This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/_Kp7PDTcmGkJiJKewtOccSGpSgs.roa
File:                     _Kp7PDTcmGkJiJKewtOccSGpSgs.roa (raw, json)
Hash identifier:          WM5hEQgIwiPSrdXKA7JsjCjXu6TD5zpoJlxCQduZru4=
Subject key identifier:   FC:AA:7B:3C:34:DC:98:69:09:88:92:9E:C2:D3:9C:71:21:A9:4A:0B
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019B7F137BFDE34A1F6BF2CB5165E1E6D23B
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/_Kp7PDTcmGkJiJKewtOccSGpSgs.roa
Signing time:             Fri 02 Jan 2026 14:19:01 +0000
ROA not before:           Fri 02 Jan 2026 14:19:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396073
IP address blocks:        77.90.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:7b:fd:e3:4a:1f:6b:f2:cb:51:65:e1:e6:d2:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 14:19:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fcaa7b3c34dc98690988929ec2d39c7121a94a0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:80:e7:3c:60:1e:a1:18:d1:4d:db:b0:35:1d:
                    02:d0:78:8f:27:41:c0:69:c6:04:17:46:94:96:20:
                    c8:f9:1a:83:d6:f2:52:9a:a4:8f:5c:c6:9d:2e:83:
                    b5:c5:bc:76:44:52:d0:a7:27:d1:15:61:79:e1:52:
                    81:e9:8b:be:08:36:34:cb:65:b3:83:a8:42:0c:18:
                    6c:7a:82:7b:d0:88:72:55:26:41:92:84:92:43:64:
                    6e:92:a8:76:5f:f3:a8:93:0c:31:0c:c2:c6:9d:83:
                    4b:9e:f0:79:f2:22:df:41:dd:78:b1:ba:d5:67:f5:
                    52:6d:a1:38:e0:dd:a3:7d:f3:5d:0f:8f:70:08:77:
                    b2:ab:9d:fa:24:4b:ab:b9:ab:71:8a:95:91:9f:f5:
                    e3:ed:8f:44:1b:38:c0:c1:2b:be:57:d0:da:f2:91:
                    37:a9:9b:e6:26:5a:ad:a5:b5:0d:1a:f2:ff:a0:1b:
                    36:63:e3:e1:d9:34:d8:05:7b:3e:9a:25:2a:46:a7:
                    c8:76:64:63:f9:38:55:e1:05:fb:be:c4:28:dd:62:
                    d4:10:52:16:17:54:e0:a1:82:6a:0e:e0:d1:35:35:
                    ca:2d:3b:9c:ce:3f:87:24:ea:59:78:fb:29:5d:97:
                    17:e0:18:eb:1d:22:4f:c5:bf:4b:2b:6f:08:52:bb:
                    c5:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:AA:7B:3C:34:DC:98:69:09:88:92:9E:C2:D3:9C:71:21:A9:4A:0B
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/_Kp7PDTcmGkJiJKewtOccSGpSgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:d8:c0:41:b9:29:ca:a6:7d:33:ec:1c:f7:2b:bf:0f:1e:a8:
         2c:39:c2:5e:d9:c7:ca:90:bc:ec:f4:a8:b1:be:09:03:6d:34:
         64:39:12:16:53:47:62:4c:b7:58:c7:a8:bc:1e:c5:38:8d:5e:
         b1:6a:78:56:f1:68:58:a5:32:da:3a:35:aa:fd:13:27:4f:f2:
         de:14:15:a4:57:8a:19:ce:57:af:d6:e6:6a:3d:be:06:44:8e:
         f5:34:94:9e:d3:54:50:ce:90:1b:7c:05:55:46:6d:bb:1b:2b:
         79:b7:4d:fb:cb:3a:c9:94:36:f9:44:c6:f1:9b:cf:2c:7e:77:
         a3:02:7f:a0:19:8d:40:69:af:65:e4:1a:00:34:fe:9b:ac:f9:
         1c:7e:93:45:64:ed:b9:d6:28:92:67:72:4f:a3:5e:69:77:5a:
         13:d5:ff:e6:99:2b:fe:05:3f:ee:58:f2:fd:57:82:fd:34:ee:
         a2:c4:5b:ec:a1:c6:90:79:f9:68:58:bd:da:05:42:92:e4:09:
         9c:eb:3a:07:f2:d5:fb:18:ab:83:f8:9b:84:16:93:0e:79:58:
         4b:a4:df:f3:cc:15:03:ec:1f:3c:a8:d5:fb:3f:53:2d:12:17:
         7a:e7:30:87:46:35:9b:c9:d9:05:5d:d4:5d:50:b5:bb:3e:3c:
         2d:04:3a:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E3v940ofa/LLUWXh5tI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwMTAyMTQxOTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2FhN2IzYzM0ZGM5ODY5MDk4ODkyOWVjMmQzOWM3MTIxYTk0YTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIDnPGAeoRjRTduwNR0C0HiPJ0HA
acYEF0aUliDI+RqD1vJSmqSPXMadLoO1xbx2RFLQpyfRFWF54VKB6Yu+CDY0y2Wz
g6hCDBhseoJ70IhyVSZBkoSSQ2Rukqh2X/OokwwxDMLGnYNLnvB58iLfQd14sbrV
Z/VSbaE44N2jffNdD49wCHeyq536JEuruatxipWRn/Xj7Y9EGzjAwSu+V9Da8pE3
qZvmJlqtpbUNGvL/oBs2Y+Ph2TTYBXs+miUqRqfIdmRj+ThV4QX7vsQo3WLUEFIW
F1TgoYJqDuDRNTXKLTuczj+HJOpZePspXZcX4BjrHSJPxb9LK28IUrvFEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPyqezw03JhpCYiSnsLTnHEhqUoLMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEvX0twN1BEVGNtR2tKaUpLZXd0T2NjU0dwU2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVqNMA0G
CSqGSIb3DQEBCwUAA4IBAQAC2MBBuSnKpn0z7Bz3K78PHqgsOcJe2cfKkLzs9Kix
vgkDbTRkORIWU0diTLdYx6i8HsU4jV6xanhW8WhYpTLaOjWq/RMnT/LeFBWkV4oZ
zlev1uZqPb4GRI71NJSe01RQzpAbfAVVRm27Gyt5t037yzrJlDb5RMbxm88sfnej
An+gGY1Aaa9l5BoANP6brPkcfpNFZO251iiSZ3JPo15pd1oT1f/mmSv+BT/uWPL9
V4L9NO6ixFvsocaQefloWL3aBUKS5Amc6zoH8tX7GKuD+JuEFpMOeVhLpN/zzBUD
7B88qNX7P1MtEhd65zCHRjWbydkFXdRdULW7PjwtBDqa
-----END CERTIFICATE-----