This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/HKUtaN-dfGXUJYOdDirxvFEFuro.roa
File:                     HKUtaN-dfGXUJYOdDirxvFEFuro.roa (raw, json)
Hash identifier:          3sdIz+qgtS64f/HywrMmhFpAOwBdr5OpjxTWlYYlbmw=
Subject key identifier:   1C:A5:2D:68:DF:9D:7C:65:D4:25:83:9D:0E:2A:F1:BC:51:05:BA:BA
Certificate issuer:       /CN=60661758ce330622470a39ae8d6ef4a2044f83c4
Certificate serial:       019B775903DAAC632D3A0DA4439DD2880D02
Authority key identifier: 60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/HKUtaN-dfGXUJYOdDirxvFEFuro.roa
Signing time:             Thu 01 Jan 2026 02:18:00 +0000
ROA not before:           Thu 01 Jan 2026 02:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49434
IP address blocks:        95.173.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 05:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:03:da:ac:63:2d:3a:0d:a4:43:9d:d2:88:0d:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60661758ce330622470a39ae8d6ef4a2044f83c4
        Validity
            Not Before: Jan  1 02:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1ca52d68df9d7c65d425839d0e2af1bc5105baba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:83:c8:70:86:d2:b3:95:df:b1:55:f7:64:b7:
                    c2:f3:46:89:36:3a:e0:87:59:d5:a5:76:41:c0:e7:
                    3e:f5:27:04:9a:12:ab:16:c0:67:a6:fa:a1:ec:c0:
                    09:52:f8:60:37:f2:1d:a5:7d:a2:42:25:c8:a4:1e:
                    b3:02:14:c9:89:40:e1:c1:27:8f:2e:dc:03:1a:16:
                    bd:ba:d0:ed:34:00:18:a4:b8:90:dc:dd:3a:e8:4e:
                    6c:58:bd:0a:6b:63:ef:73:3a:b9:df:e2:26:e3:38:
                    b5:3d:64:42:55:1e:63:60:35:82:ea:84:db:09:7d:
                    fe:53:35:0a:d9:50:04:8c:6f:17:45:e4:1f:e2:bc:
                    81:bf:ce:7d:9e:01:21:ff:d4:ce:0d:a6:89:81:c3:
                    c4:2f:69:b9:ff:63:5e:37:f7:30:2c:f8:e6:c8:43:
                    9f:3c:d6:fb:f9:6d:19:c8:cf:a4:06:1c:23:1a:bc:
                    d3:89:b7:cc:07:2e:18:30:d0:03:90:ac:1c:57:0f:
                    86:da:90:94:9c:b2:5b:e2:0b:1c:40:5a:9e:89:96:
                    64:83:73:d8:3c:d6:f6:5d:f3:76:1f:e2:d6:5a:b3:
                    5c:b8:38:36:18:6a:d9:a1:3b:de:24:3d:74:bd:db:
                    a8:85:15:34:7b:b8:47:4b:b9:92:7e:98:cc:b8:77:
                    69:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A5:2D:68:DF:9D:7C:65:D4:25:83:9D:0E:2A:F1:BC:51:05:BA:BA
            X509v3 Authority Key Identifier:
                keyid:60:66:17:58:CE:33:06:22:47:0A:39:AE:8D:6E:F4:A2:04:4F:83:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGYXWM4zBiJHCjmujW70ogRPg8Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/HKUtaN-dfGXUJYOdDirxvFEFuro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/edd128-6d6e-49e3-b77e-1f8746945483/1/YGYXWM4zBiJHCjmujW70ogRPg8Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.173.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:8f:86:0e:c4:84:ff:ef:f3:85:f6:53:f2:19:6a:d4:14:46:
         be:db:ac:23:5f:f2:78:14:51:1e:a4:85:67:65:38:0a:91:83:
         9c:88:21:97:37:b7:c6:6c:5c:f9:33:a5:92:6d:6b:8b:85:25:
         e2:ed:b2:b9:84:0e:8b:67:55:71:7b:54:c7:99:ac:46:d3:66:
         58:d2:2c:86:8a:70:13:a3:5f:7a:4c:1e:bd:cd:f1:69:28:8a:
         12:ee:af:11:7c:b9:d1:25:7b:09:db:81:f6:6e:81:a0:dd:a4:
         e0:19:b2:af:c4:4a:86:bc:2b:b8:1b:46:78:99:3b:65:e1:62:
         a9:03:71:76:9a:56:4f:01:a3:c6:4c:4c:27:6d:52:2e:d8:ff:
         d1:d2:73:10:3f:21:67:25:52:f3:fe:ea:f0:69:a5:6a:6c:f5:
         99:91:7a:c5:9d:1f:79:d3:61:ba:d0:d8:e6:e1:ca:66:84:e0:
         eb:d6:42:38:d2:fb:de:7a:b7:4c:28:8f:63:09:b8:d4:cf:4a:
         84:71:95:de:6e:c2:44:58:a6:1e:df:b1:5d:35:ba:dd:98:ca:
         28:04:2e:89:2d:78:e5:e1:55:6d:2b:ef:63:17:63:89:72:51:
         ee:47:26:bc:58:5d:c6:4c:c7:e4:74:77:b3:2f:a4:e4:e6:39:
         f9:14:0f:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WQParGMtOg2kQ53SiA0CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjYxNzU4Y2UzMzA2MjI0NzBhMzlhZThkNmVmNGEyMDQ0
ZjgzYzQwHhcNMjYwMTAxMDIxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxY2E1MmQ2OGRmOWQ3YzY1ZDQyNTgzOWQwZTJhZjFiYzUxMDViYWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIPIcIbSs5XfsVX3ZLfC80aJNjrg
h1nVpXZBwOc+9ScEmhKrFsBnpvqh7MAJUvhgN/IdpX2iQiXIpB6zAhTJiUDhwSeP
LtwDGha9utDtNAAYpLiQ3N066E5sWL0Ka2Pvczq53+Im4zi1PWRCVR5jYDWC6oTb
CX3+UzUK2VAEjG8XReQf4ryBv859ngEh/9TODaaJgcPEL2m5/2NeN/cwLPjmyEOf
PNb7+W0ZyM+kBhwjGrzTibfMBy4YMNADkKwcVw+G2pCUnLJb4gscQFqeiZZkg3PY
PNb2XfN2H+LWWrNcuDg2GGrZoTveJD10vduohRU0e7hHS7mSfpjMuHdpzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBylLWjfnXxl1CWDnQ4q8bxRBbq6MB8GA1UdIwQY
MBaAFGBmF1jOMwYiRwo5ro1u9KIET4PEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2Ut
MWY4NzQ2OTQ1NDgzLzEvSEtVdGFOLWRmR1hVSllPZERpcnh2RkVGdXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lZGQxMjgtNmQ2ZS00OWUzLWI3N2UtMWY4NzQ2OTQ1NDgz
LzEvWUdZWFdNNHpCaUpIQ2ptdWpXNzBvZ1JQZzhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX60+MA0G
CSqGSIb3DQEBCwUAA4IBAQB0j4YOxIT/7/OF9lPyGWrUFEa+26wjX/J4FFEepIVn
ZTgKkYOciCGXN7fGbFz5M6WSbWuLhSXi7bK5hA6LZ1Vxe1THmaxG02ZY0iyGinAT
o196TB69zfFpKIoS7q8RfLnRJXsJ24H2boGg3aTgGbKvxEqGvCu4G0Z4mTtl4WKp
A3F2mlZPAaPGTEwnbVIu2P/R0nMQPyFnJVLz/urwaaVqbPWZkXrFnR9502G60Njm
4cpmhODr1kI40vveerdMKI9jCbjUz0qEcZXebsJEWKYe37FdNbrdmMooBC6JLXjl
4VVtK+9jF2OJclHuRya8WF3GTMfkdHezL6Tk5jn5FA+A
-----END CERTIFICATE-----