This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/AsQ1BCbEpN53mLwZTKgSeI9Ua1k.roa
File:                     AsQ1BCbEpN53mLwZTKgSeI9Ua1k.roa (raw, json)
Hash identifier:          x+kAhHQ26BxuUIlDTM1CiF2mx+mas0aU4O4vSpsLK7M=
Subject key identifier:   02:C4:35:04:26:C4:A4:DE:77:98:BC:19:4C:A8:12:78:8F:54:6B:59
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       019BB2DC34E9DB4AEB36A02341AFC97D2F12
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/AsQ1BCbEpN53mLwZTKgSeI9Ua1k.roa
Signing time:             Mon 12 Jan 2026 15:38:54 +0000
ROA not before:           Mon 12 Jan 2026 15:38:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8309
IP address blocks:        144.56.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:b2:dc:34:e9:db:4a:eb:36:a0:23:41:af:c9:7d:2f:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Jan 12 15:38:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02c4350426c4a4de7798bc194ca812788f546b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:7d:d7:7e:9a:76:84:60:08:e6:78:83:3e:0a:
                    ae:9f:56:88:1c:2a:d6:55:45:25:b8:f8:79:32:e2:
                    d7:02:31:11:66:7f:3b:34:0e:79:e4:4d:c3:8c:14:
                    58:0b:ed:5d:d8:33:13:1a:89:a0:b2:bc:56:ac:3e:
                    71:d0:d6:40:78:da:b6:78:21:ca:a6:6b:57:88:6d:
                    cd:fd:b8:31:47:56:67:fa:9b:f0:9b:d8:65:7f:89:
                    eb:10:e5:30:d3:81:1a:71:9f:ea:7f:10:c8:26:68:
                    f1:a9:d0:f5:cd:70:ec:2e:87:f5:fb:6d:ff:b4:cd:
                    ed:27:e4:1e:0a:d2:d7:cd:31:ab:93:72:e3:01:9e:
                    e2:f5:a2:3d:d0:62:fc:e6:18:fc:e7:e7:36:99:d4:
                    74:65:1b:f0:43:14:c0:85:2d:b2:2f:f6:41:4e:94:
                    5b:74:98:ad:03:3b:44:66:f2:92:33:91:13:08:43:
                    70:7a:f9:62:99:9a:16:e9:bb:76:8f:1c:53:30:0b:
                    3c:7b:3f:d5:9c:e2:b9:e8:4f:9d:0a:8b:31:f1:7c:
                    90:4d:7d:0d:f0:ef:aa:9b:28:dd:56:10:57:47:b4:
                    0d:16:ae:cd:94:5f:7d:74:b8:62:69:bb:29:01:42:
                    0d:1a:14:13:c5:7d:2a:1a:1c:a8:1a:50:e5:cf:39:
                    15:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:C4:35:04:26:C4:A4:DE:77:98:BC:19:4C:A8:12:78:8F:54:6B:59
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/AsQ1BCbEpN53mLwZTKgSeI9Ua1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:7a:8d:f5:71:3a:ff:cd:d3:ae:1a:97:13:53:2a:5a:a7:ea:
         3b:87:2f:fe:a9:16:c2:c0:63:77:5d:ad:4d:9a:1e:e8:7b:3f:
         81:83:0b:6d:10:9e:8f:2f:b8:2c:c1:c0:da:9b:cb:c2:03:3d:
         1a:89:7f:fa:82:8d:10:58:a5:3d:eb:98:d3:98:d0:ba:45:1a:
         2d:fa:0b:63:f9:d0:e9:3b:f0:2a:40:f7:dc:ed:e9:78:f8:30:
         cc:29:b2:86:2c:9a:05:07:b5:97:c8:13:5c:43:31:15:df:04:
         40:40:8a:98:50:42:70:9f:9b:e1:b3:58:c8:9d:22:67:d2:88:
         c4:03:bf:9a:3f:80:8d:15:5c:d9:6c:85:03:28:fa:90:26:21:
         ef:f7:f2:bd:5f:da:28:2a:a2:b8:cb:50:05:c1:b8:54:49:58:
         b5:fc:8d:5c:96:eb:0d:6e:01:35:e4:1e:3d:3b:3f:4f:67:5a:
         53:38:a9:f0:88:ee:32:3e:65:5e:83:20:9f:f6:ac:68:f2:f8:
         ff:87:ad:e3:26:16:fe:92:75:29:f7:8f:8c:2e:e4:5a:cf:28:
         4e:11:d1:f8:2f:e7:97:34:75:66:ff:45:54:ed:8f:b0:06:3b:
         f4:d7:0d:c6:79:65:38:0b:66:e9:9c:75:d1:a2:76:12:12:e0:
         b8:e0:57:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuy3DTp20rrNqAjQa/JfS8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjYwMTEyMTUzODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmM0MzUwNDI2YzRhNGRlNzc5OGJjMTk0Y2E4MTI3ODhmNTQ2YjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA433Xfpp2hGAI5niDPgqun1aIHCrW
VUUluPh5MuLXAjERZn87NA555E3DjBRYC+1d2DMTGomgsrxWrD5x0NZAeNq2eCHK
pmtXiG3N/bgxR1Zn+pvwm9hlf4nrEOUw04EacZ/qfxDIJmjxqdD1zXDsLof1+23/
tM3tJ+QeCtLXzTGrk3LjAZ7i9aI90GL85hj85+c2mdR0ZRvwQxTAhS2yL/ZBTpRb
dJitAztEZvKSM5ETCENwevlimZoW6bt2jxxTMAs8ez/VnOK56E+dCosx8XyQTX0N
8O+qmyjdVhBXR7QNFq7NlF99dLhiabspAUINGhQTxX0qGhyoGlDlzzkVlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALENQQmxKTed5i8GUyoEniPVGtZMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvQXNRMUJDYkVwTjUzbUx3WlRLZ1NlSTlVYTFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDg4MA0G
CSqGSIb3DQEBCwUAA4IBAQBYeo31cTr/zdOuGpcTUypap+o7hy/+qRbCwGN3Xa1N
mh7oez+BgwttEJ6PL7gswcDam8vCAz0aiX/6go0QWKU965jTmNC6RRot+gtj+dDp
O/AqQPfc7el4+DDMKbKGLJoFB7WXyBNcQzEV3wRAQIqYUEJwn5vhs1jInSJn0ojE
A7+aP4CNFVzZbIUDKPqQJiHv9/K9X9ooKqK4y1AFwbhUSVi1/I1clusNbgE15B49
Oz9PZ1pTOKnwiO4yPmVegyCf9qxo8vj/h63jJhb+knUp94+MLuRazyhOEdH4L+eX
NHVm/0VU7Y+wBjv01w3GeWU4C2bpnHXRonYSEuC44Fc4
-----END CERTIFICATE-----