This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/XgyNYXwLhPSXrny8NDix9oprHDI.roa
File:                     XgyNYXwLhPSXrny8NDix9oprHDI.roa (raw, json)
Hash identifier:          PWGs9rS5sBhLApUjUmFl5ISIFI1Oly8X3m/3XXPeS0g=
Subject key identifier:   5E:0C:8D:61:7C:0B:84:F4:97:AE:7C:BC:34:38:B1:F6:8A:6B:1C:32
Certificate issuer:       /CN=fe58952d393935f0d3bce814fd9178d04693aeb9
Certificate serial:       019B7C80A361751D064A88ED0246C488BEE2
Authority key identifier: FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/XgyNYXwLhPSXrny8NDix9oprHDI.roa
Signing time:             Fri 02 Jan 2026 02:19:23 +0000
ROA not before:           Fri 02 Jan 2026 02:19:23 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214637
IP address blocks:        89.43.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 22 Jan 2026 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:a3:61:75:1d:06:4a:88:ed:02:46:c4:88:be:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe58952d393935f0d3bce814fd9178d04693aeb9
        Validity
            Not Before: Jan  2 02:19:23 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e0c8d617c0b84f497ae7cbc3438b1f68a6b1c32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:21:d1:2e:ae:48:37:93:d1:b7:80:17:dd:a3:
                    f3:be:77:e7:6c:5c:46:f0:d2:d0:79:1b:6b:c8:02:
                    14:cf:f0:2e:e9:64:64:d1:ae:74:0a:ab:2b:58:93:
                    b5:0b:9f:f9:e5:c2:20:73:d9:30:eb:f9:89:a5:03:
                    90:1a:c4:e7:2c:05:98:96:7a:71:b3:86:c7:85:9f:
                    76:13:ed:a7:54:45:ca:90:ec:d9:9a:11:e8:23:8f:
                    52:20:6b:23:85:d8:61:8e:21:08:ad:5b:9d:85:e9:
                    f6:3d:0f:81:10:16:c1:cf:07:8b:ea:09:54:bd:d4:
                    ca:f3:42:eb:8a:1b:63:83:2d:f1:ad:f6:2d:53:20:
                    40:d6:16:49:42:89:a5:c1:2b:9b:92:de:3b:86:6c:
                    9a:59:9e:f8:61:a0:e0:b1:24:69:5d:4f:91:dc:26:
                    d9:1d:0b:ba:65:25:49:74:ae:a6:2a:0e:36:83:83:
                    16:d3:a3:e4:6d:d1:ff:28:ec:90:6e:02:d5:33:87:
                    2b:20:81:91:84:ac:57:2b:78:83:42:bf:7f:6c:57:
                    37:26:03:d7:2b:e2:73:78:98:d2:4b:70:40:48:b3:
                    10:59:bc:bf:cc:f6:00:f2:46:dc:e1:49:ec:ad:db:
                    4b:43:62:a3:74:5f:e5:b0:a7:ea:3d:3e:01:3f:be:
                    68:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:0C:8D:61:7C:0B:84:F4:97:AE:7C:BC:34:38:B1:F6:8A:6B:1C:32
            X509v3 Authority Key Identifier:
                keyid:FE:58:95:2D:39:39:35:F0:D3:BC:E8:14:FD:91:78:D0:46:93:AE:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_liVLTk5NfDTvOgU_ZF40EaTrrk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/XgyNYXwLhPSXrny8NDix9oprHDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/b26aa8-ace7-4fa6-9e8e-5d48b65ce573/1/_liVLTk5NfDTvOgU_ZF40EaTrrk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.43.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:12:9e:de:b0:91:57:c1:b7:99:12:7f:77:44:f1:04:d4:67:
         48:d4:89:45:02:da:08:db:65:f7:c8:b7:c4:48:76:f1:37:45:
         9c:8b:e3:0e:3a:dd:b9:cd:7c:e3:46:fc:d8:bc:f6:6c:b8:31:
         bf:97:18:a7:cb:91:82:aa:f4:ee:97:a3:b9:94:3d:2e:ab:72:
         47:58:d8:36:df:17:b4:f5:ec:d5:2f:24:0d:ab:c0:6f:46:dc:
         6a:a0:b0:50:44:59:a1:d6:6a:aa:b1:35:93:97:4f:18:8c:52:
         5f:0e:6e:be:ae:1d:6e:cd:f0:3b:d8:7b:21:4f:59:fd:a6:b7:
         1a:01:d1:26:0a:41:e8:92:62:4c:28:e4:02:79:76:69:b1:e2:
         7b:2d:35:69:47:35:49:4f:f2:e3:33:c9:40:12:be:11:a7:9f:
         ef:d3:89:53:8b:9d:ea:02:53:5e:fd:e0:43:b8:f2:91:0e:b8:
         2a:cb:a4:ae:bd:09:16:f4:12:bb:35:a9:a1:92:7a:58:5e:1e:
         ea:b2:88:bf:d5:83:21:08:e0:06:f4:8c:4c:64:85:12:47:d5:
         46:95:93:bc:15:13:e0:c0:c4:4a:51:d9:e1:d6:a3:49:ec:9b:
         8f:8f:88:7e:c3:aa:c7:7a:ae:30:04:9d:8c:7d:b7:24:16:0d:
         5c:74:16:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8gKNhdR0GSojtAkbEiL7iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNTg5NTJkMzkzOTM1ZjBkM2JjZTgxNGZkOTE3OGQwNDY5
M2FlYjkwHhcNMjYwMTAyMDIxOTIzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTBjOGQ2MTdjMGI4NGY0OTdhZTdjYmMzNDM4YjFmNjhhNmIxYzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0yHRLq5IN5PRt4AX3aPzvnfnbFxG
8NLQeRtryAIUz/Au6WRk0a50CqsrWJO1C5/55cIgc9kw6/mJpQOQGsTnLAWYlnpx
s4bHhZ92E+2nVEXKkOzZmhHoI49SIGsjhdhhjiEIrVudhen2PQ+BEBbBzweL6glU
vdTK80Lrihtjgy3xrfYtUyBA1hZJQomlwSubkt47hmyaWZ74YaDgsSRpXU+R3CbZ
HQu6ZSVJdK6mKg42g4MW06PkbdH/KOyQbgLVM4crIIGRhKxXK3iDQr9/bFc3JgPX
K+JzeJjSS3BASLMQWby/zPYA8kbc4UnsrdtLQ2KjdF/lsKfqPT4BP75oKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4MjWF8C4T0l658vDQ4sfaKaxwyMB8GA1UdIwQY
MBaAFP5YlS05OTXw07zoFP2ReNBGk665MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUt
NWQ0OGI2NWNlNTczLzEvWGd5TllYd0xoUFNYcm55OE5EaXg5b3BySERJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9iMjZhYTgtYWNlNy00ZmE2LTllOGUtNWQ0OGI2NWNlNTcz
LzEvX2xpVkxUazVOZkRUdk9nVV9aRjQwRWFUcnJrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWStJMA0G
CSqGSIb3DQEBCwUAA4IBAQCDEp7esJFXwbeZEn93RPEE1GdI1IlFAtoI22X3yLfE
SHbxN0Wci+MOOt25zXzjRvzYvPZsuDG/lxiny5GCqvTul6O5lD0uq3JHWNg23xe0
9ezVLyQNq8BvRtxqoLBQRFmh1mqqsTWTl08YjFJfDm6+rh1uzfA72HshT1n9prca
AdEmCkHokmJMKOQCeXZpseJ7LTVpRzVJT/LjM8lAEr4Rp5/v04lTi53qAlNe/eBD
uPKRDrgqy6SuvQkW9BK7NamhknpYXh7qsoi/1YMhCOAG9IxMZIUSR9VGlZO8FRPg
wMRKUdnh1qNJ7JuPj4h+w6rHeq4wBJ2MfbckFg1cdBYk
-----END CERTIFICATE-----