This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/AFLgh_llQmnuG05nLOBzigdh32U.roa
File:                     AFLgh_llQmnuG05nLOBzigdh32U.roa (raw, json)
Hash identifier:          43G3VZ75AAQzswcDdICHbaf2LxISqMzVBg9r3ATxlGw=
Subject key identifier:   00:52:E0:87:F9:65:42:69:EE:1B:4E:67:2C:E0:73:8A:07:61:DF:65
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019B7FF1C764B255063BC56863E135E1B33F
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/AFLgh_llQmnuG05nLOBzigdh32U.roa
Signing time:             Fri 02 Jan 2026 18:21:50 +0000
ROA not before:           Fri 02 Jan 2026 18:21:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207911
IP address blocks:        193.27.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 21 Jan 2026 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f1:c7:64:b2:55:06:3b:c5:68:63:e1:35:e1:b3:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  2 18:21:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0052e087f9654269ee1b4e672ce0738a0761df65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:31:58:3b:45:d7:96:e0:2a:c3:5f:ca:c7:98:
                    bb:34:fb:61:a7:9e:1f:cc:1d:c9:80:c6:a5:72:40:
                    35:60:35:fd:54:76:da:75:30:14:f7:4f:2d:42:27:
                    ed:bb:54:c6:a0:50:3b:33:2c:d5:c0:b5:44:0a:0e:
                    63:fc:24:cf:e9:5d:da:dc:e8:70:9e:74:cd:40:d0:
                    2d:c8:9f:ab:0b:e8:df:e5:03:3a:cb:0d:de:dd:22:
                    f9:e2:3c:d8:02:24:11:13:78:bb:bd:d1:d4:cc:91:
                    69:1b:ea:ba:77:dd:6d:c6:f6:37:31:34:ab:10:1f:
                    00:0c:ce:93:1d:ec:79:1d:5b:b9:49:3c:ba:dd:e9:
                    a5:10:63:52:5e:e0:d8:64:70:aa:8a:94:f9:53:b1:
                    28:b7:41:9d:0f:a8:d7:90:54:9b:5c:3b:55:79:85:
                    b5:51:89:da:71:40:1c:e2:6e:b4:6e:60:c5:6a:a6:
                    bd:c0:36:ae:e5:60:e5:d1:69:39:63:92:96:65:c5:
                    f9:6a:14:71:11:c0:ca:31:63:7f:ad:97:1f:7f:5b:
                    38:da:20:57:d9:90:b8:6c:30:f3:03:e8:4a:aa:7e:
                    af:87:c6:b9:e4:f8:46:5f:61:50:57:e2:ca:79:db:
                    99:5b:62:1d:7c:7b:ea:91:e1:f2:b9:9b:81:cc:6e:
                    b1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:52:E0:87:F9:65:42:69:EE:1B:4E:67:2C:E0:73:8A:07:61:DF:65
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/AFLgh_llQmnuG05nLOBzigdh32U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.27.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:bc:4b:27:63:ad:fa:c2:4e:51:11:54:8e:5e:91:65:1f:fa:
         13:0f:8b:ee:4c:41:f7:b5:42:7e:27:18:23:2a:f6:ca:69:07:
         e1:41:b3:8f:47:42:5c:ed:cd:71:05:d8:97:f4:2d:38:58:1c:
         0c:96:40:a9:26:7f:ad:27:a7:20:90:cf:a1:35:56:f8:2f:44:
         28:76:c3:cb:01:52:4d:bc:3f:41:db:5d:6a:1c:22:f1:7f:75:
         77:47:16:6b:2c:28:4a:72:b7:6d:3b:12:3f:6a:21:09:ae:3b:
         75:c0:47:d1:50:96:f5:aa:4a:1e:d3:bc:84:36:9b:4a:62:60:
         7f:67:8e:37:9d:cd:82:6b:16:c4:7b:9b:54:59:63:ed:0f:41:
         a9:da:25:ef:46:da:4d:a6:34:df:cc:bc:30:e0:e9:93:b7:84:
         79:e1:83:c9:20:46:01:b0:91:fa:3f:82:6d:a4:43:e7:6d:cd:
         3f:a1:32:82:7a:9d:e8:a5:82:82:bc:f2:1c:70:a8:d1:f0:ea:
         02:50:e4:73:db:69:46:09:ff:c5:14:7a:d4:a9:4f:a0:f2:65:
         b1:5f:47:4b:49:f5:6a:62:56:c5:dc:cf:e0:07:6c:29:49:96:
         ae:fc:14:eb:93:74:28:0e:e0:9c:a8:56:f5:e9:0b:1a:af:a9:
         09:df:10:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/8cdkslUGO8VoY+E14bM/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMTAyMTgyMTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDUyZTA4N2Y5NjU0MjY5ZWUxYjRlNjcyY2UwNzM4YTA3NjFkZjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTFYO0XXluAqw1/Kx5i7NPthp54f
zB3JgMalckA1YDX9VHbadTAU908tQiftu1TGoFA7MyzVwLVECg5j/CTP6V3a3Ohw
nnTNQNAtyJ+rC+jf5QM6yw3e3SL54jzYAiQRE3i7vdHUzJFpG+q6d91txvY3MTSr
EB8ADM6THex5HVu5STy63emlEGNSXuDYZHCqipT5U7Eot0GdD6jXkFSbXDtVeYW1
UYnacUAc4m60bmDFaqa9wDau5WDl0Wk5Y5KWZcX5ahRxEcDKMWN/rZcff1s42iBX
2ZC4bDDzA+hKqn6vh8a55PhGX2FQV+LKeduZW2IdfHvqkeHyuZuBzG6x1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABS4If5ZUJp7htOZyzgc4oHYd9lMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvQUZMZ2hfbGxRbW51RzA1bkxPQnppZ2RoMzJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRsVMA0G
CSqGSIb3DQEBCwUAA4IBAQBZvEsnY636wk5REVSOXpFlH/oTD4vuTEH3tUJ+Jxgj
KvbKaQfhQbOPR0Jc7c1xBdiX9C04WBwMlkCpJn+tJ6cgkM+hNVb4L0QodsPLAVJN
vD9B211qHCLxf3V3RxZrLChKcrdtOxI/aiEJrjt1wEfRUJb1qkoe07yENptKYmB/
Z443nc2CaxbEe5tUWWPtD0Gp2iXvRtpNpjTfzLww4OmTt4R54YPJIEYBsJH6P4Jt
pEPnbc0/oTKCep3opYKCvPIccKjR8OoCUORz22lGCf/FFHrUqU+g8mWxX0dLSfVq
YlbF3M/gB2wpSZau/BTrk3QoDuCcqFb16Qsar6kJ3xBF
-----END CERTIFICATE-----