This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/83cd41-7256-4d66-942f-72ecba131af8/1/77Whh77iKwt1yOOYU4DtYorlBOk.roa
File:                     77Whh77iKwt1yOOYU4DtYorlBOk.roa (raw, json)
Hash identifier:          tO7vF8xusHO1O0mKViJ8yyoCaEKBRB4DR9BPRK3Lwnc=
Subject key identifier:   EF:B5:A1:87:BE:E2:2B:0B:75:C8:E3:98:53:80:ED:62:8A:E5:04:E9
Certificate issuer:       /CN=2996cd68531847e3b0be0d93c65cc1fb64ecd21a
Certificate serial:       019B7E387924B8840D0DC633096C7CC7FB53
Authority key identifier: 29:96:CD:68:53:18:47:E3:B0:BE:0D:93:C6:5C:C1:FB:64:EC:D2:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KZbNaFMYR-Owvg2TxlzB-2Ts0ho.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/83cd41-7256-4d66-942f-72ecba131af8/1/77Whh77iKwt1yOOYU4DtYorlBOk.roa
Signing time:             Fri 02 Jan 2026 10:19:48 +0000
ROA not before:           Fri 02 Jan 2026 10:19:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212669
IP address blocks:        185.19.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/83cd41-7256-4d66-942f-72ecba131af8/1/KZbNaFMYR-Owvg2TxlzB-2Ts0ho.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/83cd41-7256-4d66-942f-72ecba131af8/1/KZbNaFMYR-Owvg2TxlzB-2Ts0ho.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KZbNaFMYR-Owvg2TxlzB-2Ts0ho.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 16:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:79:24:b8:84:0d:0d:c6:33:09:6c:7c:c7:fb:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2996cd68531847e3b0be0d93c65cc1fb64ecd21a
        Validity
            Not Before: Jan  2 10:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=efb5a187bee22b0b75c8e3985380ed628ae504e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:58:68:95:d4:68:f1:b2:00:6f:f1:f9:78:18:
                    ce:ed:d1:b0:40:01:2b:79:29:33:24:cc:6a:a8:77:
                    7e:96:f3:f4:a3:93:27:ed:40:6c:e7:92:89:b4:98:
                    fc:47:fb:dd:f5:e7:41:45:75:0c:f9:de:33:b8:c9:
                    10:a3:a4:11:4f:e7:24:3b:05:90:29:62:73:da:0a:
                    12:d6:54:ed:74:a4:aa:a1:b2:a0:17:39:eb:15:8f:
                    97:65:78:98:47:99:fa:f2:23:57:22:02:dc:6a:d9:
                    9a:c1:cd:d6:b1:f0:37:c1:11:1a:5a:d7:1c:9d:32:
                    e2:95:10:a9:a1:67:5b:1d:d2:a6:62:81:db:e1:90:
                    f6:76:b9:e3:f1:f1:c8:0f:21:e1:94:a6:54:1d:e9:
                    38:d2:af:fb:1e:77:72:8f:f1:dc:7e:21:83:ac:ca:
                    33:82:eb:57:2a:c6:b5:60:cb:e9:af:94:bb:65:12:
                    a0:d1:cd:36:0f:d4:b9:8b:41:db:2b:b9:32:5d:b8:
                    f4:7b:e6:3c:10:c4:7b:f0:e6:26:b8:d0:9e:23:e5:
                    29:33:3a:25:2d:68:1c:f2:8a:9e:b1:f2:d5:99:77:
                    92:54:13:d1:02:a5:05:e1:7f:1a:0e:5a:37:d7:da:
                    9a:a2:0a:56:88:af:b9:9d:8d:46:4f:42:b0:29:72:
                    cc:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:B5:A1:87:BE:E2:2B:0B:75:C8:E3:98:53:80:ED:62:8A:E5:04:E9
            X509v3 Authority Key Identifier:
                keyid:29:96:CD:68:53:18:47:E3:B0:BE:0D:93:C6:5C:C1:FB:64:EC:D2:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KZbNaFMYR-Owvg2TxlzB-2Ts0ho.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/83cd41-7256-4d66-942f-72ecba131af8/1/77Whh77iKwt1yOOYU4DtYorlBOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/83cd41-7256-4d66-942f-72ecba131af8/1/KZbNaFMYR-Owvg2TxlzB-2Ts0ho.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.19.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:e7:9c:96:58:d6:48:e3:e3:a1:ff:78:b1:48:25:84:36:48:
         b1:60:be:db:95:b4:13:58:45:5f:8b:ac:98:78:c4:8c:fa:0b:
         21:f3:d8:78:18:23:b5:89:06:4d:3c:4f:c9:80:22:b8:31:2c:
         31:7c:24:2a:6e:21:83:67:e7:b7:5c:2a:45:92:30:a5:83:66:
         5f:3b:4b:fc:68:b9:34:c6:be:e6:4d:43:0e:70:c3:a4:5c:51:
         a5:b1:50:49:3e:c4:50:c3:58:b1:85:e0:04:4e:59:01:a0:97:
         58:1d:b3:07:21:78:96:22:4a:83:21:62:69:e2:79:66:3d:15:
         79:c4:c1:df:49:82:98:0b:5d:86:cd:d9:84:f9:e8:db:a4:72:
         25:df:40:c7:8c:12:d9:e1:55:4f:59:7b:35:ce:71:a6:ac:1a:
         2b:93:7f:12:1a:3a:a7:96:63:f1:b5:92:8e:97:f0:d5:7e:f9:
         bf:27:71:19:46:08:07:cd:58:ed:6e:af:8e:9f:a4:c0:69:d5:
         7f:70:43:9e:e5:60:1b:ef:5a:2e:58:03:86:5a:a4:cf:f0:b1:
         ec:86:7a:6a:e7:82:cb:85:f4:f7:95:9c:3d:e3:5c:b8:9e:0d:
         91:fe:da:e7:a6:01:ca:37:c5:56:68:ca:e0:81:77:65:81:9e:
         a8:8f:68:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OHkkuIQNDcYzCWx8x/tTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5OTZjZDY4NTMxODQ3ZTNiMGJlMGQ5M2M2NWNjMWZiNjRl
Y2QyMWEwHhcNMjYwMTAyMTAxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmI1YTE4N2JlZTIyYjBiNzVjOGUzOTg1MzgwZWQ2MjhhZTUwNGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6lholdRo8bIAb/H5eBjO7dGwQAEr
eSkzJMxqqHd+lvP0o5Mn7UBs55KJtJj8R/vd9edBRXUM+d4zuMkQo6QRT+ckOwWQ
KWJz2goS1lTtdKSqobKgFznrFY+XZXiYR5n68iNXIgLcatmawc3WsfA3wREaWtcc
nTLilRCpoWdbHdKmYoHb4ZD2drnj8fHIDyHhlKZUHek40q/7Hndyj/HcfiGDrMoz
gutXKsa1YMvpr5S7ZRKg0c02D9S5i0HbK7kyXbj0e+Y8EMR78OYmuNCeI+UpMzol
LWgc8oqesfLVmXeSVBPRAqUF4X8aDlo319qaogpWiK+5nY1GT0KwKXLMFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+1oYe+4isLdcjjmFOA7WKK5QTpMB8GA1UdIwQY
MBaAFCmWzWhTGEfjsL4Nk8Zcwftk7NIaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1piTmFGTVlSLU93dmcyVHhsekItMlRzMGhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC84M2NkNDEtNzI1Ni00ZDY2LTk0MmYt
NzJlY2JhMTMxYWY4LzEvNzdXaGg3N2lLd3QxeU9PWVU0RHRZb3JsQk9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC84M2NkNDEtNzI1Ni00ZDY2LTk0MmYtNzJlY2JhMTMxYWY4
LzEvS1piTmFGTVlSLU93dmcyVHhsekItMlRzMGhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRMiMA0G
CSqGSIb3DQEBCwUAA4IBAQAL55yWWNZI4+Oh/3ixSCWENkixYL7blbQTWEVfi6yY
eMSM+gsh89h4GCO1iQZNPE/JgCK4MSwxfCQqbiGDZ+e3XCpFkjClg2ZfO0v8aLk0
xr7mTUMOcMOkXFGlsVBJPsRQw1ixheAETlkBoJdYHbMHIXiWIkqDIWJp4nlmPRV5
xMHfSYKYC12GzdmE+ejbpHIl30DHjBLZ4VVPWXs1znGmrBork38SGjqnlmPxtZKO
l/DVfvm/J3EZRggHzVjtbq+On6TAadV/cEOe5WAb71ouWAOGWqTP8LHshnpq54LL
hfT3lZw941y4ng2R/trnpgHKN8VWaMrggXdlgZ6oj2jm
-----END CERTIFICATE-----