This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/opqnkFHoEXKhvq7OyH14rnf0YP8.roa
File:                     opqnkFHoEXKhvq7OyH14rnf0YP8.roa (raw, json)
Hash identifier:          peA61QsKsh1y16MIgAYhAd+NF8dzDFvXn+YtYDv8l2w=
Subject key identifier:   A2:9A:A7:90:51:E8:11:72:A1:BE:AE:CE:C8:7D:78:AE:77:F4:60:FF
Certificate issuer:       /CN=16055801b775e774306321455fd463fbd9273c4c
Certificate serial:       019B7B365BFF60C15216AF528B75AFAC8009
Authority key identifier: 16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/opqnkFHoEXKhvq7OyH14rnf0YP8.roa
Signing time:             Thu 01 Jan 2026 20:18:38 +0000
ROA not before:           Thu 01 Jan 2026 20:18:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54252
IP address blocks:        144.56.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:5b:ff:60:c1:52:16:af:52:8b:75:af:ac:80:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16055801b775e774306321455fd463fbd9273c4c
        Validity
            Not Before: Jan  1 20:18:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a29aa79051e81172a1beaecec87d78ae77f460ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d7:80:2f:12:27:56:e8:75:bd:fd:e7:9c:29:
                    87:5d:e5:ce:a6:2c:6c:9d:43:8d:d5:45:f3:77:26:
                    dd:66:21:6a:67:5c:cb:da:42:fb:a7:da:71:f7:cb:
                    3c:0a:53:bd:54:3e:f1:12:ba:8d:ee:ca:40:45:ef:
                    dd:7d:37:94:bd:b7:33:d9:12:40:05:89:a8:03:04:
                    4d:af:95:22:31:54:cc:23:83:41:2c:e9:0f:42:80:
                    a0:c1:fd:31:c8:86:d5:46:c2:c0:90:00:01:59:bc:
                    c2:c0:b3:ab:38:70:c9:41:4d:1a:16:aa:80:de:52:
                    44:96:ee:41:87:30:3e:61:e6:c2:89:0b:56:35:f7:
                    93:c4:03:d5:58:f4:66:76:55:4c:7f:99:99:70:e1:
                    41:69:ff:5e:ff:de:be:2f:f4:95:e9:1a:d4:25:7f:
                    48:7e:8b:0f:dc:0d:2d:a6:24:6b:a9:51:b6:73:0c:
                    05:1b:d1:50:4e:74:ad:27:80:2b:dd:08:07:af:c5:
                    1c:3e:1a:ff:47:38:54:1b:fa:a7:d7:90:a4:1a:64:
                    9f:af:b3:57:6f:42:d7:05:d8:60:a0:0b:96:d4:4b:
                    4e:f1:e2:bb:16:38:0f:51:d7:a0:01:77:89:3f:fa:
                    0a:56:45:73:e2:e0:93:b5:bc:87:78:a4:df:36:4e:
                    d1:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:9A:A7:90:51:E8:11:72:A1:BE:AE:CE:C8:7D:78:AE:77:F4:60:FF
            X509v3 Authority Key Identifier:
                keyid:16:05:58:01:B7:75:E7:74:30:63:21:45:5F:D4:63:FB:D9:27:3C:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FgVYAbd153QwYyFFX9Rj-9knPEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/opqnkFHoEXKhvq7OyH14rnf0YP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/f0340b-330e-45d7-be58-135717ef388a/1/FgVYAbd153QwYyFFX9Rj-9knPEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.56.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:c8:41:79:1c:72:a1:c6:f7:6f:82:7c:43:af:99:1a:b4:1d:
         af:ed:b2:24:a1:c6:24:08:bb:97:b2:23:a2:96:9e:f7:0a:2f:
         af:97:49:f1:c0:67:16:15:97:9c:9f:36:37:0c:67:5e:b2:51:
         89:6a:fe:d1:a9:24:98:2d:80:90:c5:82:32:7f:1a:f9:bb:3b:
         a9:af:92:0f:71:1e:b4:4f:fc:52:df:e4:25:ba:c8:5e:a3:60:
         5f:90:48:a0:b7:a4:b4:08:81:67:5c:86:9c:2c:16:b7:18:6a:
         40:b4:72:57:8d:83:bb:6e:28:90:c7:b4:cd:af:0e:d1:fc:2f:
         9a:cc:70:92:5a:99:69:5b:23:3d:16:29:63:65:de:13:b5:2e:
         d4:b5:08:66:9a:73:3b:e1:08:23:9b:e3:6d:49:b8:67:da:bf:
         e3:ed:30:a6:8d:a9:74:b1:ae:22:30:5c:13:6e:44:3c:33:31:
         6d:02:3d:86:bd:df:34:49:10:00:4f:b5:49:bc:30:7d:53:c6:
         a8:d0:92:18:90:dc:f3:3c:3b:c3:d5:d7:51:47:8a:9e:16:d9:
         2c:f4:88:13:ff:c0:ee:50:77:a0:ed:e5:61:be:c3:b3:8d:4b:
         50:a5:84:7a:da:9c:0b:2f:d2:28:d3:70:ae:7e:eb:14:f0:d4:
         f7:46:dc:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Nlv/YMFSFq9Si3WvrIAJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2MDU1ODAxYjc3NWU3NzQzMDYzMjE0NTVmZDQ2M2ZiZDky
NzNjNGMwHhcNMjYwMTAxMjAxODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjlhYTc5MDUxZTgxMTcyYTFiZWFlY2VjODdkNzhhZTc3ZjQ2MGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9eALxInVuh1vf3nnCmHXeXOpixs
nUON1UXzdybdZiFqZ1zL2kL7p9px98s8ClO9VD7xErqN7spARe/dfTeUvbcz2RJA
BYmoAwRNr5UiMVTMI4NBLOkPQoCgwf0xyIbVRsLAkAABWbzCwLOrOHDJQU0aFqqA
3lJElu5BhzA+YebCiQtWNfeTxAPVWPRmdlVMf5mZcOFBaf9e/96+L/SV6RrUJX9I
fosP3A0tpiRrqVG2cwwFG9FQTnStJ4Ar3QgHr8UcPhr/RzhUG/qn15CkGmSfr7NX
b0LXBdhgoAuW1EtO8eK7FjgPUdegAXeJP/oKVkVz4uCTtbyHeKTfNk7RsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKap5BR6BFyob6uzsh9eK539GD/MB8GA1UdIwQY
MBaAFBYFWAG3ded0MGMhRV/UY/vZJzxMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgt
MTM1NzE3ZWYzODhhLzEvb3BxbmtGSG9FWEtodnE3T3lIMTRybmYwWVA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy9mMDM0MGItMzMwZS00NWQ3LWJlNTgtMTM1NzE3ZWYzODhh
LzEvRmdWWUFiZDE1M1F3WXlGRlg5UmotOWtuUEV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkDgHMA0G
CSqGSIb3DQEBCwUAA4IBAQAayEF5HHKhxvdvgnxDr5katB2v7bIkocYkCLuXsiOi
lp73Ci+vl0nxwGcWFZecnzY3DGdeslGJav7RqSSYLYCQxYIyfxr5uzupr5IPcR60
T/xS3+Qlusheo2BfkEigt6S0CIFnXIacLBa3GGpAtHJXjYO7biiQx7TNrw7R/C+a
zHCSWplpWyM9FiljZd4TtS7UtQhmmnM74Qgjm+NtSbhn2r/j7TCmjal0sa4iMFwT
bkQ8MzFtAj2Gvd80SRAAT7VJvDB9U8ao0JIYkNzzPDvD1ddRR4qeFtks9IgT/8Du
UHeg7eVhvsOzjUtQpYR62pwLL9Io03CufusU8NT3Rtxz
-----END CERTIFICATE-----