This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lHL4YQ-69jCc2YuZ0n_Epw-jhBE.roa
File:                     lHL4YQ-69jCc2YuZ0n_Epw-jhBE.roa (raw, json)
Hash identifier:          CwfIpkNBDWVhAIQbubfZUmHVXETuzrY8OlbIa0wpCaA=
Subject key identifier:   94:72:F8:61:0F:BA:F6:30:9C:D9:8B:99:D2:7F:C4:A7:0F:A3:84:11
Certificate issuer:       /CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
Certificate serial:       019B7E3933399D6D00B594831297EBF2D6B6
Authority key identifier: 0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lHL4YQ-69jCc2YuZ0n_Epw-jhBE.roa
Signing time:             Fri 02 Jan 2026 10:20:36 +0000
ROA not before:           Fri 02 Jan 2026 10:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202656
IP address blocks:        163.5.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 13:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:39:33:39:9d:6d:00:b5:94:83:12:97:eb:f2:d6:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce851b6dd5d364ee19e0b38201b3e8df2624bcb
        Validity
            Not Before: Jan  2 10:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9472f8610fbaf6309cd98b99d27fc4a70fa38411
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6d:86:b0:c6:ef:e7:44:12:4d:b3:ba:04:5e:
                    4c:d9:04:a2:f4:8f:f3:3d:5c:dd:28:5e:65:c1:a7:
                    92:b3:c4:8b:83:6f:2e:97:79:4a:23:14:7e:3f:ca:
                    b0:c2:a6:b5:f9:bb:f1:6c:ec:17:da:1b:1f:ff:44:
                    b6:45:a1:c6:f3:08:85:7c:94:72:57:56:a3:07:19:
                    f7:0e:f5:29:3b:8c:29:20:1c:b3:13:5a:1b:34:f3:
                    3a:3a:d3:76:c9:d4:01:6d:00:f0:9e:d4:5e:1d:b0:
                    b8:81:9e:48:b2:fd:8c:46:cf:b9:a4:06:ee:8b:25:
                    05:5a:61:2d:a7:a0:a9:c1:12:bb:18:72:bd:d1:51:
                    7a:ab:d9:cd:47:25:64:a7:d7:2f:4f:46:82:a0:fe:
                    9d:7b:69:a9:2f:a0:6a:d2:44:e9:35:e7:5b:b4:e3:
                    28:f8:55:18:c1:bc:60:ae:55:90:38:7e:db:50:86:
                    0d:70:ff:d1:fe:d7:c1:5c:14:9e:10:e3:d4:f2:86:
                    f8:76:1d:e6:ab:7c:64:10:87:44:67:77:31:73:39:
                    bc:94:41:6d:9f:1c:59:64:f5:12:44:0d:c6:34:e3:
                    8b:d2:7e:f2:f1:fd:69:68:16:c1:dc:9e:32:49:d4:
                    c1:4f:cf:fa:42:92:75:20:0b:0a:48:d5:1a:d3:7d:
                    c9:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:72:F8:61:0F:BA:F6:30:9C:D9:8B:99:D2:7F:C4:A7:0F:A3:84:11
            X509v3 Authority Key Identifier:
                keyid:0C:E8:51:B6:DD:5D:36:4E:E1:9E:0B:38:20:1B:3E:8D:F2:62:4B:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOhRtt1dNk7hngs4IBs-jfJiS8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/lHL4YQ-69jCc2YuZ0n_Epw-jhBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/d02dfb-9673-49a8-971c-9fe94108ff01/1/DOhRtt1dNk7hngs4IBs-jfJiS8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.5.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:f3:ab:f7:fe:9d:dc:fc:89:00:98:0b:6d:6a:7d:da:99:ea:
         0e:02:e4:f4:99:23:06:db:fa:e8:7e:5e:8d:8a:b0:56:5e:75:
         8b:c7:22:de:3c:e3:ce:84:b6:aa:d7:c7:31:aa:cf:33:ea:bd:
         d1:75:9d:4d:70:c4:64:c8:61:05:7a:8a:53:a6:6f:61:1c:e6:
         67:63:39:69:a3:1e:52:7c:62:f9:3d:2c:15:0c:8a:4b:cc:d2:
         d6:1c:65:b3:ec:45:b2:56:4e:60:29:a8:49:12:24:57:df:eb:
         d3:5e:ca:b0:75:c3:dc:34:29:97:01:25:d9:f1:e0:77:09:58:
         42:11:3c:c8:fd:c6:c5:c6:42:be:9c:e5:ae:0c:f6:1b:05:59:
         99:63:38:9a:37:fb:f6:3e:ca:01:0b:18:6f:38:23:f9:d9:99:
         aa:4f:41:50:c7:a4:dd:fa:83:d3:25:f3:47:02:14:40:cd:0f:
         bd:6a:89:7b:7f:ca:89:ba:6f:15:c4:c6:79:7e:5a:ba:10:84:
         30:27:90:51:4b:7b:38:6e:1e:94:15:4a:a6:a9:db:47:0a:aa:
         65:e2:31:49:83:16:3d:0e:19:de:89:3d:73:a5:d5:84:46:77:
         49:8d:b0:ae:3e:3a:5a:f5:1a:98:66:25:ef:a5:37:a1:ef:15:
         46:23:d9:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OTM5nW0AtZSDEpfr8ta2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTg1MWI2ZGQ1ZDM2NGVlMTllMGIzODIwMWIzZThkZjI2
MjRiY2IwHhcNMjYwMTAyMTAyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDcyZjg2MTBmYmFmNjMwOWNkOThiOTlkMjdmYzRhNzBmYTM4NDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG2GsMbv50QSTbO6BF5M2QSi9I/z
PVzdKF5lwaeSs8SLg28ul3lKIxR+P8qwwqa1+bvxbOwX2hsf/0S2RaHG8wiFfJRy
V1ajBxn3DvUpO4wpIByzE1obNPM6OtN2ydQBbQDwntReHbC4gZ5Isv2MRs+5pAbu
iyUFWmEtp6CpwRK7GHK90VF6q9nNRyVkp9cvT0aCoP6de2mpL6Bq0kTpNedbtOMo
+FUYwbxgrlWQOH7bUIYNcP/R/tfBXBSeEOPU8ob4dh3mq3xkEIdEZ3cxczm8lEFt
nxxZZPUSRA3GNOOL0n7y8f1paBbB3J4ySdTBT8/6QpJ1IAsKSNUa033JsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRy+GEPuvYwnNmLmdJ/xKcPo4QRMB8GA1UdIwQY
MBaAFAzoUbbdXTZO4Z4LOCAbPo3yYkvLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMt
OWZlOTQxMDhmZjAxLzEvbEhMNFlRLTY5akNjMll1WjBuX0Vwdy1qaEJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9kMDJkZmItOTY3My00OWE4LTk3MWMtOWZlOTQxMDhmZjAx
LzEvRE9oUnR0MWROazdobmdzNElCcy1qZkppUzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAowWJMA0G
CSqGSIb3DQEBCwUAA4IBAQAG86v3/p3c/IkAmAttan3ameoOAuT0mSMG2/rofl6N
irBWXnWLxyLePOPOhLaq18cxqs8z6r3RdZ1NcMRkyGEFeopTpm9hHOZnYzlpox5S
fGL5PSwVDIpLzNLWHGWz7EWyVk5gKahJEiRX3+vTXsqwdcPcNCmXASXZ8eB3CVhC
ETzI/cbFxkK+nOWuDPYbBVmZYziaN/v2PsoBCxhvOCP52ZmqT0FQx6Td+oPTJfNH
AhRAzQ+9aol7f8qJum8VxMZ5flq6EIQwJ5BRS3s4bh6UFUqmqdtHCqpl4jFJgxY9
DhneiT1zpdWERndJjbCuPjpa9RqYZiXvpTeh7xVGI9ks
-----END CERTIFICATE-----