This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/Hfoah63MFqJPkakOcHQO0XogmC8.roa
File:                     Hfoah63MFqJPkakOcHQO0XogmC8.roa (raw, json)
Hash identifier:          PJRAPw/nXAgciheIfYYCZ+tdG0J3p5Vu+VXUL+c/Azw=
Subject key identifier:   1D:FA:1A:87:AD:CC:16:A2:4F:91:A9:0E:70:74:0E:D1:7A:20:98:2F
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019B7C7F5D8BAE38C2B6A1B18531BB8EB0C4
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/Hfoah63MFqJPkakOcHQO0XogmC8.roa
Signing time:             Fri 02 Jan 2026 02:18:00 +0000
ROA not before:           Fri 02 Jan 2026 02:18:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201615
IP address blocks:        77.79.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:5d:8b:ae:38:c2:b6:a1:b1:85:31:bb:8e:b0:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 02:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1dfa1a87adcc16a24f91a90e70740ed17a20982f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:44:bd:e8:26:48:b0:8d:c9:eb:48:ff:74:05:
                    49:1d:e8:a8:24:95:db:c2:47:18:2a:f5:54:d0:1c:
                    72:25:25:97:e4:cb:fa:95:ff:24:09:09:4b:4b:1e:
                    a8:19:3f:03:23:b4:bf:ae:9a:3b:01:3a:e6:13:2d:
                    54:cd:bb:51:b7:99:64:15:1a:96:7d:db:9e:1c:27:
                    77:1d:a6:e6:ed:b1:cb:07:b0:a2:8d:b6:36:36:d7:
                    a2:a5:be:5c:33:24:cd:b3:a5:86:7d:bb:45:22:b5:
                    7d:fd:a8:74:fb:42:08:55:7e:06:b7:b2:ac:fe:c8:
                    d0:59:fb:28:00:80:e2:47:c3:58:3c:c6:76:67:6e:
                    8b:ec:5b:77:b1:c1:2c:cc:5e:c5:a2:57:22:05:3a:
                    86:74:ba:20:c9:91:09:5b:4f:c2:04:b7:1f:27:7e:
                    53:85:02:e9:f1:14:8c:5a:e5:1e:8a:0a:cf:26:40:
                    dc:34:b0:64:6e:a0:0b:0a:1f:ef:9e:8f:5d:63:46:
                    36:65:2c:c7:03:7a:3e:e3:a4:f3:bc:25:1e:24:07:
                    26:18:a4:ec:a7:c5:2b:e1:21:f8:3e:49:82:11:d6:
                    17:3f:d4:fd:7a:fb:15:84:07:2b:16:24:f4:76:d6:
                    56:22:4c:1d:fc:f6:21:ea:5d:2f:39:1b:5c:6e:b8:
                    70:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:FA:1A:87:AD:CC:16:A2:4F:91:A9:0E:70:74:0E:D1:7A:20:98:2F
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/Hfoah63MFqJPkakOcHQO0XogmC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.79.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:6a:66:c1:e5:ff:35:ce:c7:0f:36:c8:bb:3d:fd:3d:6b:16:
         ba:d5:e4:1c:2d:09:f0:1f:e4:d0:2c:1f:d4:d8:44:d8:a3:69:
         ef:1c:95:ce:46:4f:89:ee:b9:93:38:ba:28:70:f6:c9:4c:3c:
         75:8f:5b:fc:21:41:4d:ee:13:4d:29:95:a5:f2:6e:35:11:3a:
         0a:a5:7f:dc:e0:06:92:31:c3:05:1e:b0:0f:62:df:1a:58:50:
         c6:66:bf:61:72:8d:12:72:cd:58:c4:0d:ad:5b:01:84:11:72:
         f0:f2:10:65:43:e7:e2:6f:da:b7:e5:35:3c:7f:84:0c:6f:1e:
         76:59:59:31:ed:90:13:5c:77:66:c8:bb:a4:01:66:68:ed:e5:
         5e:25:82:5e:ec:08:83:0c:e7:ef:b6:92:a2:3c:6f:a5:eb:51:
         c1:61:bd:66:f5:89:eb:56:6e:32:2f:7d:1f:02:6a:a9:7d:97:
         f5:c5:db:e6:dd:72:ac:13:7d:49:15:79:f1:bf:e5:e4:96:1e:
         33:46:76:0c:d7:2a:fb:a6:9e:fb:ac:a7:52:a3:bd:7b:e5:ce:
         17:3d:27:c5:66:b4:69:d0:58:7a:cf:8b:32:26:66:21:cb:2b:
         4c:5e:d2:aa:eb:9d:e6:6a:33:50:e3:97:48:35:1e:10:8b:fa:
         08:0a:00:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8f12LrjjCtqGxhTG7jrDEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjYwMTAyMDIxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGZhMWE4N2FkY2MxNmEyNGY5MWE5MGU3MDc0MGVkMTdhMjA5ODJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjES96CZIsI3J60j/dAVJHeioJJXb
wkcYKvVU0BxyJSWX5Mv6lf8kCQlLSx6oGT8DI7S/rpo7ATrmEy1UzbtRt5lkFRqW
fdueHCd3Habm7bHLB7CijbY2Nteipb5cMyTNs6WGfbtFIrV9/ah0+0IIVX4Gt7Ks
/sjQWfsoAIDiR8NYPMZ2Z26L7Ft3scEszF7FolciBTqGdLogyZEJW0/CBLcfJ35T
hQLp8RSMWuUeigrPJkDcNLBkbqALCh/vno9dY0Y2ZSzHA3o+46TzvCUeJAcmGKTs
p8Ur4SH4PkmCEdYXP9T9evsVhAcrFiT0dtZWIkwd/PYh6l0vORtcbrhwMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB36GoetzBaiT5GpDnB0DtF6IJgvMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvSGZvYWg2M01GcUpQa2FrT2NIUU8wWG9nbUM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATU/MMA0G
CSqGSIb3DQEBCwUAA4IBAQC1ambB5f81zscPNsi7Pf09axa61eQcLQnwH+TQLB/U
2ETYo2nvHJXORk+J7rmTOLoocPbJTDx1j1v8IUFN7hNNKZWl8m41EToKpX/c4AaS
McMFHrAPYt8aWFDGZr9hco0Scs1YxA2tWwGEEXLw8hBlQ+fib9q35TU8f4QMbx52
WVkx7ZATXHdmyLukAWZo7eVeJYJe7AiDDOfvtpKiPG+l61HBYb1m9YnrVm4yL30f
AmqpfZf1xdvm3XKsE31JFXnxv+Xklh4zRnYM1yr7pp77rKdSo7175c4XPSfFZrRp
0Fh6z4syJmYhyytMXtKq653majNQ45dINR4Qi/oICgD/
-----END CERTIFICATE-----