This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/oehIIoaZwZTKKEJpI7pzoDQzJOg.roa
File:                     oehIIoaZwZTKKEJpI7pzoDQzJOg.roa (raw, json)
Hash identifier:          iIVEnI4TyBaI6WOcZK2wpHlkxlOZIo7j2YeYWbFpavQ=
Subject key identifier:   A1:E8:48:22:86:99:C1:94:CA:28:42:69:23:BA:73:A0:34:33:24:E8
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       019B7B3660738E379C2DB8599F33F30D59BB
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/oehIIoaZwZTKKEJpI7pzoDQzJOg.roa
Signing time:             Thu 01 Jan 2026 20:18:39 +0000
ROA not before:           Thu 01 Jan 2026 20:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214025
IP address blocks:        144.56.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 19:27:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:60:73:8e:37:9c:2d:b8:59:9f:33:f3:0d:59:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Jan  1 20:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1e848228699c194ca28426923ba73a0343324e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2c:ff:06:9c:2f:2b:52:b2:9d:19:7c:68:0b:
                    29:20:3e:b6:3e:e7:43:26:a1:d4:bc:a5:ff:71:b9:
                    0d:ba:3d:9b:22:44:28:9e:c5:ce:b9:39:66:03:5e:
                    16:91:55:05:e9:c6:03:e3:69:91:43:4a:e8:3f:04:
                    9e:e9:37:3e:e3:b2:52:d4:d8:0c:57:f5:e8:57:a9:
                    5e:ee:30:5e:26:8f:59:94:0c:96:b5:80:0e:96:cd:
                    6a:dc:04:1d:a8:df:46:21:69:a7:98:4a:9b:62:8f:
                    be:55:8e:dc:f3:41:95:13:3f:77:21:20:5e:6b:95:
                    a9:77:51:3f:02:7e:ed:4f:e9:51:6d:74:7d:52:fc:
                    67:74:f0:74:5f:8e:dc:9e:58:83:d3:a6:2c:d5:75:
                    b2:9f:69:28:e5:9c:b6:f4:32:78:89:58:f4:12:54:
                    28:2f:09:a3:ef:75:07:e7:41:76:31:2a:33:be:53:
                    d2:d9:23:25:b5:52:68:65:df:eb:cb:74:b7:f5:d7:
                    e2:17:6d:74:84:a4:65:02:dd:4d:51:6c:15:d8:5f:
                    ea:70:e8:a1:6b:cf:2a:e1:82:e4:22:ef:f2:1c:fc:
                    9e:d4:e2:c4:06:99:61:3a:2a:df:21:bf:38:26:f9:
                    94:20:9f:4e:24:e5:3d:a7:39:2c:4f:a1:65:d3:9e:
                    24:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:E8:48:22:86:99:C1:94:CA:28:42:69:23:BA:73:A0:34:33:24:E8
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/oehIIoaZwZTKKEJpI7pzoDQzJOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:a5:b4:a6:48:0a:98:47:84:7a:49:72:92:52:94:01:ed:01:
         5d:83:51:df:af:b5:c9:43:54:cc:67:85:b1:33:22:fc:32:eb:
         26:62:fd:15:e2:4b:f0:ce:de:ed:eb:ff:b0:b6:b9:b0:88:a6:
         62:b2:3e:ae:e8:2c:58:7d:66:be:c3:9b:c1:83:6d:55:5b:a6:
         25:73:b0:a6:d3:16:f7:81:78:35:89:db:5b:6e:76:7b:68:5a:
         c3:56:e2:16:a8:53:91:42:b1:6a:85:6e:7f:2a:b4:08:9a:d6:
         69:01:0f:9b:02:97:07:68:97:12:ed:37:f5:dd:c0:ce:14:60:
         d3:22:08:82:34:50:18:b3:0b:ff:b4:3c:c1:c8:69:ce:29:0a:
         a0:9a:73:a4:8c:54:bf:86:d7:5b:b0:d1:ff:5c:0a:a9:61:9d:
         c9:9b:dd:1a:d7:6e:55:7e:52:41:a6:b1:b6:54:a5:79:e5:fe:
         f9:ee:d1:15:70:3d:3e:80:d7:f4:4e:5d:6c:f9:fc:01:b2:12:
         a8:bd:c6:81:78:fb:c2:8e:32:24:03:6c:1f:da:ab:d1:d2:6e:
         b0:fb:0a:40:d5:3c:28:b0:15:f2:cd:e4:ab:c7:fc:3c:16:cc:
         e8:09:57:c3:3e:2f:c2:02:0f:21:0e:84:fb:c7:07:46:8e:8c:
         e1:d4:f0:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7NmBzjjecLbhZnzPzDVm7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjYwMTAxMjAxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWU4NDgyMjg2OTljMTk0Y2EyODQyNjkyM2JhNzNhMDM0MzMyNGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwCz/BpwvK1KynRl8aAspID62PudD
JqHUvKX/cbkNuj2bIkQonsXOuTlmA14WkVUF6cYD42mRQ0roPwSe6Tc+47JS1NgM
V/XoV6le7jBeJo9ZlAyWtYAOls1q3AQdqN9GIWmnmEqbYo++VY7c80GVEz93ISBe
a5Wpd1E/An7tT+lRbXR9UvxndPB0X47cnliD06Ys1XWyn2ko5Zy29DJ4iVj0ElQo
Lwmj73UH50F2MSozvlPS2SMltVJoZd/ry3S39dfiF210hKRlAt1NUWwV2F/qcOih
a88q4YLkIu/yHPye1OLEBplhOirfIb84JvmUIJ9OJOU9pzksT6Fl054kCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHoSCKGmcGUyihCaSO6c6A0MyToMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvb2VoSUlvYVp3WlRLS0VKcEk3cHpvRFF6Sk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDhRMA0G
CSqGSIb3DQEBCwUAA4IBAQAJpbSmSAqYR4R6SXKSUpQB7QFdg1Hfr7XJQ1TMZ4Wx
MyL8MusmYv0V4kvwzt7t6/+wtrmwiKZisj6u6CxYfWa+w5vBg21VW6Ylc7Cm0xb3
gXg1idtbbnZ7aFrDVuIWqFORQrFqhW5/KrQImtZpAQ+bApcHaJcS7Tf13cDOFGDT
IgiCNFAYswv/tDzByGnOKQqgmnOkjFS/htdbsNH/XAqpYZ3Jm90a125VflJBprG2
VKV55f757tEVcD0+gNf0Tl1s+fwBshKovcaBePvCjjIkA2wf2qvR0m6w+wpA1Two
sBXyzeSrx/w8FszoCVfDPi/CAg8hDoT7xwdGjozh1PDo
-----END CERTIFICATE-----