This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/ae2K9tmAIRZd8cJcNm_F_NfRfI4.roa
File:                     ae2K9tmAIRZd8cJcNm_F_NfRfI4.roa (raw, json)
Hash identifier:          oNt4Xcrn0Ecxv4Mw9KGJgnzzWpMIqz/MDYN4HT/YRYk=
Subject key identifier:   69:ED:8A:F6:D9:80:21:16:5D:F1:C2:5C:36:6F:C5:FC:D7:D1:7C:8E
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019B7CEE3AA77583BA6ECF32ECA48352793B
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/ae2K9tmAIRZd8cJcNm_F_NfRfI4.roa
Signing time:             Fri 02 Jan 2026 04:19:05 +0000
ROA not before:           Fri 02 Jan 2026 04:19:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25369
IP address blocks:        78.143.224.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 09:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ee:3a:a7:75:83:ba:6e:cf:32:ec:a4:83:52:79:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 04:19:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69ed8af6d98021165df1c25c366fc5fcd7d17c8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:bf:26:ed:c2:de:25:70:19:60:9e:30:c2:b1:
                    78:89:39:f7:f4:8f:8e:2f:65:3c:e7:46:1a:91:17:
                    88:47:3c:07:d3:44:d2:cd:b7:9f:69:7c:ba:31:01:
                    c2:40:60:30:0e:07:eb:80:b4:bb:bc:01:3e:d5:6c:
                    4a:ec:fe:46:2b:97:23:b8:c9:d5:b2:84:09:b3:73:
                    e3:3c:5c:78:3f:d4:27:eb:a6:2f:07:01:f3:3d:b7:
                    6d:c0:cf:91:8c:6a:3b:92:4a:08:f6:4e:03:23:3a:
                    09:64:57:f3:77:73:a1:24:82:5f:93:60:19:12:4b:
                    62:00:3b:54:2f:93:06:1b:40:8b:2a:3b:11:e8:62:
                    76:75:0a:19:57:22:b9:9f:a6:32:82:df:94:a7:7e:
                    c1:34:bc:d7:16:a7:4e:f0:e1:76:9e:5e:30:b9:9b:
                    91:b9:a3:e4:7b:6a:1c:b0:cb:14:13:7a:28:e4:62:
                    51:ff:fc:81:68:35:89:91:4e:4d:2c:80:69:20:53:
                    49:d2:ad:02:ba:b0:43:5f:87:d9:bc:d2:85:fa:5f:
                    db:7c:e0:f3:f2:81:f1:fe:dc:ad:06:c7:b1:1b:99:
                    18:cd:cb:a8:0f:fe:f4:1e:92:41:c5:6a:62:b3:c0:
                    b4:aa:ea:5f:b9:ed:10:19:00:81:67:72:7c:52:40:
                    be:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:ED:8A:F6:D9:80:21:16:5D:F1:C2:5C:36:6F:C5:FC:D7:D1:7C:8E
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/ae2K9tmAIRZd8cJcNm_F_NfRfI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.143.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:5b:24:76:cd:fd:c1:7c:5e:47:eb:f3:b6:b5:1e:51:0b:77:
         bc:5f:d3:2b:57:a3:6c:5a:86:02:b8:1c:20:c7:31:0b:c0:5f:
         c2:eb:37:75:29:2f:b3:25:67:0e:b0:63:c1:0f:03:b1:b4:8e:
         d5:36:24:90:c2:46:ed:ea:f7:da:94:05:ce:70:db:d7:86:d1:
         6d:0b:db:42:1c:fb:f4:a3:b7:dd:f8:91:4a:53:53:77:c8:54:
         02:39:74:be:16:65:07:e7:dc:fb:07:95:4a:ec:66:94:1f:bc:
         24:ad:39:72:a3:0c:92:f9:95:89:a6:b9:e2:b1:e5:da:2b:9a:
         27:29:32:71:a0:39:1a:9a:fb:6a:b3:24:99:51:c5:64:0d:fa:
         87:96:2b:a4:e3:96:4a:d0:78:62:c1:05:8c:5d:aa:4a:24:f1:
         aa:89:1e:26:3f:89:76:89:e1:60:f9:91:d7:5d:2a:65:f5:4f:
         ad:be:bd:94:85:66:af:b4:f3:7f:3d:c6:57:db:a7:7b:b3:9f:
         e1:99:64:07:ad:75:18:41:03:af:5e:76:82:af:fb:c3:23:50:
         22:9a:5f:8b:05:4f:05:db:31:e8:4c:f1:0f:04:b0:fa:bc:0e:
         b5:39:10:24:ce:b1:c6:da:66:22:5d:1d:60:81:20:68:12:e3:
         a6:8e:6a:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt87jqndYO6bs8y7KSDUnk7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjYwMTAyMDQxOTA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWVkOGFmNmQ5ODAyMTE2NWRmMWMyNWMzNjZmYzVmY2Q3ZDE3YzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA078m7cLeJXAZYJ4wwrF4iTn39I+O
L2U850YakReIRzwH00TSzbefaXy6MQHCQGAwDgfrgLS7vAE+1WxK7P5GK5cjuMnV
soQJs3PjPFx4P9Qn66YvBwHzPbdtwM+RjGo7kkoI9k4DIzoJZFfzd3OhJIJfk2AZ
EktiADtUL5MGG0CLKjsR6GJ2dQoZVyK5n6Yygt+Up37BNLzXFqdO8OF2nl4wuZuR
uaPke2ocsMsUE3oo5GJR//yBaDWJkU5NLIBpIFNJ0q0CurBDX4fZvNKF+l/bfODz
8oHx/tytBsexG5kYzcuoD/70HpJBxWpis8C0qupfue0QGQCBZ3J8UkC+3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGntivbZgCEWXfHCXDZvxfzX0XyOMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvYWUySzl0bUFJUlpkOGNKY05tX0ZfTmZSZkk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDTo/gMA0G
CSqGSIb3DQEBCwUAA4IBAQApWyR2zf3BfF5H6/O2tR5RC3e8X9MrV6NsWoYCuBwg
xzELwF/C6zd1KS+zJWcOsGPBDwOxtI7VNiSQwkbt6vfalAXOcNvXhtFtC9tCHPv0
o7fd+JFKU1N3yFQCOXS+FmUH59z7B5VK7GaUH7wkrTlyowyS+ZWJprniseXaK5on
KTJxoDkamvtqsySZUcVkDfqHliuk45ZK0HhiwQWMXapKJPGqiR4mP4l2ieFg+ZHX
XSpl9U+tvr2UhWavtPN/PcZX26d7s5/hmWQHrXUYQQOvXnaCr/vDI1Aiml+LBU8F
2zHoTPEPBLD6vA61ORAkzrHG2mYiXR1ggSBoEuOmjmqb
-----END CERTIFICATE-----