This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/lhj3yaFFp3I2_xNDvzx6AKHgbeo.roa
File:                     lhj3yaFFp3I2_xNDvzx6AKHgbeo.roa (raw, json)
Hash identifier:          T+f9ffNQucqxUrbyeW1AjoSR0leSMu2qdh4EbjbDluU=
Subject key identifier:   96:18:F7:C9:A1:45:A7:72:36:FF:13:43:BF:3C:7A:00:A1:E0:6D:EA
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       019B7B36612E5FF1269C95F2DFACA7654D98
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/lhj3yaFFp3I2_xNDvzx6AKHgbeo.roa
Signing time:             Thu 01 Jan 2026 20:18:39 +0000
ROA not before:           Thu 01 Jan 2026 20:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        144.56.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 13:16:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:61:2e:5f:f1:26:9c:95:f2:df:ac:a7:65:4d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Jan  1 20:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9618f7c9a145a77236ff1343bf3c7a00a1e06dea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b3:27:19:8c:4d:b9:ea:35:4b:bc:3b:0a:60:
                    5d:24:86:dc:4c:d7:9e:fe:ea:cd:0e:3c:0d:01:81:
                    62:4a:c0:26:fc:2c:b5:d9:27:fb:00:f1:49:93:d4:
                    c0:2d:9b:f3:cf:98:f9:49:13:10:17:a6:b5:73:1d:
                    3a:e0:02:96:d2:09:94:00:11:12:39:ea:c0:ef:1d:
                    65:9f:1b:4c:6a:d7:3e:be:87:79:5f:cc:a7:f0:0a:
                    04:13:02:02:12:b0:d0:02:41:22:00:0f:77:ee:69:
                    28:d3:59:22:43:dc:9e:4c:71:6d:66:b5:e0:f8:02:
                    c0:6b:cc:0a:ce:79:60:20:8f:af:e2:e0:fd:53:d2:
                    b2:af:22:3a:17:91:c7:a1:9c:9e:79:ad:07:43:07:
                    c6:93:dd:f5:93:49:84:96:8c:a5:53:f9:8e:c1:4f:
                    e9:4c:9d:da:8a:50:61:2a:64:2d:c4:00:54:9a:31:
                    5f:12:a5:ad:7c:88:47:57:bc:1c:cf:c6:a7:31:9c:
                    17:36:21:bc:f7:e2:55:09:1c:65:47:48:09:0a:0a:
                    b2:34:7f:52:28:92:b1:d6:22:26:1f:35:31:87:a4:
                    5e:9d:dd:87:63:59:76:fb:ed:d8:55:44:24:b8:ae:
                    9b:13:92:df:0f:da:81:dc:ea:31:91:41:ce:49:46:
                    42:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:18:F7:C9:A1:45:A7:72:36:FF:13:43:BF:3C:7A:00:A1:E0:6D:EA
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/lhj3yaFFp3I2_xNDvzx6AKHgbeo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:7a:d1:78:73:4f:dc:17:e8:43:c0:af:b7:3f:cb:c2:2a:1f:
         3b:33:02:d5:0f:4a:89:d4:2f:73:8b:eb:49:ea:3a:fa:31:13:
         e2:45:94:1c:ce:83:74:1b:f2:35:50:a5:74:41:bb:fb:44:6d:
         c3:03:d2:11:95:ec:e7:56:fb:ed:71:9e:62:6a:4d:34:33:67:
         c6:04:bb:95:12:af:48:c8:30:d2:f0:15:18:5d:78:6f:a6:e0:
         31:34:42:19:3c:60:bf:c2:8c:e0:76:e3:b8:33:11:79:55:96:
         c2:4e:3e:85:64:1e:86:72:4b:6c:47:ef:ce:74:2c:c6:94:9e:
         cc:98:2d:09:87:e3:cd:1a:d2:25:4f:52:0e:9b:27:8c:05:3d:
         d9:ee:21:e9:d1:ad:80:d8:38:af:3c:f1:b2:c0:0c:a4:a0:61:
         2b:68:ad:00:8e:98:04:e1:34:34:64:cc:2f:84:9e:63:df:20:
         a8:2b:8d:0e:c5:c6:10:5c:33:25:8b:a4:3a:fb:3b:64:e4:04:
         3b:71:07:27:18:48:71:a9:f0:d5:4f:07:ce:8e:1b:c1:c5:09:
         59:35:dd:57:3c:87:cb:0f:0f:72:c6:48:d3:50:db:f2:73:50:
         61:90:ec:86:90:09:8b:81:54:e4:b6:12:d3:08:f6:41:1f:92:
         69:ba:4a:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NmEuX/EmnJXy36ynZU2YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjYwMTAxMjAxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjE4ZjdjOWExNDVhNzcyMzZmZjEzNDNiZjNjN2EwMGExZTA2ZGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrMnGYxNueo1S7w7CmBdJIbcTNee
/urNDjwNAYFiSsAm/Cy12Sf7APFJk9TALZvzz5j5SRMQF6a1cx064AKW0gmUABES
OerA7x1lnxtMatc+vod5X8yn8AoEEwICErDQAkEiAA937mko01kiQ9yeTHFtZrXg
+ALAa8wKznlgII+v4uD9U9KyryI6F5HHoZyeea0HQwfGk931k0mEloylU/mOwU/p
TJ3ailBhKmQtxABUmjFfEqWtfIhHV7wcz8anMZwXNiG89+JVCRxlR0gJCgqyNH9S
KJKx1iImHzUxh6Rend2HY1l2++3YVUQkuK6bE5LfD9qB3OoxkUHOSUZCWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJYY98mhRadyNv8TQ788egCh4G3qMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvbGhqM3lhRkZwM0kyX3hORHZ6eDZBS0hnYmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDhOMA0G
CSqGSIb3DQEBCwUAA4IBAQC5etF4c0/cF+hDwK+3P8vCKh87MwLVD0qJ1C9zi+tJ
6jr6MRPiRZQczoN0G/I1UKV0Qbv7RG3DA9IRleznVvvtcZ5iak00M2fGBLuVEq9I
yDDS8BUYXXhvpuAxNEIZPGC/wozgduO4MxF5VZbCTj6FZB6GcktsR+/OdCzGlJ7M
mC0Jh+PNGtIlT1IOmyeMBT3Z7iHp0a2A2DivPPGywAykoGEraK0AjpgE4TQ0ZMwv
hJ5j3yCoK40OxcYQXDMli6Q6+ztk5AQ7cQcnGEhxqfDVTwfOjhvBxQlZNd1XPIfL
Dw9yxkjTUNvyc1BhkOyGkAmLgVTkthLTCPZBH5Jpukqk
-----END CERTIFICATE-----