This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/XKB0FNj8tFYpQlx4XgHgdtLcQNY.roa
File:                     XKB0FNj8tFYpQlx4XgHgdtLcQNY.roa (raw, json)
Hash identifier:          i6P3xwqbpYNNtGco+gFf4mTzj7ot1lfCkNSMd/OGR+c=
Subject key identifier:   5C:A0:74:14:D8:FC:B4:56:29:42:5C:78:5E:01:E0:76:D2:DC:40:D6
Certificate issuer:       /CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
Certificate serial:       019B7EA6F65ED540C5EB9DEF3BBE0F146596
Authority key identifier: E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/XKB0FNj8tFYpQlx4XgHgdtLcQNY.roa
Signing time:             Fri 02 Jan 2026 12:20:29 +0000
ROA not before:           Fri 02 Jan 2026 12:20:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396356
IP address blocks:        89.23.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:f6:5e:d5:40:c5:eb:9d:ef:3b:be:0f:14:65:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9713ef25277e13dd73f44196fda5cec0fd9ce16
        Validity
            Not Before: Jan  2 12:20:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ca07414d8fcb45629425c785e01e076d2dc40d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:6a:fb:2d:f3:9e:b4:a9:84:85:5e:08:88:85:
                    fa:7a:f6:e2:64:d3:a9:50:88:30:93:66:5e:d5:58:
                    5d:46:7f:5b:c8:1a:3a:f9:ef:f5:16:c6:fe:79:cf:
                    7f:c1:39:ac:84:6c:f6:25:f3:c2:a6:65:34:ed:8a:
                    6c:cf:e9:57:e7:04:6f:e9:c6:af:46:b7:43:89:df:
                    a0:05:8d:e7:11:35:7a:27:90:86:63:de:7c:d5:64:
                    8e:be:6c:41:f5:4f:55:d3:f2:b6:35:08:5f:bf:d1:
                    91:59:6c:dc:2b:33:f9:bb:7d:e6:af:ef:57:6c:ff:
                    30:d1:f6:9b:6b:35:ca:e1:09:17:b0:1f:4b:16:54:
                    ee:d4:87:76:b3:b4:2e:97:d4:2a:9a:89:8e:6b:ff:
                    c3:3b:35:58:86:5f:ff:a0:8b:70:9e:f2:d1:e8:55:
                    63:53:db:c6:56:ac:c2:bb:1b:95:b4:a8:3d:7b:f4:
                    e6:d2:11:ce:53:95:bd:98:4b:7a:42:89:93:ac:21:
                    b3:99:eb:c5:5e:3d:10:e1:da:74:5a:78:fd:b2:5e:
                    b4:24:53:bf:16:97:4f:dd:34:30:02:b6:58:c6:39:
                    a3:64:4b:96:6e:65:34:39:c3:e5:d7:39:38:9b:78:
                    98:e4:65:bd:11:b5:4e:ae:d0:a6:51:b4:ee:a2:c0:
                    2d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A0:74:14:D8:FC:B4:56:29:42:5C:78:5E:01:E0:76:D2:DC:40:D6
            X509v3 Authority Key Identifier:
                keyid:E9:71:3E:F2:52:77:E1:3D:D7:3F:44:19:6F:DA:5C:EC:0F:D9:CE:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/XKB0FNj8tFYpQlx4XgHgdtLcQNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/e176eb-56f2-4807-b101-0f66c1887916/1/6XE-8lJ34T3XP0QZb9pc7A_ZzhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.23.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:50:5a:1b:e8:4e:99:2a:ba:48:2a:f8:e4:83:69:e2:ad:13:
         8b:e7:94:39:7c:f1:08:80:0a:45:a7:0a:b4:ca:c7:1e:e4:44:
         57:d9:69:c5:8e:22:85:d7:c6:5f:bf:3b:a0:d8:35:b9:a1:68:
         e4:f2:fe:3b:11:73:bc:a5:02:21:05:f7:47:0e:18:c2:2f:96:
         4e:60:8b:fd:18:16:0e:db:f1:39:4a:48:b7:a2:f2:d6:c7:37:
         6f:bf:19:08:a0:fd:f9:1d:2b:e7:93:4e:5b:85:e6:05:f9:f2:
         e0:dc:bb:de:53:9f:19:69:92:a8:5f:7d:40:0b:b6:a1:cb:82:
         83:49:b8:e8:36:29:40:98:c6:b8:05:20:14:05:92:a0:41:7f:
         69:a2:a9:79:ec:65:5d:3b:ea:89:f3:51:a1:e9:69:f0:ef:fd:
         eb:db:a2:05:9c:b7:bc:cb:f3:2e:e4:0a:4a:96:5d:8e:b0:4c:
         1f:32:9c:5e:e8:14:07:5f:2d:4f:03:2d:81:2d:3c:11:4a:ba:
         b7:7f:c6:2b:74:b8:ce:74:3c:98:d6:88:41:00:a8:5e:94:03:
         b6:2b:19:34:fc:c5:2f:28:3f:61:c9:60:fd:22:5c:85:22:1a:
         b2:23:63:d5:f6:50:27:ba:b2:da:97:f5:25:29:66:10:e0:f3:
         96:ce:d1:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+pvZe1UDF653vO74PFGWWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NzEzZWYyNTI3N2UxM2RkNzNmNDQxOTZmZGE1Y2VjMGZk
OWNlMTYwHhcNMjYwMTAyMTIyMDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2EwNzQxNGQ4ZmNiNDU2Mjk0MjVjNzg1ZTAxZTA3NmQyZGM0MGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzWr7LfOetKmEhV4IiIX6evbiZNOp
UIgwk2Ze1VhdRn9byBo6+e/1Fsb+ec9/wTmshGz2JfPCpmU07Ypsz+lX5wRv6cav
RrdDid+gBY3nETV6J5CGY9581WSOvmxB9U9V0/K2NQhfv9GRWWzcKzP5u33mr+9X
bP8w0fabazXK4QkXsB9LFlTu1Id2s7Qul9QqmomOa//DOzVYhl//oItwnvLR6FVj
U9vGVqzCuxuVtKg9e/Tm0hHOU5W9mEt6QomTrCGzmevFXj0Q4dp0Wnj9sl60JFO/
FpdP3TQwArZYxjmjZEuWbmU0OcPl1zk4m3iY5GW9EbVOrtCmUbTuosAttwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFygdBTY/LRWKUJceF4B4HbS3EDWMB8GA1UdIwQY
MBaAFOlxPvJSd+E91z9EGW/aXOwP2c4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEt
MGY2NmMxODg3OTE2LzEvWEtCMEZOajh0RllwUWx4NFhnSGdkdExjUU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9lMTc2ZWItNTZmMi00ODA3LWIxMDEtMGY2NmMxODg3OTE2
LzEvNlhFLThsSjM0VDNYUDBRWmI5cGM3QV9aemhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRdVMA0G
CSqGSIb3DQEBCwUAA4IBAQAfUFob6E6ZKrpIKvjkg2nirROL55Q5fPEIgApFpwq0
ysce5ERX2WnFjiKF18Zfvzug2DW5oWjk8v47EXO8pQIhBfdHDhjCL5ZOYIv9GBYO
2/E5Ski3ovLWxzdvvxkIoP35HSvnk05bheYF+fLg3LveU58ZaZKoX31AC7ahy4KD
SbjoNilAmMa4BSAUBZKgQX9poql57GVdO+qJ81Gh6Wnw7/3r26IFnLe8y/Mu5ApK
ll2OsEwfMpxe6BQHXy1PAy2BLTwRSrq3f8YrdLjOdDyY1ohBAKhelAO2Kxk0/MUv
KD9hyWD9IlyFIhqyI2PV9lAnurLal/UlKWYQ4POWztHU
-----END CERTIFICATE-----