This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/L-HaZX9usmOHR6Pjk5otTPA1E78.roa
File:                     L-HaZX9usmOHR6Pjk5otTPA1E78.roa (raw, json)
Hash identifier:          /WFLFbwadanJe6aEYwFifcAD7b8Cq5KJxqbQIlZqM3E=
Subject key identifier:   2F:E1:DA:65:7F:6E:B2:63:87:47:A3:E3:93:9A:2D:4C:F0:35:13:BF
Certificate issuer:       /CN=1fc4927ab194ae1237fde2d3bef69038893f0dc5
Certificate serial:       019B7EA6A74DD72CCE0BEEAA3746CC4E6EE4
Authority key identifier: 1F:C4:92:7A:B1:94:AE:12:37:FD:E2:D3:BE:F6:90:38:89:3F:0D:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/L-HaZX9usmOHR6Pjk5otTPA1E78.roa
Signing time:             Fri 02 Jan 2026 12:20:09 +0000
ROA not before:           Fri 02 Jan 2026 12:20:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13097
IP address blocks:        62.100.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 18:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:a7:4d:d7:2c:ce:0b:ee:aa:37:46:cc:4e:6e:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fc4927ab194ae1237fde2d3bef69038893f0dc5
        Validity
            Not Before: Jan  2 12:20:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2fe1da657f6eb2638747a3e3939a2d4cf03513bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:df:1d:b8:b1:b0:3a:c1:ae:5b:93:20:24:ef:
                    25:6e:fc:f0:d1:c9:95:14:50:96:d7:71:0a:f8:0b:
                    3c:af:63:af:96:18:40:e9:dc:84:bc:c0:ec:6b:61:
                    38:51:e2:88:8c:3c:21:e6:78:4c:93:a2:07:c3:49:
                    ae:2e:51:3e:e8:35:bf:f9:a7:47:67:d6:7d:ba:e4:
                    91:13:86:82:3c:a2:37:28:4e:b4:f8:83:6e:84:c0:
                    2a:c2:a4:c7:12:4e:df:b8:3b:b3:7f:db:d8:3f:ba:
                    42:08:3c:75:9e:9e:b5:5a:8a:db:5d:02:1e:4a:a7:
                    11:0f:7c:8b:95:dc:9c:d2:95:ca:f6:5b:25:69:fc:
                    6a:34:89:7e:af:a1:7e:d7:5a:49:2f:41:19:03:13:
                    a9:6c:25:63:ce:a3:e3:5d:84:ce:1a:92:bd:c8:18:
                    d0:1c:21:55:15:51:cb:29:3e:8f:6d:45:05:ed:ed:
                    cf:53:2c:86:c4:eb:29:14:b3:33:3b:48:a2:06:2a:
                    ce:e0:df:55:1b:83:e7:1f:ed:e7:e3:a0:7c:9b:23:
                    66:8a:2c:37:3f:47:3b:b6:8e:9d:ef:e3:d2:ac:60:
                    12:d7:8e:c5:43:12:4e:37:de:7f:ee:6f:84:15:f5:
                    78:66:65:3e:10:d4:76:9c:84:8f:bf:56:f8:4b:9f:
                    3f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E1:DA:65:7F:6E:B2:63:87:47:A3:E3:93:9A:2D:4C:F0:35:13:BF
            X509v3 Authority Key Identifier:
                keyid:1F:C4:92:7A:B1:94:AE:12:37:FD:E2:D3:BE:F6:90:38:89:3F:0D:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H8SSerGUrhI3_eLTvvaQOIk_DcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/L-HaZX9usmOHR6Pjk5otTPA1E78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/943d5d-560c-4314-af82-8b8a01bd7414/1/H8SSerGUrhI3_eLTvvaQOIk_DcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.100.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:6e:6b:b3:f5:38:6d:fe:50:b9:cb:df:e3:c9:14:c4:c3:e5:
         f9:fd:30:94:52:52:48:cb:4e:37:9a:58:b4:09:7d:e4:62:dd:
         91:16:86:a7:a9:4b:97:88:3e:9f:29:af:a2:a1:bf:af:88:11:
         de:bc:b0:b9:3f:4b:72:2c:a3:f3:db:d7:e4:43:37:de:36:be:
         79:1a:19:3a:21:1e:78:17:6a:63:eb:b0:13:65:de:1d:92:59:
         dc:24:14:d2:9d:58:fb:45:90:61:68:ca:7c:b2:cd:ad:35:cc:
         c9:68:66:b2:8d:12:9d:6f:af:85:f9:51:dd:3d:93:fd:2a:06:
         6e:68:cd:45:ca:57:cd:02:5e:bd:69:ff:22:8a:3e:1f:15:ce:
         7e:06:52:91:71:84:25:15:e8:6b:e7:f5:94:21:b4:bd:54:8f:
         e2:ad:b3:f1:e2:99:13:62:dc:a4:91:90:d0:b1:dc:14:5c:32:
         42:55:66:5b:ee:69:95:d2:08:04:24:5a:40:74:ce:07:c9:26:
         95:0e:4f:e1:64:db:94:51:d6:99:cd:8b:a4:b1:73:c9:9f:59:
         29:2c:48:5e:66:3d:ea:af:da:b4:69:db:fb:58:52:1e:fe:fa:
         cb:eb:66:0c:3d:c3:aa:e8:5f:dd:2e:71:8c:49:85:c5:c7:bd:
         e7:5d:17:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pqdN1yzOC+6qN0bMTm7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmYzQ5MjdhYjE5NGFlMTIzN2ZkZTJkM2JlZjY5MDM4ODkz
ZjBkYzUwHhcNMjYwMTAyMTIyMDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmUxZGE2NTdmNmViMjYzODc0N2EzZTM5MzlhMmQ0Y2YwMzUxM2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArN8duLGwOsGuW5MgJO8lbvzw0cmV
FFCW13EK+As8r2OvlhhA6dyEvMDsa2E4UeKIjDwh5nhMk6IHw0muLlE+6DW/+adH
Z9Z9uuSRE4aCPKI3KE60+INuhMAqwqTHEk7fuDuzf9vYP7pCCDx1np61WorbXQIe
SqcRD3yLldyc0pXK9lslafxqNIl+r6F+11pJL0EZAxOpbCVjzqPjXYTOGpK9yBjQ
HCFVFVHLKT6PbUUF7e3PUyyGxOspFLMzO0iiBirO4N9VG4PnH+3n46B8myNmiiw3
P0c7to6d7+PSrGAS147FQxJON95/7m+EFfV4ZmU+ENR2nISPv1b4S58/dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC/h2mV/brJjh0ej45OaLUzwNRO/MB8GA1UdIwQY
MBaAFB/EknqxlK4SN/3i0772kDiJPw3FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDhTU2VyR1VyaEkzX2VMVHZ2YVFPSWtfRGNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS85NDNkNWQtNTYwYy00MzE0LWFmODIt
OGI4YTAxYmQ3NDE0LzEvTC1IYVpYOXVzbU9IUjZQams1b3RUUEExRTc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS85NDNkNWQtNTYwYy00MzE0LWFmODItOGI4YTAxYmQ3NDE0
LzEvSDhTU2VyR1VyaEkzX2VMVHZ2YVFPSWtfRGNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPmRSMA0G
CSqGSIb3DQEBCwUAA4IBAQB0bmuz9Tht/lC5y9/jyRTEw+X5/TCUUlJIy043mli0
CX3kYt2RFoanqUuXiD6fKa+iob+viBHevLC5P0tyLKPz29fkQzfeNr55Ghk6IR54
F2pj67ATZd4dklncJBTSnVj7RZBhaMp8ss2tNczJaGayjRKdb6+F+VHdPZP9KgZu
aM1FylfNAl69af8iij4fFc5+BlKRcYQlFehr5/WUIbS9VI/irbPx4pkTYtykkZDQ
sdwUXDJCVWZb7mmV0ggEJFpAdM4HySaVDk/hZNuUUdaZzYuksXPJn1kpLEheZj3q
r9q0adv7WFIe/vrL62YMPcOq6F/dLnGMSYXFx73nXRfm
-----END CERTIFICATE-----