This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/FsjSFfK1sV6Cz6fjIUlD72cszvQ.roa
File:                     FsjSFfK1sV6Cz6fjIUlD72cszvQ.roa (raw, json)
Hash identifier:          DXUUgReqIaf7155cKacK5xPHHnjU+k6nsvsDjDh462M=
Subject key identifier:   16:C8:D2:15:F2:B5:B1:5E:82:CF:A7:E3:21:49:43:EF:67:2C:CE:F4
Certificate issuer:       /CN=131881732a3e245a959bc679e0458c39f893e46b
Certificate serial:       019B79106FD0297AE32EC53ACB1544AD18C1
Authority key identifier: 13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/FsjSFfK1sV6Cz6fjIUlD72cszvQ.roa
Signing time:             Thu 01 Jan 2026 10:17:58 +0000
ROA not before:           Thu 01 Jan 2026 10:17:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48678
IP address blocks:        5.144.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 08:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:6f:d0:29:7a:e3:2e:c5:3a:cb:15:44:ad:18:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=131881732a3e245a959bc679e0458c39f893e46b
        Validity
            Not Before: Jan  1 10:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16c8d215f2b5b15e82cfa7e3214943ef672ccef4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fc:f1:ff:0f:fa:19:2f:db:28:68:30:df:52:
                    7c:4f:42:3d:b0:64:7e:99:63:67:21:08:94:eb:52:
                    f0:6d:5f:67:95:27:43:30:e7:0b:2c:bd:c6:0a:8d:
                    75:f5:b3:a2:5f:9a:a4:fe:fd:6a:94:b9:38:cd:8c:
                    9a:52:8e:d3:08:e5:1b:6a:38:33:bc:48:f1:2d:5d:
                    e5:74:d8:0f:5c:79:01:8b:e1:cc:96:76:12:c7:1c:
                    5c:b6:a2:67:22:ae:53:bd:bc:b9:c3:5d:d7:84:c5:
                    e0:5a:74:ae:61:b9:57:df:1d:c4:9e:26:08:44:d3:
                    37:93:76:b3:7c:7d:7e:6f:2b:77:f0:35:8b:7f:bd:
                    52:0a:51:bc:e0:65:ab:1c:34:6e:9b:3c:98:a7:f8:
                    73:0e:eb:77:13:ad:9a:7a:fd:92:4b:42:50:25:ef:
                    29:ac:2a:60:6f:17:4c:72:bb:de:57:56:c7:83:5d:
                    bc:b5:d7:e9:23:62:2e:1b:60:9b:82:0b:30:ec:d3:
                    22:72:af:ea:2c:7b:8c:eb:50:2c:d5:f7:9b:36:0d:
                    b2:61:cb:0c:eb:32:95:b0:5b:31:c2:56:8d:d6:ba:
                    df:99:ca:a4:1e:a4:6a:ab:cf:4d:c9:72:32:aa:29:
                    56:96:d4:ed:e0:8a:1f:47:cf:f0:bd:a7:d3:81:49:
                    61:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C8:D2:15:F2:B5:B1:5E:82:CF:A7:E3:21:49:43:EF:67:2C:CE:F4
            X509v3 Authority Key Identifier:
                keyid:13:18:81:73:2A:3E:24:5A:95:9B:C6:79:E0:45:8C:39:F8:93:E4:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/FsjSFfK1sV6Cz6fjIUlD72cszvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/89f071-5631-45db-a7e5-cd6152261c6f/1/ExiBcyo-JFqVm8Z54EWMOfiT5Gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:4d:80:96:be:17:14:23:ff:cf:e4:94:49:58:11:30:db:05:
         0f:9b:7a:1c:52:8b:d1:1c:9e:74:2a:7b:4a:39:9e:fa:10:34:
         41:47:f8:7b:27:6a:d9:e2:fb:e2:31:ce:3f:00:a6:54:f1:31:
         38:e2:19:0f:4c:9f:d3:e6:50:30:79:a8:84:1d:90:63:62:82:
         36:19:e7:ee:e3:d9:77:3f:7c:d6:3c:44:0c:03:29:92:b7:b9:
         0d:b4:19:fa:ac:15:d4:74:69:c6:ad:24:2c:a3:17:f3:b7:be:
         61:4b:5d:5c:2d:f9:e4:95:44:05:7b:70:ad:2d:04:bb:5e:69:
         68:86:d0:66:0d:58:04:1d:d4:7c:da:eb:de:ba:eb:1c:1a:16:
         b7:fa:f1:9a:06:94:f4:cd:e6:6a:5f:51:ca:17:7a:76:95:2c:
         ab:2a:87:c4:09:48:44:21:2a:ed:ca:8e:25:67:f7:8e:dc:58:
         13:2a:f3:e9:1b:3c:12:34:68:66:f4:86:a4:b7:4d:5b:d8:a3:
         f9:9a:22:ad:a8:60:80:e2:21:50:ab:d7:e0:3f:13:33:04:b0:
         cd:99:23:24:9b:f9:9c:d6:8f:c6:6b:df:ee:b3:53:d8:1c:d9:
         a0:a4:fd:d1:fc:7b:09:a6:d8:93:dc:da:2b:a1:2c:02:b4:a9:
         72:25:b9:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5EG/QKXrjLsU6yxVErRjBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzMTg4MTczMmEzZTI0NWE5NTliYzY3OWUwNDU4YzM5Zjg5
M2U0NmIwHhcNMjYwMTAxMTAxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmM4ZDIxNWYyYjViMTVlODJjZmE3ZTMyMTQ5NDNlZjY3MmNjZWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfzx/w/6GS/bKGgw31J8T0I9sGR+
mWNnIQiU61LwbV9nlSdDMOcLLL3GCo119bOiX5qk/v1qlLk4zYyaUo7TCOUbajgz
vEjxLV3ldNgPXHkBi+HMlnYSxxxctqJnIq5Tvby5w13XhMXgWnSuYblX3x3EniYI
RNM3k3azfH1+byt38DWLf71SClG84GWrHDRumzyYp/hzDut3E62aev2SS0JQJe8p
rCpgbxdMcrveV1bHg128tdfpI2IuG2Cbggsw7NMicq/qLHuM61As1febNg2yYcsM
6zKVsFsxwlaN1rrfmcqkHqRqq89NyXIyqilWltTt4IofR8/wvafTgUlh8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBbI0hXytbFegs+n4yFJQ+9nLM70MB8GA1UdIwQY
MBaAFBMYgXMqPiRalZvGeeBFjDn4k+RrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUt
Y2Q2MTUyMjYxYzZmLzEvRnNqU0ZmSzFzVjZDejZmaklVbEQ3MmNzenZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84OWYwNzEtNTYzMS00NWRiLWE3ZTUtY2Q2MTUyMjYxYzZm
LzEvRXhpQmN5by1KRnFWbThaNTRFV01PZmlUNUdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABZC3MA0G
CSqGSIb3DQEBCwUAA4IBAQAbTYCWvhcUI//P5JRJWBEw2wUPm3ocUovRHJ50KntK
OZ76EDRBR/h7J2rZ4vviMc4/AKZU8TE44hkPTJ/T5lAweaiEHZBjYoI2Gefu49l3
P3zWPEQMAymSt7kNtBn6rBXUdGnGrSQsoxfzt75hS11cLfnklUQFe3CtLQS7Xmlo
htBmDVgEHdR82uveuuscGha3+vGaBpT0zeZqX1HKF3p2lSyrKofECUhEISrtyo4l
Z/eO3FgTKvPpGzwSNGhm9Iakt01b2KP5miKtqGCA4iFQq9fgPxMzBLDNmSMkm/mc
1o/Ga9/us1PYHNmgpP3R/HsJptiT3NoroSwCtKlyJbm0
-----END CERTIFICATE-----