This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215152.roa
File:                     AS215152.roa (raw, json)
Hash identifier:          Y3ZXbH+qM+oRJ+TfPftsgY6fTlx/UypwsK8/7PKrkPU=
Subject key identifier:   DF:D7:EF:C7:C2:A3:58:C3:84:42:86:A3:02:D6:96:F3:13:37:E8:5B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4547F7628FB2165CFFE0D48AA4C2D115668ED97D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215152.roa
Signing time:             Thu 25 Dec 2025 07:56:07 +0000
ROA not before:           Thu 25 Dec 2025 07:51:07 +0000
ROA not after:            Thu 24 Dec 2026 07:56:07 +0000
asID:                     215152
IP address blocks:        181.214.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 Jan 2026 15:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:47:f7:62:8f:b2:16:5c:ff:e0:d4:8a:a4:c2:d1:15:66:8e:d9:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Dec 25 07:51:07 2025 GMT
            Not After : Dec 24 07:56:07 2026 GMT
        Subject: CN=DFD7EFC7C2A358C3844286A302D696F31337E85B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c9:fd:51:7a:88:5d:74:7e:23:34:9f:aa:12:
                    1f:36:80:09:18:d3:a7:83:ca:1f:80:c9:24:31:21:
                    05:90:41:12:32:3f:9a:34:a6:9f:5f:ec:05:35:ff:
                    7a:2e:59:59:ef:8f:15:0e:72:e8:a8:d6:62:8a:cc:
                    c5:89:96:ce:cd:e3:41:7c:21:26:e2:aa:b3:d1:1b:
                    b1:b3:e9:61:ce:a8:d1:4e:56:1e:c2:4f:ff:f4:c7:
                    97:ad:c4:07:1c:8d:91:78:4f:18:30:8a:9d:3b:df:
                    61:55:cf:39:1f:62:dd:f4:05:8b:1b:a2:ce:10:b3:
                    21:ae:f8:37:55:3d:78:27:65:8c:62:c5:08:5e:9b:
                    46:f5:ed:42:04:a2:4a:7a:e6:ac:78:10:98:e1:25:
                    f2:c1:9f:c0:9e:06:a4:99:b9:8f:db:79:35:ea:17:
                    b2:95:e2:79:c0:be:03:3a:9c:97:50:95:e2:1a:c7:
                    d3:8b:c2:75:02:9d:10:ca:20:8f:14:03:ea:a8:c1:
                    0a:20:5c:8e:52:b5:0e:73:8e:f3:b3:59:3c:ef:00:
                    e7:2e:66:0c:df:e1:66:af:db:c6:43:91:0b:46:e7:
                    8e:bb:5c:65:11:da:e5:01:86:8b:ee:4f:46:75:af:
                    16:42:47:aa:16:37:70:56:c6:7b:68:8a:27:70:77:
                    f0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:D7:EF:C7:C2:A3:58:C3:84:42:86:A3:02:D6:96:F3:13:37:E8:5B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS215152.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:f7:7a:3d:5c:d3:63:ea:e0:89:00:7a:88:e6:7a:52:bc:62:
         e2:c5:36:7a:66:86:53:6c:3e:f2:27:b5:10:23:b1:e2:e2:92:
         17:c4:e3:6d:6d:14:c7:14:e6:12:8f:5b:ad:75:ef:74:76:03:
         33:6d:f5:68:c4:1c:78:25:58:97:95:5e:73:b1:c1:3d:6f:f2:
         bd:57:32:f7:0d:3a:9a:45:7d:a8:55:69:a1:41:ec:5c:b5:32:
         d6:72:00:b3:46:34:60:93:b5:e9:9a:54:e2:5d:c4:67:03:73:
         fc:e1:43:0a:56:80:29:b4:31:4a:11:cd:d5:60:42:1f:f7:81:
         92:b7:4e:08:d0:8e:ef:e2:bb:0c:80:d5:65:7c:84:43:20:bd:
         9c:22:14:88:43:d9:f1:24:9c:10:e2:1d:f8:b6:ef:c8:06:22:
         13:e1:fc:c0:7f:4f:f5:ff:52:c6:05:f4:04:f9:c8:ca:16:72:
         7d:35:22:2e:52:4c:32:22:a8:71:19:f2:8f:ef:e6:ef:64:9f:
         48:b4:ba:b9:04:e4:d9:d9:0f:f3:fd:03:1b:0c:1e:b9:9d:9b:
         11:a5:d1:26:53:c8:97:38:fc:87:a2:9e:c3:25:00:0a:c0:3b:
         01:fb:e8:d1:3f:47:bc:cc:db:4c:8b:88:c9:ff:67:27:ed:84:
         a6:d3:68:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURUf3Yo+yFlz/4NSKpMLRFWaO2X0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEyMjUwNzUxMDdaFw0yNjEyMjQwNzU2MDdaMDMxMTAvBgNV
BAMTKERGRDdFRkM3QzJBMzU4QzM4NDQyODZBMzAyRDY5NkYzMTMzN0U4NUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxyf1ReohddH4jNJ+qEh82gAkY
06eDyh+AySQxIQWQQRIyP5o0pp9f7AU1/3ouWVnvjxUOcuio1mKKzMWJls7N40F8
ISbiqrPRG7Gz6WHOqNFOVh7CT//0x5etxAccjZF4Txgwip0732FVzzkfYt30BYsb
os4QsyGu+DdVPXgnZYxixQhem0b17UIEokp65qx4EJjhJfLBn8CeBqSZuY/beTXq
F7KV4nnAvgM6nJdQleIax9OLwnUCnRDKII8UA+qowQogXI5StQ5zjvOzWTzvAOcu
Zgzf4Wav28ZDkQtG5467XGUR2uUBhovuT0Z1rxZCR6oWN3BWxntoiidwd/BJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU39fvx8KjWMOEQoajAtaW8xM36FswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE1MTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdbR
MA0GCSqGSIb3DQEBCwUAA4IBAQCB93o9XNNj6uCJAHqI5npSvGLixTZ6ZoZTbD7y
J7UQI7Hi4pIXxONtbRTHFOYSj1utde90dgMzbfVoxBx4JViXlV5zscE9b/K9VzL3
DTqaRX2oVWmhQexctTLWcgCzRjRgk7XpmlTiXcRnA3P84UMKVoAptDFKEc3VYEIf
94GSt04I0I7v4rsMgNVlfIRDIL2cIhSIQ9nxJJwQ4h34tu/IBiIT4fzAf0/1/1LG
BfQE+cjKFnJ9NSIuUkwyIqhxGfKP7+bvZJ9ItLq5BOTZ2Q/z/QMbDB65nZsRpdEm
U8iXOPyHop7DJQAKwDsB++jRP0e8zNtMi4jJ/2cn7YSm02jp
-----END CERTIFICATE-----