This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/R2DhxkhJKynVq23HdTKG0z5fWJU.roa
File:                     R2DhxkhJKynVq23HdTKG0z5fWJU.roa (raw, json)
Hash identifier:          nG6WCjylMd8h79NDHMZUFgdfvCePLcuKEsqpEgLBkv4=
Subject key identifier:   47:60:E1:C6:48:49:2B:29:D5:AB:6D:C7:75:32:86:D3:3E:5F:58:95
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019A82ACDAEE0D0F33FB3FC92A754738A34C
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/R2DhxkhJKynVq23HdTKG0z5fWJU.roa
Signing time:             Fri 14 Nov 2025 14:02:37 +0000
ROA not before:           Fri 14 Nov 2025 14:02:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62425
IP address blocks:        77.90.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 12:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:82:ac:da:ee:0d:0f:33:fb:3f:c9:2a:75:47:38:a3:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Nov 14 14:02:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4760e1c648492b29d5ab6dc7753286d33e5f5895
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:12:5d:24:b0:30:25:26:0e:22:c4:73:35:c4:
                    38:14:03:9e:7f:d2:8c:16:95:2f:01:40:67:f6:8a:
                    38:2b:23:22:a9:de:4e:48:7f:d1:b7:38:52:3b:95:
                    29:3b:3a:98:ca:d9:43:51:34:32:36:7e:90:08:f8:
                    a6:fa:a5:2f:d4:f2:0d:db:60:ba:dd:88:12:b0:b0:
                    e6:09:74:61:d5:9a:4e:8b:fa:e6:ac:c4:38:9e:0e:
                    1a:7f:ec:58:d9:81:c2:3f:f8:e1:80:ed:26:15:00:
                    63:d8:0c:c5:82:d7:2c:e2:ce:1d:3b:9b:79:e2:da:
                    b3:88:91:5e:65:de:32:4a:f6:04:4b:83:74:ac:27:
                    b9:c2:fa:f3:65:90:f1:49:96:8b:79:43:ce:2b:50:
                    2a:bd:c5:30:e4:90:b8:6c:c8:bd:88:f0:9a:c9:fa:
                    99:f5:73:51:e3:14:e3:df:3d:25:d3:7d:18:d4:b9:
                    ce:d3:12:d6:58:28:3e:b1:c3:d8:b6:f0:4f:6b:d2:
                    bc:39:f7:5d:85:7b:ea:79:85:71:a1:6d:09:1f:d2:
                    93:66:50:74:35:c0:ed:4c:c5:0e:cd:c7:79:70:85:
                    13:da:91:49:d0:71:97:df:8c:c7:73:70:c5:57:dc:
                    e2:08:b9:3f:29:c3:b1:f0:5d:68:b6:18:11:33:7a:
                    08:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:60:E1:C6:48:49:2B:29:D5:AB:6D:C7:75:32:86:D3:3E:5F:58:95
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/R2DhxkhJKynVq23HdTKG0z5fWJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:b9:47:ba:91:31:02:a0:b4:d0:6f:ba:52:70:bc:81:23:96:
         7b:97:dd:64:6b:64:41:cf:57:de:18:d0:97:86:05:b3:e6:99:
         c9:30:55:0e:c8:19:5c:2e:d7:03:96:ac:db:d0:f5:ac:2d:7c:
         a2:a2:f5:d0:f1:84:ea:0c:08:c5:e2:29:3b:82:15:97:c9:bf:
         87:81:6f:7a:c6:f7:43:1e:33:a0:81:1b:3d:dd:89:0e:5d:1c:
         c9:e0:65:27:00:27:2b:8d:51:80:11:9a:38:ba:25:7c:4a:12:
         b2:16:20:85:5c:8f:93:8e:3d:c8:3a:1c:5e:5b:dc:cc:45:8e:
         ae:b1:95:b1:77:17:d2:c3:4d:c9:8f:6f:43:ed:b7:78:1c:27:
         21:d2:a8:a7:fd:01:58:80:96:5e:f4:d4:82:20:4d:60:ab:ac:
         40:12:74:61:ab:b2:9f:84:64:45:46:02:99:4e:7e:a8:5f:5d:
         4d:b8:9b:5b:75:b1:5c:c5:85:37:d1:d4:a2:c2:f6:9f:c7:77:
         25:57:43:37:60:49:16:3b:e1:46:88:e1:83:9d:be:83:7b:fb:
         cf:60:32:47:9f:ad:f5:0e:6f:2c:e1:95:a1:89:30:55:c4:00:
         51:39:b1:0f:4f:16:b6:4f:5f:88:6a:5e:19:ec:7b:9c:12:07:
         97:37:06:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZqCrNruDQ8z+z/JKnVHOKNMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjUxMTE0MTQwMjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzYwZTFjNjQ4NDkyYjI5ZDVhYjZkYzc3NTMyODZkMzNlNWY1ODk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBJdJLAwJSYOIsRzNcQ4FAOef9KM
FpUvAUBn9oo4KyMiqd5OSH/RtzhSO5UpOzqYytlDUTQyNn6QCPim+qUv1PIN22C6
3YgSsLDmCXRh1ZpOi/rmrMQ4ng4af+xY2YHCP/jhgO0mFQBj2AzFgtcs4s4dO5t5
4tqziJFeZd4ySvYES4N0rCe5wvrzZZDxSZaLeUPOK1AqvcUw5JC4bMi9iPCayfqZ
9XNR4xTj3z0l030Y1LnO0xLWWCg+scPYtvBPa9K8OfddhXvqeYVxoW0JH9KTZlB0
NcDtTMUOzcd5cIUT2pFJ0HGX34zHc3DFV9ziCLk/KcOx8F1othgRM3oI6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdg4cZISSsp1attx3UyhtM+X1iVMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvUjJEaHhraEpLeW5WcTIzSGRUS0cwejVmV0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVqDMA0G
CSqGSIb3DQEBCwUAA4IBAQCPuUe6kTECoLTQb7pScLyBI5Z7l91ka2RBz1feGNCX
hgWz5pnJMFUOyBlcLtcDlqzb0PWsLXyiovXQ8YTqDAjF4ik7ghWXyb+HgW96xvdD
HjOggRs93YkOXRzJ4GUnACcrjVGAEZo4uiV8ShKyFiCFXI+Tjj3IOhxeW9zMRY6u
sZWxdxfSw03Jj29D7bd4HCch0qin/QFYgJZe9NSCIE1gq6xAEnRhq7KfhGRFRgKZ
Tn6oX11NuJtbdbFcxYU30dSiwvafx3clV0M3YEkWO+FGiOGDnb6De/vPYDJHn631
Dm8s4ZWhiTBVxABRObEPTxa2T1+Ial4Z7HucEgeXNwa7
-----END CERTIFICATE-----