This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/HgKic6ekM35QFsoMboEVFjIB9NE.roa
File:                     HgKic6ekM35QFsoMboEVFjIB9NE.roa (raw, json)
Hash identifier:          He9li/VbBorSL9OR08x2iT60v6rUZMCHaohd8CS+JJE=
Subject key identifier:   1E:02:A2:73:A7:A4:33:7E:50:16:CA:0C:6E:81:15:16:32:01:F4:D1
Certificate issuer:       /CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
Certificate serial:       019B7759220D42D8D24872089FC546EC7F36
Authority key identifier: FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/HgKic6ekM35QFsoMboEVFjIB9NE.roa
Signing time:             Thu 01 Jan 2026 02:18:08 +0000
ROA not before:           Thu 01 Jan 2026 02:18:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203
IP address blocks:        185.168.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 23 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:22:0d:42:d8:d2:48:72:08:9f:c5:46:ec:7f:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fca396f1c344b079c5d2f27bfb313377febb2ec7
        Validity
            Not Before: Jan  1 02:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1e02a273a7a4337e5016ca0c6e8115163201f4d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ea:b6:83:20:98:0e:cc:e0:98:48:3d:2b:05:
                    d5:53:14:a0:27:97:75:eb:d4:9c:7c:02:ee:16:ae:
                    3b:38:64:d4:82:0e:a9:a4:2b:db:06:ac:06:4e:e8:
                    81:36:31:a0:7c:1b:e2:a7:ce:a0:66:73:81:83:60:
                    21:f0:4e:3e:94:44:fb:da:0b:69:c5:21:05:3d:6e:
                    e7:6e:6b:3b:c6:64:b8:d4:ea:92:1b:97:9a:9c:4d:
                    97:d9:48:7e:19:21:4e:37:f9:73:10:10:1f:9f:60:
                    d9:da:95:d5:a0:d9:e5:c2:cd:c5:f0:18:50:59:25:
                    44:d8:dd:82:2f:24:a8:8a:d3:09:e8:3f:2a:2d:98:
                    ce:0d:12:7a:53:41:17:77:54:24:1c:8b:dc:3c:fd:
                    01:fd:7a:ac:1f:50:23:fb:88:a8:0d:7c:59:f5:e8:
                    0c:f2:92:20:d5:1f:2e:8a:9d:ec:8d:41:73:f7:cd:
                    ad:93:5b:25:73:cd:3c:92:de:5d:49:52:d0:fd:99:
                    cf:e0:72:c1:7f:c6:2a:0c:ed:a4:96:77:b4:66:51:
                    d1:58:0f:c5:19:bd:95:a8:9e:d7:51:db:63:cc:0f:
                    91:af:93:69:04:d8:10:77:02:91:f3:6a:90:9c:19:
                    6c:41:7a:1b:37:dc:51:ac:71:6f:5c:12:12:7c:04:
                    d1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:02:A2:73:A7:A4:33:7E:50:16:CA:0C:6E:81:15:16:32:01:F4:D1
            X509v3 Authority Key Identifier:
                keyid:FC:A3:96:F1:C3:44:B0:79:C5:D2:F2:7B:FB:31:33:77:FE:BB:2E:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/HgKic6ekM35QFsoMboEVFjIB9NE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/14e141-caa5-41fb-945b-ffb16ebd111f/1/_KOW8cNEsHnF0vJ7-zEzd_67Lsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:d1:ac:9a:d7:61:c5:84:81:ae:4b:20:6c:b7:96:10:29:ba:
         14:72:e4:a3:5b:62:43:56:e4:5b:8c:f4:be:ea:73:f3:e8:5d:
         65:04:90:47:00:64:31:30:e3:fd:51:67:e3:7e:32:f3:63:ef:
         c3:38:4d:8c:60:8e:e5:ba:b3:93:4c:8e:43:00:aa:60:2f:d0:
         9e:ee:e7:e2:42:ab:e8:d5:e4:03:ce:36:db:9a:87:5b:0f:8f:
         f8:04:2d:5b:4c:df:56:92:e4:be:c0:a1:46:4b:32:71:bb:90:
         07:11:52:80:26:92:30:2e:18:c9:d7:d0:a8:32:01:c3:9d:07:
         45:93:90:95:2b:53:c6:e1:d1:50:82:be:e1:8f:46:d6:2e:0d:
         d7:56:d2:b6:a6:fa:f7:79:e7:ab:fa:54:f5:d8:b4:d6:e2:4b:
         b5:e5:c3:83:c6:ea:2b:f7:f2:39:0d:44:45:1f:05:4c:74:1c:
         81:36:6a:32:a1:52:de:0b:e6:61:60:b8:46:20:48:5b:88:b8:
         fd:af:03:c6:ba:7e:65:71:99:df:37:7a:c1:73:cb:b8:bb:48:
         31:5d:b0:49:18:1f:79:17:a1:ba:9c:ab:d8:3c:1b:85:b6:51:
         9b:a1:98:6f:83:45:4a:20:b6:44:eb:67:4f:4d:cb:b2:aa:0b:
         8b:2e:35:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3WSINQtjSSHIIn8VG7H82MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjYTM5NmYxYzM0NGIwNzljNWQyZjI3YmZiMzEzMzc3ZmVi
YjJlYzcwHhcNMjYwMTAxMDIxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTAyYTI3M2E3YTQzMzdlNTAxNmNhMGM2ZTgxMTUxNjMyMDFmNGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOq2gyCYDszgmEg9KwXVUxSgJ5d1
69ScfALuFq47OGTUgg6ppCvbBqwGTuiBNjGgfBvip86gZnOBg2Ah8E4+lET72gtp
xSEFPW7nbms7xmS41OqSG5eanE2X2Uh+GSFON/lzEBAfn2DZ2pXVoNnlws3F8BhQ
WSVE2N2CLySoitMJ6D8qLZjODRJ6U0EXd1QkHIvcPP0B/XqsH1Aj+4ioDXxZ9egM
8pIg1R8uip3sjUFz982tk1slc808kt5dSVLQ/ZnP4HLBf8YqDO2klne0ZlHRWA/F
Gb2VqJ7XUdtjzA+Rr5NpBNgQdwKR82qQnBlsQXobN9xRrHFvXBISfATRRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB4ConOnpDN+UBbKDG6BFRYyAfTRMB8GA1UdIwQY
MBaAFPyjlvHDRLB5xdLye/sxM3f+uy7HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWIt
ZmZiMTZlYmQxMTFmLzEvSGdLaWM2ZWtNMzVRRnNvTWJvRVZGaklCOU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8xNGUxNDEtY2FhNS00MWZiLTk0NWItZmZiMTZlYmQxMTFm
LzEvX0tPVzhjTkVzSG5GMHZKNy16RXpkXzY3THNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuagKMA0G
CSqGSIb3DQEBCwUAA4IBAQCV0aya12HFhIGuSyBst5YQKboUcuSjW2JDVuRbjPS+
6nPz6F1lBJBHAGQxMOP9UWfjfjLzY+/DOE2MYI7lurOTTI5DAKpgL9Ce7ufiQqvo
1eQDzjbbmodbD4/4BC1bTN9WkuS+wKFGSzJxu5AHEVKAJpIwLhjJ19CoMgHDnQdF
k5CVK1PG4dFQgr7hj0bWLg3XVtK2pvr3eeer+lT12LTW4ku15cODxuor9/I5DURF
HwVMdByBNmoyoVLeC+ZhYLhGIEhbiLj9rwPGun5lcZnfN3rBc8u4u0gxXbBJGB95
F6G6nKvYPBuFtlGboZhvg0VKILZE62dPTcuyqguLLjXD
-----END CERTIFICATE-----