSIb3DQEBCwUAA4IBAQAFmwTw8v2QcAV1qBfuVnUPqJRXW2e1nun1qx7lGyhc
WWakMiToNI4dZMoR2JAdlrNY7iXrqkQYnhnqflBabYSvCI4UbzKt7Rh2hSbv2TMb
/w4DiGh75RjbuJi9uOPT2j0rYEll9bGC7eALCXLWMOY4rPWDVcDUZulYc1W++avs
/tyskYNBqci0GrobCP4cNekw4KKyV2h7rKuwETsKFZZph8oOMkI338jqfg67I/1w
mZm9EPOLv6t5UUOnlCxwtv5An/0zc6NZ+zKgNBn2cLoKc9OdSEcIN4rXwY5vdJLj
SYpC1s0ySuQoJs+GuXskHIOacAkN7MlLO5/Q0a0H0oPL
-----END CERTIFICATE-----