This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/hge-Ve9q0lKlQREiUHeFuyA4WQk.roa
File:                     hge-Ve9q0lKlQREiUHeFuyA4WQk.roa (raw, json)
Hash identifier:          x1Lpt97LAF6Y7q6CRbpTpILgBS57gJIZ1Yw3lo8Hld0=
Subject key identifier:   86:07:BE:55:EF:6A:D2:52:A5:41:11:22:50:77:85:BB:20:38:59:09
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019B76EB04F8E5BFC09CD26C4E4E293F265A
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/hge-Ve9q0lKlQREiUHeFuyA4WQk.roa
Signing time:             Thu 01 Jan 2026 00:17:52 +0000
ROA not before:           Thu 01 Jan 2026 00:17:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401984
IP address blocks:        155.254.100.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:04:f8:e5:bf:c0:9c:d2:6c:4e:4e:29:3f:26:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  1 00:17:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8607be55ef6ad252a5411122507785bb20385909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:18:33:19:6d:b9:e7:29:c2:a3:95:ec:ec:d2:
                    a2:c6:e1:d5:ed:5f:bd:55:6f:e8:f3:09:4d:8f:f0:
                    be:e8:2e:35:32:fa:4d:62:01:fa:28:86:df:3f:42:
                    47:c0:92:9f:66:89:7d:0a:60:29:4e:92:b3:86:5b:
                    a9:30:84:0a:93:a3:48:15:c6:c0:2c:eb:19:40:61:
                    ba:0e:58:0d:55:31:03:83:d6:cd:9f:0d:44:11:51:
                    56:e4:82:8a:ec:19:fd:b8:da:d4:2e:64:c9:9d:59:
                    9a:59:a4:52:39:9f:ec:44:58:e2:99:9b:93:99:05:
                    e7:61:6c:21:28:9f:16:52:51:59:32:2b:99:59:68:
                    24:a0:4b:66:32:c5:50:2a:74:a0:ab:3e:3a:53:6e:
                    ea:bd:20:bc:f4:b3:54:2f:64:bc:82:4b:2c:9f:74:
                    0a:2e:95:34:bc:42:b3:65:38:34:8c:84:ff:47:80:
                    92:8a:a3:95:1e:94:ff:bd:40:24:2e:96:ba:25:e4:
                    e2:0b:40:e2:5b:f9:2f:2b:b4:2e:72:f4:e3:db:1b:
                    12:c0:4b:00:13:5f:94:b4:fb:45:21:83:4b:ac:35:
                    4e:0b:d5:01:5a:90:44:5f:b9:1c:a3:06:8c:84:73:
                    d2:c7:92:95:78:fb:78:6c:ac:a3:e3:fa:b0:32:70:
                    68:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:07:BE:55:EF:6A:D2:52:A5:41:11:22:50:77:85:BB:20:38:59:09
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/hge-Ve9q0lKlQREiUHeFuyA4WQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.254.100.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cd:2a:50:54:03:4b:85:a0:60:6a:c2:32:dc:02:e0:f1:25:3a:
         ce:3d:c5:0f:72:50:d2:01:cf:99:8e:8e:a0:c9:d0:bc:a4:b3:
         fa:32:a0:84:00:9a:65:0a:7a:8e:a8:00:3d:1b:8a:f7:cb:ce:
         4c:ab:50:57:5d:51:cb:6b:ed:51:c8:f5:f2:d8:7b:a7:4f:94:
         15:49:0a:6d:53:c4:3d:d9:ac:be:e6:a1:67:5e:ba:23:c5:ce:
         a7:e5:0b:5c:0c:28:35:08:66:15:1c:aa:0c:0a:6c:eb:ef:b4:
         b8:07:43:7e:35:76:bc:f5:66:80:0d:bd:03:3c:36:12:dc:43:
         f2:f8:ce:1a:b8:16:53:38:7a:01:d5:4b:5e:b6:62:b7:9c:49:
         59:0d:d7:6e:e4:33:1a:db:9c:00:ff:c7:08:38:0f:50:8a:a5:
         5d:65:74:bd:43:85:ed:c6:ee:5d:47:6b:11:c6:6e:a8:51:5d:
         06:1f:fe:fa:2c:19:64:d9:91:70:00:93:c2:95:87:69:c8:15:
         ee:49:a7:33:80:e5:4c:3e:67:73:4c:63:78:56:66:0c:2b:48:
         bf:13:0f:d5:87:9b:8e:10:33:cf:c3:a1:4e:5e:33:40:26:c3:
         0f:e7:c0:f3:ba:b2:f1:ae:61:bd:fd:f8:6f:b6:59:17:8e:ac:
         3c:df:68:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26wT45b/AnNJsTk4pPyZaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwMTAxMDAxNzUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjA3YmU1NWVmNmFkMjUyYTU0MTExMjI1MDc3ODViYjIwMzg1OTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxgzGW255ynCo5Xs7NKixuHV7V+9
VW/o8wlNj/C+6C41MvpNYgH6KIbfP0JHwJKfZol9CmApTpKzhlupMIQKk6NIFcbA
LOsZQGG6DlgNVTEDg9bNnw1EEVFW5IKK7Bn9uNrULmTJnVmaWaRSOZ/sRFjimZuT
mQXnYWwhKJ8WUlFZMiuZWWgkoEtmMsVQKnSgqz46U27qvSC89LNUL2S8gkssn3QK
LpU0vEKzZTg0jIT/R4CSiqOVHpT/vUAkLpa6JeTiC0DiW/kvK7QucvTj2xsSwEsA
E1+UtPtFIYNLrDVOC9UBWpBEX7kcowaMhHPSx5KVePt4bKyj4/qwMnBowQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYHvlXvatJSpUERIlB3hbsgOFkJMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvaGdlLVZlOXEwbEtsUVJFaVVIZUZ1eUE0V1FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCm/5kMA0G
CSqGSIb3DQEBCwUAA4IBAQDNKlBUA0uFoGBqwjLcAuDxJTrOPcUPclDSAc+Zjo6g
ydC8pLP6MqCEAJplCnqOqAA9G4r3y85Mq1BXXVHLa+1RyPXy2HunT5QVSQptU8Q9
2ay+5qFnXrojxc6n5QtcDCg1CGYVHKoMCmzr77S4B0N+NXa89WaADb0DPDYS3EPy
+M4auBZTOHoB1UtetmK3nElZDddu5DMa25wA/8cIOA9QiqVdZXS9Q4Xtxu5dR2sR
xm6oUV0GH/76LBlk2ZFwAJPClYdpyBXuSaczgOVMPmdzTGN4VmYMK0i/Ew/Vh5uO
EDPPw6FOXjNAJsMP58DzurLxrmG9/fhvtlkXjqw832ii
-----END CERTIFICATE-----