This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/qtfzL3qm22XmQ4x--Yatw20SHJg.roa
File:                     qtfzL3qm22XmQ4x--Yatw20SHJg.roa (raw, json)
Hash identifier:          3Ukn6AaHvUQwdaGQ152X9it5yo/1YWDTtCBbsqdMVrE=
Subject key identifier:   AA:D7:F3:2F:7A:A6:DB:65:E6:43:8C:7E:F9:86:AD:C3:6D:12:1C:98
Certificate issuer:       /CN=6d088cef28e02af7d00f297816c55f8e3c43d535
Certificate serial:       019B7BA32849A89B70D11AFA3436254A4B1E
Authority key identifier: 6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/qtfzL3qm22XmQ4x--Yatw20SHJg.roa
Signing time:             Thu 01 Jan 2026 22:17:28 +0000
ROA not before:           Thu 01 Jan 2026 22:17:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216246
IP address blocks:        77.91.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:28:49:a8:9b:70:d1:1a:fa:34:36:25:4a:4b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d088cef28e02af7d00f297816c55f8e3c43d535
        Validity
            Not Before: Jan  1 22:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aad7f32f7aa6db65e6438c7ef986adc36d121c98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7a:00:7b:2c:77:22:7d:b3:22:78:5e:97:ba:
                    94:70:74:ab:ef:56:f5:c8:59:96:22:13:18:de:b5:
                    96:34:17:28:e7:e8:c4:89:b4:bb:de:57:70:44:f3:
                    77:bf:c7:f0:0e:be:3d:62:c5:95:4c:b5:58:79:51:
                    02:c6:2c:82:51:7f:a0:fc:ff:ee:b1:e3:78:0e:07:
                    4a:ab:81:50:1b:49:ae:12:55:dc:c0:15:18:20:8e:
                    4e:e7:d6:70:8b:0a:bb:b6:63:34:ba:73:2d:9d:6e:
                    d4:bb:2c:1c:21:5c:2f:74:65:b1:57:da:95:3a:54:
                    19:da:e7:dc:57:85:5f:40:27:c6:84:eb:03:52:65:
                    a6:7e:db:b9:4d:95:98:15:6a:bf:1a:cd:cd:15:ed:
                    2d:a4:f8:a4:ee:89:b2:9b:df:89:f7:fc:c4:53:b7:
                    64:2d:d1:92:60:0b:f7:70:92:7b:2c:cd:3e:8c:62:
                    61:71:15:80:fc:3e:58:c1:c2:06:3c:b6:b0:a6:40:
                    9c:a8:05:c8:c3:c9:41:83:7d:b0:50:26:b8:7b:d9:
                    61:44:d3:2a:c9:c7:10:f7:8a:a1:e2:4a:00:d5:2d:
                    c7:6f:8c:86:6a:83:63:f6:70:16:a6:d4:7d:d2:93:
                    b0:bc:86:bb:51:f9:f4:df:ed:f6:de:a9:c4:4d:26:
                    b5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:D7:F3:2F:7A:A6:DB:65:E6:43:8C:7E:F9:86:AD:C3:6D:12:1C:98
            X509v3 Authority Key Identifier:
                keyid:6D:08:8C:EF:28:E0:2A:F7:D0:0F:29:78:16:C5:5F:8E:3C:43:D5:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bQiM7yjgKvfQDyl4FsVfjjxD1TU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/qtfzL3qm22XmQ4x--Yatw20SHJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/d57a64-bd32-4c91-be06-fee8eaf73b0d/1/bQiM7yjgKvfQDyl4FsVfjjxD1TU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.91.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:47:2c:16:c9:68:69:8f:f7:2e:57:83:78:6f:0e:3a:3a:7f:
         11:cd:ff:ca:6d:31:98:81:9e:88:17:1d:91:5a:32:64:a1:d4:
         57:b5:f3:df:d4:22:12:04:8e:3d:8a:1a:a5:87:91:6c:93:72:
         ac:9a:f1:84:ba:81:9a:6e:1f:87:a4:eb:9f:d8:d6:56:c6:42:
         d0:af:2d:1c:f1:5b:1f:29:e3:2b:0e:51:d1:48:d0:eb:37:5b:
         ce:41:94:05:72:e4:56:a6:ac:77:a7:d4:11:3b:95:dc:1f:eb:
         de:2f:09:2a:cb:79:23:d0:ab:35:91:4c:0b:86:39:6c:0e:0d:
         c3:87:ba:dc:13:29:9f:c0:70:f8:71:f2:35:67:67:41:05:28:
         01:18:11:b0:ba:04:2c:57:70:ae:f1:8a:c8:e1:dd:92:f1:9a:
         98:fe:81:0e:97:3c:0d:32:c2:89:25:b4:70:a7:47:51:00:c1:
         9d:d6:a8:f3:53:09:83:08:d4:86:ce:8c:79:cd:4e:d9:8d:b2:
         ac:9a:e7:52:08:93:05:52:1f:96:eb:95:1e:2d:92:96:28:4c:
         62:9f:2d:91:8e:30:c1:f2:78:42:b8:4b:71:67:28:73:81:e6:
         eb:f5:59:82:29:7d:2e:dd:db:91:83:51:06:ab:3c:de:85:9c:
         54:9d:c8:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7oyhJqJtw0Rr6NDYlSkseMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMDg4Y2VmMjhlMDJhZjdkMDBmMjk3ODE2YzU1ZjhlM2M0
M2Q1MzUwHhcNMjYwMTAxMjIxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWQ3ZjMyZjdhYTZkYjY1ZTY0MzhjN2VmOTg2YWRjMzZkMTIxYzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHoAeyx3In2zInhel7qUcHSr71b1
yFmWIhMY3rWWNBco5+jEibS73ldwRPN3v8fwDr49YsWVTLVYeVECxiyCUX+g/P/u
seN4DgdKq4FQG0muElXcwBUYII5O59Zwiwq7tmM0unMtnW7UuywcIVwvdGWxV9qV
OlQZ2ufcV4VfQCfGhOsDUmWmftu5TZWYFWq/Gs3NFe0tpPik7omym9+J9/zEU7dk
LdGSYAv3cJJ7LM0+jGJhcRWA/D5YwcIGPLawpkCcqAXIw8lBg32wUCa4e9lhRNMq
yccQ94qh4koA1S3Hb4yGaoNj9nAWptR90pOwvIa7Ufn03+323qnETSa13QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKrX8y96pttl5kOMfvmGrcNtEhyYMB8GA1UdIwQY
MBaAFG0IjO8o4Cr30A8peBbFX448Q9U1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYt
ZmVlOGVhZjczYjBkLzEvcXRmekwzcW0yMlhtUTR4LS1ZYXR3MjBTSEpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi9kNTdhNjQtYmQzMi00YzkxLWJlMDYtZmVlOGVhZjczYjBk
LzEvYlFpTTd5amdLdmZRRHlsNEZzVmZqanhEMVRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVtMMA0G
CSqGSIb3DQEBCwUAA4IBAQAkRywWyWhpj/cuV4N4bw46On8Rzf/KbTGYgZ6IFx2R
WjJkodRXtfPf1CISBI49ihqlh5Fsk3KsmvGEuoGabh+HpOuf2NZWxkLQry0c8Vsf
KeMrDlHRSNDrN1vOQZQFcuRWpqx3p9QRO5XcH+veLwkqy3kj0Ks1kUwLhjlsDg3D
h7rcEymfwHD4cfI1Z2dBBSgBGBGwugQsV3Cu8YrI4d2S8ZqY/oEOlzwNMsKJJbRw
p0dRAMGd1qjzUwmDCNSGzox5zU7ZjbKsmudSCJMFUh+W65UeLZKWKExiny2RjjDB
8nhCuEtxZyhzgebr9VmCKX0u3duRg1EGqzzehZxUnchf
-----END CERTIFICATE-----