This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/Ao01yBlxvJ843s8rmXALqicuFL4.roa
File:                     Ao01yBlxvJ843s8rmXALqicuFL4.roa (raw, json)
Hash identifier:          mObGzmDyz7K0J3EGcnRV4ZYxrkCBxp3ntfUTw3IpS/Y=
Subject key identifier:   02:8D:35:C8:19:71:BC:9F:38:DE:CF:2B:99:70:0B:AA:27:2E:14:BE
Certificate issuer:       /CN=1c4c26273da2821fce26075aa0a6e2301ec84927
Certificate serial:       019B76EAF6976F989D31A5CA067FB098C5FD
Authority key identifier: 1C:4C:26:27:3D:A2:82:1F:CE:26:07:5A:A0:A6:E2:30:1E:C8:49:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/Ao01yBlxvJ843s8rmXALqicuFL4.roa
Signing time:             Thu 01 Jan 2026 00:17:48 +0000
ROA not before:           Thu 01 Jan 2026 00:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     786
IP address blocks:        143.239.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:f6:97:6f:98:9d:31:a5:ca:06:7f:b0:98:c5:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c4c26273da2821fce26075aa0a6e2301ec84927
        Validity
            Not Before: Jan  1 00:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=028d35c81971bc9f38decf2b99700baa272e14be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:5c:99:ce:00:5e:d3:0c:96:ba:07:4b:82:3e:
                    fe:fe:df:63:63:13:f9:a1:01:7c:ef:c4:b7:c3:f8:
                    7d:79:fc:76:91:c9:5a:37:99:e0:8d:09:7d:31:05:
                    3c:93:16:a8:1f:ea:bc:84:2b:10:90:33:d1:a6:d3:
                    59:d1:36:01:b8:92:a4:87:6d:52:04:7a:ac:74:b2:
                    12:5b:f6:33:b5:ca:2e:64:c8:2b:0b:f6:64:b8:20:
                    58:ae:78:b2:3e:81:09:5f:75:04:a3:93:3d:cc:3e:
                    6f:17:3b:3c:d2:64:32:0f:e3:70:83:1a:0c:e7:64:
                    55:70:6d:1c:9e:15:91:73:23:5a:8c:a2:cf:46:ed:
                    3e:c7:a3:53:07:5b:58:6e:2a:22:b3:c7:a3:c6:90:
                    5e:65:f7:56:56:2e:42:57:b0:0f:8e:4b:14:92:1d:
                    d6:a9:54:ed:7b:0e:02:b4:20:73:b0:cf:14:10:a8:
                    e0:67:43:5f:ba:4c:00:27:b8:fc:f7:07:a4:34:1d:
                    f4:5c:1b:8e:c4:72:05:fd:7d:6c:7b:97:57:41:72:
                    c7:19:2f:e6:1d:e0:61:8f:06:3f:72:a1:fe:58:56:
                    b0:70:ae:46:a3:46:07:c6:09:77:ce:d5:b0:b4:78:
                    67:e7:d0:33:fc:5d:7e:92:46:e2:82:d7:1a:ab:2d:
                    fb:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:8D:35:C8:19:71:BC:9F:38:DE:CF:2B:99:70:0B:AA:27:2E:14:BE
            X509v3 Authority Key Identifier:
                keyid:1C:4C:26:27:3D:A2:82:1F:CE:26:07:5A:A0:A6:E2:30:1E:C8:49:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/Ao01yBlxvJ843s8rmXALqicuFL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.239.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         91:63:78:eb:b4:c4:56:d7:41:a3:22:d4:2a:4b:4d:ff:7b:19:
         35:8e:96:15:ef:c8:e2:54:c4:e2:76:2f:df:56:01:43:ac:4a:
         3e:cf:37:55:62:af:6e:95:3c:1b:bb:4a:27:de:de:5e:d5:d6:
         91:11:ff:3d:42:4a:82:a8:c3:c8:aa:6d:3d:65:79:22:2e:44:
         0c:71:11:99:e9:1c:09:a3:ab:2f:43:65:4a:a5:2d:e4:dd:20:
         e5:43:ce:a2:0e:fb:f3:dd:eb:11:81:7a:e9:64:d0:fb:5d:8d:
         fa:eb:fb:33:72:4e:34:35:d0:28:6b:9f:42:ba:5b:4d:a2:f5:
         a9:6a:69:01:77:83:fc:0d:0a:4c:e1:8e:ca:3b:a0:9b:11:ed:
         46:c4:58:a6:47:7e:c9:aa:6e:df:fa:41:ea:c9:0c:ce:c6:43:
         9f:a5:f5:4f:7d:39:ea:cf:60:54:bc:c6:53:ae:05:5a:51:5a:
         40:07:de:4c:b6:1f:b3:e9:06:02:52:e0:68:b2:76:3b:56:7c:
         0f:8b:6c:1c:95:b2:6c:18:ed:d7:5e:a0:4d:81:18:db:e2:ff:
         17:aa:c0:c8:cc:c4:77:79:02:c5:69:90:ea:90:44:ee:b6:f5:
         f0:bd:a5:a3:f9:08:91:73:04:78:14:81:45:d7:4f:18:c7:a5:
         aa:5f:b8:14
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt26vaXb5idMaXKBn+wmMX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNGMyNjI3M2RhMjgyMWZjZTI2MDc1YWEwYTZlMjMwMWVj
ODQ5MjcwHhcNMjYwMTAxMDAxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjhkMzVjODE5NzFiYzlmMzhkZWNmMmI5OTcwMGJhYTI3MmUxNGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61yZzgBe0wyWugdLgj7+/t9jYxP5
oQF878S3w/h9efx2kclaN5ngjQl9MQU8kxaoH+q8hCsQkDPRptNZ0TYBuJKkh21S
BHqsdLISW/YztcouZMgrC/ZkuCBYrniyPoEJX3UEo5M9zD5vFzs80mQyD+NwgxoM
52RVcG0cnhWRcyNajKLPRu0+x6NTB1tYbiois8ejxpBeZfdWVi5CV7APjksUkh3W
qVTtew4CtCBzsM8UEKjgZ0NfukwAJ7j89wekNB30XBuOxHIF/X1se5dXQXLHGS/m
HeBhjwY/cqH+WFawcK5Go0YHxgl3ztWwtHhn59Az/F1+kkbigtcaqy373QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFAKNNcgZcbyfON7PK5lwC6onLhS+MB8GA1UdIwQY
MBaAFBxMJic9ooIfziYHWqCm4jAeyEknMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEV3bUp6MmlnaF9PSmdkYW9LYmlNQjdJU1NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS81NDVjY2UtYWYxMS00ZWY3LTlhNWQt
ZDM1YjQzMGFmMjZkLzEvQW8wMXlCbHh2Sjg0M3M4cm1YQUxxaWN1Rkw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS81NDVjY2UtYWYxMS00ZWY3LTlhNWQtZDM1YjQzMGFmMjZk
LzEvSEV3bUp6MmlnaF9PSmdkYW9LYmlNQjdJU1NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAj+8wDQYJ
KoZIhvcNAQELBQADggEBAJFjeOu0xFbXQaMi1CpLTf97GTWOlhXvyOJUxOJ2L99W
AUOsSj7PN1Vir26VPBu7Sife3l7V1pER/z1CSoKow8iqbT1leSIuRAxxEZnpHAmj
qy9DZUqlLeTdIOVDzqIO+/Pd6xGBeulk0Ptdjfrr+zNyTjQ10Chrn0K6W02i9alq
aQF3g/wNCkzhjso7oJsR7UbEWKZHfsmqbt/6QerJDM7GQ5+l9U99OerPYFS8xlOu
BVpRWkAH3ky2H7PpBgJS4GiydjtWfA+LbByVsmwY7ddeoE2BGNvi/xeqwMjMxHd5
AsVpkOqQRO629fC9paP5CJFzBHgUgUXXTxjHpapfuBQ=
-----END CERTIFICATE-----