This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/AG_3AL0BiXNne_-iEtcT4CW3QFY.roa
File:                     AG_3AL0BiXNne_-iEtcT4CW3QFY.roa (raw, json)
Hash identifier:          MXbxSxIompr7PTpUg8mtZo8EDK4eK9dEM10GngyQSBQ=
Subject key identifier:   00:6F:F7:00:BD:01:89:73:67:7B:FF:A2:12:D7:13:E0:25:B7:40:56
Certificate issuer:       /CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
Certificate serial:       019B77C665CFE559424768339CDCCDE7E181
Authority key identifier: AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/AG_3AL0BiXNne_-iEtcT4CW3QFY.roa
Signing time:             Thu 01 Jan 2026 04:17:29 +0000
ROA not before:           Thu 01 Jan 2026 04:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212815
IP address blocks:        45.152.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:65:cf:e5:59:42:47:68:33:9c:dc:cd:e7:e1:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaf4969842de9c4c1e1a5759d98d1ed5c0d62ef8
        Validity
            Not Before: Jan  1 04:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=006ff700bd018973677bffa212d713e025b74056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:28:c5:8a:a7:2f:f2:31:d9:e5:06:61:8f:9d:
                    cf:b9:33:96:d0:c0:a6:84:5d:02:14:8d:aa:d5:81:
                    d7:73:fb:34:c1:e5:13:3c:6e:1e:24:ca:10:53:11:
                    45:7e:b4:db:b2:dc:66:42:1d:25:2f:61:fc:e5:3a:
                    da:37:a9:9f:f2:dd:37:35:4d:05:e4:4f:b6:1c:74:
                    0f:b3:b9:33:4f:a8:64:a2:66:51:c9:45:4e:ee:04:
                    09:1a:32:31:ed:1f:86:ad:06:65:91:06:43:1f:1f:
                    f1:9d:0c:48:36:98:80:bc:01:2e:dd:49:d1:3a:3a:
                    67:6a:c5:92:03:d5:20:5b:4c:ce:7a:ea:c5:a6:41:
                    53:c3:cf:fd:7d:01:07:25:80:58:e3:75:17:4d:45:
                    14:b7:d6:71:b7:45:a8:ed:64:5a:41:42:61:48:a9:
                    50:b3:ca:4a:9e:a7:b1:aa:b9:7d:50:78:6e:f8:f2:
                    52:08:47:0f:01:b2:cd:6b:0a:4d:9e:0d:17:cc:2e:
                    01:17:f2:d5:78:0d:f9:04:17:3e:8a:70:fc:29:48:
                    fc:ca:cc:e1:0b:d3:08:3d:6a:7c:62:7c:f5:51:ee:
                    a3:09:a8:d1:92:12:7f:b3:64:55:77:9b:72:af:22:
                    3c:de:61:21:ee:99:e7:b5:c2:89:f3:a9:4d:37:4f:
                    42:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:6F:F7:00:BD:01:89:73:67:7B:FF:A2:12:D7:13:E0:25:B7:40:56
            X509v3 Authority Key Identifier:
                keyid:AA:F4:96:98:42:DE:9C:4C:1E:1A:57:59:D9:8D:1E:D5:C0:D6:2E:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvSWmELenEweGldZ2Y0e1cDWLvg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/AG_3AL0BiXNne_-iEtcT4CW3QFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/720f9f-f0b8-44d2-8367-f81fdf74e655/1/qvSWmELenEweGldZ2Y0e1cDWLvg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:b8:91:33:5d:fa:81:36:30:c8:58:e2:2e:f9:05:26:dc:68:
         78:80:a1:93:58:56:c2:1b:4f:be:fb:47:02:81:22:83:d2:41:
         35:3e:90:72:6f:bb:ff:6c:7c:5f:c1:7e:da:3f:d5:9a:04:a5:
         27:15:5a:ee:fb:f6:3b:92:fa:ab:37:0d:fa:c9:53:13:a4:02:
         98:a8:13:60:26:55:78:99:5e:02:ab:4f:e4:08:9a:11:26:71:
         7c:ef:d7:47:6d:27:9f:aa:9b:cc:88:36:a9:85:a1:88:c9:f8:
         3d:3e:2b:95:1b:ee:a3:10:ab:45:8d:c1:0a:2c:b0:d9:51:da:
         19:88:86:d7:5e:6e:2e:ae:46:46:62:ef:10:36:5a:e0:4d:74:
         cf:37:ff:7a:fc:3c:25:3b:ea:fb:94:02:30:39:79:94:1c:db:
         b9:22:50:ce:54:ac:b5:36:4b:cd:c2:07:b4:1e:5b:f6:d2:20:
         e5:d3:2e:f9:e6:2b:60:2b:f7:ea:e9:34:99:65:83:0a:73:54:
         5f:96:93:34:2b:11:f0:38:77:d8:f1:0c:f5:c0:11:0d:16:28:
         ce:b1:f3:bb:de:ee:93:84:09:db:9a:d7:08:47:ec:43:2a:51:
         27:60:e3:12:6b:19:a0:27:77:0c:80:eb:74:3e:53:f2:24:07:
         41:8d:f0:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xmXP5VlCR2gznNzN5+GBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZjQ5Njk4NDJkZTljNGMxZTFhNTc1OWQ5OGQxZWQ1YzBk
NjJlZjgwHhcNMjYwMTAxMDQxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDZmZjcwMGJkMDE4OTczNjc3YmZmYTIxMmQ3MTNlMDI1Yjc0MDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ijFiqcv8jHZ5QZhj53PuTOW0MCm
hF0CFI2q1YHXc/s0weUTPG4eJMoQUxFFfrTbstxmQh0lL2H85TraN6mf8t03NU0F
5E+2HHQPs7kzT6hkomZRyUVO7gQJGjIx7R+GrQZlkQZDHx/xnQxINpiAvAEu3UnR
OjpnasWSA9UgW0zOeurFpkFTw8/9fQEHJYBY43UXTUUUt9Zxt0Wo7WRaQUJhSKlQ
s8pKnqexqrl9UHhu+PJSCEcPAbLNawpNng0XzC4BF/LVeA35BBc+inD8KUj8yszh
C9MIPWp8Ynz1Ue6jCajRkhJ/s2RVd5tyryI83mEh7pnntcKJ86lNN09CyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFABv9wC9AYlzZ3v/ohLXE+Alt0BWMB8GA1UdIwQY
MBaAFKr0lphC3pxMHhpXWdmNHtXA1i74MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjct
ZjgxZmRmNzRlNjU1LzEvQUdfM0FMMEJpWE5uZV8taUV0Y1Q0Q1czUUZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MjBmOWYtZjBiOC00NGQyLTgzNjctZjgxZmRmNzRlNjU1
LzEvcXZTV21FTGVuRXdlR2xkWjJZMGUxY0RXTHZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZhGMA0G
CSqGSIb3DQEBCwUAA4IBAQB/uJEzXfqBNjDIWOIu+QUm3Gh4gKGTWFbCG0+++0cC
gSKD0kE1PpByb7v/bHxfwX7aP9WaBKUnFVru+/Y7kvqrNw36yVMTpAKYqBNgJlV4
mV4Cq0/kCJoRJnF879dHbSefqpvMiDaphaGIyfg9PiuVG+6jEKtFjcEKLLDZUdoZ
iIbXXm4urkZGYu8QNlrgTXTPN/96/DwlO+r7lAIwOXmUHNu5IlDOVKy1NkvNwge0
Hlv20iDl0y755itgK/fq6TSZZYMKc1RflpM0KxHwOHfY8Qz1wBENFijOsfO73u6T
hAnbmtcIR+xDKlEnYOMSaxmgJ3cMgOt0PlPyJAdBjfAb
-----END CERTIFICATE-----