This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/HCKraaURSntp6yoXn8ZCNFoWABI.roa
File:                     HCKraaURSntp6yoXn8ZCNFoWABI.roa (raw, json)
Hash identifier:          D0iuzJWsDdl2h0cn/qsVBvA6HzmKW+p+4TvfHRfh3GY=
Subject key identifier:   1C:22:AB:69:A5:11:4A:7B:69:EB:2A:17:9F:C6:42:34:5A:16:00:12
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019B7EA6ECC5F34AE2A9023EE94A63579B4D
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/HCKraaURSntp6yoXn8ZCNFoWABI.roa
Signing time:             Fri 02 Jan 2026 12:20:27 +0000
ROA not before:           Fri 02 Jan 2026 12:20:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42831
IP address blocks:        178.254.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:ec:c5:f3:4a:e2:a9:02:3e:e9:4a:63:57:9b:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  2 12:20:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c22ab69a5114a7b69eb2a179fc642345a160012
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:10:74:46:38:92:df:05:46:8a:57:e0:48:ca:
                    15:ee:9c:ec:8d:e1:39:aa:ee:a3:c6:74:44:0e:b1:
                    d9:ea:29:73:6c:19:64:5f:92:39:96:61:d2:3f:b1:
                    0d:dd:24:7a:18:f2:69:83:a9:c1:bb:e3:b7:9b:db:
                    fc:83:b0:ad:eb:fc:cf:c9:4e:f9:87:c2:69:3a:c6:
                    73:78:55:15:5a:59:27:0a:58:8b:41:cd:d5:f2:be:
                    8e:f4:a9:34:e9:38:ff:69:a2:45:ba:f4:fb:ba:8b:
                    9e:b1:1d:35:6a:1f:d4:de:84:f4:28:c1:7c:c6:c4:
                    1b:03:9d:36:fd:92:50:a6:8c:08:13:9b:25:f6:dc:
                    48:0a:94:fb:a0:a1:d3:3c:8d:71:de:23:6e:80:bc:
                    8a:2c:f9:41:ef:29:a0:ae:bc:73:f0:e4:38:e5:d3:
                    84:da:af:1d:ee:9c:a9:03:b4:93:fc:72:81:51:64:
                    b2:c7:c5:7f:c4:5e:dd:62:58:1b:45:f9:4d:0e:e1:
                    54:23:4c:ec:85:91:64:23:d9:11:75:61:39:01:78:
                    91:ba:60:53:f8:67:bb:b2:cf:44:67:72:de:a7:51:
                    c6:d0:2d:b4:35:25:07:c4:28:79:e4:20:e4:58:c5:
                    d1:f9:ed:8e:34:58:bc:bc:66:0c:64:df:26:06:41:
                    6e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:22:AB:69:A5:11:4A:7B:69:EB:2A:17:9F:C6:42:34:5A:16:00:12
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/HCKraaURSntp6yoXn8ZCNFoWABI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.254.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:4c:68:61:dd:8a:7a:99:5e:80:6b:84:68:77:20:86:2d:9d:
         e2:08:2f:40:36:09:01:86:ee:9f:d8:07:85:ca:4c:ce:d4:bb:
         ce:8f:1f:e3:3f:64:da:b4:a1:74:4f:32:ce:4f:c2:01:69:ba:
         cb:2c:dc:4d:35:cc:6b:67:ce:4d:59:45:63:62:08:30:30:6c:
         23:e9:62:f9:8f:9f:5b:3b:7f:47:de:72:46:53:86:c4:3a:02:
         7c:d3:5b:7b:d4:51:eb:ab:26:25:45:b9:33:96:88:ac:d8:cb:
         8d:cc:01:5c:0e:ac:6f:0b:a1:86:2a:02:e9:9e:f7:8f:92:94:
         0a:d4:03:13:b2:67:11:9b:3e:4e:f4:bd:45:c1:c8:e0:86:79:
         61:96:5d:88:7c:bd:9d:92:c4:d8:7f:83:c1:98:16:00:a7:6e:
         0f:b2:fd:c6:ed:4d:46:41:6b:c8:53:bc:95:4e:56:30:92:ce:
         98:65:8e:2f:25:ee:95:e2:99:59:f1:34:2b:db:eb:c4:5b:68:
         15:4f:40:d1:bd:4a:e0:24:c8:e8:92:08:73:72:c3:8d:57:1c:
         43:89:40:05:25:a0:27:58:59:43:f7:5c:19:b6:73:8e:f6:c8:
         7d:07:64:f6:85:b2:08:0c:22:c4:02:42:70:74:c4:a8:5b:3f:
         92:9c:19:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+puzF80riqQI+6UpjV5tNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMTAyMTIyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzIyYWI2OWE1MTE0YTdiNjllYjJhMTc5ZmM2NDIzNDVhMTYwMDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRB0RjiS3wVGilfgSMoV7pzsjeE5
qu6jxnREDrHZ6ilzbBlkX5I5lmHSP7EN3SR6GPJpg6nBu+O3m9v8g7Ct6/zPyU75
h8JpOsZzeFUVWlknCliLQc3V8r6O9Kk06Tj/aaJFuvT7uouesR01ah/U3oT0KMF8
xsQbA502/ZJQpowIE5sl9txICpT7oKHTPI1x3iNugLyKLPlB7ymgrrxz8OQ45dOE
2q8d7pypA7ST/HKBUWSyx8V/xF7dYlgbRflNDuFUI0zshZFkI9kRdWE5AXiRumBT
+Ge7ss9EZ3Lep1HG0C20NSUHxCh55CDkWMXR+e2ONFi8vGYMZN8mBkFu5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBwiq2mlEUp7aesqF5/GQjRaFgASMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvSENLcmFhVVJTbnRwNnlvWG44WkNORm9XQUJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv60MA0G
CSqGSIb3DQEBCwUAA4IBAQBRTGhh3Yp6mV6Aa4RodyCGLZ3iCC9ANgkBhu6f2AeF
ykzO1LvOjx/jP2TatKF0TzLOT8IBabrLLNxNNcxrZ85NWUVjYggwMGwj6WL5j59b
O39H3nJGU4bEOgJ801t71FHrqyYlRbkzlois2MuNzAFcDqxvC6GGKgLpnvePkpQK
1AMTsmcRmz5O9L1Fwcjghnlhll2IfL2dksTYf4PBmBYAp24Psv3G7U1GQWvIU7yV
TlYwks6YZY4vJe6V4plZ8TQr2+vEW2gVT0DRvUrgJMjokghzcsONVxxDiUAFJaAn
WFlD91wZtnOO9sh9B2T2hbIIDCLEAkJwdMSoWz+SnBmV
-----END CERTIFICATE-----