This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/WfO_rWl2fuHfB5qC7zRbCafrvqU.roa
File:                     WfO_rWl2fuHfB5qC7zRbCafrvqU.roa (raw, json)
Hash identifier:          ppF/B4Ro0vZlOk9/Ggy6Gk/rxTQBCtZ+Hw9clVEmyrI=
Subject key identifier:   59:F3:BF:AD:69:76:7E:E1:DF:07:9A:82:EF:34:5B:09:A7:EB:BE:A5
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       019B7E37EF36537A9CBF8C5D88CB8302E367
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/WfO_rWl2fuHfB5qC7zRbCafrvqU.roa
Signing time:             Fri 02 Jan 2026 10:19:13 +0000
ROA not before:           Fri 02 Jan 2026 10:19:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212227
IP address blocks:        5.56.128.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 10:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:37:ef:36:53:7a:9c:bf:8c:5d:88:cb:83:02:e3:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jan  2 10:19:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=59f3bfad69767ee1df079a82ef345b09a7ebbea5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6b:0d:d6:f0:8c:73:9f:3a:e0:e9:c0:b2:ed:
                    f4:1c:30:3f:d7:54:2f:8e:be:51:2b:9a:a8:17:4b:
                    37:21:2c:87:72:9c:1c:93:05:48:ca:f6:98:92:02:
                    5c:f1:14:d2:d1:da:81:7a:5f:3e:cb:22:54:fd:4f:
                    aa:72:3b:da:ba:dd:e8:22:4a:8a:79:93:9a:2f:dc:
                    e0:89:44:67:00:61:77:db:4e:ce:27:85:09:73:45:
                    48:c3:9f:02:78:dd:4f:fa:cc:c3:4a:28:ec:bf:06:
                    cd:38:f6:69:49:56:3d:47:ad:46:7c:a6:b1:e1:1b:
                    67:c1:d2:53:14:c2:41:5c:34:45:ea:d0:ff:33:cd:
                    4e:85:f7:d1:af:cf:41:2c:2c:cc:f7:b6:83:2a:f4:
                    a3:c1:66:1b:44:2a:26:36:17:c7:c0:9e:75:72:ed:
                    65:6c:11:24:ba:f0:70:61:fc:7e:93:9f:24:df:1a:
                    99:73:3d:dc:39:33:ae:0d:ea:ae:07:3d:54:51:95:
                    0d:bf:a7:74:fe:6f:b3:2c:53:a9:58:60:08:42:31:
                    8d:0e:4d:b4:e3:7a:88:ff:26:7e:80:a8:f4:cd:20:
                    59:b1:67:02:fd:15:77:5c:57:2c:96:26:cc:66:19:
                    11:9a:26:39:8f:34:fd:de:27:a1:bc:7a:b4:f4:dd:
                    ca:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:F3:BF:AD:69:76:7E:E1:DF:07:9A:82:EF:34:5B:09:A7:EB:BE:A5
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/WfO_rWl2fuHfB5qC7zRbCafrvqU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:a3:9c:77:f5:47:c4:a2:6f:75:97:ec:da:d5:ab:91:e2:bc:
         80:60:e7:32:94:1c:fe:3d:78:81:8d:5c:72:7e:c1:95:38:0c:
         8d:35:09:dc:26:69:b5:85:fd:66:87:6b:e5:3c:18:a8:62:6d:
         b2:87:d8:9c:66:7b:dd:0b:bb:57:32:98:97:29:0f:2d:0b:b7:
         aa:98:1a:b8:40:95:6a:c1:8d:04:77:e8:87:82:7b:79:18:76:
         5b:ba:d9:2a:75:60:c4:f5:02:ba:39:3f:b0:7f:be:7a:e9:b3:
         55:de:b9:26:aa:2b:cd:eb:db:b8:ee:1a:49:39:e0:a0:69:aa:
         21:62:25:f0:33:e9:3c:2a:d6:c5:71:a2:92:0c:e7:13:98:4d:
         3b:0f:f5:df:bd:c6:2b:8f:af:2a:df:8f:c3:b6:4c:86:4a:98:
         22:ce:02:81:19:d5:24:49:c1:1e:60:d2:2f:5f:c5:ea:34:ff:
         4e:84:56:7c:1f:bb:e9:b7:26:de:2a:ea:84:6e:30:de:30:03:
         1f:9f:1b:1c:82:11:f6:e5:81:86:1d:15:19:42:0a:8d:47:42:
         bd:85:97:16:ef:d9:ad:da:2a:b5:06:80:fc:6d:b6:ec:30:e0:
         88:3a:cc:49:2d:a0:a8:7f:1f:b6:b4:03:29:f7:de:33:c2:47:
         fb:10:78:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+N+82U3qcv4xdiMuDAuNnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjYwMTAyMTAxOTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWYzYmZhZDY5NzY3ZWUxZGYwNzlhODJlZjM0NWIwOWE3ZWJiZWE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGsN1vCMc5864OnAsu30HDA/11Qv
jr5RK5qoF0s3ISyHcpwckwVIyvaYkgJc8RTS0dqBel8+yyJU/U+qcjvaut3oIkqK
eZOaL9zgiURnAGF3207OJ4UJc0VIw58CeN1P+szDSijsvwbNOPZpSVY9R61GfKax
4RtnwdJTFMJBXDRF6tD/M81OhffRr89BLCzM97aDKvSjwWYbRComNhfHwJ51cu1l
bBEkuvBwYfx+k58k3xqZcz3cOTOuDequBz1UUZUNv6d0/m+zLFOpWGAIQjGNDk20
43qI/yZ+gKj0zSBZsWcC/RV3XFcslibMZhkRmiY5jzT93iehvHq09N3K3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFnzv61pdn7h3weagu80Wwmn676lMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvV2ZPX3JXbDJmdUhmQjVxQzd6UmJDYWZydnFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBTiAMA0G
CSqGSIb3DQEBCwUAA4IBAQAoo5x39UfEom91l+za1auR4ryAYOcylBz+PXiBjVxy
fsGVOAyNNQncJmm1hf1mh2vlPBioYm2yh9icZnvdC7tXMpiXKQ8tC7eqmBq4QJVq
wY0Ed+iHgnt5GHZbutkqdWDE9QK6OT+wf7566bNV3rkmqivN69u47hpJOeCgaaoh
YiXwM+k8KtbFcaKSDOcTmE07D/XfvcYrj68q34/DtkyGSpgizgKBGdUkScEeYNIv
X8XqNP9OhFZ8H7vptybeKuqEbjDeMAMfnxscghH25YGGHRUZQgqNR0K9hZcW79mt
2iq1BoD8bbbsMOCIOsxJLaCofx+2tAMp994zwkf7EHjs
-----END CERTIFICATE-----