This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/xCXozcn9c0Mbv_ZuLNQQ3wcrQE8.roa
File:                     xCXozcn9c0Mbv_ZuLNQQ3wcrQE8.roa (raw, json)
Hash identifier:          MyfMnA4B0kEcMbNuuFWpOjSrpeuA79be/rrhJI05eIA=
Subject key identifier:   C4:25:E8:CD:C9:FD:73:43:1B:BF:F6:6E:2C:D4:10:DF:07:2B:40:4F
Certificate issuer:       /CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
Certificate serial:       019B7F1374CDA465BED050E7A60A2F1DA4D6
Authority key identifier: 3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/xCXozcn9c0Mbv_ZuLNQQ3wcrQE8.roa
Signing time:             Fri 02 Jan 2026 14:18:59 +0000
ROA not before:           Fri 02 Jan 2026 14:18:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        77.90.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 23:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:74:cd:a4:65:be:d0:50:e7:a6:0a:2f:1d:a4:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b476e12e8987e5b302cdc24bdd9db3fe83c8449
        Validity
            Not Before: Jan  2 14:18:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c425e8cdc9fd73431bbff66e2cd410df072b404f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:ea:ff:00:91:db:09:dc:f4:4e:23:6f:cb:f9:
                    76:69:9d:0f:0f:43:fe:64:65:b2:c1:0e:dd:1b:c2:
                    cc:db:f1:2f:81:b5:c9:65:ed:fe:9a:5c:ed:2d:ca:
                    e1:0a:34:1c:1b:1a:fc:5e:ca:1a:86:fe:9e:e0:07:
                    b5:3c:d6:45:44:7b:1d:2c:a3:ee:41:0d:45:4f:67:
                    8b:51:74:14:31:da:92:2e:f5:cf:8e:c3:74:3d:f3:
                    a8:9b:e2:5f:76:92:3a:d3:c8:65:fa:4b:c0:fe:73:
                    a9:7b:37:3d:4b:a2:13:d5:6f:0c:8c:9c:f0:15:c4:
                    20:5f:2b:91:54:0a:8e:f7:e5:c4:57:82:ee:14:8b:
                    cc:cf:fe:15:72:5e:58:e2:e7:dc:8b:d0:d2:c9:53:
                    3d:1c:40:59:62:83:40:f7:15:17:53:1b:7e:86:b3:
                    92:33:c6:60:5d:ff:bf:81:c1:10:02:31:e0:0c:f6:
                    b6:85:ee:38:83:8b:ef:bc:f1:03:78:48:17:34:b7:
                    f3:9f:a8:77:62:0f:3e:03:07:71:9f:26:0f:f6:73:
                    80:41:a2:7a:18:47:cf:f3:ed:96:a7:48:82:3f:4f:
                    e2:64:fe:2a:29:a4:40:bc:c6:a4:b0:91:c0:28:35:
                    e9:52:9d:bc:b6:b1:da:19:73:00:f0:00:f6:a6:3c:
                    b8:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:25:E8:CD:C9:FD:73:43:1B:BF:F6:6E:2C:D4:10:DF:07:2B:40:4F
            X509v3 Authority Key Identifier:
                keyid:3B:47:6E:12:E8:98:7E:5B:30:2C:DC:24:BD:D9:DB:3F:E8:3C:84:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O0duEuiYflswLNwkvdnbP-g8hEk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/xCXozcn9c0Mbv_ZuLNQQ3wcrQE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d90c6f-6576-46b9-8313-6cbff3c4da01/1/O0duEuiYflswLNwkvdnbP-g8hEk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.90.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:01:df:29:fc:e0:e4:b3:ae:15:1b:c9:b3:ac:70:36:52:96:
         4e:c5:c8:bb:8a:43:bd:55:ae:4c:bb:82:27:0d:c9:f7:95:79:
         66:23:5d:27:36:7a:4e:4a:0a:ff:35:74:ad:4e:93:49:10:12:
         e9:c2:87:39:fb:c0:38:cb:e8:28:95:46:ac:5c:c3:a7:8e:87:
         90:a7:48:00:a9:45:ff:f7:a1:7e:52:61:a0:81:60:6f:fe:1a:
         fb:f5:65:8b:36:ee:b8:74:0d:79:95:ad:a4:7c:00:5d:f5:82:
         8d:6e:0b:9d:50:31:0a:cf:74:76:98:fd:98:20:6f:8d:a1:66:
         d9:eb:df:52:df:63:33:f9:45:74:6f:df:38:a8:84:11:6b:61:
         0e:f6:27:d9:9f:75:5a:79:c5:ff:93:1a:8f:34:fb:45:09:ee:
         bf:64:9f:d4:f0:99:66:a7:ef:38:45:7e:0e:cf:2d:28:7b:54:
         1f:03:1e:4c:7e:06:22:f5:10:ec:6f:16:a0:19:89:00:07:1a:
         66:96:de:fa:a2:a7:5d:38:79:6c:e2:9c:8f:01:3b:7a:cc:ae:
         52:b8:82:80:b3:47:70:b9:b0:6f:d0:8e:37:ea:49:fe:35:4a:
         f3:1e:48:2b:7f:fe:07:4e:b7:51:3d:7f:d7:b0:e0:e6:b0:80:
         79:49:df:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E3TNpGW+0FDnpgovHaTWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNDc2ZTEyZTg5ODdlNWIzMDJjZGMyNGJkZDlkYjNmZTgz
Yzg0NDkwHhcNMjYwMTAyMTQxODU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDI1ZThjZGM5ZmQ3MzQzMWJiZmY2NmUyY2Q0MTBkZjA3MmI0MDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsur/AJHbCdz0TiNvy/l2aZ0PD0P+
ZGWywQ7dG8LM2/EvgbXJZe3+mlztLcrhCjQcGxr8Xsoahv6e4Ae1PNZFRHsdLKPu
QQ1FT2eLUXQUMdqSLvXPjsN0PfOom+JfdpI608hl+kvA/nOpezc9S6IT1W8MjJzw
FcQgXyuRVAqO9+XEV4LuFIvMz/4Vcl5Y4ufci9DSyVM9HEBZYoNA9xUXUxt+hrOS
M8ZgXf+/gcEQAjHgDPa2he44g4vvvPEDeEgXNLfzn6h3Yg8+AwdxnyYP9nOAQaJ6
GEfP8+2Wp0iCP0/iZP4qKaRAvMaksJHAKDXpUp28trHaGXMA8AD2pjy4VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQl6M3J/XNDG7/2bizUEN8HK0BPMB8GA1UdIwQY
MBaAFDtHbhLomH5bMCzcJL3Z2z/oPIRJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMt
NmNiZmYzYzRkYTAxLzEveENYb3pjbjljME1idl9adUxOUVEzd2NyUUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kOTBjNmYtNjU3Ni00NmI5LTgzMTMtNmNiZmYzYzRkYTAx
LzEvTzBkdUV1aVlmbHN3TE53a3ZkbmJQLWc4aEVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVqyMA0G
CSqGSIb3DQEBCwUAA4IBAQAFAd8p/ODks64VG8mzrHA2UpZOxci7ikO9Va5Mu4In
Dcn3lXlmI10nNnpOSgr/NXStTpNJEBLpwoc5+8A4y+golUasXMOnjoeQp0gAqUX/
96F+UmGggWBv/hr79WWLNu64dA15la2kfABd9YKNbgudUDEKz3R2mP2YIG+NoWbZ
699S32Mz+UV0b984qIQRa2EO9ifZn3VaecX/kxqPNPtFCe6/ZJ/U8Jlmp+84RX4O
zy0oe1QfAx5MfgYi9RDsbxagGYkABxpmlt76oqddOHls4pyPATt6zK5SuIKAs0dw
ubBv0I436kn+NUrzHkgrf/4HTrdRPX/XsODmsIB5Sd/f
-----END CERTIFICATE-----