This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS213257.roa
File:                     AS213257.roa (raw, json)
Hash identifier:          /HO+i+Dz8Y2SjGPBOUsk09vWxfhoxroEd4mG8eRYv18=
Subject key identifier:   82:81:72:E5:47:A3:CF:E5:2F:84:42:C0:98:8C:5B:8C:01:74:33:B8
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       0671D047AA587B21B8F6C1567132CC219FD8650E
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS213257.roa
Signing time:             Wed 04 Feb 2026 12:57:47 +0000
ROA not before:           Wed 04 Feb 2026 12:52:47 +0000
ROA not after:            Wed 03 Feb 2027 12:57:47 +0000
asID:                     213257
IP address blocks:        85.235.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Feb 2026 12:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:71:d0:47:aa:58:7b:21:b8:f6:c1:56:71:32:cc:21:9f:d8:65:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Feb  4 12:52:47 2026 GMT
            Not After : Feb  3 12:57:47 2027 GMT
        Subject: CN=828172E547A3CFE52F8442C0988C5B8C017433B8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:30:dc:ba:4b:a7:8a:a9:86:9f:8c:e1:7f:cf:
                    91:04:0e:b8:81:50:47:ce:ae:61:c1:dd:74:ff:80:
                    f9:a5:0c:72:c0:f8:e4:35:e8:c1:d1:ee:ae:8f:6c:
                    cd:b5:be:c3:7e:c7:cd:dd:21:31:3d:d5:bb:b5:88:
                    c5:9a:72:76:90:b0:45:a2:bf:c8:fd:0f:c8:72:17:
                    a6:a8:aa:1e:13:55:0e:5f:09:36:7a:dc:f1:bc:c8:
                    88:30:e4:4e:30:84:08:ee:28:6a:69:12:90:7a:66:
                    4d:b2:bf:13:88:fc:96:df:4a:5d:3e:46:55:58:6b:
                    0a:8f:43:86:ff:45:e1:20:6a:58:6d:58:21:95:96:
                    59:42:dd:9c:f5:49:10:22:d4:65:4a:cf:64:fe:60:
                    e4:c3:21:32:60:c1:fe:d8:86:b1:da:7b:8f:ef:eb:
                    5a:ad:e7:ee:b8:23:60:f4:f3:e1:9e:b5:c8:0e:16:
                    98:16:cb:c3:7b:ad:4d:57:83:f8:f9:f8:5a:e1:a4:
                    49:05:29:fc:89:fb:7e:3a:77:47:e9:4c:3e:95:45:
                    4c:8f:6a:d1:29:f8:9f:06:c8:ab:8f:5d:af:4d:a5:
                    8e:64:e1:e9:fa:15:88:09:9a:76:3b:e5:7e:f6:97:
                    d6:8a:f6:08:06:8b:ae:b6:69:51:20:1f:69:af:91:
                    a6:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:81:72:E5:47:A3:CF:E5:2F:84:42:C0:98:8C:5B:8C:01:74:33:B8
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS213257.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.235.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c6:9f:ba:e4:e2:20:58:fd:fa:fd:8b:3a:6a:84:eb:09:ca:42:
         60:fe:e1:2d:80:81:3d:8e:a7:d6:7b:ea:a9:e6:ce:85:1b:f9:
         43:7b:97:38:2f:60:9e:24:e7:ab:d5:7a:cc:55:2b:e1:60:d6:
         6e:ba:9c:27:1a:f1:c3:28:ec:55:29:7e:82:d6:2f:8d:06:0d:
         e0:56:17:72:31:95:2a:f9:85:62:58:0e:89:ea:44:4c:53:62:
         2a:1f:2f:d7:3e:38:16:67:4d:9a:48:5b:18:df:ae:e0:13:45:
         40:3f:4b:42:f2:49:85:75:c2:a3:2e:5b:e8:11:fd:47:00:1f:
         6a:60:34:2e:97:73:19:47:4e:65:8d:6a:14:0a:a1:0e:5d:c4:
         71:ab:e2:21:36:f2:14:20:ac:85:55:c1:13:f1:1d:63:e1:e5:
         4e:9e:51:d9:79:82:4d:65:3a:6a:d2:ad:98:c1:2a:df:8d:d0:
         e8:88:fd:08:79:b4:15:a9:f5:f8:1c:55:40:8c:27:60:64:de:
         ee:52:70:ad:2d:48:e8:29:b8:00:09:32:96:c1:1f:65:ce:ff:
         9a:31:94:7a:96:16:c0:c8:7c:d3:52:8a:f4:39:0b:15:c7:f2:
         00:7b:24:25:85:6f:35:89:5d:1f:d0:f8:23:7c:0e:d8:14:15:
         5f:37:0a:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBnHQR6pYeyG49sFWcTLMIZ/YZQ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjAyMDQxMjUyNDdaFw0yNzAyMDMxMjU3NDdaMDMxMTAvBgNV
BAMTKDgyODE3MkU1NDdBM0NGRTUyRjg0NDJDMDk4OEM1QjhDMDE3NDMzQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyMNy6S6eKqYafjOF/z5EEDriB
UEfOrmHB3XT/gPmlDHLA+OQ16MHR7q6PbM21vsN+x83dITE91bu1iMWacnaQsEWi
v8j9D8hyF6aoqh4TVQ5fCTZ63PG8yIgw5E4whAjuKGppEpB6Zk2yvxOI/JbfSl0+
RlVYawqPQ4b/ReEgalhtWCGVlllC3Zz1SRAi1GVKz2T+YOTDITJgwf7YhrHae4/v
61qt5+64I2D08+GetcgOFpgWy8N7rU1Xg/j5+FrhpEkFKfyJ+346d0fpTD6VRUyP
atEp+J8GyKuPXa9NpY5k4en6FYgJmnY75X72l9aK9ggGi662aVEgH2mvkab1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgoFy5Uejz+UvhELAmIxbjAF0M7gwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjEzMjU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVetJ
MA0GCSqGSIb3DQEBCwUAA4IBAQDGn7rk4iBY/fr9izpqhOsJykJg/uEtgIE9jqfW
e+qp5s6FG/lDe5c4L2CeJOer1XrMVSvhYNZuupwnGvHDKOxVKX6C1i+NBg3gVhdy
MZUq+YViWA6J6kRMU2IqHy/XPjgWZ02aSFsY367gE0VAP0tC8kmFdcKjLlvoEf1H
AB9qYDQul3MZR05ljWoUCqEOXcRxq+IhNvIUIKyFVcET8R1j4eVOnlHZeYJNZTpq
0q2YwSrfjdDoiP0IebQVqfX4HFVAjCdgZN7uUnCtLUjoKbgACTKWwR9lzv+aMZR6
lhbAyHzTUor0OQsVx/IAeyQlhW81iV0f0PgjfA7YFBVfNwpg
-----END CERTIFICATE-----