This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211810.roa
File:                     AS211810.roa (raw, json)
Hash identifier:          JIyTU7oBLrN5jKWy9LuAyFyrlRld1WBZsasdfL/I+Yo=
Subject key identifier:   BF:6F:0E:39:8F:51:06:DD:F6:2F:BE:7D:CF:3E:A4:A4:16:86:68:08
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       14AAFF56FFF676902286390C9932DF15837F7B7D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211810.roa
Signing time:             Thu 25 Dec 2025 14:55:32 +0000
ROA not before:           Thu 25 Dec 2025 14:50:32 +0000
ROA not after:            Thu 24 Dec 2026 14:55:32 +0000
asID:                     211810
IP address blocks:        181.215.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 20:18:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:aa:ff:56:ff:f6:76:90:22:86:39:0c:99:32:df:15:83:7f:7b:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 25 14:50:32 2025 GMT
            Not After : Dec 24 14:55:32 2026 GMT
        Subject: CN=BF6F0E398F5106DDF62FBE7DCF3EA4A416866808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:51:96:76:88:df:c9:c3:f3:5c:7f:a0:f1:77:
                    61:44:8b:be:3f:29:25:d0:3a:56:d1:ac:ec:40:c6:
                    93:15:a7:e6:e6:9a:1c:2d:11:3a:43:54:84:8c:b9:
                    ba:19:e0:94:80:30:d0:c2:f5:80:03:f5:51:a0:08:
                    ee:b7:30:15:f8:7e:1f:30:0a:03:c9:be:0e:50:3f:
                    e0:87:19:9e:67:8a:5e:46:57:fa:66:e6:c3:60:ba:
                    5c:39:2e:25:c2:58:b0:47:8c:bd:e2:f7:17:cd:a5:
                    f5:bb:e3:2e:5d:3c:2f:85:46:86:90:1a:3c:07:1e:
                    35:d8:4b:c3:80:cc:8b:db:4c:df:cd:3d:42:00:3a:
                    32:71:48:e5:b8:1a:96:e6:71:b2:79:de:84:2d:54:
                    e6:e4:e7:85:c6:aa:8e:bd:d0:68:f2:e0:2d:be:87:
                    7e:fd:b6:7c:d6:4a:7f:ce:99:19:8b:34:53:81:b3:
                    f8:d6:bc:92:a7:0b:5a:04:f8:4b:5d:f7:69:38:09:
                    83:90:3c:60:f1:8b:5b:04:7a:cc:c5:cc:f2:35:5b:
                    da:4c:ee:b7:55:2c:8e:55:f1:a0:bd:9d:21:28:4a:
                    3b:70:f6:f7:94:24:b3:8c:84:0a:91:2d:56:30:31:
                    6d:9e:30:67:c6:b3:bc:2a:0a:0b:31:65:3e:af:0a:
                    eb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:6F:0E:39:8F:51:06:DD:F6:2F:BE:7D:CF:3E:A4:A4:16:86:68:08
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS211810.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:e6:8b:29:0c:e6:bd:48:69:17:92:e5:9a:56:d2:e2:c4:02:
         74:4c:ac:2a:4d:b6:71:fe:de:cb:ae:cf:c6:c6:f2:03:9e:bd:
         64:8d:73:e0:65:7a:69:a3:4a:d4:3a:b0:42:49:4a:0d:f0:cd:
         24:f7:22:e2:2d:4d:fd:39:e5:84:2c:dd:2e:b2:9b:7e:ea:57:
         75:df:71:80:da:41:2f:bd:80:c6:c5:f5:56:b5:f1:09:cb:f3:
         c7:98:5c:2b:ac:0b:81:9b:31:c9:49:92:3b:51:9c:da:2d:65:
         11:cc:74:2a:f1:62:23:3c:56:02:9f:bf:d2:e6:db:d5:17:9e:
         d8:d1:3c:99:57:27:0a:c4:ca:a9:d6:b3:0d:f3:42:c7:0f:d7:
         1b:c0:71:ec:5c:3c:04:44:f2:0f:a6:ee:65:f4:ef:60:b7:b1:
         82:64:48:98:51:1c:d2:b2:17:99:54:d6:12:22:35:6f:04:57:
         d9:8b:52:77:e1:b3:c2:25:39:58:1a:85:d2:de:91:b0:b2:48:
         42:bb:25:bf:24:c3:13:5c:fb:21:22:ac:4b:c8:00:59:44:0c:
         64:af:de:fe:2d:05:d2:ea:1a:1d:43:8e:cc:f3:6c:36:b1:77:
         09:b0:1b:76:e2:47:f3:c1:23:b4:df:9d:77:50:42:20:81:de:
         e8:13:8a:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFKr/Vv/2dpAihjkMmTLfFYN/e30wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEyMjUxNDUwMzJaFw0yNjEyMjQxNDU1MzJaMDMxMTAvBgNV
BAMTKEJGNkYwRTM5OEY1MTA2RERGNjJGQkU3RENGM0VBNEE0MTY4NjY4MDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWUZZ2iN/Jw/Ncf6Dxd2FEi74/
KSXQOlbRrOxAxpMVp+bmmhwtETpDVISMuboZ4JSAMNDC9YAD9VGgCO63MBX4fh8w
CgPJvg5QP+CHGZ5nil5GV/pm5sNgulw5LiXCWLBHjL3i9xfNpfW74y5dPC+FRoaQ
GjwHHjXYS8OAzIvbTN/NPUIAOjJxSOW4GpbmcbJ53oQtVObk54XGqo690Gjy4C2+
h379tnzWSn/OmRmLNFOBs/jWvJKnC1oE+Etd92k4CYOQPGDxi1sEeszFzPI1W9pM
7rdVLI5V8aC9nSEoSjtw9veUJLOMhAqRLVYwMW2eMGfGs7wqCgsxZT6vCutTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUv28OOY9RBt32L759zz6kpBaGaAgwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjExODEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdcg
MA0GCSqGSIb3DQEBCwUAA4IBAQAf5ospDOa9SGkXkuWaVtLixAJ0TKwqTbZx/t7L
rs/GxvIDnr1kjXPgZXppo0rUOrBCSUoN8M0k9yLiLU39OeWELN0uspt+6ld133GA
2kEvvYDGxfVWtfEJy/PHmFwrrAuBmzHJSZI7UZzaLWURzHQq8WIjPFYCn7/S5tvV
F57Y0TyZVycKxMqp1rMN80LHD9cbwHHsXDwERPIPpu5l9O9gt7GCZEiYURzSsheZ
VNYSIjVvBFfZi1J34bPCJTlYGoXS3pGwskhCuyW/JMMTXPshIqxLyABZRAxkr97+
LQXS6hodQ47M82w2sXcJsBt24kfzwSO03513UEIggd7oE4p9
-----END CERTIFICATE-----