This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211895.roa
File:                     AS211895.roa (raw, json)
Hash identifier:          3vhyI2t/YpBR8Fg8XtRwSdALM7NlQkB4KUz4kpLlRVo=
Subject key identifier:   FF:21:EE:81:65:5B:96:3C:D6:8D:7D:52:FA:64:F9:A2:99:A1:1F:9E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       488254D556B20D8F08B1D0F1C4EA85171C012EC9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211895.roa
Signing time:             Wed 14 Jan 2026 08:09:41 +0000
ROA not before:           Wed 14 Jan 2026 08:04:41 +0000
ROA not after:            Wed 13 Jan 2027 08:09:41 +0000
asID:                     211895
IP address blocks:        82.41.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 19 Jan 2026 04:45:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:82:54:d5:56:b2:0d:8f:08:b1:d0:f1:c4:ea:85:17:1c:01:2e:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 14 08:04:41 2026 GMT
            Not After : Jan 13 08:09:41 2027 GMT
        Subject: CN=FF21EE81655B963CD68D7D52FA64F9A299A11F9E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e5:9c:6d:ad:ee:c3:6d:5a:3f:41:b9:b4:a3:
                    73:66:bf:b8:7e:38:05:e8:d8:f5:44:4f:2c:4f:e0:
                    ba:5e:d5:07:ba:13:7b:c5:12:aa:33:66:ea:56:7c:
                    96:0b:ec:eb:6a:86:00:65:b9:33:be:5b:d8:9c:a1:
                    76:15:84:64:82:75:a9:97:0b:b4:6d:3f:01:9b:fb:
                    6a:ff:cb:a4:aa:12:f8:88:88:b8:5b:a1:3b:68:12:
                    32:c9:68:4b:3b:24:2a:85:97:92:48:1e:96:f8:81:
                    6e:41:cd:c4:6c:e4:4d:37:db:ec:d6:3c:f3:e1:50:
                    0c:6a:9d:ae:65:7a:70:5d:5b:9a:d1:54:b2:9c:e3:
                    83:cb:eb:f9:5e:64:56:6a:fd:a4:26:22:6b:fa:3f:
                    19:87:db:13:1e:bb:6a:8a:4b:35:b7:1e:64:7f:bd:
                    91:b8:c2:09:f7:44:83:a1:cc:76:b3:d7:24:c1:02:
                    d7:f4:ba:71:c3:27:ba:58:f0:e6:02:03:de:ec:42:
                    f9:1f:eb:e9:18:99:8c:18:30:e6:a8:5f:74:79:99:
                    d4:e5:86:3f:5b:f3:9f:e1:99:d1:cd:aa:09:e9:db:
                    f6:ef:c1:71:9d:47:f1:d3:56:3f:12:b3:58:de:28:
                    b2:37:63:55:91:9e:a5:f8:79:cf:70:4b:24:07:66:
                    32:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:21:EE:81:65:5B:96:3C:D6:8D:7D:52:FA:64:F9:A2:99:A1:1F:9E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211895.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.41.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:00:76:a7:b1:6c:45:76:33:8f:29:59:0b:07:7e:ff:d5:67:
         44:94:2e:89:36:f3:c4:a8:a6:26:25:57:b6:2e:48:35:05:44:
         17:82:e7:fe:a9:74:0f:50:12:d9:3c:68:e2:29:51:d7:58:70:
         ab:fb:75:06:23:47:e4:c1:96:d5:9b:94:ab:70:d7:d8:94:3b:
         bf:a8:a4:c4:69:8d:54:05:a6:7e:0a:8c:73:10:4d:0a:e5:02:
         48:55:34:8d:4d:18:6c:61:4d:e0:c8:5d:0d:5d:e0:fe:31:f0:
         3b:37:52:90:f0:4a:4c:2f:7f:c6:14:0f:fe:b1:b5:6b:01:71:
         58:e9:82:e6:ba:84:28:34:25:4a:03:97:7c:74:08:37:21:5d:
         52:af:23:9c:e1:e7:f2:72:71:5f:4f:69:8d:a2:91:4d:7c:3a:
         d1:fe:b7:ad:14:d6:bd:7c:5b:da:fc:57:a8:29:7b:20:29:ff:
         82:0e:8d:91:18:91:18:b0:31:19:0b:9d:a3:94:43:7f:f8:8c:
         a0:33:59:5b:27:ff:eb:25:46:d3:2f:65:08:38:ae:c0:90:a5:
         74:01:4d:fb:ff:cf:5b:c7:30:39:7e:42:2d:54:55:23:ac:19:
         10:40:43:37:51:8e:1e:26:05:45:1c:11:bb:8e:d1:16:14:b1:
         cc:8b:6a:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSIJU1VayDY8IsdDxxOqFFxwBLskwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAxMTQwODA0NDFaFw0yNzAxMTMwODA5NDFaMDMxMTAvBgNV
BAMTKEZGMjFFRTgxNjU1Qjk2M0NENjhEN0Q1MkZBNjRGOUEyOTlBMTFGOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO5Zxtre7DbVo/Qbm0o3Nmv7h+
OAXo2PVETyxP4Lpe1Qe6E3vFEqozZupWfJYL7OtqhgBluTO+W9icoXYVhGSCdamX
C7RtPwGb+2r/y6SqEviIiLhboTtoEjLJaEs7JCqFl5JIHpb4gW5BzcRs5E032+zW
PPPhUAxqna5lenBdW5rRVLKc44PL6/leZFZq/aQmImv6PxmH2xMeu2qKSzW3HmR/
vZG4wgn3RIOhzHaz1yTBAtf0unHDJ7pY8OYCA97sQvkf6+kYmYwYMOaoX3R5mdTl
hj9b85/hmdHNqgnp2/bvwXGdR/HTVj8Ss1jeKLI3Y1WRnqX4ec9wSyQHZjKhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/yHugWVbljzWjX1S+mT5opmhH54wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjExODk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUikC
MA0GCSqGSIb3DQEBCwUAA4IBAQBUAHansWxFdjOPKVkLB37/1WdElC6JNvPEqKYm
JVe2Lkg1BUQXguf+qXQPUBLZPGjiKVHXWHCr+3UGI0fkwZbVm5SrcNfYlDu/qKTE
aY1UBaZ+CoxzEE0K5QJIVTSNTRhsYU3gyF0NXeD+MfA7N1KQ8EpML3/GFA/+sbVr
AXFY6YLmuoQoNCVKA5d8dAg3IV1SryOc4efycnFfT2mNopFNfDrR/retFNa9fFva
/FeoKXsgKf+CDo2RGJEYsDEZC52jlEN/+IygM1lbJ//rJUbTL2UIOK7AkKV0AU37
/89bxzA5fkItVFUjrBkQQEM3UY4eJgVFHBG7jtEWFLHMi2r4
-----END CERTIFICATE-----