This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/agl7At-sGTLsDTh6fIsNcYqjRVI.roa
File:                     agl7At-sGTLsDTh6fIsNcYqjRVI.roa (raw, json)
Hash identifier:          kdWoOhR4/BvlVOKr5PU254MlzFegaJ4FGVoYgfo0kq0=
Subject key identifier:   6A:09:7B:02:DF:AC:19:32:EC:0D:38:7A:7C:8B:0D:71:8A:A3:45:52
Certificate issuer:       /CN=aaa53464a810aa38c936d9d98b6a2d132fcbff58
Certificate serial:       019B7C118ED501E0D292B2E5D6147555D869
Authority key identifier: AA:A5:34:64:A8:10:AA:38:C9:36:D9:D9:8B:6A:2D:13:2F:CB:FF:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qqU0ZKgQqjjJNtnZi2otEy_L_1g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/agl7At-sGTLsDTh6fIsNcYqjRVI.roa
Signing time:             Fri 02 Jan 2026 00:18:04 +0000
ROA not before:           Fri 02 Jan 2026 00:18:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12586
IP address blocks:        193.26.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/qqU0ZKgQqjjJNtnZi2otEy_L_1g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/qqU0ZKgQqjjJNtnZi2otEy_L_1g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qqU0ZKgQqjjJNtnZi2otEy_L_1g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:8e:d5:01:e0:d2:92:b2:e5:d6:14:75:55:d8:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaa53464a810aa38c936d9d98b6a2d132fcbff58
        Validity
            Not Before: Jan  2 00:18:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a097b02dfac1932ec0d387a7c8b0d718aa34552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:bb:73:5f:fc:e1:97:76:34:44:ec:89:19:8e:
                    83:f3:8f:7c:92:08:fd:23:03:1f:32:69:83:d6:a7:
                    01:c4:31:02:7f:db:07:6a:ed:84:18:79:9a:e7:2e:
                    2b:80:50:3f:f0:63:8c:0b:6a:a4:e2:41:7e:11:5a:
                    47:4a:0e:46:52:ae:61:3c:0e:4b:52:5c:ca:df:a9:
                    09:03:45:6a:42:ee:c9:aa:b7:35:da:a7:30:7b:86:
                    30:bb:f1:38:d1:6d:ab:03:38:8b:d4:87:e6:9a:c3:
                    6e:73:ca:97:36:bf:93:fb:86:58:83:68:78:26:1f:
                    b5:e4:d7:e9:e8:5c:51:d2:d5:dc:64:ba:c6:87:a0:
                    58:ab:44:d6:4d:b7:fc:b0:0e:26:42:8e:f9:83:9b:
                    8e:90:24:df:10:14:15:98:90:6d:6f:40:ea:10:eb:
                    9c:da:39:c6:77:15:a9:5a:db:38:ae:90:4e:1f:6d:
                    34:dc:c5:78:55:a0:71:fd:b0:fe:fc:8b:44:98:6f:
                    15:e8:e0:4e:12:4c:66:97:7a:02:7c:31:e3:69:34:
                    fd:22:09:b4:c4:51:b3:ef:29:b7:98:90:9f:ee:c3:
                    55:bc:0b:85:6c:9f:c3:aa:7d:4c:d3:36:be:a1:b8:
                    4a:60:61:96:9d:8d:1b:8d:9e:6d:e0:51:b6:df:bc:
                    52:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:09:7B:02:DF:AC:19:32:EC:0D:38:7A:7C:8B:0D:71:8A:A3:45:52
            X509v3 Authority Key Identifier:
                keyid:AA:A5:34:64:A8:10:AA:38:C9:36:D9:D9:8B:6A:2D:13:2F:CB:FF:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qqU0ZKgQqjjJNtnZi2otEy_L_1g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/agl7At-sGTLsDTh6fIsNcYqjRVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/64de2f-5f35-4f77-a844-43d74c0007e6/1/qqU0ZKgQqjjJNtnZi2otEy_L_1g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:1c:6f:14:49:53:d3:cf:b0:9b:66:75:df:e0:89:9e:57:75:
         c8:4c:a2:25:46:b6:1b:94:d9:dc:dc:2b:7c:52:44:9f:e4:47:
         93:60:41:87:5a:06:1d:66:34:f7:be:c6:56:c0:3f:d9:e7:d6:
         5e:77:03:b0:99:c5:1b:57:10:51:d4:07:ce:bf:2c:8a:3f:a2:
         83:94:ea:bb:04:23:f6:a8:d5:b8:fa:a1:5e:13:f4:49:60:b7:
         e4:6e:52:6f:ff:53:68:4f:ba:09:5e:d6:d1:2b:1a:73:8d:da:
         53:6d:cf:a4:a3:30:91:da:f6:db:7a:5e:96:4d:1f:e3:63:d8:
         21:e1:12:66:b6:86:57:ec:56:53:2d:f0:30:4d:c5:fe:8f:51:
         c8:dc:30:de:71:c0:13:f1:50:40:fb:70:76:b3:e9:24:f8:59:
         b9:de:38:69:d9:56:71:49:c1:10:65:aa:8e:db:83:fd:66:9a:
         f6:ca:a4:62:1e:37:ce:27:39:9a:d2:ef:36:bd:f6:bf:d8:c6:
         e1:ed:fd:b7:54:0f:1e:a1:a5:01:96:c7:bd:f8:10:ef:c9:0b:
         3e:82:e1:05:17:af:5e:56:fa:00:e7:89:1b:d3:16:6c:35:53:
         1e:31:56:79:55:76:51:44:52:89:24:02:c4:e5:ae:0e:93:73:
         80:c8:71:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EY7VAeDSkrLl1hR1VdhpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYTUzNDY0YTgxMGFhMzhjOTM2ZDlkOThiNmEyZDEzMmZj
YmZmNTgwHhcNMjYwMTAyMDAxODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTA5N2IwMmRmYWMxOTMyZWMwZDM4N2E3YzhiMGQ3MThhYTM0NTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07tzX/zhl3Y0ROyJGY6D8498kgj9
IwMfMmmD1qcBxDECf9sHau2EGHma5y4rgFA/8GOMC2qk4kF+EVpHSg5GUq5hPA5L
UlzK36kJA0VqQu7Jqrc12qcwe4Ywu/E40W2rAziL1IfmmsNuc8qXNr+T+4ZYg2h4
Jh+15Nfp6FxR0tXcZLrGh6BYq0TWTbf8sA4mQo75g5uOkCTfEBQVmJBtb0DqEOuc
2jnGdxWpWts4rpBOH2003MV4VaBx/bD+/ItEmG8V6OBOEkxml3oCfDHjaTT9Igm0
xFGz7ym3mJCf7sNVvAuFbJ/Dqn1M0za+obhKYGGWnY0bjZ5t4FG237xSdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGoJewLfrBky7A04enyLDXGKo0VSMB8GA1UdIwQY
MBaAFKqlNGSoEKo4yTbZ2YtqLRMvy/9YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXFVMFpLZ1FxampKTnRuWmkyb3RFeV9MXzFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC82NGRlMmYtNWYzNS00Zjc3LWE4NDQt
NDNkNzRjMDAwN2U2LzEvYWdsN0F0LXNHVExzRFRoNmZJc05jWXFqUlZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC82NGRlMmYtNWYzNS00Zjc3LWE4NDQtNDNkNzRjMDAwN2U2
LzEvcXFVMFpLZ1FxampKTnRuWmkyb3RFeV9MXzFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRoYMA0G
CSqGSIb3DQEBCwUAA4IBAQCfHG8USVPTz7CbZnXf4ImeV3XITKIlRrYblNnc3Ct8
UkSf5EeTYEGHWgYdZjT3vsZWwD/Z59ZedwOwmcUbVxBR1AfOvyyKP6KDlOq7BCP2
qNW4+qFeE/RJYLfkblJv/1NoT7oJXtbRKxpzjdpTbc+kozCR2vbbel6WTR/jY9gh
4RJmtoZX7FZTLfAwTcX+j1HI3DDeccAT8VBA+3B2s+kk+Fm53jhp2VZxScEQZaqO
24P9Zpr2yqRiHjfOJzma0u82vfa/2Mbh7f23VA8eoaUBlse9+BDvyQs+guEFF69e
VvoA54kb0xZsNVMeMVZ5VXZRRFKJJALE5a4Ok3OAyHFY
-----END CERTIFICATE-----