This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/sgQIBkFFp9Zlr_0nrRPVgJN0CEQ.roa
File:                     sgQIBkFFp9Zlr_0nrRPVgJN0CEQ.roa (raw, json)
Hash identifier:          S9CdDbT1ld2vusmvuJyBIT32yXTScPbapiKiAqKYB1k=
Subject key identifier:   B2:04:08:06:41:45:A7:D6:65:AF:FD:27:AD:13:D5:80:93:74:08:44
Certificate issuer:       /CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
Certificate serial:       019B7EA69B3F2F3551D8457851279B820FDC
Authority key identifier: AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/sgQIBkFFp9Zlr_0nrRPVgJN0CEQ.roa
Signing time:             Fri 02 Jan 2026 12:20:06 +0000
ROA not before:           Fri 02 Jan 2026 12:20:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201814
IP address blocks:        77.73.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 24 Jan 2026 03:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:9b:3f:2f:35:51:d8:45:78:51:27:9b:82:0f:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
        Validity
            Not Before: Jan  2 12:20:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b20408064145a7d665affd27ad13d58093740844
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:05:4d:f9:c3:54:f6:9f:9c:f3:be:49:c5:c0:
                    3c:66:9d:38:27:e5:44:a2:01:f4:e1:a1:cc:47:3e:
                    fb:0b:75:53:c9:81:01:2e:72:27:54:9d:c0:b9:cb:
                    9d:eb:94:79:7e:5b:d7:ce:08:e1:67:11:97:96:2b:
                    af:ea:f9:8e:8b:b0:7e:05:6d:ee:10:07:7b:dc:50:
                    3a:5f:4b:56:34:71:51:14:be:67:64:13:04:70:a5:
                    08:d7:85:8e:23:26:44:d7:5c:4d:6c:b9:2e:de:aa:
                    2d:56:ad:70:c8:a6:19:ca:92:7b:ee:a3:b8:d0:d2:
                    12:b4:c0:16:f5:41:8e:fb:1e:2c:b7:87:6c:0a:50:
                    fb:bd:63:46:25:3e:ad:06:ed:0f:b1:da:19:04:06:
                    54:ba:d2:77:0d:3f:1f:92:80:e5:97:d6:f7:d0:9d:
                    cd:0c:3d:b4:d3:d3:82:5a:ce:12:36:16:33:02:6a:
                    2c:4b:2c:b0:52:00:13:ec:56:b0:08:ab:13:11:81:
                    b0:f4:32:e3:09:2b:61:bc:b3:c0:88:a0:ce:9c:6a:
                    76:b5:c1:31:23:37:b3:2f:4e:92:83:2d:d8:28:b0:
                    dc:22:bd:ff:07:84:3a:da:69:f6:de:0c:10:1b:44:
                    05:08:b9:32:ca:67:83:a4:8d:95:1a:8c:0c:49:b5:
                    b4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:04:08:06:41:45:A7:D6:65:AF:FD:27:AD:13:D5:80:93:74:08:44
            X509v3 Authority Key Identifier:
                keyid:AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/sgQIBkFFp9Zlr_0nrRPVgJN0CEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:f2:e8:1c:6d:dd:02:7d:3d:90:25:64:1e:e6:2f:7b:13:7f:
         77:00:52:86:f5:ee:99:cb:31:76:22:69:e2:97:3f:9e:cc:a7:
         d9:66:af:0f:fb:83:dc:be:6f:84:64:8d:09:8d:30:df:35:22:
         00:11:cb:8b:53:5f:01:b4:5e:4d:29:36:3b:fa:97:52:56:97:
         a1:ef:c7:71:f0:e2:e8:86:e0:71:78:7c:61:c7:de:16:7b:6a:
         a9:a8:9f:66:87:77:77:ba:7e:5a:5c:46:58:f7:69:be:df:d5:
         b3:a2:13:26:d4:36:ed:5d:36:44:f7:e2:d5:1e:6b:54:97:e9:
         ae:db:e7:56:80:1b:4d:1e:4a:c1:c8:6f:ab:7c:c6:9d:27:4f:
         41:6d:bf:10:07:f3:4f:fa:ac:58:91:c4:92:03:ae:15:2d:f0:
         30:bd:03:af:ad:67:c4:e3:fc:11:f4:29:c2:92:2e:50:b0:6b:
         fb:e2:3d:35:2d:ac:72:94:10:b9:31:26:5e:b0:76:f6:31:e3:
         9d:a5:26:37:83:55:0f:27:16:52:58:50:9b:4f:14:45:78:c7:
         76:13:5a:d3:e9:ad:4a:b3:fe:3f:3a:2e:8d:c8:c5:41:b1:ac:
         6b:f2:f6:7a:5f:29:96:a5:3b:3f:35:1e:80:9e:42:5e:75:1f:
         73:af:8c:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pps/LzVR2EV4USebgg/cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZmExM2YxYWUwNTM5MTYyODBlYzY4ZWUxYjA5NzZmOWVi
ZDNlYTgwHhcNMjYwMTAyMTIyMDA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjA0MDgwNjQxNDVhN2Q2NjVhZmZkMjdhZDEzZDU4MDkzNzQwODQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgVN+cNU9p+c875JxcA8Zp04J+VE
ogH04aHMRz77C3VTyYEBLnInVJ3Aucud65R5flvXzgjhZxGXliuv6vmOi7B+BW3u
EAd73FA6X0tWNHFRFL5nZBMEcKUI14WOIyZE11xNbLku3qotVq1wyKYZypJ77qO4
0NIStMAW9UGO+x4st4dsClD7vWNGJT6tBu0PsdoZBAZUutJ3DT8fkoDll9b30J3N
DD2009OCWs4SNhYzAmosSyywUgAT7FawCKsTEYGw9DLjCSthvLPAiKDOnGp2tcEx
IzezL06Sgy3YKLDcIr3/B4Q62mn23gwQG0QFCLkyymeDpI2VGowMSbW0sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIECAZBRafWZa/9J60T1YCTdAhEMB8GA1UdIwQY
MBaAFK/6E/GuBTkWKA7GjuGwl2+evT6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAt
NDc4YzJjOGNiMmEwLzEvc2dRSUJrRkZwOVpscl8wbnJSUFZnSk4wQ0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAtNDc4YzJjOGNiMmEw
LzEvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUmBMA0G
CSqGSIb3DQEBCwUAA4IBAQDS8ugcbd0CfT2QJWQe5i97E393AFKG9e6ZyzF2Imni
lz+ezKfZZq8P+4Pcvm+EZI0JjTDfNSIAEcuLU18BtF5NKTY7+pdSVpeh78dx8OLo
huBxeHxhx94We2qpqJ9mh3d3un5aXEZY92m+39WzohMm1DbtXTZE9+LVHmtUl+mu
2+dWgBtNHkrByG+rfMadJ09Bbb8QB/NP+qxYkcSSA64VLfAwvQOvrWfE4/wR9CnC
ki5QsGv74j01LaxylBC5MSZesHb2MeOdpSY3g1UPJxZSWFCbTxRFeMd2E1rT6a1K
s/4/Oi6NyMVBsaxr8vZ6XymWpTs/NR6AnkJedR9zr4zu
-----END CERTIFICATE-----