This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/tBE2DXCg9mo6HQNSmwQwa4AaEKw.roa
File:                     tBE2DXCg9mo6HQNSmwQwa4AaEKw.roa (raw, json)
Hash identifier:          /Uu7Wfq1cKcIhIObzC72sU7ALGmExyntY4syvrkFG/U=
Subject key identifier:   B4:11:36:0D:70:A0:F6:6A:3A:1D:03:52:9B:04:30:6B:80:1A:10:AC
Certificate issuer:       /CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
Certificate serial:       019B7EA69CAFCFB7A01D7083F8C891753A26
Authority key identifier: AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/tBE2DXCg9mo6HQNSmwQwa4AaEKw.roa
Signing time:             Fri 02 Jan 2026 12:20:06 +0000
ROA not before:           Fri 02 Jan 2026 12:20:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210976
IP address blocks:        77.73.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 06:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:9c:af:cf:b7:a0:1d:70:83:f8:c8:91:75:3a:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=affa13f1ae053916280ec68ee1b0976f9ebd3ea8
        Validity
            Not Before: Jan  2 12:20:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b411360d70a0f66a3a1d03529b04306b801a10ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:62:93:3a:00:da:d0:83:c2:f3:39:00:5c:5c:
                    3c:8c:8a:bf:43:33:20:4e:fa:64:f0:24:3a:b5:45:
                    23:27:1a:b5:65:62:17:40:61:12:a9:81:62:e8:84:
                    c7:21:22:ae:77:27:71:3f:fa:a6:74:e8:89:94:a8:
                    02:9e:71:f0:95:c6:b1:7a:17:a1:3b:31:2c:8a:ee:
                    88:f6:6b:92:04:dc:dc:bc:e2:1d:34:80:29:e2:22:
                    66:c8:a1:ce:c1:4e:80:70:0c:0a:0c:5c:b1:67:09:
                    05:47:48:28:5b:10:74:58:0b:ff:55:ef:38:4c:6a:
                    87:8b:c3:e7:7a:e4:e9:c9:34:56:5d:da:a1:c1:35:
                    49:6d:de:a8:86:39:c3:74:59:1d:29:06:6f:68:22:
                    59:97:74:7a:c4:b7:d2:3a:17:2c:42:53:bf:a0:e0:
                    fb:d2:4c:19:10:9d:32:69:09:4e:cc:33:7c:62:be:
                    88:06:fb:5a:8a:75:63:86:de:7c:7e:9b:57:b1:67:
                    84:b0:df:70:88:eb:fa:24:41:6c:da:9e:43:04:f9:
                    03:26:d7:64:c9:c9:f0:6d:b9:f1:34:07:b1:d9:9d:
                    14:24:0f:c9:1b:23:52:07:65:70:7c:60:37:ca:4b:
                    97:d2:1b:76:df:9e:6b:1c:7d:01:d5:b5:80:68:21:
                    59:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:11:36:0D:70:A0:F6:6A:3A:1D:03:52:9B:04:30:6B:80:1A:10:AC
            X509v3 Authority Key Identifier:
                keyid:AF:FA:13:F1:AE:05:39:16:28:0E:C6:8E:E1:B0:97:6F:9E:BD:3E:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_oT8a4FORYoDsaO4bCXb569Pqg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/tBE2DXCg9mo6HQNSmwQwa4AaEKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/a3c0a4-3191-4e51-8d80-478c2c8cb2a0/1/r_oT8a4FORYoDsaO4bCXb569Pqg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.73.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:42:ef:f9:8f:7e:85:c9:74:41:57:1f:0c:14:0b:47:46:42:
         9b:61:62:a4:cd:50:15:31:36:75:2b:de:b9:5f:a6:10:1d:98:
         ad:2d:84:ef:b7:df:6a:92:b6:c0:d0:4f:ae:df:37:09:23:5d:
         d0:1e:76:09:27:7a:e3:00:8c:85:a4:66:6b:79:1e:88:ff:8f:
         cc:9a:da:bb:1c:75:cf:70:77:6a:52:3c:20:35:45:68:47:7e:
         12:0a:43:c4:26:2d:28:a1:f4:f6:14:7f:cd:08:2f:2b:ee:11:
         51:ff:9e:4a:52:a6:ca:27:7c:a2:10:39:f3:4b:2f:88:17:ff:
         21:af:6e:5c:8b:9a:cc:ec:a1:d3:57:0e:1a:73:77:0d:37:8b:
         43:a5:6a:d2:f4:fc:91:6d:0f:dc:1d:f0:23:ce:5b:7b:37:44:
         f5:2a:05:63:b5:db:fc:41:af:79:49:89:3a:ac:fe:c0:7f:ae:
         dc:43:2e:ec:4f:41:73:aa:6a:da:3d:35:79:11:6d:02:4b:94:
         42:69:7a:40:b1:ed:6c:46:8d:84:91:cc:a6:c8:a7:d3:6c:72:
         7f:89:b9:09:ca:be:ea:53:ac:d1:35:5c:4f:a9:41:26:ee:1e:
         7d:8a:6b:6a:b0:d7:fe:88:d6:9f:15:60:8e:86:1a:84:df:96:
         7d:66:89:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ppyvz7egHXCD+MiRdTomMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZmExM2YxYWUwNTM5MTYyODBlYzY4ZWUxYjA5NzZmOWVi
ZDNlYTgwHhcNMjYwMTAyMTIyMDA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDExMzYwZDcwYTBmNjZhM2ExZDAzNTI5YjA0MzA2YjgwMWExMGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWKTOgDa0IPC8zkAXFw8jIq/QzMg
Tvpk8CQ6tUUjJxq1ZWIXQGESqYFi6ITHISKudydxP/qmdOiJlKgCnnHwlcaxeheh
OzEsiu6I9muSBNzcvOIdNIAp4iJmyKHOwU6AcAwKDFyxZwkFR0goWxB0WAv/Ve84
TGqHi8PneuTpyTRWXdqhwTVJbd6ohjnDdFkdKQZvaCJZl3R6xLfSOhcsQlO/oOD7
0kwZEJ0yaQlOzDN8Yr6IBvtainVjht58fptXsWeEsN9wiOv6JEFs2p5DBPkDJtdk
ycnwbbnxNAex2Z0UJA/JGyNSB2VwfGA3ykuX0ht2355rHH0B1bWAaCFZUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQRNg1woPZqOh0DUpsEMGuAGhCsMB8GA1UdIwQY
MBaAFK/6E/GuBTkWKA7GjuGwl2+evT6oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAt
NDc4YzJjOGNiMmEwLzEvdEJFMkRYQ2c5bW82SFFOU213UXdhNEFhRUt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9hM2MwYTQtMzE5MS00ZTUxLThkODAtNDc4YzJjOGNiMmEw
LzEvcl9vVDhhNEZPUllvRHNhTzRiQ1hiNTY5UHFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATUmEMA0G
CSqGSIb3DQEBCwUAA4IBAQCGQu/5j36FyXRBVx8MFAtHRkKbYWKkzVAVMTZ1K965
X6YQHZitLYTvt99qkrbA0E+u3zcJI13QHnYJJ3rjAIyFpGZreR6I/4/Mmtq7HHXP
cHdqUjwgNUVoR34SCkPEJi0oofT2FH/NCC8r7hFR/55KUqbKJ3yiEDnzSy+IF/8h
r25ci5rM7KHTVw4ac3cNN4tDpWrS9PyRbQ/cHfAjzlt7N0T1KgVjtdv8Qa95SYk6
rP7Af67cQy7sT0FzqmraPTV5EW0CS5RCaXpAse1sRo2EkcymyKfTbHJ/ibkJyr7q
U6zRNVxPqUEm7h59imtqsNf+iNafFWCOhhqE35Z9ZonZ
-----END CERTIFICATE-----