This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/hkSLq2UREFy1118xumuIZnvQ67Y.roa
File:                     hkSLq2UREFy1118xumuIZnvQ67Y.roa (raw, json)
Hash identifier:          SOh35WJM4tvkJo/U2D6+8WiI7UsWl69I9bV1omMOiek=
Subject key identifier:   86:44:8B:AB:65:11:10:5C:B5:D7:5F:31:BA:6B:88:66:7B:D0:EB:B6
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       019B7FF2727497CC1596545F13DFD3766F7E
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/hkSLq2UREFy1118xumuIZnvQ67Y.roa
Signing time:             Fri 02 Jan 2026 18:22:34 +0000
ROA not before:           Fri 02 Jan 2026 18:22:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43732
IP address blocks:        82.119.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:72:74:97:cc:15:96:54:5f:13:df:d3:76:6f:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  2 18:22:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86448bab6511105cb5d75f31ba6b88667bd0ebb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ad:5f:6f:27:6d:45:1b:69:01:0d:96:94:a4:
                    b5:d4:f0:ff:d8:d1:5b:20:98:f8:fb:02:31:c8:7f:
                    f7:4e:e3:37:77:06:44:66:87:cc:ce:7d:3f:1b:0d:
                    36:9c:6c:62:27:51:f7:f0:60:1e:78:dd:84:a1:39:
                    34:c6:1d:a5:68:e1:c2:81:44:89:45:51:05:90:08:
                    53:31:e5:40:8c:ea:34:b6:8e:a3:6d:68:b2:47:8c:
                    14:e1:4e:1d:eb:58:fd:95:de:85:38:c9:84:05:52:
                    30:30:f2:4f:3a:f6:03:a9:e5:e6:4c:9a:aa:c6:a4:
                    b2:8e:f9:70:38:21:f2:f7:47:24:11:48:8a:13:f7:
                    cd:3a:72:6c:bd:07:f9:94:82:c1:f3:d1:0f:27:4d:
                    e0:15:51:ac:7c:e2:63:ca:9f:f2:f9:81:f5:ae:70:
                    95:8e:d6:3a:01:ec:e7:12:ea:a7:cc:2f:c5:e7:0a:
                    b9:3d:4a:0f:98:f7:1b:52:75:78:02:96:59:f4:47:
                    ad:28:29:21:c7:dd:05:bb:bd:97:53:c8:ef:4d:7f:
                    ef:f6:3e:66:5e:23:72:36:3c:ed:55:17:e9:2a:28:
                    a5:4a:8a:42:6e:c2:c7:73:dc:7c:b1:c3:7a:17:a7:
                    3d:db:3c:cc:65:d8:f5:d8:50:d4:aa:0f:cf:1f:6b:
                    4c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:44:8B:AB:65:11:10:5C:B5:D7:5F:31:BA:6B:88:66:7B:D0:EB:B6
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/hkSLq2UREFy1118xumuIZnvQ67Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:a2:7d:c8:91:a2:ac:6f:77:97:67:63:78:d4:93:c8:71:34:
         6d:2e:6e:7d:b2:14:27:73:78:ab:b8:b2:77:e1:9e:58:c6:1a:
         6b:09:77:91:ff:e4:13:d5:b5:cf:c9:55:74:3e:4d:4a:27:89:
         6e:40:f2:fb:8a:dd:aa:1f:5c:f7:68:de:35:6c:38:8e:0b:7a:
         fa:2f:3f:af:f9:0f:85:ed:b5:26:c0:f8:94:d1:17:74:28:0e:
         38:2b:0c:ea:3b:b4:b5:34:1d:bb:46:9f:1d:93:ab:a5:80:9f:
         89:b6:a0:7a:9b:db:8b:95:2d:ea:dd:4a:a5:63:96:7b:5c:9c:
         f3:86:59:1e:7b:5b:17:f7:1f:a7:cd:35:21:80:a3:fa:6c:90:
         39:1f:1f:d3:1b:8e:32:02:f6:c9:5c:b0:94:43:0b:6d:0e:d0:
         09:7c:1d:c1:08:3f:db:40:7b:c3:6b:5f:5c:0a:0b:60:cb:b0:
         c8:6d:ce:00:c3:0e:16:6d:d1:6b:4e:73:a8:8b:8e:0c:87:3c:
         44:9c:dc:f0:1a:85:6b:ba:1c:15:04:74:db:5c:2d:d4:26:13:
         6e:04:91:d3:92:cc:9a:ca:17:bf:cc:f8:9b:6b:b6:09:3c:a9:
         ce:be:d0:22:ee:3e:f9:0e:b4:51:c4:7e:66:80:c1:4d:c7:e8:
         a5:47:bf:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8nJ0l8wVllRfE9/Tdm9+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjYwMTAyMTgyMjM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjQ0OGJhYjY1MTExMDVjYjVkNzVmMzFiYTZiODg2NjdiZDBlYmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo61fbydtRRtpAQ2WlKS11PD/2NFb
IJj4+wIxyH/3TuM3dwZEZofMzn0/Gw02nGxiJ1H38GAeeN2EoTk0xh2laOHCgUSJ
RVEFkAhTMeVAjOo0to6jbWiyR4wU4U4d61j9ld6FOMmEBVIwMPJPOvYDqeXmTJqq
xqSyjvlwOCHy90ckEUiKE/fNOnJsvQf5lILB89EPJ03gFVGsfOJjyp/y+YH1rnCV
jtY6AeznEuqnzC/F5wq5PUoPmPcbUnV4ApZZ9EetKCkhx90Fu72XU8jvTX/v9j5m
XiNyNjztVRfpKiilSopCbsLHc9x8scN6F6c92zzMZdj12FDUqg/PH2tM3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZEi6tlERBctddfMbpriGZ70Ou2MB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEvaGtTTHEyVVJFRnkxMTE4eHVtdUlabnZRNjdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUndOMA0G
CSqGSIb3DQEBCwUAA4IBAQBson3IkaKsb3eXZ2N41JPIcTRtLm59shQnc3iruLJ3
4Z5YxhprCXeR/+QT1bXPyVV0Pk1KJ4luQPL7it2qH1z3aN41bDiOC3r6Lz+v+Q+F
7bUmwPiU0Rd0KA44KwzqO7S1NB27Rp8dk6ulgJ+JtqB6m9uLlS3q3UqlY5Z7XJzz
hlkee1sX9x+nzTUhgKP6bJA5Hx/TG44yAvbJXLCUQwttDtAJfB3BCD/bQHvDa19c
Cgtgy7DIbc4Aww4WbdFrTnOoi44MhzxEnNzwGoVruhwVBHTbXC3UJhNuBJHTksya
yhe/zPiba7YJPKnOvtAi7j75DrRRxH5mgMFNx+ilR7/k
-----END CERTIFICATE-----