This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cBfUK_-0Gmz1heuHR3HGACfZY3k.roa
File:                     cBfUK_-0Gmz1heuHR3HGACfZY3k.roa (raw, json)
Hash identifier:          BhfhJeKbNRebS0qaxhd0BSVg24TcZ7dR+jg50eJJZiQ=
Subject key identifier:   70:17:D4:2B:FF:B4:1A:6C:F5:85:EB:87:47:71:C6:00:27:D9:63:79
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019AB834247E6533200E70ECBD443001227A
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cBfUK_-0Gmz1heuHR3HGACfZY3k.roa
Signing time:             Mon 24 Nov 2025 23:30:16 +0000
ROA not before:           Mon 24 Nov 2025 23:30:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204653
IP address blocks:        77.90.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:b8:34:24:7e:65:33:20:0e:70:ec:bd:44:30:01:22:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Nov 24 23:30:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7017d42bffb41a6cf585eb874771c60027d96379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:18:c8:fe:4c:e2:0e:e4:04:c8:ad:78:fc:5e:
                    b7:a6:fc:9a:8a:f4:74:76:52:83:26:1f:10:30:95:
                    dc:b0:24:85:18:a9:41:b9:01:49:ad:55:c3:5c:3d:
                    bb:1c:37:e8:c6:da:f1:70:99:84:ff:d3:90:13:5b:
                    30:c1:eb:2c:27:40:bb:4c:92:2d:e4:ba:b8:4b:db:
                    09:f9:c2:4b:2d:57:48:e9:77:3b:d8:33:a1:ab:4d:
                    99:9c:3e:25:b4:d0:45:cf:4c:6a:0c:72:b1:9f:a9:
                    76:50:d9:bc:4e:c1:ed:fb:a4:1e:14:9b:e1:40:88:
                    9e:a0:ac:34:da:7e:44:e6:a7:c2:a8:e6:91:14:09:
                    49:43:5b:c0:1a:41:f9:75:18:62:c4:aa:19:68:ea:
                    12:c1:30:2f:5b:d7:08:62:1e:64:11:3e:60:c4:91:
                    a7:e9:f9:94:d4:b8:fd:5a:88:19:6e:48:4c:f5:91:
                    06:67:80:f8:c1:73:74:93:3a:bd:0f:ba:7f:dc:48:
                    f4:60:de:62:9f:9f:c4:0c:3f:34:ed:e8:19:64:df:
                    0f:1a:31:f5:6b:57:76:ee:68:2b:6f:5a:11:c6:05:
                    87:11:75:09:af:30:ac:8d:13:65:cd:73:44:b2:14:
                    f6:62:aa:6b:4c:62:d9:93:9a:5d:57:48:79:37:40:
                    6c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:17:D4:2B:FF:B4:1A:6C:F5:85:EB:87:47:71:C6:00:27:D9:63:79
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/cBfUK_-0Gmz1heuHR3HGACfZY3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:8a:67:4e:65:8f:fb:97:2e:49:28:99:88:ae:5c:1d:00:c1:
         9f:0e:05:1b:53:16:a7:43:35:5b:b8:08:a9:0a:b3:f7:c4:d3:
         0f:4d:55:47:9b:4d:96:ca:ff:f7:d5:cf:f1:68:48:5c:06:21:
         b1:66:73:26:d0:cd:ee:f1:73:f4:f4:09:a3:dd:4c:be:fd:5d:
         b0:3f:b6:c6:68:9b:65:ff:5a:36:44:1f:d6:32:2f:33:a9:35:
         16:30:28:92:a9:b7:25:7b:a3:4a:eb:5c:fc:74:7a:33:50:85:
         e3:9e:9e:71:f1:56:5d:f6:93:09:70:c8:c7:39:31:4b:61:fb:
         f1:b9:80:4b:ae:7d:54:e4:d4:ec:d6:59:d3:4e:e1:a0:ad:55:
         fc:f7:7a:d7:3f:d6:c2:f2:f0:aa:6b:97:d9:9e:e8:cc:b5:01:
         7f:09:ea:37:59:04:3e:b9:2e:9f:8a:1c:15:0b:96:1e:45:14:
         32:a4:71:d5:b8:1f:fd:21:75:9a:e3:38:28:6f:97:8a:57:eb:
         aa:6d:03:e7:5e:19:40:fb:73:36:95:5e:1e:a8:72:6c:12:d3:
         39:ea:05:15:7a:2e:99:58:8a:92:c3:83:dc:aa:47:94:8f:84:
         4f:1b:3a:95:b4:96:aa:93:6b:a0:94:59:25:1b:25:1b:94:2e:
         e6:9a:79:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZq4NCR+ZTMgDnDsvUQwASJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUxMTI0MjMzMDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDE3ZDQyYmZmYjQxYTZjZjU4NWViODc0NzcxYzYwMDI3ZDk2Mzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRjI/kziDuQEyK14/F63pvyaivR0
dlKDJh8QMJXcsCSFGKlBuQFJrVXDXD27HDfoxtrxcJmE/9OQE1swwessJ0C7TJIt
5Lq4S9sJ+cJLLVdI6Xc72DOhq02ZnD4ltNBFz0xqDHKxn6l2UNm8TsHt+6QeFJvh
QIieoKw02n5E5qfCqOaRFAlJQ1vAGkH5dRhixKoZaOoSwTAvW9cIYh5kET5gxJGn
6fmU1Lj9WogZbkhM9ZEGZ4D4wXN0kzq9D7p/3Ej0YN5in5/EDD807egZZN8PGjH1
a1d27mgrb1oRxgWHEXUJrzCsjRNlzXNEshT2YqprTGLZk5pdV0h5N0BsLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAX1Cv/tBps9YXrh0dxxgAn2WN5MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvY0JmVUtfLTBHbXoxaGV1SFIzSEdBQ2ZaWTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVouMA0G
CSqGSIb3DQEBCwUAA4IBAQCpimdOZY/7ly5JKJmIrlwdAMGfDgUbUxanQzVbuAip
CrP3xNMPTVVHm02Wyv/31c/xaEhcBiGxZnMm0M3u8XP09Amj3Uy+/V2wP7bGaJtl
/1o2RB/WMi8zqTUWMCiSqbcle6NK61z8dHozUIXjnp5x8VZd9pMJcMjHOTFLYfvx
uYBLrn1U5NTs1lnTTuGgrVX893rXP9bC8vCqa5fZnujMtQF/Ceo3WQQ+uS6fihwV
C5YeRRQypHHVuB/9IXWa4zgob5eKV+uqbQPnXhlA+3M2lV4eqHJsEtM56gUVei6Z
WIqSw4PcqkeUj4RPGzqVtJaqk2uglFklGyUblC7mmnn0
-----END CERTIFICATE-----