This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/XOw8JNJO-uIg9HHlnw548ZJ5LdI.roa
File:                     XOw8JNJO-uIg9HHlnw548ZJ5LdI.roa (raw, json)
Hash identifier:          jEOkOMDISMGQm6lDZ5S6iuPlerKdJ4lpqsbuzz6ZhmY=
Subject key identifier:   5C:EC:3C:24:D2:4E:FA:E2:20:F4:71:E5:9F:0E:78:F1:92:79:2D:D2
Certificate issuer:       /CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
Certificate serial:       019B77C757FD2EB4EDC15AB3F99BBFF456B5
Authority key identifier: 09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/XOw8JNJO-uIg9HHlnw548ZJ5LdI.roa
Signing time:             Thu 01 Jan 2026 04:18:31 +0000
ROA not before:           Thu 01 Jan 2026 04:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        89.187.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 02:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:57:fd:2e:b4:ed:c1:5a:b3:f9:9b:bf:f4:56:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=091ec7ccf0fa761ed99bc5a7a9ec0d0eeb0bf055
        Validity
            Not Before: Jan  1 04:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5cec3c24d24efae220f471e59f0e78f192792dd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:3a:e6:42:1a:23:9c:9e:62:84:39:59:fd:a9:
                    83:45:35:6e:5a:06:e1:61:27:34:bd:89:75:30:b9:
                    11:23:58:0d:c3:94:68:ef:16:2b:8d:c4:4e:b2:f9:
                    21:28:08:b8:42:38:89:11:a6:6c:3f:e8:e3:5a:ab:
                    9d:28:ad:f4:f6:4a:ce:51:45:57:ae:3d:37:41:e8:
                    3b:17:7c:a6:14:23:91:fd:a7:75:c8:82:29:2d:14:
                    17:02:11:2b:24:3a:87:9f:ed:39:40:19:53:f1:fc:
                    37:f2:db:75:b4:8c:d5:cf:6d:70:c7:52:cc:97:91:
                    52:17:4b:81:f8:51:5d:9d:c3:0d:27:91:c8:c9:f2:
                    3a:13:8f:ff:ce:41:24:ce:f9:ff:c9:09:21:9a:db:
                    a8:41:eb:66:56:94:66:39:c7:ba:ad:e9:3a:a4:6c:
                    2a:56:8c:23:fb:d5:31:08:27:86:e7:b2:fa:f2:a5:
                    71:05:ff:e3:f0:31:43:44:48:aa:ca:c8:0f:17:71:
                    30:2f:71:66:4e:9f:c2:d0:bd:07:10:9f:55:8c:a1:
                    22:9f:cc:5b:0d:de:a7:59:8b:aa:fa:73:1a:15:b0:
                    53:12:79:60:a6:3a:d5:b1:30:de:51:49:6d:31:f1:
                    9e:77:c9:7f:06:eb:24:95:5b:ee:0c:59:af:c4:d8:
                    ef:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:EC:3C:24:D2:4E:FA:E2:20:F4:71:E5:9F:0E:78:F1:92:79:2D:D2
            X509v3 Authority Key Identifier:
                keyid:09:1E:C7:CC:F0:FA:76:1E:D9:9B:C5:A7:A9:EC:0D:0E:EB:0B:F0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CR7HzPD6dh7Zm8WnqewNDusL8FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/XOw8JNJO-uIg9HHlnw548ZJ5LdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/e6478a-7b73-4758-addd-45cfc857dddd/1/CR7HzPD6dh7Zm8WnqewNDusL8FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.187.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:5b:23:b3:93:08:6a:2e:be:5c:17:e8:a4:86:c0:d8:fb:29:
         9f:59:a8:d2:9a:a7:1d:d7:92:9f:e3:85:32:24:be:20:d8:1d:
         5b:12:97:fa:d0:b4:95:76:63:2f:86:39:e9:4d:58:35:c4:13:
         0b:38:46:8d:c7:1b:79:7e:f4:83:0a:6f:7a:fd:eb:6b:a6:21:
         56:c0:51:39:38:56:47:a9:78:21:52:03:ad:05:ae:65:95:92:
         f3:db:48:34:14:20:6d:f0:6d:dc:82:87:41:c3:d3:25:29:5f:
         7e:cf:1d:2a:2b:1d:24:53:33:e7:9d:57:ae:c8:db:a9:db:76:
         93:2b:73:82:e7:0d:50:e1:20:a2:09:6c:7c:b8:08:cc:09:3a:
         fc:61:ae:26:e7:78:d6:f6:33:c3:e7:4d:04:92:01:77:f1:80:
         31:ec:0d:e8:32:7b:50:d4:64:ff:54:f4:d2:44:16:eb:3e:5c:
         fc:ba:d0:3d:56:81:20:6d:e6:ea:d9:32:37:88:ef:b0:9c:c6:
         01:dd:23:91:20:46:7a:11:9a:ae:d0:4a:a1:7d:25:51:79:de:
         45:c9:58:48:26:45:87:52:c2:16:d9:50:11:f1:3a:55:7e:cb:
         13:50:02:f0:7f:00:09:93:2f:82:c0:8b:20:c3:f6:a0:ba:e6:
         3a:06:35:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3x1f9LrTtwVqz+Zu/9Fa1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MWVjN2NjZjBmYTc2MWVkOTliYzVhN2E5ZWMwZDBlZWIw
YmYwNTUwHhcNMjYwMTAxMDQxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2VjM2MyNGQyNGVmYWUyMjBmNDcxZTU5ZjBlNzhmMTkyNzkyZGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzrmQhojnJ5ihDlZ/amDRTVuWgbh
YSc0vYl1MLkRI1gNw5Ro7xYrjcROsvkhKAi4QjiJEaZsP+jjWqudKK309krOUUVX
rj03Qeg7F3ymFCOR/ad1yIIpLRQXAhErJDqHn+05QBlT8fw38tt1tIzVz21wx1LM
l5FSF0uB+FFdncMNJ5HIyfI6E4//zkEkzvn/yQkhmtuoQetmVpRmOce6rek6pGwq
Vowj+9UxCCeG57L68qVxBf/j8DFDREiqysgPF3EwL3FmTp/C0L0HEJ9VjKEin8xb
Dd6nWYuq+nMaFbBTEnlgpjrVsTDeUUltMfGed8l/BusklVvuDFmvxNjvDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFzsPCTSTvriIPRx5Z8OePGSeS3SMB8GA1UdIwQY
MBaAFAkex8zw+nYe2ZvFp6nsDQ7rC/BVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQt
NDVjZmM4NTdkZGRkLzEvWE93OEpOSk8tdUlnOUhIbG53NTQ4Wko1TGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS9lNjQ3OGEtN2I3My00NzU4LWFkZGQtNDVjZmM4NTdkZGRk
LzEvQ1I3SHpQRDZkaDdabThXbnFld05EdXNMOEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWbsUMA0G
CSqGSIb3DQEBCwUAA4IBAQAoWyOzkwhqLr5cF+ikhsDY+ymfWajSmqcd15Kf44Uy
JL4g2B1bEpf60LSVdmMvhjnpTVg1xBMLOEaNxxt5fvSDCm96/etrpiFWwFE5OFZH
qXghUgOtBa5llZLz20g0FCBt8G3cgodBw9MlKV9+zx0qKx0kUzPnnVeuyNup23aT
K3OC5w1Q4SCiCWx8uAjMCTr8Ya4m53jW9jPD500EkgF38YAx7A3oMntQ1GT/VPTS
RBbrPlz8utA9VoEgbebq2TI3iO+wnMYB3SORIEZ6EZqu0EqhfSVRed5FyVhIJkWH
UsIW2VAR8TpVfssTUALwfwAJky+CwIsgw/aguuY6BjWI
-----END CERTIFICATE-----