This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/ICFYqu77x7I38XLSO8ssUz7L2Vs.roa
File:                     ICFYqu77x7I38XLSO8ssUz7L2Vs.roa (raw, json)
Hash identifier:          dMMfHQ8neHfvmT2WRB8flQYBAjRbWn4Uktvrdq2TvDk=
Subject key identifier:   20:21:58:AA:EE:FB:C7:B2:37:F1:72:D2:3B:CB:2C:53:3E:CB:D9:5B
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       019BB2DC3435DDDAF74DB4BC26CAAA276B7F
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/ICFYqu77x7I38XLSO8ssUz7L2Vs.roa
Signing time:             Mon 12 Jan 2026 15:38:54 +0000
ROA not before:           Mon 12 Jan 2026 15:38:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3196
IP address blocks:        144.56.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:b2:dc:34:35:dd:da:f7:4d:b4:bc:26:ca:aa:27:6b:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Jan 12 15:38:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=202158aaeefbc7b237f172d23bcb2c533ecbd95b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1f:8c:00:a3:0e:e2:db:50:07:96:63:a9:de:
                    a6:d8:c6:f0:8f:17:b5:de:29:65:90:66:cd:44:33:
                    0f:25:b4:f2:71:73:42:01:37:bb:97:d9:f5:b5:16:
                    a2:6a:1f:5f:aa:c3:5e:8b:3d:56:61:50:f7:24:69:
                    01:fc:e1:3c:88:89:86:8a:9f:15:36:48:f9:17:0e:
                    d1:ff:47:6c:de:3a:e8:7f:e8:80:f1:da:85:e7:84:
                    a4:db:19:4e:22:42:75:39:91:c6:16:71:53:15:95:
                    11:9a:9e:3d:c3:1e:dd:71:42:c2:c0:d9:ff:38:63:
                    8d:e0:46:72:67:df:74:b3:e2:52:ef:a2:bc:14:6e:
                    7b:28:40:24:f2:c9:9b:a1:09:3e:78:7e:7f:77:e1:
                    62:aa:d0:f7:70:f2:3f:07:29:ce:f5:95:c5:f8:4f:
                    d2:13:e9:48:08:89:f2:68:b4:72:cf:a0:74:d4:6b:
                    78:49:b7:f0:70:d1:13:9b:83:0e:0f:56:8f:b1:96:
                    21:63:11:c2:eb:f9:1d:b2:35:f0:70:2d:84:86:59:
                    dd:4c:8b:80:f2:22:97:0f:35:28:8d:2d:01:01:27:
                    7c:2f:f0:54:af:83:35:88:af:43:b7:cb:0d:9f:f2:
                    74:b8:20:77:34:ff:80:3b:53:68:a7:bc:3d:b9:70:
                    35:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:21:58:AA:EE:FB:C7:B2:37:F1:72:D2:3B:CB:2C:53:3E:CB:D9:5B
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/ICFYqu77x7I38XLSO8ssUz7L2Vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:eb:20:60:2b:bc:79:31:a3:22:6b:4b:b7:4d:2e:bf:f9:48:
         8c:22:98:78:4e:99:c1:27:16:c6:25:73:5a:90:f2:9b:14:cc:
         89:d5:84:6d:9c:f2:2d:8a:16:98:7d:10:ee:8f:9c:66:3d:ac:
         2d:9e:d4:be:1c:51:f7:7d:11:e4:7f:f5:32:44:44:e2:46:be:
         ca:5b:ec:6d:91:32:cf:1b:c0:02:14:c3:f3:43:2a:30:1a:be:
         11:eb:5f:d7:e2:d6:69:47:89:f2:cf:2b:fc:7a:18:4c:90:a6:
         8a:e6:86:e7:bb:6f:3c:71:49:c3:9e:e4:5c:08:24:ee:42:06:
         0b:22:d0:5e:ce:cb:b8:a1:de:46:57:0e:57:c8:01:82:e0:83:
         3a:18:51:08:4f:09:b6:de:89:39:ab:5a:bc:c0:60:be:1d:1a:
         38:25:92:53:ad:8d:ae:62:11:5b:cb:8e:d5:7c:a6:3a:d7:d2:
         31:2c:b4:1e:53:23:4c:11:e2:af:ba:a9:fe:2e:40:d7:c4:7d:
         67:92:64:1e:36:01:74:38:bc:df:7a:6b:41:c9:1e:21:69:fd:
         5b:e6:f8:79:d4:95:c6:74:3b:e6:0a:d9:63:99:27:2c:bf:ef:
         95:8c:3e:21:c0:ee:60:7e:15:b2:9e:c8:a5:0b:85:4c:12:b5:
         b5:82:2f:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZuy3DQ13dr3TbS8JsqqJ2t/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjYwMTEyMTUzODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDIxNThhYWVlZmJjN2IyMzdmMTcyZDIzYmNiMmM1MzNlY2JkOTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuR+MAKMO4ttQB5Zjqd6m2Mbwjxe1
3illkGbNRDMPJbTycXNCATe7l9n1tRaiah9fqsNeiz1WYVD3JGkB/OE8iImGip8V
Nkj5Fw7R/0ds3jrof+iA8dqF54Sk2xlOIkJ1OZHGFnFTFZURmp49wx7dcULCwNn/
OGON4EZyZ990s+JS76K8FG57KEAk8smboQk+eH5/d+FiqtD3cPI/BynO9ZXF+E/S
E+lICInyaLRyz6B01Gt4SbfwcNETm4MOD1aPsZYhYxHC6/kdsjXwcC2EhlndTIuA
8iKXDzUojS0BASd8L/BUr4M1iK9Dt8sNn/J0uCB3NP+AO1Nop7w9uXA15QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAhWKru+8eyN/Fy0jvLLFM+y9lbMB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvSUNGWXF1Nzd4N0kzOFhMU084c3NVejdMMlZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDiQMA0G
CSqGSIb3DQEBCwUAA4IBAQAd6yBgK7x5MaMia0u3TS6/+UiMIph4TpnBJxbGJXNa
kPKbFMyJ1YRtnPItihaYfRDuj5xmPawtntS+HFH3fRHkf/UyRETiRr7KW+xtkTLP
G8ACFMPzQyowGr4R61/X4tZpR4nyzyv8ehhMkKaK5obnu288cUnDnuRcCCTuQgYL
ItBezsu4od5GVw5XyAGC4IM6GFEITwm23ok5q1q8wGC+HRo4JZJTrY2uYhFby47V
fKY619IxLLQeUyNMEeKvuqn+LkDXxH1nkmQeNgF0OLzfemtByR4haf1b5vh51JXG
dDvmCtljmScsv++VjD4hwO5gfhWynsilC4VMErW1gi8n
-----END CERTIFICATE-----