This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/0095ef-8a39-44d1-a9a6-5baef3fc295d/1/pJgLulMLIKvMMO7AdCTNd61W_Qo.roa
File:                     pJgLulMLIKvMMO7AdCTNd61W_Qo.roa (raw, json)
Hash identifier:          d7x2/EMQahiRCVzVwOaCAyZfFY39+nEtyCz6GzOW0VI=
Subject key identifier:   A4:98:0B:BA:53:0B:20:AB:CC:30:EE:C0:74:24:CD:77:AD:56:FD:0A
Certificate issuer:       /CN=8099fe152e77647a3bf8f05aacc60cbab8b0f3f1
Certificate serial:       019B7E376456572C73D6A728F4FE205C2E8A
Authority key identifier: 80:99:FE:15:2E:77:64:7A:3B:F8:F0:5A:AC:C6:0C:BA:B8:B0:F3:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gJn-FS53ZHo7-PBarMYMuriw8_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/0095ef-8a39-44d1-a9a6-5baef3fc295d/1/pJgLulMLIKvMMO7AdCTNd61W_Qo.roa
Signing time:             Fri 02 Jan 2026 10:18:37 +0000
ROA not before:           Fri 02 Jan 2026 10:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     11404
IP address blocks:        77.95.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/0095ef-8a39-44d1-a9a6-5baef3fc295d/1/gJn-FS53ZHo7-PBarMYMuriw8_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/0095ef-8a39-44d1-a9a6-5baef3fc295d/1/gJn-FS53ZHo7-PBarMYMuriw8_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gJn-FS53ZHo7-PBarMYMuriw8_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 22:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:64:56:57:2c:73:d6:a7:28:f4:fe:20:5c:2e:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8099fe152e77647a3bf8f05aacc60cbab8b0f3f1
        Validity
            Not Before: Jan  2 10:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4980bba530b20abcc30eec07424cd77ad56fd0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:32:59:52:aa:7e:68:95:73:60:5a:63:63:1b:
                    b5:09:d9:6d:78:d4:ee:8a:da:6b:fc:b6:09:a3:74:
                    5f:4a:d6:91:59:f2:0e:f9:06:c6:91:5e:a0:d7:28:
                    25:4c:8e:78:1b:15:fb:e1:60:8e:d3:4d:b4:3d:1a:
                    82:2c:37:66:6a:f7:c7:8f:b2:1b:5b:f7:44:23:11:
                    53:e6:91:9c:cd:f1:f6:06:0f:08:94:35:17:cd:79:
                    6e:3e:14:1a:54:63:d5:27:8a:41:3e:fe:65:44:a7:
                    fe:00:28:92:cb:65:e9:68:8d:fc:d5:c0:1d:4c:e1:
                    f8:b5:52:32:93:f2:4d:84:0c:21:df:dd:fa:77:af:
                    b4:97:6a:98:46:09:8f:1b:b2:e0:e9:83:e6:87:ed:
                    40:4c:57:28:e1:3c:0a:1c:52:23:c9:3a:6f:8c:69:
                    b2:97:c4:49:a3:17:18:98:87:43:18:ca:9c:e3:d5:
                    7c:28:aa:f8:63:7c:9c:e0:a3:3e:93:61:6a:22:96:
                    1f:a8:3b:70:4e:08:32:5f:b0:98:97:9a:96:19:a4:
                    81:e7:16:5f:78:c4:e8:68:35:61:81:e4:d2:d0:4a:
                    55:5b:76:0e:cd:b4:9a:2e:2e:0e:ae:30:8b:d7:86:
                    c1:1a:19:66:d5:27:d8:c2:98:09:29:23:b0:51:18:
                    af:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:98:0B:BA:53:0B:20:AB:CC:30:EE:C0:74:24:CD:77:AD:56:FD:0A
            X509v3 Authority Key Identifier:
                keyid:80:99:FE:15:2E:77:64:7A:3B:F8:F0:5A:AC:C6:0C:BA:B8:B0:F3:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gJn-FS53ZHo7-PBarMYMuriw8_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/0095ef-8a39-44d1-a9a6-5baef3fc295d/1/pJgLulMLIKvMMO7AdCTNd61W_Qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/0095ef-8a39-44d1-a9a6-5baef3fc295d/1/gJn-FS53ZHo7-PBarMYMuriw8_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:b3:96:3c:03:5a:8c:ec:c7:da:aa:73:2c:cc:4a:71:ca:c7:
         3a:f2:df:aa:a5:f4:7e:10:ee:c5:4c:67:69:8d:fa:bf:3c:a0:
         c6:93:44:76:3c:4b:bf:ec:b7:fc:05:34:96:c4:f9:3c:78:78:
         2c:59:47:32:30:43:ae:e6:b9:1a:f7:58:de:36:2e:ac:12:a8:
         3b:d8:3c:9f:f5:f2:e9:d8:cd:f0:4c:8e:06:c7:d1:a8:ad:a0:
         77:60:c6:c8:e0:1f:d7:9a:04:fe:85:af:ba:a6:50:3d:2e:c6:
         a4:83:47:aa:6f:2f:56:57:16:31:4a:ab:e9:80:03:da:5b:63:
         bb:5b:b0:0d:ec:2e:87:0a:39:2e:e4:27:e7:32:ea:23:ee:24:
         3d:b1:4c:66:72:9d:ae:a8:11:e2:9b:b8:ac:89:ac:ea:b6:5c:
         e4:92:0d:4a:d3:98:3c:6a:a4:bb:00:8b:c4:a9:dc:12:38:01:
         f2:1c:e6:88:f2:5c:14:cf:97:06:19:d8:91:5a:d9:d6:ec:f8:
         18:c8:8e:f3:09:5b:28:ea:cb:49:c8:79:22:00:12:fd:31:71:
         80:73:18:94:a9:94:6d:e6:56:31:33:9e:7a:3a:31:a2:82:b2:
         78:c2:e4:a6:62:77:bc:10:1c:e7:e8:f4:25:5e:f5:80:9e:5c:
         f4:72:7b:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N2RWVyxz1qco9P4gXC6KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwOTlmZTE1MmU3NzY0N2EzYmY4ZjA1YWFjYzYwY2JhYjhi
MGYzZjEwHhcNMjYwMTAyMTAxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDk4MGJiYTUzMGIyMGFiY2MzMGVlYzA3NDI0Y2Q3N2FkNTZmZDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTJZUqp+aJVzYFpjYxu1CdlteNTu
itpr/LYJo3RfStaRWfIO+QbGkV6g1yglTI54GxX74WCO0020PRqCLDdmavfHj7Ib
W/dEIxFT5pGczfH2Bg8IlDUXzXluPhQaVGPVJ4pBPv5lRKf+ACiSy2XpaI381cAd
TOH4tVIyk/JNhAwh3936d6+0l2qYRgmPG7Lg6YPmh+1ATFco4TwKHFIjyTpvjGmy
l8RJoxcYmIdDGMqc49V8KKr4Y3yc4KM+k2FqIpYfqDtwTggyX7CYl5qWGaSB5xZf
eMToaDVhgeTS0EpVW3YOzbSaLi4OrjCL14bBGhlm1SfYwpgJKSOwURivYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKSYC7pTCyCrzDDuwHQkzXetVv0KMB8GA1UdIwQY
MBaAFICZ/hUud2R6O/jwWqzGDLq4sPPxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0puLUZTNTNaSG83LVBCYXJNWU11cml3OF9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8wMDk1ZWYtOGEzOS00NGQxLWE5YTYt
NWJhZWYzZmMyOTVkLzEvcEpnTHVsTUxJS3ZNTU83QWRDVE5kNjFXX1FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8wMDk1ZWYtOGEzOS00NGQxLWE5YTYtNWJhZWYzZmMyOTVk
LzEvZ0puLUZTNTNaSG83LVBCYXJNWU11cml3OF9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATV/dMA0G
CSqGSIb3DQEBCwUAA4IBAQCNs5Y8A1qM7MfaqnMszEpxysc68t+qpfR+EO7FTGdp
jfq/PKDGk0R2PEu/7Lf8BTSWxPk8eHgsWUcyMEOu5rka91jeNi6sEqg72Dyf9fLp
2M3wTI4Gx9GoraB3YMbI4B/XmgT+ha+6plA9Lsakg0eqby9WVxYxSqvpgAPaW2O7
W7AN7C6HCjku5CfnMuoj7iQ9sUxmcp2uqBHim7isiazqtlzkkg1K05g8aqS7AIvE
qdwSOAHyHOaI8lwUz5cGGdiRWtnW7PgYyI7zCVso6stJyHkiABL9MXGAcxiUqZRt
5lYxM556OjGigrJ4wuSmYne8EBzn6PQlXvWAnlz0cnvW
-----END CERTIFICATE-----