This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/XXFvo0LwN5fFxfFhs7wIa9afeec.roa
File:                     XXFvo0LwN5fFxfFhs7wIa9afeec.roa (raw, json)
Hash identifier:          SfaEqekBPYoxq/TIPc/MEtTssLDFzyVZM05mRJ5aA7A=
Subject key identifier:   5D:71:6F:A3:42:F0:37:97:C5:C5:F1:61:B3:BC:08:6B:D6:9F:79:E7
Certificate issuer:       /CN=71c1690ef57afcffae73bdb9934309f8b70ebb61
Certificate serial:       019B7CEE47B61FC926B5061B5448096AE63C
Authority key identifier: 71:C1:69:0E:F5:7A:FC:FF:AE:73:BD:B9:93:43:09:F8:B7:0E:BB:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/XXFvo0LwN5fFxfFhs7wIa9afeec.roa
Signing time:             Fri 02 Jan 2026 04:19:09 +0000
ROA not before:           Fri 02 Jan 2026 04:19:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51373
IP address blocks:        77.87.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:47:b6:1f:c9:26:b5:06:1b:54:48:09:6a:e6:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71c1690ef57afcffae73bdb9934309f8b70ebb61
        Validity
            Not Before: Jan  2 04:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d716fa342f03797c5c5f161b3bc086bd69f79e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:b5:af:f1:0f:f9:4e:04:38:93:0c:59:31:f3:
                    c6:74:b8:78:f8:de:a7:29:b3:32:7f:fc:63:06:da:
                    9e:55:cc:7f:8d:52:10:c0:74:a4:4b:49:bf:41:a9:
                    49:14:22:45:c4:60:97:d1:70:17:5c:cf:a9:ea:7a:
                    73:ee:1e:8d:a6:45:00:c5:74:43:1a:42:72:5b:e6:
                    1d:d4:96:45:b8:3d:60:c0:57:0e:b9:1b:f0:b7:20:
                    c1:55:f4:2d:e5:29:3c:51:80:c9:c9:00:60:db:41:
                    6d:bc:df:5c:03:0f:a8:a6:d8:b9:38:8d:c7:dd:68:
                    b6:09:21:80:c6:ce:94:47:a3:ab:5e:73:e6:9f:e1:
                    ad:ed:8f:44:de:82:2e:3c:f1:f6:7a:6c:f4:fc:26:
                    9e:9d:4b:3c:ac:0a:d6:1b:28:fd:51:1e:07:68:f2:
                    e8:bf:b9:f2:93:8e:24:a8:d9:00:f2:9e:23:51:59:
                    e2:b7:b4:ec:f6:2f:27:29:8e:c8:67:fe:34:82:70:
                    8e:8e:91:4d:9e:7b:f9:88:65:81:65:ee:5a:fa:77:
                    34:b9:41:52:32:9c:13:fe:1b:92:be:ae:d2:e3:d2:
                    2f:f1:b1:b7:15:8d:ec:91:b5:6e:50:9e:b8:2b:7b:
                    6a:d3:dc:f9:66:3f:0e:96:8d:71:0a:bf:f3:8a:37:
                    83:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:71:6F:A3:42:F0:37:97:C5:C5:F1:61:B3:BC:08:6B:D6:9F:79:E7
            X509v3 Authority Key Identifier:
                keyid:71:C1:69:0E:F5:7A:FC:FF:AE:73:BD:B9:93:43:09:F8:B7:0E:BB:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ccFpDvV6_P-uc725k0MJ-LcOu2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/XXFvo0LwN5fFxfFhs7wIa9afeec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/9c70e9-3df3-4bc7-82e6-006e9bb8ed59/1/ccFpDvV6_P-uc725k0MJ-LcOu2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.87.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:e1:50:b3:49:f8:6e:6e:9b:e1:e6:fd:00:7d:a4:e4:91:d2:
         33:59:6e:18:76:b0:ee:f8:e7:67:6f:b9:06:ee:73:f1:c2:a0:
         b6:f1:d5:6a:61:eb:3d:6b:ec:d7:fd:14:9c:3c:e1:c5:07:1d:
         d9:bf:7d:2d:cd:40:d1:ae:6c:b9:13:4e:23:b6:80:91:42:e3:
         88:eb:b7:f2:a8:00:f9:75:16:cd:28:45:52:7b:90:af:fa:b8:
         60:55:c5:4c:f6:17:cd:4f:4a:79:76:f8:8c:0e:15:e3:72:4e:
         8b:16:d5:8e:17:4e:71:8e:fd:fb:b0:ed:c9:5a:d8:d4:00:2f:
         39:f6:15:e7:ef:6c:1b:7f:39:6b:e0:a3:a7:56:08:09:46:f7:
         02:ff:ca:6c:f2:e6:76:4a:d7:fc:ca:17:1c:ee:74:ab:5e:1f:
         8c:6d:70:01:35:49:1a:0c:27:a5:bb:58:72:c3:e9:32:31:d8:
         7b:31:08:95:6e:da:10:43:a3:47:68:74:5e:0a:06:b9:e4:a5:
         24:31:5b:01:d0:f3:7e:68:91:83:c9:4c:c4:ce:95:2e:21:64:
         41:92:c8:52:8a:39:18:51:c3:c2:58:a6:ac:de:42:72:34:5f:
         70:dd:a8:86:72:23:c5:09:71:43:6b:fa:03:12:bc:30:33:eb:
         0a:ae:46:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87ke2H8kmtQYbVEgJauY8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYzE2OTBlZjU3YWZjZmZhZTczYmRiOTkzNDMwOWY4Yjcw
ZWJiNjEwHhcNMjYwMTAyMDQxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDcxNmZhMzQyZjAzNzk3YzVjNWYxNjFiM2JjMDg2YmQ2OWY3OWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07Wv8Q/5TgQ4kwxZMfPGdLh4+N6n
KbMyf/xjBtqeVcx/jVIQwHSkS0m/QalJFCJFxGCX0XAXXM+p6npz7h6NpkUAxXRD
GkJyW+Yd1JZFuD1gwFcOuRvwtyDBVfQt5Sk8UYDJyQBg20FtvN9cAw+opti5OI3H
3Wi2CSGAxs6UR6OrXnPmn+Gt7Y9E3oIuPPH2emz0/CaenUs8rArWGyj9UR4HaPLo
v7nyk44kqNkA8p4jUVnit7Ts9i8nKY7IZ/40gnCOjpFNnnv5iGWBZe5a+nc0uUFS
MpwT/huSvq7S49Iv8bG3FY3skbVuUJ64K3tq09z5Zj8Olo1xCr/zijeDrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF1xb6NC8DeXxcXxYbO8CGvWn3nnMB8GA1UdIwQY
MBaAFHHBaQ71evz/rnO9uZNDCfi3DrthMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2NGcER2VjZfUC11YzcyNWswTUotTGNPdTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85YzcwZTktM2RmMy00YmM3LTgyZTYt
MDA2ZTliYjhlZDU5LzEvWFhGdm8wTHdONWZGeGZGaHM3d0lhOWFmZWVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85YzcwZTktM2RmMy00YmM3LTgyZTYtMDA2ZTliYjhlZDU5
LzEvY2NGcER2VjZfUC11YzcyNWswTUotTGNPdTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVdIMA0G
CSqGSIb3DQEBCwUAA4IBAQAn4VCzSfhubpvh5v0AfaTkkdIzWW4YdrDu+Odnb7kG
7nPxwqC28dVqYes9a+zX/RScPOHFBx3Zv30tzUDRrmy5E04jtoCRQuOI67fyqAD5
dRbNKEVSe5Cv+rhgVcVM9hfNT0p5dviMDhXjck6LFtWOF05xjv37sO3JWtjUAC85
9hXn72wbfzlr4KOnVggJRvcC/8ps8uZ2Stf8yhcc7nSrXh+MbXABNUkaDCelu1hy
w+kyMdh7MQiVbtoQQ6NHaHReCga55KUkMVsB0PN+aJGDyUzEzpUuIWRBkshSijkY
UcPCWKas3kJyNF9w3aiGciPFCXFDa/oDErwwM+sKrkbZ
-----END CERTIFICATE-----