This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/XT24RL-I_Rj1tbACkgSxbluUjfk.roa
File:                     XT24RL-I_Rj1tbACkgSxbluUjfk.roa (raw, json)
Hash identifier:          J/9xfP0r32zX6yNiwoeZYz1WsyDhnkZEoFgf2QsjqUc=
Subject key identifier:   5D:3D:B8:44:BF:88:FD:18:F5:B5:B0:02:92:04:B1:6E:5B:94:8D:F9
Certificate issuer:       /CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
Certificate serial:       019B7BA53B856DAF5F70D6D84F6CB321680C
Authority key identifier: D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/XT24RL-I_Rj1tbACkgSxbluUjfk.roa
Signing time:             Thu 01 Jan 2026 22:19:44 +0000
ROA not before:           Thu 01 Jan 2026 22:19:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400909
IP address blocks:        185.219.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a5:3b:85:6d:af:5f:70:d6:d8:4f:6c:b3:21:68:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6aa3fbc78e31229157c78b6d23a65eb2e353dce
        Validity
            Not Before: Jan  1 22:19:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d3db844bf88fd18f5b5b0029204b16e5b948df9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:18:ec:d8:c4:54:19:51:a9:ba:e3:ae:75:54:
                    da:e6:5d:71:de:d0:71:0e:94:88:28:98:c1:74:b7:
                    c0:0f:09:25:78:5b:42:ab:bb:5e:b8:59:37:7b:e0:
                    62:81:55:17:df:32:c4:97:bf:c2:a4:93:9a:a6:f6:
                    0f:ca:77:7f:95:62:0f:17:ab:a6:64:4d:6e:54:48:
                    3c:e1:28:ee:39:a0:cb:3c:60:31:2e:f6:b3:d4:d0:
                    c9:c9:ae:9f:ed:0e:e6:a2:78:b8:17:9a:4c:cc:56:
                    af:0c:3e:04:e4:f5:d5:ab:08:29:98:95:39:76:df:
                    09:58:7f:4f:50:fd:39:9d:13:eb:b0:92:c5:b6:95:
                    b2:03:2e:25:6c:63:27:f6:d7:2b:01:2b:56:42:b6:
                    0c:89:26:61:b1:9f:dd:69:32:79:ba:46:36:72:3f:
                    de:7e:16:6c:57:fa:51:95:1a:19:78:6f:c3:b0:98:
                    39:dd:e8:c7:f2:0d:95:98:82:4a:65:99:58:14:11:
                    8c:6b:e6:e0:db:d4:c0:dc:74:e9:3c:ee:d2:64:70:
                    ec:76:b7:cd:2e:ff:fe:35:75:1b:04:80:b4:6b:02:
                    05:07:ba:3b:b7:cb:21:6a:0e:08:85:5f:a9:e4:39:
                    2d:bf:bc:ab:69:fe:c6:e3:f6:7f:4b:84:45:c2:68:
                    d7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:3D:B8:44:BF:88:FD:18:F5:B5:B0:02:92:04:B1:6E:5B:94:8D:F9
            X509v3 Authority Key Identifier:
                keyid:D6:AA:3F:BC:78:E3:12:29:15:7C:78:B6:D2:3A:65:EB:2E:35:3D:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1qo_vHjjEikVfHi20jpl6y41Pc4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/XT24RL-I_Rj1tbACkgSxbluUjfk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/6cf8be-253d-46d5-ab7c-8276c8aac50e/1/1qo_vHjjEikVfHi20jpl6y41Pc4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:7d:e1:7c:30:19:91:1b:c5:7e:de:4c:e5:96:66:94:4f:84:
         dc:ab:f9:67:f2:e9:56:e6:52:e0:72:0b:37:f6:af:c8:51:bb:
         39:e7:b9:b1:f8:ac:3a:1a:4e:dd:8f:eb:2b:42:e8:29:d3:f9:
         32:91:2b:58:18:15:78:6d:97:4a:6b:d9:1f:40:6e:60:cb:e8:
         86:b3:a6:d1:8f:3b:a2:63:96:51:0b:79:4e:59:d2:d0:7e:d1:
         ba:b6:8c:57:75:09:7f:d1:ac:fe:1a:25:68:ad:39:70:01:d3:
         b3:32:44:e3:36:8f:22:06:19:04:86:0e:c0:2d:f5:47:0c:2b:
         7c:b8:bf:cb:0e:a2:11:6e:45:03:dc:2f:42:4b:b7:39:09:c2:
         30:e4:e2:e0:49:6c:01:d9:85:d4:c2:38:49:e1:4c:15:40:81:
         44:a6:f2:ee:4e:fc:a5:17:43:2b:0d:b0:47:d0:e6:bb:bf:13:
         22:85:8a:b5:c3:6e:71:57:5d:10:96:a2:d2:76:53:30:7a:2b:
         c2:89:08:12:1c:9f:dc:25:54:ec:01:34:a2:0e:0f:0f:46:5c:
         81:14:de:5b:f8:56:67:34:63:f0:24:a7:fa:bd:b2:69:b5:1d:
         3a:ac:09:f6:db:21:c9:e5:81:09:67:fb:1e:eb:03:ec:e0:94:
         e2:48:75:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7pTuFba9fcNbYT2yzIWgMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2YWEzZmJjNzhlMzEyMjkxNTdjNzhiNmQyM2E2NWViMmUz
NTNkY2UwHhcNMjYwMTAxMjIxOTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDNkYjg0NGJmODhmZDE4ZjViNWIwMDI5MjA0YjE2ZTViOTQ4ZGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRjs2MRUGVGpuuOudVTa5l1x3tBx
DpSIKJjBdLfADwkleFtCq7teuFk3e+BigVUX3zLEl7/CpJOapvYPynd/lWIPF6um
ZE1uVEg84SjuOaDLPGAxLvaz1NDJya6f7Q7moni4F5pMzFavDD4E5PXVqwgpmJU5
dt8JWH9PUP05nRPrsJLFtpWyAy4lbGMn9tcrAStWQrYMiSZhsZ/daTJ5ukY2cj/e
fhZsV/pRlRoZeG/DsJg53ejH8g2VmIJKZZlYFBGMa+bg29TA3HTpPO7SZHDsdrfN
Lv/+NXUbBIC0awIFB7o7t8shag4IhV+p5Dktv7yraf7G4/Z/S4RFwmjXbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF09uES/iP0Y9bWwApIEsW5blI35MB8GA1UdIwQY
MBaAFNaqP7x44xIpFXx4ttI6ZesuNT3OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2Mt
ODI3NmM4YWFjNTBlLzEvWFQyNFJMLUlfUmoxdGJBQ2tnU3hibHVVamZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC82Y2Y4YmUtMjUzZC00NmQ1LWFiN2MtODI3NmM4YWFjNTBl
LzEvMXFvX3ZIampFaWtWZkhpMjBqcGw2eTQxUGM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudu+MA0G
CSqGSIb3DQEBCwUAA4IBAQBmfeF8MBmRG8V+3kzllmaUT4Tcq/ln8ulW5lLgcgs3
9q/IUbs557mx+Kw6Gk7dj+srQugp0/kykStYGBV4bZdKa9kfQG5gy+iGs6bRjzui
Y5ZRC3lOWdLQftG6toxXdQl/0az+GiVorTlwAdOzMkTjNo8iBhkEhg7ALfVHDCt8
uL/LDqIRbkUD3C9CS7c5CcIw5OLgSWwB2YXUwjhJ4UwVQIFEpvLuTvylF0MrDbBH
0Oa7vxMihYq1w25xV10QlqLSdlMweivCiQgSHJ/cJVTsATSiDg8PRlyBFN5b+FZn
NGPwJKf6vbJptR06rAn22yHJ5YEJZ/se6wPs4JTiSHVL
-----END CERTIFICATE-----