This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/Z-bBFXOWgUFj0f_1aYwjqTmdyAk.roa
File:                     Z-bBFXOWgUFj0f_1aYwjqTmdyAk.roa (raw, json)
Hash identifier:          3oPEm2IjYJl5A+svwF1bwmzVJ3ORnj2WRQk2OHipiaM=
Subject key identifier:   67:E6:C1:15:73:96:81:41:63:D1:FF:F5:69:8C:23:A9:39:9D:C8:09
Certificate issuer:       /CN=fdd9422de96203e5d873e0995591a3a690dd3d92
Certificate serial:       019B514057611FBB5ABBE4A84EB2ABB8D8AC
Authority key identifier: FD:D9:42:2D:E9:62:03:E5:D8:73:E0:99:55:91:A3:A6:90:DD:3D:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dlCLeliA-XYc-CZVZGjppDdPZI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/Z-bBFXOWgUFj0f_1aYwjqTmdyAk.roa
Signing time:             Wed 24 Dec 2025 16:45:29 +0000
ROA not before:           Wed 24 Dec 2025 16:45:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208919
IP address blocks:        77.83.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/_dlCLeliA-XYc-CZVZGjppDdPZI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/_dlCLeliA-XYc-CZVZGjppDdPZI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dlCLeliA-XYc-CZVZGjppDdPZI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Dec 2025 01:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:51:40:57:61:1f:bb:5a:bb:e4:a8:4e:b2:ab:b8:d8:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd9422de96203e5d873e0995591a3a690dd3d92
        Validity
            Not Before: Dec 24 16:45:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67e6c1157396814163d1fff5698c23a9399dc809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9a:3d:27:03:e6:18:5d:ad:d1:90:aa:a9:1e:
                    b6:47:25:82:41:7f:7d:f2:89:3f:96:35:15:b6:0e:
                    48:0f:41:ad:a7:f9:c0:79:51:d4:30:3c:a3:ec:b3:
                    b1:b7:0b:f8:13:39:f0:6f:94:9a:aa:c3:90:58:4d:
                    64:a4:bd:62:92:32:97:d4:69:70:5f:f0:de:49:a1:
                    00:18:aa:4e:d5:e3:95:75:29:2b:3a:b2:96:7b:c7:
                    97:51:fc:64:3e:79:3c:2e:37:e9:fc:65:49:e2:5c:
                    c8:78:12:98:23:92:6a:87:7f:d1:b8:01:e3:a3:0b:
                    fb:dd:7d:1e:b7:ac:d1:d4:62:b7:e4:3a:8b:43:61:
                    a4:b3:34:02:eb:09:3e:1f:07:8d:dc:49:b1:fe:2d:
                    8e:31:d0:a1:f4:87:b4:a9:25:89:f4:e5:78:d0:d1:
                    ae:bf:76:29:8f:fa:8b:53:c1:69:d3:a9:e9:4e:fe:
                    4f:b7:8a:fc:07:9c:a5:63:4d:7e:c6:f7:a9:43:f6:
                    0e:f2:9d:c7:6b:4e:bb:84:78:bc:2e:3c:63:a0:b6:
                    6b:63:a8:cc:d2:c4:c5:75:6a:54:ab:8e:b4:2e:d7:
                    3f:da:0e:3e:b7:3e:57:ae:7e:cf:80:22:ff:1c:50:
                    53:96:2b:cd:ef:0f:1a:f1:d1:1d:34:57:86:58:d8:
                    2a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:E6:C1:15:73:96:81:41:63:D1:FF:F5:69:8C:23:A9:39:9D:C8:09
            X509v3 Authority Key Identifier:
                keyid:FD:D9:42:2D:E9:62:03:E5:D8:73:E0:99:55:91:A3:A6:90:DD:3D:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dlCLeliA-XYc-CZVZGjppDdPZI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/Z-bBFXOWgUFj0f_1aYwjqTmdyAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/acf2e6-c8dd-48c4-8389-a18550a69f66/1/_dlCLeliA-XYc-CZVZGjppDdPZI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.83.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:46:d1:31:2c:0e:7a:a7:d2:b1:2e:04:48:a3:b0:2b:64:82:
         b8:c7:5b:dc:1d:c0:24:29:9a:1f:82:0a:ce:01:bc:82:f6:33:
         f0:e7:05:f9:1f:83:89:7f:d9:e1:4b:c6:0f:aa:a9:cd:07:c2:
         ad:bc:d0:19:4b:f1:10:35:12:b8:67:c1:53:71:c6:4b:02:bc:
         93:5d:06:16:18:80:c1:19:3d:84:9e:7c:c3:f3:dd:85:52:82:
         82:4b:a6:e2:14:2d:1e:a1:9c:7e:ea:bf:31:40:4e:17:33:39:
         3d:17:29:b3:d9:b6:6b:8b:ad:e3:b6:53:be:94:4d:dc:17:42:
         69:cb:11:d1:12:9f:ac:96:dc:44:33:1f:fc:57:39:74:65:b8:
         bd:79:34:a5:f6:8a:e1:73:36:a6:e8:8f:ab:04:09:a3:50:e7:
         b4:39:32:b1:2e:32:80:1e:27:60:ce:96:cd:ae:67:d7:cf:43:
         89:15:21:33:54:70:d0:bc:51:0c:24:41:2a:d6:f4:46:91:87:
         bc:62:89:6e:8b:7e:85:85:31:90:52:a4:61:1c:95:8e:7b:b7:
         39:f3:74:72:e3:58:9a:46:97:2b:4d:d4:12:43:70:92:45:93:
         f8:97:e3:02:7d:d1:28:d3:56:1f:fd:d5:05:e5:d1:ab:04:a8:
         88:f4:dc:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZtRQFdhH7tau+SoTrKruNisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDk0MjJkZTk2MjAzZTVkODczZTA5OTU1OTFhM2E2OTBk
ZDNkOTIwHhcNMjUxMjI0MTY0NTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2U2YzExNTczOTY4MTQxNjNkMWZmZjU2OThjMjNhOTM5OWRjODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJo9JwPmGF2t0ZCqqR62RyWCQX99
8ok/ljUVtg5ID0Gtp/nAeVHUMDyj7LOxtwv4Eznwb5SaqsOQWE1kpL1ikjKX1Glw
X/DeSaEAGKpO1eOVdSkrOrKWe8eXUfxkPnk8Ljfp/GVJ4lzIeBKYI5Jqh3/RuAHj
owv73X0et6zR1GK35DqLQ2GkszQC6wk+HweN3Emx/i2OMdCh9Ie0qSWJ9OV40NGu
v3Ypj/qLU8Fp06npTv5Pt4r8B5ylY01+xvepQ/YO8p3Ha067hHi8LjxjoLZrY6jM
0sTFdWpUq460Ltc/2g4+tz5Xrn7PgCL/HFBTlivN7w8a8dEdNFeGWNgqRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGfmwRVzloFBY9H/9WmMI6k5ncgJMB8GA1UdIwQY
MBaAFP3ZQi3pYgPl2HPgmVWRo6aQ3T2SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RsQ0xlbGlBLVhZYy1DWlZaR2pwcERkUFpJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9hY2YyZTYtYzhkZC00OGM0LTgzODkt
YTE4NTUwYTY5ZjY2LzEvWi1iQkZYT1dnVUZqMGZfMWFZd2pxVG1keUFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9hY2YyZTYtYzhkZC00OGM0LTgzODktYTE4NTUwYTY5ZjY2
LzEvX2RsQ0xlbGlBLVhZYy1DWlZaR2pwcERkUFpJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVNDMA0G
CSqGSIb3DQEBCwUAA4IBAQAJRtExLA56p9KxLgRIo7ArZIK4x1vcHcAkKZofggrO
AbyC9jPw5wX5H4OJf9nhS8YPqqnNB8KtvNAZS/EQNRK4Z8FTccZLAryTXQYWGIDB
GT2EnnzD892FUoKCS6biFC0eoZx+6r8xQE4XMzk9Fymz2bZri63jtlO+lE3cF0Jp
yxHREp+sltxEMx/8Vzl0Zbi9eTSl9orhczam6I+rBAmjUOe0OTKxLjKAHidgzpbN
rmfXz0OJFSEzVHDQvFEMJEEq1vRGkYe8Yolui36FhTGQUqRhHJWOe7c583Ry41ia
RpcrTdQSQ3CSRZP4l+MCfdEo01Yf/dUF5dGrBKiI9NzN
-----END CERTIFICATE-----