This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LStHQ6_6FnGysDdvnB9r90uq148.roa
File:                     LStHQ6_6FnGysDdvnB9r90uq148.roa (raw, json)
Hash identifier:          VZtIL3tJ8IesutEffpd/YXAZ9n5tgzAzFMNQH1aj0SY=
Subject key identifier:   2D:2B:47:43:AF:FA:16:71:B2:B0:37:6F:9C:1F:6B:F7:4B:AA:D7:8F
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019B7A5ACEF3EAD17AB49374303F48296471
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LStHQ6_6FnGysDdvnB9r90uq148.roa
Signing time:             Thu 01 Jan 2026 16:18:50 +0000
ROA not before:           Thu 01 Jan 2026 16:18:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213515
IP address blocks:        213.210.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 Jan 2026 04:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:ce:f3:ea:d1:7a:b4:93:74:30:3f:48:29:64:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jan  1 16:18:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d2b4743affa1671b2b0376f9c1f6bf74baad78f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:65:90:4d:43:fb:14:ff:41:61:c1:a6:a5:7e:
                    a6:06:36:1e:a6:a0:14:5a:f6:46:55:38:36:bf:8a:
                    7f:64:f6:a7:49:2f:3b:fb:76:fd:85:da:d7:5d:6e:
                    72:60:68:14:ab:85:87:6a:3d:ad:d2:ee:bf:fd:80:
                    2e:ec:ba:45:0b:d4:9e:15:7e:e4:3c:f1:b7:32:00:
                    18:de:93:e7:7a:cc:1c:ac:a4:d8:c1:1d:74:1b:93:
                    61:aa:24:37:be:bd:13:58:10:d2:c6:48:a1:97:2d:
                    05:cf:cd:5c:75:e6:a7:a9:70:55:89:21:21:37:77:
                    78:f6:40:af:97:5b:94:68:19:67:97:28:4c:cb:b1:
                    01:61:19:92:31:dc:53:39:ef:9d:be:ae:0e:22:e7:
                    17:ec:20:d2:94:66:34:d5:e1:06:c9:50:f9:8f:4d:
                    3a:8c:b4:6d:b6:40:4c:c6:f1:f3:6a:42:bd:87:b5:
                    90:8e:34:58:e3:e8:4d:bc:a2:a4:a1:c0:00:c1:a2:
                    4a:4f:c7:48:b3:30:c7:60:dc:93:1c:18:fe:93:b3:
                    58:69:67:67:94:d8:ec:15:bb:7c:7f:12:11:7d:9b:
                    94:c1:6e:25:e5:39:b7:65:62:05:00:7a:1b:d6:66:
                    60:fb:92:f6:69:7e:79:21:aa:72:d8:84:ef:5f:45:
                    05:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:2B:47:43:AF:FA:16:71:B2:B0:37:6F:9C:1F:6B:F7:4B:AA:D7:8F
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/LStHQ6_6FnGysDdvnB9r90uq148.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.210.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:30:eb:f1:29:8e:bc:30:bf:a5:21:f7:07:06:49:d0:7d:5c:
         69:cb:d1:f4:fa:e9:91:01:99:aa:13:85:eb:a1:e1:99:ad:7d:
         af:08:d9:55:4d:d9:21:e9:62:8a:3b:ea:d5:05:8a:54:ae:f6:
         cc:a5:f4:b0:19:5a:2b:68:f1:fe:84:14:17:3a:42:c0:ff:ff:
         d5:ab:a6:d2:ec:58:74:8f:8b:15:e5:c6:c5:d4:e5:0c:39:39:
         a7:7c:a4:f6:45:0d:71:bc:3e:2e:e0:00:6f:24:02:7d:59:b1:
         0e:d3:92:9c:e5:00:88:12:eb:55:ab:2e:34:5b:a8:f5:b5:0a:
         93:a4:76:7b:79:28:84:ec:c0:07:62:58:a2:95:74:1c:63:a7:
         e1:f7:5f:67:4a:33:0f:a3:60:35:92:c0:d1:a0:2b:a1:22:66:
         3c:10:54:bd:8b:9a:b8:af:67:c9:f7:8b:98:be:8e:86:52:3c:
         61:04:75:02:57:2f:40:ec:62:58:18:d1:77:c6:20:40:85:35:
         d1:81:48:64:70:41:d3:fc:ea:fe:cd:02:20:6b:ad:43:77:8f:
         ac:80:a7:17:e8:f0:58:11:ad:44:12:95:e4:04:11:a1:4b:70:
         85:84:48:4c:60:0c:b2:ac:c2:35:20:90:c9:e5:ba:38:70:57:
         06:62:ee:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6Ws7z6tF6tJN0MD9IKWRxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwMTAxMTYxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDJiNDc0M2FmZmExNjcxYjJiMDM3NmY5YzFmNmJmNzRiYWFkNzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmWQTUP7FP9BYcGmpX6mBjYepqAU
WvZGVTg2v4p/ZPanSS87+3b9hdrXXW5yYGgUq4WHaj2t0u6//YAu7LpFC9SeFX7k
PPG3MgAY3pPneswcrKTYwR10G5NhqiQ3vr0TWBDSxkihly0Fz81cdeanqXBViSEh
N3d49kCvl1uUaBlnlyhMy7EBYRmSMdxTOe+dvq4OIucX7CDSlGY01eEGyVD5j006
jLRttkBMxvHzakK9h7WQjjRY4+hNvKKkocAAwaJKT8dIszDHYNyTHBj+k7NYaWdn
lNjsFbt8fxIRfZuUwW4l5Tm3ZWIFAHob1mZg+5L2aX55Iapy2ITvX0UFvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC0rR0Ov+hZxsrA3b5wfa/dLqtePMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvTFN0SFE2XzZGbkd5c0Rkdm5COXI5MHVxMTQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1dIiMA0G
CSqGSIb3DQEBCwUAA4IBAQCkMOvxKY68ML+lIfcHBknQfVxpy9H0+umRAZmqE4Xr
oeGZrX2vCNlVTdkh6WKKO+rVBYpUrvbMpfSwGVoraPH+hBQXOkLA///Vq6bS7Fh0
j4sV5cbF1OUMOTmnfKT2RQ1xvD4u4ABvJAJ9WbEO05Kc5QCIEutVqy40W6j1tQqT
pHZ7eSiE7MAHYliilXQcY6fh919nSjMPo2A1ksDRoCuhImY8EFS9i5q4r2fJ94uY
vo6GUjxhBHUCVy9A7GJYGNF3xiBAhTXRgUhkcEHT/Or+zQIga61Dd4+sgKcX6PBY
Ea1EEpXkBBGhS3CFhEhMYAyyrMI1IJDJ5bo4cFcGYu5K
-----END CERTIFICATE-----