This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/Va5PFVKFz5Nrg0yfNdSqedb7WDw.roa
File:                     Va5PFVKFz5Nrg0yfNdSqedb7WDw.roa (raw, json)
Hash identifier:          66ee+t/p3zGbEnNTHp82R1N/6fSrqH9fWptNZQjoSm0=
Subject key identifier:   55:AE:4F:15:52:85:CF:93:6B:83:4C:9F:35:D4:AA:79:D6:FB:58:3C
Certificate issuer:       /CN=aeaaee1f0923e14a2371f240540fdd21549b14a6
Certificate serial:       019B7C120586DC3670E0B9B001F2B81D5ED6
Authority key identifier: AE:AA:EE:1F:09:23:E1:4A:23:71:F2:40:54:0F:DD:21:54:9B:14:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rqruHwkj4UojcfJAVA_dIVSbFKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/Va5PFVKFz5Nrg0yfNdSqedb7WDw.roa
Signing time:             Fri 02 Jan 2026 00:18:34 +0000
ROA not before:           Fri 02 Jan 2026 00:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51573
IP address blocks:        91.217.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/rqruHwkj4UojcfJAVA_dIVSbFKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/rqruHwkj4UojcfJAVA_dIVSbFKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rqruHwkj4UojcfJAVA_dIVSbFKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:05:86:dc:36:70:e0:b9:b0:01:f2:b8:1d:5e:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeaaee1f0923e14a2371f240540fdd21549b14a6
        Validity
            Not Before: Jan  2 00:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=55ae4f155285cf936b834c9f35d4aa79d6fb583c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5d:c4:5a:c2:71:03:d4:9d:15:23:5c:38:2c:
                    b1:bb:8a:2e:f2:b6:60:22:59:3f:0f:d7:de:26:f5:
                    f5:d4:c5:a0:ef:53:61:a4:b6:57:cc:0e:1c:82:86:
                    a1:55:ec:3c:80:74:a4:ac:4e:3a:31:8b:af:71:22:
                    fd:7f:a3:68:c1:e8:05:88:2c:d7:fc:24:3b:d7:62:
                    6c:00:0d:ba:e8:ce:c2:40:c0:48:92:11:86:a4:ac:
                    19:9f:b1:a7:89:fe:35:c4:0e:51:ac:ea:e3:00:d7:
                    7d:08:a0:ed:08:b1:9d:34:28:b3:99:6c:41:7e:98:
                    e3:8a:30:6c:78:32:ab:e6:c2:c9:21:0b:88:ec:7c:
                    e7:10:2a:40:d5:72:ee:a6:64:ff:f2:a5:84:48:4d:
                    30:25:9c:ac:28:e1:46:0b:02:e8:a0:21:18:41:d5:
                    09:7e:7b:91:2e:11:52:58:69:51:ac:a6:e7:8f:1c:
                    c5:36:35:70:88:55:e9:6d:1e:4f:b8:3c:f7:83:e3:
                    27:90:6a:87:45:3b:90:8b:ed:94:64:b9:bb:e9:52:
                    af:bc:f1:af:09:04:31:cd:c9:98:35:eb:78:5b:f7:
                    9d:48:80:0d:d1:0f:f5:9f:34:07:f6:9d:f1:43:99:
                    74:59:30:13:85:2e:6d:4a:ca:0a:26:40:6a:5b:11:
                    86:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:AE:4F:15:52:85:CF:93:6B:83:4C:9F:35:D4:AA:79:D6:FB:58:3C
            X509v3 Authority Key Identifier:
                keyid:AE:AA:EE:1F:09:23:E1:4A:23:71:F2:40:54:0F:DD:21:54:9B:14:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rqruHwkj4UojcfJAVA_dIVSbFKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/Va5PFVKFz5Nrg0yfNdSqedb7WDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/rqruHwkj4UojcfJAVA_dIVSbFKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:a4:8a:e0:4c:89:e9:62:13:53:fd:14:f6:a9:7d:1e:26:76:
         07:3f:dc:40:58:d4:f2:32:3d:d3:69:12:23:85:5d:23:57:79:
         bf:ad:25:0f:1d:9e:29:1b:17:6f:e1:23:f0:3f:9b:b0:59:b8:
         d0:8f:4c:7d:e6:87:94:c6:b6:20:e9:b5:31:f0:14:4b:f8:97:
         fc:af:c1:8c:f2:e0:04:7a:a6:e0:1a:46:1f:e2:6e:b3:08:b8:
         4d:29:65:57:5b:85:7f:f3:fa:61:e2:6b:67:26:f3:c9:8b:7d:
         68:37:79:df:fc:29:79:58:c0:40:f7:a7:f1:fd:75:a1:8d:b0:
         36:f1:51:4b:c0:f6:71:2a:5b:ee:a8:26:ed:7d:65:0c:df:14:
         72:6e:d2:e5:92:6c:e1:5d:79:37:96:a3:ef:30:a3:d0:d3:98:
         f7:91:6d:0c:1e:0c:46:ba:9b:1e:d9:10:c8:b7:ce:cb:7a:0d:
         93:b1:19:64:96:ce:7a:ad:19:6a:c7:9c:7d:ce:63:fe:22:5d:
         a4:c2:a5:d9:91:6b:d0:3b:1f:4d:36:20:62:4c:52:a9:fb:d5:
         6c:a6:5c:1e:8d:57:6f:35:a5:ee:27:80:63:a7:7d:70:f9:fb:
         c9:e4:9e:76:e5:4a:14:fb:03:36:2f:9d:68:35:b6:2a:6b:b1:
         cf:a0:72:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EgWG3DZw4LmwAfK4HV7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYWFlZTFmMDkyM2UxNGEyMzcxZjI0MDU0MGZkZDIxNTQ5
YjE0YTYwHhcNMjYwMTAyMDAxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWFlNGYxNTUyODVjZjkzNmI4MzRjOWYzNWQ0YWE3OWQ2ZmI1ODNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsV3EWsJxA9SdFSNcOCyxu4ou8rZg
Ilk/D9feJvX11MWg71NhpLZXzA4cgoahVew8gHSkrE46MYuvcSL9f6NowegFiCzX
/CQ712JsAA266M7CQMBIkhGGpKwZn7Gnif41xA5RrOrjANd9CKDtCLGdNCizmWxB
fpjjijBseDKr5sLJIQuI7HznECpA1XLupmT/8qWESE0wJZysKOFGCwLooCEYQdUJ
fnuRLhFSWGlRrKbnjxzFNjVwiFXpbR5PuDz3g+MnkGqHRTuQi+2UZLm76VKvvPGv
CQQxzcmYNet4W/edSIAN0Q/1nzQH9p3xQ5l0WTAThS5tSsoKJkBqWxGGYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFWuTxVShc+Ta4NMnzXUqnnW+1g8MB8GA1UdIwQY
MBaAFK6q7h8JI+FKI3HyQFQP3SFUmxSmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnFydUh3a2o0VW9qY2ZKQVZBX2RJVlNiRktZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODZhYjktMWE4MS00Mjg0LWI0YjIt
Y2Q4YjBjNGJlMjE1LzEvVmE1UEZWS0Z6NU5yZzB5Zk5kU3FlZGI3V0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODZhYjktMWE4MS00Mjg0LWI0YjItY2Q4YjBjNGJlMjE1
LzEvcnFydUh3a2o0VW9qY2ZKQVZBX2RJVlNiRktZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9n/MA0G
CSqGSIb3DQEBCwUAA4IBAQBapIrgTInpYhNT/RT2qX0eJnYHP9xAWNTyMj3TaRIj
hV0jV3m/rSUPHZ4pGxdv4SPwP5uwWbjQj0x95oeUxrYg6bUx8BRL+Jf8r8GM8uAE
eqbgGkYf4m6zCLhNKWVXW4V/8/ph4mtnJvPJi31oN3nf/Cl5WMBA96fx/XWhjbA2
8VFLwPZxKlvuqCbtfWUM3xRybtLlkmzhXXk3lqPvMKPQ05j3kW0MHgxGupse2RDI
t87Leg2TsRlkls56rRlqx5x9zmP+Il2kwqXZkWvQOx9NNiBiTFKp+9VsplwejVdv
NaXuJ4Bjp31w+fvJ5J525UoU+wM2L51oNbYqa7HPoHLy
-----END CERTIFICATE-----