This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/y77fd-pxLUZxQSd8JZhDERR6iNk.roa
File:                     y77fd-pxLUZxQSd8JZhDERR6iNk.roa (raw, json)
Hash identifier:          /AtAXLPq9UbQfcip99TJ1Bbg+AnxEeLTpGbhXjpDlYs=
Subject key identifier:   CB:BE:DF:77:EA:71:2D:46:71:41:27:7C:25:98:43:11:14:7A:88:D9
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       019B77C69D0C011B52FAF59D40AAE1901F18
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/y77fd-pxLUZxQSd8JZhDERR6iNk.roa
Signing time:             Thu 01 Jan 2026 04:17:43 +0000
ROA not before:           Thu 01 Jan 2026 04:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48780
IP address blocks:        95.182.112.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:9d:0c:01:1b:52:fa:f5:9d:40:aa:e1:90:1f:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  1 04:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cbbedf77ea712d467141277c25984311147a88d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:f9:e1:10:f1:e4:7a:b2:f8:93:24:06:e2:0d:
                    84:0a:31:d6:30:e4:0d:fd:3b:a4:f2:1a:20:83:86:
                    8c:06:48:70:98:31:c3:65:c9:7c:09:ee:5c:96:65:
                    5e:78:bd:53:fb:4b:fd:67:ea:9b:d5:a2:82:4a:0b:
                    15:8f:ca:e2:4e:a8:18:bb:fb:af:bb:50:b3:d1:30:
                    ec:a6:79:76:d8:2b:a6:19:a7:19:cc:08:14:86:16:
                    c1:08:9b:4b:fd:4d:4c:0b:15:99:e9:46:6a:e3:4b:
                    d1:4e:cf:7a:18:12:c4:6f:30:a0:a0:95:e9:60:87:
                    44:9f:48:1d:ab:31:11:2b:c3:04:18:46:f0:7f:9a:
                    7d:77:f9:27:c2:88:3b:93:5a:e2:c8:2d:3d:4c:ab:
                    e1:07:44:3c:c9:c7:2b:5c:84:1b:15:68:1b:e8:62:
                    d3:9b:78:52:42:12:b4:d8:c1:bb:53:7c:b6:40:39:
                    36:c1:64:b5:3f:78:6d:48:5c:c2:c9:5c:8f:aa:d0:
                    ae:43:b8:cb:72:37:45:9c:5f:ca:f5:f1:4b:88:17:
                    5f:36:28:d3:9a:f0:8a:d2:76:b4:60:7f:7c:38:02:
                    78:26:16:fc:6d:a3:78:98:52:8d:42:43:d0:09:bb:
                    7b:86:fc:c8:ed:43:15:73:2d:fd:3b:3b:8b:62:68:
                    d0:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:BE:DF:77:EA:71:2D:46:71:41:27:7C:25:98:43:11:14:7A:88:D9
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/y77fd-pxLUZxQSd8JZhDERR6iNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.182.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:7b:50:0f:ef:a1:e3:40:db:ea:08:7a:b9:a5:c2:53:b9:f5:
         0f:c3:71:08:e6:d6:83:71:87:02:4c:be:ff:8e:8c:89:f6:ff:
         14:be:c9:e7:bc:4a:40:98:95:92:e0:3d:25:4d:05:36:16:b1:
         1a:43:53:8d:bb:ac:7e:be:97:ce:94:d5:d7:da:27:52:b3:ff:
         f7:93:f2:11:18:da:e3:41:a2:4e:27:1b:22:d2:4f:77:c2:d5:
         9f:89:3e:81:78:75:bb:d7:f5:50:92:69:a1:b8:f2:88:c2:09:
         3c:45:14:39:d6:71:36:51:35:95:e3:02:22:6b:e5:b7:1b:a9:
         b4:8d:55:d0:b3:79:c2:5b:da:64:58:ef:76:51:e5:1d:ab:72:
         c6:11:34:b2:88:0e:1e:a6:03:95:84:3c:27:8a:bf:50:f2:74:
         44:e9:b9:87:1e:bb:58:ce:99:34:03:46:88:7e:a9:72:86:37:
         8c:e0:c2:9a:d7:0a:80:df:88:dd:20:56:74:3e:70:64:bf:b5:
         12:58:c3:65:2c:fe:8e:a2:bc:01:31:11:f7:17:13:2e:32:93:
         b4:03:c8:8a:a8:a5:7c:5f:7e:0d:29:31:91:94:bb:e5:85:81:
         27:2a:e1:d9:ae:ad:c7:d1:92:fe:3d:81:a7:f0:ca:6a:ce:1f:
         6a:c4:ae:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xp0MARtS+vWdQKrhkB8YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjYwMTAxMDQxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmJlZGY3N2VhNzEyZDQ2NzE0MTI3N2MyNTk4NDMxMTE0N2E4OGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/nhEPHkerL4kyQG4g2ECjHWMOQN
/Tuk8hogg4aMBkhwmDHDZcl8Ce5clmVeeL1T+0v9Z+qb1aKCSgsVj8riTqgYu/uv
u1Cz0TDspnl22CumGacZzAgUhhbBCJtL/U1MCxWZ6UZq40vRTs96GBLEbzCgoJXp
YIdEn0gdqzERK8MEGEbwf5p9d/knwog7k1riyC09TKvhB0Q8yccrXIQbFWgb6GLT
m3hSQhK02MG7U3y2QDk2wWS1P3htSFzCyVyPqtCuQ7jLcjdFnF/K9fFLiBdfNijT
mvCK0na0YH98OAJ4Jhb8baN4mFKNQkPQCbt7hvzI7UMVcy39OzuLYmjQNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMu+33fqcS1GcUEnfCWYQxEUeojZMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEveTc3ZmQtcHhMVVp4UVNkOEpaaERFUlI2aU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBX7ZwMA0G
CSqGSIb3DQEBCwUAA4IBAQCde1AP76HjQNvqCHq5pcJTufUPw3EI5taDcYcCTL7/
joyJ9v8UvsnnvEpAmJWS4D0lTQU2FrEaQ1ONu6x+vpfOlNXX2idSs//3k/IRGNrj
QaJOJxsi0k93wtWfiT6BeHW71/VQkmmhuPKIwgk8RRQ51nE2UTWV4wIia+W3G6m0
jVXQs3nCW9pkWO92UeUdq3LGETSyiA4epgOVhDwnir9Q8nRE6bmHHrtYzpk0A0aI
fqlyhjeM4MKa1wqA34jdIFZ0PnBkv7USWMNlLP6OorwBMRH3FxMuMpO0A8iKqKV8
X34NKTGRlLvlhYEnKuHZrq3H0ZL+PYGn8Mpqzh9qxK6g
-----END CERTIFICATE-----