This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/fT5RRSA7pYFmUqyJ5T-gWaj1olk.roa
File:                     fT5RRSA7pYFmUqyJ5T-gWaj1olk.roa (raw, json)
Hash identifier:          rJof0lgyDLnpsks9qHJvaOJA2mGjhW1JNLu9CMyexnQ=
Subject key identifier:   7D:3E:51:45:20:3B:A5:81:66:52:AC:89:E5:3F:A0:59:A8:F5:A2:59
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       019B7B365CF5F3367FB162B2E6F143BC383E
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/fT5RRSA7pYFmUqyJ5T-gWaj1olk.roa
Signing time:             Thu 01 Jan 2026 20:18:38 +0000
ROA not before:           Thu 01 Jan 2026 20:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        144.56.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:5c:f5:f3:36:7f:b1:62:b2:e6:f1:43:bc:38:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Jan  1 20:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d3e5145203ba5816652ac89e53fa059a8f5a259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:de:c5:f8:74:80:35:f9:9c:7e:03:f8:e3:05:
                    7f:79:31:97:e9:8a:0f:10:c1:49:26:84:f8:ab:2c:
                    ac:47:0b:b7:bd:04:52:b1:92:b4:cd:b5:ca:5b:ea:
                    f5:b7:a9:fe:74:68:6c:29:fb:70:85:98:6a:f7:3f:
                    e4:f4:a2:9b:d4:d1:1a:7e:37:1f:3e:1f:2b:8e:7e:
                    31:86:30:c5:a3:54:9f:42:93:e8:9b:3f:4f:1c:74:
                    f2:34:26:e6:ab:6c:fe:4a:f8:5c:8f:d9:10:d3:50:
                    a1:86:73:f6:0d:a8:51:05:6c:98:68:7a:ad:c5:e6:
                    6a:6a:7a:3b:02:a3:4e:36:2c:54:8c:a0:71:bc:79:
                    a9:19:00:77:52:5e:9e:4c:59:4a:e0:56:17:fd:ad:
                    d0:a0:1d:8a:8d:c9:c1:f6:92:64:4d:0f:c9:cd:a6:
                    fd:10:ed:0e:56:12:80:e9:5f:cd:8f:fa:75:6a:6a:
                    5b:4e:6c:dc:fe:a4:a1:63:24:35:9d:c8:b8:3e:f5:
                    9d:d4:73:bf:b7:c5:f0:d5:48:52:e6:bc:0b:0f:1e:
                    1b:9c:78:ca:62:43:b7:8f:df:c6:66:57:d6:6f:e8:
                    3a:7a:f7:d9:13:fa:ba:bc:2b:ee:9b:02:63:07:b0:
                    0d:47:2f:02:52:9f:e0:18:58:d4:c1:10:80:fa:ef:
                    9a:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:3E:51:45:20:3B:A5:81:66:52:AC:89:E5:3F:A0:59:A8:F5:A2:59
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/fT5RRSA7pYFmUqyJ5T-gWaj1olk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:e0:8e:36:3d:3c:6d:8a:9f:f4:c9:dc:e0:c2:49:f7:25:64:
         42:10:9d:68:a2:45:b8:88:3e:73:83:1d:83:9f:83:80:93:b8:
         cd:6b:c9:94:3f:69:40:74:6a:ec:64:8e:0b:9b:6b:65:46:19:
         75:95:cb:ba:2e:f5:d3:c9:ec:c0:f8:86:93:26:d6:1b:7a:c9:
         c9:56:e6:78:4f:82:76:3c:8c:eb:83:69:b5:33:1b:94:2e:1e:
         4c:2a:a6:e4:96:d7:d4:f5:47:eb:83:0f:d1:3f:93:f9:a0:ef:
         22:4a:66:9b:bc:51:86:a8:88:67:98:ad:db:5d:ce:ce:77:0b:
         d0:ef:13:72:5f:91:40:d7:6b:71:30:10:0e:13:2c:ca:24:b9:
         e3:59:32:a0:77:cc:46:e9:f5:82:ce:48:9d:b1:95:e1:75:33:
         52:e7:78:ef:d1:88:5b:76:d3:a4:80:29:92:ca:65:8e:0a:c5:
         2c:1a:19:34:7d:de:a5:93:df:41:7b:d0:15:fb:8a:c9:cd:11:
         4c:ab:de:17:fa:5f:b8:c2:31:bf:94:c4:ee:42:62:72:97:52:
         97:2e:e2:19:49:47:a3:2a:73:25:e7:83:47:c0:f5:1d:77:69:
         e8:0f:0e:40:05:7d:48:57:b7:d4:61:23:a0:66:60:d9:6f:51:
         a0:1c:9c:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nlz18zZ/sWKy5vFDvDg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjYwMTAxMjAxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDNlNTE0NTIwM2JhNTgxNjY1MmFjODllNTNmYTA1OWE4ZjVhMjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA297F+HSANfmcfgP44wV/eTGX6YoP
EMFJJoT4qyysRwu3vQRSsZK0zbXKW+r1t6n+dGhsKftwhZhq9z/k9KKb1NEafjcf
Ph8rjn4xhjDFo1SfQpPomz9PHHTyNCbmq2z+Svhcj9kQ01ChhnP2DahRBWyYaHqt
xeZqano7AqNONixUjKBxvHmpGQB3Ul6eTFlK4FYX/a3QoB2KjcnB9pJkTQ/Jzab9
EO0OVhKA6V/Nj/p1ampbTmzc/qShYyQ1nci4PvWd1HO/t8Xw1UhS5rwLDx4bnHjK
YkO3j9/GZlfWb+g6evfZE/q6vCvumwJjB7ANRy8CUp/gGFjUwRCA+u+aqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH0+UUUgO6WBZlKsieU/oFmo9aJZMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvZlQ1UlJTQTdwWUZtVXF5SjVULWdXYWoxb2xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDgAMA0G
CSqGSIb3DQEBCwUAA4IBAQA+4I42PTxtip/0ydzgwkn3JWRCEJ1ookW4iD5zgx2D
n4OAk7jNa8mUP2lAdGrsZI4Lm2tlRhl1lcu6LvXTyezA+IaTJtYbesnJVuZ4T4J2
PIzrg2m1MxuULh5MKqbkltfU9Ufrgw/RP5P5oO8iSmabvFGGqIhnmK3bXc7OdwvQ
7xNyX5FA12txMBAOEyzKJLnjWTKgd8xG6fWCzkidsZXhdTNS53jv0YhbdtOkgCmS
ymWOCsUsGhk0fd6lk99Be9AV+4rJzRFMq94X+l+4wjG/lMTuQmJyl1KXLuIZSUej
KnMl54NHwPUdd2noDw5ABX1IV7fUYSOgZmDZb1GgHJwO
-----END CERTIFICATE-----