This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS215607.roa
File:                     AS215607.roa (raw, json)
Hash identifier:          vQRv5BmSOFGsTajry8eLp3+jDWkfvtysaErN48yeXcE=
Subject key identifier:   93:4C:87:90:67:3A:DD:C3:E0:84:F1:1C:92:01:F9:23:10:17:F3:F9
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       4D928B1EFF88F3C064A29262910A755A4ADA913E
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS215607.roa
Signing time:             Mon 01 Dec 2025 13:57:02 +0000
ROA not before:           Mon 01 Dec 2025 13:52:02 +0000
ROA not after:            Mon 30 Nov 2026 13:57:02 +0000
asID:                     215607
IP address blocks:        212.60.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 20:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:92:8b:1e:ff:88:f3:c0:64:a2:92:62:91:0a:75:5a:4a:da:91:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Dec  1 13:52:02 2025 GMT
            Not After : Nov 30 13:57:02 2026 GMT
        Subject: CN=934C8790673ADDC3E084F11C9201F9231017F3F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:5d:4f:4c:b3:bd:69:43:ef:53:cd:b1:4e:da:
                    8b:66:61:cf:b8:2c:b2:b2:01:be:f1:81:c9:c2:a1:
                    54:bd:91:b2:34:f5:4c:65:8b:30:bf:ba:59:43:49:
                    60:56:f5:4d:58:3a:ec:5a:27:d9:84:eb:61:6d:a9:
                    db:82:b8:81:18:f0:fa:3b:12:b0:9b:9a:f9:3c:2c:
                    4c:45:f5:66:50:aa:90:27:91:ec:9e:28:9e:75:e7:
                    95:7a:d2:04:1e:f0:37:5d:d4:c4:63:9e:c8:96:fc:
                    d6:6f:83:ce:04:b4:22:81:d0:ae:87:3d:26:40:c4:
                    d3:64:8f:d8:7a:df:76:78:07:26:71:5f:5e:2b:48:
                    b5:9d:b2:47:96:51:7e:1e:75:55:d7:ad:7f:40:1b:
                    8a:0f:31:92:62:0c:07:b5:33:cf:c2:be:e2:a8:41:
                    2d:c6:b1:1e:8d:2e:9a:4e:d6:1e:1f:74:d8:53:1f:
                    31:14:f2:3d:ae:c8:77:92:d7:01:34:18:35:48:2e:
                    41:dd:9c:79:bf:50:ad:dc:56:60:89:e4:2d:b4:db:
                    19:5b:cb:51:68:1c:16:de:67:af:42:40:b0:f0:60:
                    ab:90:d6:f0:63:b6:f2:38:b1:f3:89:92:37:c0:e4:
                    86:fc:b1:48:32:96:c8:4a:19:f4:69:b8:a0:5b:a5:
                    86:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:4C:87:90:67:3A:DD:C3:E0:84:F1:1C:92:01:F9:23:10:17:F3:F9
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS215607.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:79:37:a6:e9:07:f1:0e:13:35:61:02:6f:73:a8:ef:92:b0:
         72:0c:0c:11:9d:07:1a:96:44:dd:f9:b7:4c:d8:cd:03:23:da:
         59:aa:22:98:54:a5:23:b4:f2:97:75:14:04:75:94:b5:64:1f:
         dd:ab:07:b8:e2:27:1d:30:e2:b7:65:44:b5:51:bc:ee:2c:6a:
         a5:cd:ca:5e:30:96:5f:5b:6f:ab:8e:c2:b7:2c:e8:c9:db:4f:
         e3:9d:6e:8a:e3:33:e8:d8:e6:72:ba:22:47:38:da:3c:7c:0b:
         3f:e9:17:cc:42:5b:39:34:23:6d:aa:56:70:a9:b0:df:4d:3d:
         90:60:96:a6:d1:d9:a1:88:25:6e:38:d6:7a:cb:e7:7e:2a:08:
         3b:5d:fd:c2:70:05:b7:f5:74:d9:14:9d:4f:c1:f4:ef:9f:06:
         2c:5f:5a:6a:2d:0f:04:2a:4a:50:e8:dd:a0:f4:63:ba:b3:d0:
         bc:c2:36:08:48:a7:17:b7:87:88:ec:74:a4:02:c2:1d:83:11:
         9d:5e:3d:6d:e4:9b:a9:b9:48:c2:7a:02:3e:bc:ef:f9:36:38:
         fc:78:36:4c:25:de:8d:19:0b:d7:39:89:a2:2c:61:ce:11:54:
         d7:ca:06:6e:27:67:30:98:b9:c2:7b:d5:62:90:ad:84:d0:75:
         bd:15:0e:25
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTZKLHv+I88BkopJikQp1WkrakT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTEyMDExMzUyMDJaFw0yNjExMzAxMzU3MDJaMDMxMTAvBgNV
BAMTKDkzNEM4NzkwNjczQUREQzNFMDg0RjExQzkyMDFGOTIzMTAxN0YzRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaXU9Ms71pQ+9TzbFO2otmYc+4
LLKyAb7xgcnCoVS9kbI09UxlizC/ullDSWBW9U1YOuxaJ9mE62FtqduCuIEY8Po7
ErCbmvk8LExF9WZQqpAnkeyeKJ5155V60gQe8Ddd1MRjnsiW/NZvg84EtCKB0K6H
PSZAxNNkj9h633Z4ByZxX14rSLWdskeWUX4edVXXrX9AG4oPMZJiDAe1M8/CvuKo
QS3GsR6NLppO1h4fdNhTHzEU8j2uyHeS1wE0GDVILkHdnHm/UK3cVmCJ5C202xlb
y1FoHBbeZ69CQLDwYKuQ1vBjtvI4sfOJkjfA5Ib8sUgylshKGfRpuKBbpYbHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUk0yHkGc63cPghPEckgH5IxAX8/kwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjE1NjA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DyZ
MA0GCSqGSIb3DQEBCwUAA4IBAQAkeTem6QfxDhM1YQJvc6jvkrByDAwRnQcalkTd
+bdM2M0DI9pZqiKYVKUjtPKXdRQEdZS1ZB/dqwe44icdMOK3ZUS1UbzuLGqlzcpe
MJZfW2+rjsK3LOjJ20/jnW6K4zPo2OZyuiJHONo8fAs/6RfMQls5NCNtqlZwqbDf
TT2QYJam0dmhiCVuONZ6y+d+Kgg7Xf3CcAW39XTZFJ1PwfTvnwYsX1pqLQ8EKkpQ
6N2g9GO6s9C8wjYISKcXt4eI7HSkAsIdgxGdXj1t5JupuUjCegI+vO/5Njj8eDZM
Jd6NGQvXOYmiLGHOEVTXygZuJ2cwmLnCe9VikK2E0HW9FQ4l
-----END CERTIFICATE-----