This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/lhg5zVYrNMLRf5rtCyfanPHKWCo.roa
File:                     lhg5zVYrNMLRf5rtCyfanPHKWCo.roa (raw, json)
Hash identifier:          tJ2WDHFTAECq/EoCtDCOE9Vj8E1Ebzh5Ex98VPbUM4A=
Subject key identifier:   96:18:39:CD:56:2B:34:C2:D1:7F:9A:ED:0B:27:DA:9C:F1:CA:58:2A
Certificate issuer:       /CN=258f5a8e295ad1d7b48a1e11958790052b57a253
Certificate serial:       019B7F80FB1A7F33AC768E02421CC822B15A
Authority key identifier: 25:8F:5A:8E:29:5A:D1:D7:B4:8A:1E:11:95:87:90:05:2B:57:A2:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/lhg5zVYrNMLRf5rtCyfanPHKWCo.roa
Signing time:             Fri 02 Jan 2026 16:18:37 +0000
ROA not before:           Fri 02 Jan 2026 16:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8255
IP address blocks:        145.226.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 03:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:80:fb:1a:7f:33:ac:76:8e:02:42:1c:c8:22:b1:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=258f5a8e295ad1d7b48a1e11958790052b57a253
        Validity
            Not Before: Jan  2 16:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=961839cd562b34c2d17f9aed0b27da9cf1ca582a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:67:6f:33:34:22:8b:97:96:6a:cf:9d:0e:05:
                    3e:84:f6:4b:a5:08:cc:51:6c:11:a5:86:3d:5d:f6:
                    b1:22:9b:10:3e:dd:67:e7:af:3f:46:6e:c8:be:9a:
                    bd:ca:a2:8a:63:d9:8e:5a:51:e5:b9:91:80:4d:81:
                    a5:68:14:e7:9d:06:39:4a:48:3b:8a:22:49:44:a0:
                    f0:f3:e9:36:37:33:d1:e7:05:19:b8:15:73:d5:0e:
                    f8:fa:a5:94:17:c0:1b:20:01:d9:60:08:c7:11:ed:
                    00:d0:06:d9:54:04:bd:29:73:7e:f7:bf:46:96:b2:
                    a0:0e:d9:eb:28:1e:f9:86:19:87:df:fe:98:af:a7:
                    7c:ed:8c:f4:29:c0:d3:50:6f:ec:0b:08:08:cc:5c:
                    fc:a6:b2:13:5c:8b:d8:29:73:fe:03:10:87:2d:b4:
                    03:9a:7c:d6:97:93:37:6b:21:cb:a9:c7:5c:81:21:
                    5d:8d:ce:61:d0:f8:21:d9:4f:48:9b:55:52:2f:c1:
                    cb:00:39:07:0a:44:5a:cf:f9:29:68:0d:d6:18:29:
                    df:04:c3:d0:a6:be:a8:18:01:57:8e:43:52:a0:61:
                    3c:12:0f:bf:86:06:3d:8e:e2:99:bb:4b:5d:60:0b:
                    70:2e:78:3f:96:84:a7:fe:4b:38:00:3a:3a:d7:47:
                    22:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:18:39:CD:56:2B:34:C2:D1:7F:9A:ED:0B:27:DA:9C:F1:CA:58:2A
            X509v3 Authority Key Identifier:
                keyid:25:8F:5A:8E:29:5A:D1:D7:B4:8A:1E:11:95:87:90:05:2B:57:A2:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JY9ajila0de0ih4RlYeQBStXolM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/lhg5zVYrNMLRf5rtCyfanPHKWCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/3719f3-22e1-4344-9a39-458a2736157a/1/JY9ajila0de0ih4RlYeQBStXolM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.226.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a9:c2:9f:d0:5b:a6:df:21:a5:7c:8c:70:8d:1b:cc:28:3a:ea:
         f9:a3:9b:fa:9e:69:0d:f4:6c:0d:f6:52:2e:57:aa:94:8b:58:
         7f:bc:e0:6b:c3:c1:15:21:0e:36:27:e6:2f:b8:ac:ac:e9:0b:
         00:09:7e:88:60:3d:88:04:b5:b0:71:3b:f1:c6:a3:be:1c:a8:
         c0:2f:78:fa:b7:ed:b4:85:28:f2:de:da:7c:ad:7a:7f:ac:58:
         42:e7:bc:9f:36:f5:d0:61:88:e9:95:bd:ae:d7:92:ae:38:8d:
         fb:2f:66:2e:51:8d:dc:bd:d0:48:19:e9:2e:9b:03:53:2a:53:
         08:52:06:ef:f1:c0:66:b3:ef:6d:07:30:a5:80:c4:27:f4:c5:
         70:5c:cc:b4:a4:58:a9:11:b2:38:5e:04:d6:41:f6:c0:6e:86:
         fb:d3:50:a5:33:1d:ff:c0:a6:f7:31:ab:c7:25:75:68:df:54:
         3f:cb:97:a9:aa:cd:bf:9d:3c:41:24:96:07:c1:18:5a:25:99:
         a1:dd:3e:8d:74:c5:9e:cf:77:fb:bd:4d:88:94:28:6b:19:f3:
         a5:b1:34:94:a6:e0:5b:ca:f9:5f:59:ca:8b:d0:85:97:1b:d8:
         89:d4:76:c9:26:f8:23:d8:66:02:61:e0:04:5f:8f:97:53:7d:
         fe:7e:20:34
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZt/gPsafzOsdo4CQhzIIrFaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1OGY1YThlMjk1YWQxZDdiNDhhMWUxMTk1ODc5MDA1MmI1
N2EyNTMwHhcNMjYwMTAyMTYxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjE4MzljZDU2MmIzNGMyZDE3ZjlhZWQwYjI3ZGE5Y2YxY2E1ODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomdvMzQii5eWas+dDgU+hPZLpQjM
UWwRpYY9XfaxIpsQPt1n568/Rm7Ivpq9yqKKY9mOWlHluZGATYGlaBTnnQY5Skg7
iiJJRKDw8+k2NzPR5wUZuBVz1Q74+qWUF8AbIAHZYAjHEe0A0AbZVAS9KXN+979G
lrKgDtnrKB75hhmH3/6Yr6d87Yz0KcDTUG/sCwgIzFz8prITXIvYKXP+AxCHLbQD
mnzWl5M3ayHLqcdcgSFdjc5h0Pgh2U9Im1VSL8HLADkHCkRaz/kpaA3WGCnfBMPQ
pr6oGAFXjkNSoGE8Eg+/hgY9juKZu0tdYAtwLng/loSn/ks4ADo610cizwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJYYOc1WKzTC0X+a7Qsn2pzxylgqMB8GA1UdIwQY
MBaAFCWPWo4pWtHXtIoeEZWHkAUrV6JTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlk5YWppbGEwZGUwaWg0UmxZZVFCU3RYb2xNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi8zNzE5ZjMtMjJlMS00MzQ0LTlhMzkt
NDU4YTI3MzYxNTdhLzEvbGhnNXpWWXJOTUxSZjVydEN5ZmFuUEhLV0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi8zNzE5ZjMtMjJlMS00MzQ0LTlhMzktNDU4YTI3MzYxNTdh
LzEvSlk5YWppbGEwZGUwaWg0UmxZZVFCU3RYb2xNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkeIwDQYJ
KoZIhvcNAQELBQADggEBAKnCn9Bbpt8hpXyMcI0bzCg66vmjm/qeaQ30bA32Ui5X
qpSLWH+84GvDwRUhDjYn5i+4rKzpCwAJfohgPYgEtbBxO/HGo74cqMAvePq37bSF
KPLe2nyten+sWELnvJ829dBhiOmVva7Xkq44jfsvZi5Rjdy90EgZ6S6bA1MqUwhS
Bu/xwGaz720HMKWAxCf0xXBczLSkWKkRsjheBNZB9sBuhvvTUKUzHf/Apvcxq8cl
dWjfVD/Ll6mqzb+dPEEklgfBGFolmaHdPo10xZ7Pd/u9TYiUKGsZ86WxNJSm4FvK
+V9ZyovQhZcb2InUdskm+CPYZgJh4ARfj5dTff5+IDQ=
-----END CERTIFICATE-----