This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8r2iAbsaWnnxdlQO1FTFThlTNbk.roa
File:                     8r2iAbsaWnnxdlQO1FTFThlTNbk.roa (raw, json)
Hash identifier:          R95d3kFfF6vI6ptGB/VIluhvscul50DJHSPX63XCd6A=
Subject key identifier:   F2:BD:A2:01:BB:1A:5A:79:F1:76:54:0E:D4:54:C5:4E:19:53:35:B9
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019B79EC83F281F86A6960900945C9A7DD7C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8r2iAbsaWnnxdlQO1FTFThlTNbk.roa
Signing time:             Thu 01 Jan 2026 14:18:21 +0000
ROA not before:           Thu 01 Jan 2026 14:18:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216246
IP address blocks:        77.239.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 08:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:83:f2:81:f8:6a:69:60:90:09:45:c9:a7:dd:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jan  1 14:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2bda201bb1a5a79f176540ed454c54e195335b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:78:73:fb:87:59:d9:0b:62:a5:a0:21:3e:2e:
                    f8:a7:55:d2:8b:6b:10:79:eb:62:7f:55:23:99:09:
                    e2:91:07:b4:02:9d:f0:e9:10:aa:89:e0:2c:8a:03:
                    2c:95:84:de:38:1b:89:0c:ab:b2:df:60:58:06:7f:
                    db:50:dc:98:ff:3d:ee:fd:52:c2:b1:e2:ca:90:6e:
                    ae:98:15:a0:6a:9e:7f:92:55:22:8d:6f:1e:8b:5c:
                    5a:62:37:79:5b:f6:11:65:a6:04:87:7f:25:2b:f6:
                    22:4c:4d:69:89:aa:e2:4f:5f:36:c1:47:d5:91:e2:
                    77:b7:64:d8:30:dd:c0:12:6c:14:c2:11:4b:d5:f5:
                    8e:67:fd:05:ec:92:37:d6:0a:a7:ea:46:51:f9:c9:
                    c0:13:e3:ca:8d:99:9b:d9:fa:15:f4:2a:e3:a9:94:
                    55:5f:61:92:03:59:6a:1e:06:44:7c:30:d3:61:c1:
                    82:94:c0:86:03:38:e3:8f:0d:42:35:df:30:a4:70:
                    a5:38:67:86:2d:8f:54:dd:3c:24:9d:4a:41:fb:dd:
                    67:c0:c5:09:d4:c0:71:e0:a2:0d:98:18:f4:93:63:
                    4b:39:1a:32:f3:2e:18:15:ad:80:a2:6a:37:a4:fc:
                    00:b7:d5:f6:d9:dc:e3:fa:ff:44:5c:67:32:39:9e:
                    68:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:BD:A2:01:BB:1A:5A:79:F1:76:54:0E:D4:54:C5:4E:19:53:35:B9
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8r2iAbsaWnnxdlQO1FTFThlTNbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.239.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:d3:6d:bd:a1:3c:f8:02:8f:31:7e:be:e7:7b:a9:41:6c:71:
         79:ba:59:10:ec:26:a9:d3:1c:1b:39:4c:ad:da:68:06:19:d7:
         bb:10:14:76:86:9b:a9:06:5a:34:66:ed:2f:50:98:6d:c1:40:
         2c:ee:9f:83:e8:a2:ea:a6:8c:47:51:62:ed:46:01:ac:07:5c:
         4a:71:74:d1:19:cb:c4:e2:d4:61:df:6d:17:fc:89:08:ca:9c:
         88:a1:bb:00:3e:a7:82:ef:88:a7:79:0f:42:5a:e3:61:ec:d4:
         4c:d7:e9:12:87:7a:51:15:c5:7b:71:5f:08:ed:24:92:44:dc:
         86:ec:7c:7a:8e:2e:f5:30:d0:52:e2:d4:45:6b:8c:53:da:4f:
         00:d8:1c:bf:a6:7f:5d:f3:05:6b:e8:50:63:6f:90:de:cc:bb:
         ba:63:07:b1:4c:40:86:80:03:5d:be:07:2f:ba:38:ac:e7:06:
         fd:2e:42:a1:20:6f:a8:6f:3b:75:86:a3:4d:52:81:d7:79:17:
         3a:f0:fd:22:cc:31:cc:0b:a1:91:4d:56:2a:2f:48:1f:88:71:
         66:1c:1c:fb:db:9e:8b:55:1c:2c:5d:15:77:ca:b5:09:c5:04:
         f4:1a:18:c9:7e:fa:fd:ee:66:94:b6:28:6f:fa:68:9b:62:d8:
         ac:60:91:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57IPygfhqaWCQCUXJp918MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMTAxMTQxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmJkYTIwMWJiMWE1YTc5ZjE3NjU0MGVkNDU0YzU0ZTE5NTMzNWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Hhz+4dZ2QtipaAhPi74p1XSi2sQ
eetif1UjmQnikQe0Ap3w6RCqieAsigMslYTeOBuJDKuy32BYBn/bUNyY/z3u/VLC
seLKkG6umBWgap5/klUijW8ei1xaYjd5W/YRZaYEh38lK/YiTE1piariT182wUfV
keJ3t2TYMN3AEmwUwhFL1fWOZ/0F7JI31gqn6kZR+cnAE+PKjZmb2foV9CrjqZRV
X2GSA1lqHgZEfDDTYcGClMCGAzjjjw1CNd8wpHClOGeGLY9U3TwknUpB+91nwMUJ
1MBx4KINmBj0k2NLORoy8y4YFa2Aomo3pPwAt9X22dzj+v9EXGcyOZ5ozwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPK9ogG7Glp58XZUDtRUxU4ZUzW5MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOHIyaUFic2FXbm54ZGxRTzFGVEZUaGxUTmJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATe99MA0G
CSqGSIb3DQEBCwUAA4IBAQCI0229oTz4Ao8xfr7ne6lBbHF5ulkQ7Cap0xwbOUyt
2mgGGde7EBR2hpupBlo0Zu0vUJhtwUAs7p+D6KLqpoxHUWLtRgGsB1xKcXTRGcvE
4tRh320X/IkIypyIobsAPqeC74ineQ9CWuNh7NRM1+kSh3pRFcV7cV8I7SSSRNyG
7Hx6ji71MNBS4tRFa4xT2k8A2By/pn9d8wVr6FBjb5DezLu6YwexTECGgANdvgcv
ujis5wb9LkKhIG+obzt1hqNNUoHXeRc68P0izDHMC6GRTVYqL0gfiHFmHBz7256L
VRwsXRV3yrUJxQT0GhjJfvr97maUtihv+mibYtisYJH9
-----END CERTIFICATE-----