This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/pnumxDfICVHia5do1NtNtM481Fg.roa
File:                     pnumxDfICVHia5do1NtNtM481Fg.roa (raw, json)
Hash identifier:          Z3XykIcH5XHf5JFowplLEgcMZj6sQcUDlFWPwTcLHhA=
Subject key identifier:   A6:7B:A6:C4:37:C8:09:51:E2:6B:97:68:D4:DB:4D:B4:CE:3C:D4:58
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019A7780BFF83910BB484CF644F6FE7FEE93
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/pnumxDfICVHia5do1NtNtM481Fg.roa
Signing time:             Wed 12 Nov 2025 09:58:37 +0000
ROA not before:           Wed 12 Nov 2025 09:58:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398465
IP address blocks:        149.126.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Nov 2025 21:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:77:80:bf:f8:39:10:bb:48:4c:f6:44:f6:fe:7f:ee:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Nov 12 09:58:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a67ba6c437c80951e26b9768d4db4db4ce3cd458
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:67:0c:f5:fe:0e:d6:be:71:22:8f:67:b3:b6:
                    45:8d:31:29:33:16:7d:2e:e9:9a:2c:75:d1:de:eb:
                    9b:15:49:ec:e3:36:ab:71:30:80:b0:71:23:9b:12:
                    76:05:8b:3f:f9:47:23:f5:ba:0d:96:e5:4d:13:35:
                    04:30:b6:f1:00:d8:91:e3:62:66:7e:99:33:7a:90:
                    23:56:1d:aa:41:95:b2:bb:3a:5a:ee:d9:ca:75:67:
                    ef:fa:e0:73:af:49:87:c9:07:d7:33:59:1f:b5:76:
                    01:b8:80:75:57:ba:71:c9:3b:87:91:22:1b:51:8f:
                    98:b7:29:67:f3:c6:81:67:3c:11:27:a4:5b:0f:9b:
                    c6:80:44:00:66:3c:2d:c7:fd:92:c7:56:58:f5:65:
                    60:bd:f3:33:11:78:e7:f3:7c:7b:f6:d9:05:8c:d0:
                    6d:9a:ee:d0:c7:61:32:4b:dc:48:ed:d9:eb:9e:11:
                    69:b9:cd:cc:b3:7f:07:ee:8d:2e:0f:32:3c:26:4b:
                    52:3f:ed:a8:99:a5:09:76:5b:ab:40:28:86:a4:6d:
                    34:5d:41:f5:7d:85:2e:22:97:53:01:67:60:bd:fc:
                    3f:09:e9:9d:26:2e:71:c4:eb:3d:ea:1e:cd:9c:b0:
                    e7:67:19:d3:98:3c:ad:fe:46:bd:90:af:58:7a:a6:
                    36:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:7B:A6:C4:37:C8:09:51:E2:6B:97:68:D4:DB:4D:B4:CE:3C:D4:58
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/pnumxDfICVHia5do1NtNtM481Fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.126.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:de:16:6c:0f:90:98:7b:6d:24:7f:7e:e6:2e:b5:bc:78:53:
         b5:14:92:44:0b:7a:4c:a2:2f:2a:70:c4:eb:57:38:16:fd:a9:
         91:b6:27:0e:40:62:40:91:b2:07:2c:03:fa:15:ee:cc:02:63:
         9a:7b:dd:fe:d3:82:6b:84:4a:73:b1:39:12:7d:8b:99:8f:cd:
         3c:65:0b:d6:e8:e8:72:c9:46:fe:25:a2:a9:35:82:97:88:1b:
         3e:34:29:b2:ba:a4:7c:bc:b3:6e:aa:7c:28:8c:a7:75:3f:02:
         93:fd:93:e0:3e:d9:7b:05:28:2c:f9:00:87:ce:3d:c0:c8:e7:
         2f:dc:2b:5d:55:63:05:27:e0:fd:80:7e:53:cd:e4:ba:b0:90:
         a5:3a:e9:80:7d:48:04:b3:c1:af:46:b4:61:b4:26:a9:1c:a3:
         d8:be:21:9a:c7:ab:80:2a:8e:b4:82:8d:dc:49:a2:32:44:f0:
         2f:50:90:f7:b7:43:48:85:50:03:61:bf:e5:24:c8:92:91:a2:
         26:48:ec:a8:fb:7e:69:c8:d4:8e:31:36:2b:d2:2a:92:23:51:
         a8:8b:c3:6a:60:b0:22:98:48:14:a8:20:0d:84:c9:9a:27:69:
         58:3d:09:77:d9:11:ab:99:64:db:8f:61:24:ff:4e:fc:3f:e6:
         b4:f8:f1:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZp3gL/4ORC7SEz2RPb+f+6TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUxMTEyMDk1ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjdiYTZjNDM3YzgwOTUxZTI2Yjk3NjhkNGRiNGRiNGNlM2NkNDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy2cM9f4O1r5xIo9ns7ZFjTEpMxZ9
LumaLHXR3uubFUns4zarcTCAsHEjmxJ2BYs/+Ucj9boNluVNEzUEMLbxANiR42Jm
fpkzepAjVh2qQZWyuzpa7tnKdWfv+uBzr0mHyQfXM1kftXYBuIB1V7pxyTuHkSIb
UY+Ytyln88aBZzwRJ6RbD5vGgEQAZjwtx/2Sx1ZY9WVgvfMzEXjn83x79tkFjNBt
mu7Qx2EyS9xI7dnrnhFpuc3Ms38H7o0uDzI8JktSP+2omaUJdlurQCiGpG00XUH1
fYUuIpdTAWdgvfw/CemdJi5xxOs96h7NnLDnZxnTmDyt/ka9kK9YeqY2dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZ7psQ3yAlR4muXaNTbTbTOPNRYMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvcG51bXhEZklDVkhpYTVkbzFOdE50TTQ4MUZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClX5YMA0G
CSqGSIb3DQEBCwUAA4IBAQAI3hZsD5CYe20kf37mLrW8eFO1FJJEC3pMoi8qcMTr
VzgW/amRticOQGJAkbIHLAP6Fe7MAmOae93+04JrhEpzsTkSfYuZj808ZQvW6Ohy
yUb+JaKpNYKXiBs+NCmyuqR8vLNuqnwojKd1PwKT/ZPgPtl7BSgs+QCHzj3AyOcv
3CtdVWMFJ+D9gH5TzeS6sJClOumAfUgEs8GvRrRhtCapHKPYviGax6uAKo60go3c
SaIyRPAvUJD3t0NIhVADYb/lJMiSkaImSOyo+35pyNSOMTYr0iqSI1Goi8NqYLAi
mEgUqCANhMmaJ2lYPQl32RGrmWTbj2Ek/078P+a0+PFy
-----END CERTIFICATE-----