This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Hl5Go-G4ccQPGOPYKgEFRsvuf9A.roa
File:                     Hl5Go-G4ccQPGOPYKgEFRsvuf9A.roa (raw, json)
Hash identifier:          6pJYEI2P0iZxmWhHwVcjPdyivUm5nJWXdkev/Q1q4eA=
Subject key identifier:   1E:5E:46:A3:E1:B8:71:C4:0F:18:E3:D8:2A:01:05:46:CB:EE:7F:D0
Certificate issuer:       /CN=15f19074548d2a294e4385d95cd6752490ee46d7
Certificate serial:       019C1E6968DF9BFAA64541996DDD9E691C74
Authority key identifier: 15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Hl5Go-G4ccQPGOPYKgEFRsvuf9A.roa
Signing time:             Mon 02 Feb 2026 12:52:30 +0000
ROA not before:           Mon 02 Feb 2026 12:52:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        62.72.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1e:69:68:df:9b:fa:a6:45:41:99:6d:dd:9e:69:1c:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15f19074548d2a294e4385d95cd6752490ee46d7
        Validity
            Not Before: Feb  2 12:52:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e5e46a3e1b871c40f18e3d82a010546cbee7fd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:9f:2c:d7:b8:c8:fe:7c:a2:d2:52:9d:80:70:
                    2a:1a:aa:54:0e:fc:12:82:37:ba:50:95:ab:1d:c0:
                    c7:74:11:43:fc:8b:6a:dd:d0:33:b3:fb:c8:89:3e:
                    3f:68:1b:32:e8:d5:57:5c:34:28:77:a1:c8:68:27:
                    43:6e:e3:b5:3e:ef:64:69:c4:ce:c6:8a:1d:7e:2f:
                    05:9b:6b:52:2f:64:b3:91:46:df:e0:4c:19:39:a0:
                    e1:41:fe:d0:9f:fd:23:b8:a9:8a:1b:ae:d3:c6:9f:
                    c4:00:ad:3f:23:ad:a3:b9:3e:6d:1a:9b:d4:1b:11:
                    da:ee:29:82:df:3a:c8:b4:c4:6a:c3:99:fd:31:55:
                    20:1f:55:3c:46:0b:da:1d:9c:1b:cd:b6:ea:fc:9d:
                    58:dd:23:d3:86:d2:fe:2c:d3:42:45:4f:ab:92:a5:
                    38:0f:40:74:b2:3a:33:2d:c6:b4:0d:63:2e:4a:ca:
                    c2:19:6f:4a:61:99:de:bd:69:1c:6f:d0:68:24:98:
                    c6:26:69:f9:74:e0:89:11:b5:ae:a0:76:83:99:a8:
                    e8:28:e2:51:bc:39:cd:e0:36:41:75:51:fe:50:68:
                    4b:88:fc:3a:18:61:c0:cf:30:c9:25:fc:60:61:c9:
                    7c:52:07:db:09:29:01:3c:1f:d6:b3:08:f5:54:f3:
                    a1:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:5E:46:A3:E1:B8:71:C4:0F:18:E3:D8:2A:01:05:46:CB:EE:7F:D0
            X509v3 Authority Key Identifier:
                keyid:15:F1:90:74:54:8D:2A:29:4E:43:85:D9:5C:D6:75:24:90:EE:46:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/Hl5Go-G4ccQPGOPYKgEFRsvuf9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/006241-808d-4a49-b0cd-56244f430dcc/1/FfGQdFSNKilOQ4XZXNZ1JJDuRtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.72.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:e8:01:24:a9:78:0d:67:a0:83:1e:de:48:11:c3:88:71:83:
         d8:dd:5b:dd:4e:4b:7b:cb:1d:fa:5b:1a:4e:ac:18:b3:68:38:
         70:9b:df:c9:e9:51:b0:bd:c2:8c:33:74:0e:77:53:81:dd:99:
         85:23:26:b2:36:1e:9e:69:9e:e4:06:4b:c1:58:c8:77:3b:6d:
         7a:c0:9a:8c:3c:0b:c1:53:a0:56:bd:a3:16:dd:35:7c:0e:6c:
         95:69:3b:a1:fa:f6:86:33:ca:7b:ec:e7:10:a9:df:49:d7:0e:
         41:47:e3:6e:06:d8:62:cf:50:19:a1:50:17:8c:ec:22:97:a9:
         9d:33:39:d9:a8:10:6f:79:1f:c4:f1:dd:52:fa:4b:9c:0a:6b:
         15:8a:9e:2d:72:64:26:bc:68:4d:d7:63:22:5d:ec:3c:8c:d5:
         a1:fe:cd:78:1b:6f:f5:2a:7c:17:db:e4:01:bf:bd:38:b9:93:
         b0:b1:25:cc:fb:83:10:19:d4:d4:80:6e:16:1c:93:00:ce:4a:
         45:45:15:09:45:a1:a3:34:8f:32:df:d3:bc:9c:1e:75:9f:25:
         b6:eb:c4:06:8d:28:8e:46:c7:c3:88:e2:56:8c:60:b3:ac:11:
         65:31:01:9e:50:2d:c0:14:e4:9d:fe:fd:46:4e:17:59:1b:bc:
         ec:f9:54:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZweaWjfm/qmRUGZbd2eaRx0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZjE5MDc0NTQ4ZDJhMjk0ZTQzODVkOTVjZDY3NTI0OTBl
ZTQ2ZDcwHhcNMjYwMjAyMTI1MjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTVlNDZhM2UxYjg3MWM0MGYxOGUzZDgyYTAxMDU0NmNiZWU3ZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA258s17jI/nyi0lKdgHAqGqpUDvwS
gje6UJWrHcDHdBFD/Itq3dAzs/vIiT4/aBsy6NVXXDQod6HIaCdDbuO1Pu9kacTO
xoodfi8Fm2tSL2SzkUbf4EwZOaDhQf7Qn/0juKmKG67Txp/EAK0/I62juT5tGpvU
GxHa7imC3zrItMRqw5n9MVUgH1U8RgvaHZwbzbbq/J1Y3SPThtL+LNNCRU+rkqU4
D0B0sjozLca0DWMuSsrCGW9KYZnevWkcb9BoJJjGJmn5dOCJEbWuoHaDmajoKOJR
vDnN4DZBdVH+UGhLiPw6GGHAzzDJJfxgYcl8UgfbCSkBPB/Wswj1VPOhrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5eRqPhuHHEDxjj2CoBBUbL7n/QMB8GA1UdIwQY
MBaAFBXxkHRUjSopTkOF2VzWdSSQ7kbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2Qt
NTYyNDRmNDMwZGNjLzEvSGw1R28tRzRjY1FQR09QWUtnRUZSc3Z1ZjlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8wMDYyNDEtODA4ZC00YTQ5LWIwY2QtNTYyNDRmNDMwZGNj
LzEvRmZHUWRGU05LaWxPUTRYWlhOWjFKSkR1UnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPkioMA0G
CSqGSIb3DQEBCwUAA4IBAQAt6AEkqXgNZ6CDHt5IEcOIcYPY3VvdTkt7yx36WxpO
rBizaDhwm9/J6VGwvcKMM3QOd1OB3ZmFIyayNh6eaZ7kBkvBWMh3O216wJqMPAvB
U6BWvaMW3TV8DmyVaTuh+vaGM8p77OcQqd9J1w5BR+NuBthiz1AZoVAXjOwil6md
MznZqBBveR/E8d1S+kucCmsVip4tcmQmvGhN12MiXew8jNWh/s14G2/1KnwX2+QB
v704uZOwsSXM+4MQGdTUgG4WHJMAzkpFRRUJRaGjNI8y39O8nB51nyW268QGjSiO
RsfDiOJWjGCzrBFlMQGeUC3AFOSd/v1GThdZG7zs+VQS
-----END CERTIFICATE-----