This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/tlPMQw1c3qKVnL4XtiEzRpXRVfk.roa
File:                     tlPMQw1c3qKVnL4XtiEzRpXRVfk.roa (raw, json)
Hash identifier:          2OUcGgPvEsXk+44Fs3qPgVHHqN26oV6vSG6RCh8q2/E=
Subject key identifier:   B6:53:CC:43:0D:5C:DE:A2:95:9C:BE:17:B6:21:33:46:95:D1:55:F9
Certificate issuer:       /CN=854e8383e8208936802362a09f36085a50fcd85a
Certificate serial:       019B7C7FD7CB730013AB05A5F422D9CFFB15
Authority key identifier: 85:4E:83:83:E8:20:89:36:80:23:62:A0:9F:36:08:5A:50:FC:D8:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/tlPMQw1c3qKVnL4XtiEzRpXRVfk.roa
Signing time:             Fri 02 Jan 2026 02:18:31 +0000
ROA not before:           Fri 02 Jan 2026 02:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1103
IP address blocks:        137.56.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:d7:cb:73:00:13:ab:05:a5:f4:22:d9:cf:fb:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=854e8383e8208936802362a09f36085a50fcd85a
        Validity
            Not Before: Jan  2 02:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b653cc430d5cdea2959cbe17b621334695d155f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:05:2d:cd:6f:92:a2:ae:78:32:3e:1e:69:b8:
                    f3:01:d5:b0:c6:64:3d:d0:b4:f0:6b:1a:21:a1:00:
                    f5:54:f2:49:fd:ac:9d:99:14:9c:d1:0a:27:07:45:
                    a9:94:bc:d3:6f:1e:d7:0e:c5:cf:f1:1b:61:67:26:
                    f4:e7:ee:c6:6b:77:c3:31:8e:d1:43:ee:9c:5b:55:
                    c9:7d:76:9e:e8:55:d0:83:68:07:59:72:af:28:2e:
                    44:b1:5c:fe:cc:b1:25:86:95:73:bb:e8:32:78:74:
                    17:5b:53:0a:92:c8:85:8d:60:67:5e:3d:98:c1:32:
                    05:bb:c1:4c:f1:89:b5:b0:dd:85:a5:56:0d:ba:24:
                    08:95:da:1e:7a:04:0b:d9:9a:89:b2:ca:dc:35:f8:
                    66:ec:70:6c:89:03:48:c4:ce:a4:70:47:67:00:7c:
                    98:d9:af:78:46:e0:60:aa:80:c7:d9:4d:6e:27:b8:
                    e8:01:a5:a6:08:4b:e0:64:60:25:51:b0:b4:db:c3:
                    87:ae:57:b5:c4:fe:d6:f3:26:38:60:8f:b4:0e:04:
                    24:43:fc:26:a4:2f:52:1b:ab:27:e9:08:c0:5f:3f:
                    17:f5:3d:d5:4a:26:87:82:d6:8d:7b:f2:49:0b:a4:
                    9e:90:1a:de:ad:60:5b:b5:28:ad:9e:c6:95:c0:b8:
                    ec:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:53:CC:43:0D:5C:DE:A2:95:9C:BE:17:B6:21:33:46:95:D1:55:F9
            X509v3 Authority Key Identifier:
                keyid:85:4E:83:83:E8:20:89:36:80:23:62:A0:9F:36:08:5A:50:FC:D8:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/tlPMQw1c3qKVnL4XtiEzRpXRVfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e1edab-2439-4a7c-984c-e6ff7ca3ecef/1/hU6Dg-ggiTaAI2KgnzYIWlD82Fo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.56.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         01:90:de:e0:d1:c6:a4:10:5a:55:bd:63:fc:ba:81:32:0e:da:
         ae:97:c0:1c:63:8b:26:df:0f:e0:25:21:a3:b3:18:b5:70:42:
         2e:eb:28:17:dd:e9:ca:c5:e2:8a:89:f9:f0:2d:51:6c:aa:c8:
         36:bd:fe:32:21:b5:ab:24:e8:6c:2e:53:56:91:90:e1:ea:cd:
         6b:38:7f:02:ca:b0:25:ea:2e:42:c3:00:0d:67:0a:5c:fe:33:
         20:db:fb:f9:29:cf:7e:45:99:c5:dc:98:44:0b:6f:c2:a5:a3:
         8b:8f:ef:3c:6e:f7:5a:c6:39:21:c5:58:df:2b:ab:93:07:15:
         60:7e:d7:2a:37:ad:d8:58:fb:90:98:50:68:78:61:10:93:f6:
         20:e5:63:bf:d0:eb:c4:6e:e5:26:cd:c3:73:51:55:4e:2d:d8:
         02:dd:f5:ab:a1:3b:5b:95:59:9a:57:85:4f:b3:87:95:3b:8e:
         f4:0b:c3:b1:b7:c3:d3:ce:65:5f:e1:bd:d3:47:00:e4:43:de:
         89:49:47:32:d1:41:bc:53:bd:c5:17:b8:72:9d:5d:85:e2:f3:
         12:40:76:0c:b6:2c:5f:f4:0d:d9:a3:6d:82:7e:bb:0c:59:bc:
         44:b6:b4:55:e8:d5:90:cf:b1:6e:9d:68:6d:dc:97:ea:fd:4a:
         48:37:c2:5b
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt8f9fLcwATqwWl9CLZz/sVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1NGU4MzgzZTgyMDg5MzY4MDIzNjJhMDlmMzYwODVhNTBm
Y2Q4NWEwHhcNMjYwMTAyMDIxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjUzY2M0MzBkNWNkZWEyOTU5Y2JlMTdiNjIxMzM0Njk1ZDE1NWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkgUtzW+Soq54Mj4eabjzAdWwxmQ9
0LTwaxohoQD1VPJJ/aydmRSc0QonB0WplLzTbx7XDsXP8RthZyb05+7Ga3fDMY7R
Q+6cW1XJfXae6FXQg2gHWXKvKC5EsVz+zLElhpVzu+gyeHQXW1MKksiFjWBnXj2Y
wTIFu8FM8Ym1sN2FpVYNuiQIldoeegQL2ZqJssrcNfhm7HBsiQNIxM6kcEdnAHyY
2a94RuBgqoDH2U1uJ7joAaWmCEvgZGAlUbC028OHrle1xP7W8yY4YI+0DgQkQ/wm
pC9SG6sn6QjAXz8X9T3VSiaHgtaNe/JJC6SekBrerWBbtSitnsaVwLjsKQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFLZTzEMNXN6ilZy+F7YhM0aV0VX5MB8GA1UdIwQY
MBaAFIVOg4PoIIk2gCNioJ82CFpQ/NhaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFU2RGctZ2dpVGFBSTJLZ256WUlXbEQ4MkZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lMWVkYWItMjQzOS00YTdjLTk4NGMt
ZTZmZjdjYTNlY2VmLzEvdGxQTVF3MWMzcUtWbkw0WHRpRXpScFhSVmZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lMWVkYWItMjQzOS00YTdjLTk4NGMtZTZmZjdjYTNlY2Vm
LzEvaFU2RGctZ2dpVGFBSTJLZ256WUlXbEQ4MkZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiTgwDQYJ
KoZIhvcNAQELBQADggEBAAGQ3uDRxqQQWlW9Y/y6gTIO2q6XwBxjiybfD+AlIaOz
GLVwQi7rKBfd6crF4oqJ+fAtUWyqyDa9/jIhtask6GwuU1aRkOHqzWs4fwLKsCXq
LkLDAA1nClz+MyDb+/kpz35FmcXcmEQLb8Klo4uP7zxu91rGOSHFWN8rq5MHFWB+
1yo3rdhY+5CYUGh4YRCT9iDlY7/Q68Ru5SbNw3NRVU4t2ALd9auhO1uVWZpXhU+z
h5U7jvQLw7G3w9POZV/hvdNHAORD3olJRzLRQbxTvcUXuHKdXYXi8xJAdgy2LF/0
DdmjbYJ+uwxZvES2tFXo1ZDPsW6daG3cl+r9Skg3wls=
-----END CERTIFICATE-----