This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214457.roa
File:                     AS214457.roa (raw, json)
Hash identifier:          QhfRkUCgodSqi9xdvKGaknC26ydGtOHi7Qvkl5xpsOo=
Subject key identifier:   7C:8B:7B:87:D4:05:6A:61:55:A8:11:58:51:8D:AD:16:ED:92:D3:C7
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4DAAAE2B2B759BBBAA325B3E712503CECBB6AD92
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214457.roa
Signing time:             Wed 17 Dec 2025 15:55:32 +0000
ROA not before:           Wed 17 Dec 2025 15:50:32 +0000
ROA not after:            Wed 16 Dec 2026 15:55:32 +0000
asID:                     214457
IP address blocks:        82.29.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 22 Dec 2025 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:aa:ae:2b:2b:75:9b:bb:aa:32:5b:3e:71:25:03:ce:cb:b6:ad:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Dec 17 15:50:32 2025 GMT
            Not After : Dec 16 15:55:32 2026 GMT
        Subject: CN=7C8B7B87D4056A6155A81158518DAD16ED92D3C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:90:7f:48:18:28:14:83:c4:cb:75:39:a9:e4:
                    d5:5d:36:7c:0b:64:da:f9:46:f1:9d:25:71:f1:bd:
                    c6:ee:60:f8:2d:a9:36:06:d7:f5:59:0a:56:41:b5:
                    39:eb:a4:38:3f:0f:10:4b:1c:90:ca:94:15:0e:38:
                    68:da:c7:70:fa:b9:c7:c9:29:16:7b:99:aa:85:9c:
                    6f:7a:b2:e3:8e:a8:fb:bb:f2:af:77:9b:db:d5:3a:
                    09:dc:28:13:42:48:b1:d9:99:99:90:e2:53:f6:49:
                    41:a2:d9:c0:8b:a4:1f:e8:3e:10:a7:54:ea:5c:5b:
                    1d:1a:ad:ad:16:6a:7f:23:aa:47:88:89:06:40:b6:
                    34:04:ca:d2:52:06:14:d7:25:bd:23:f0:a4:a2:53:
                    73:44:fc:5e:22:7b:92:ac:bf:3c:ee:93:40:e6:6b:
                    99:20:8a:43:99:8e:b3:d9:27:63:e4:90:77:b1:a4:
                    7c:1a:64:d1:52:73:17:92:c8:26:6f:23:8b:d3:01:
                    42:e4:a5:fb:11:5f:07:ac:91:22:04:3e:49:fb:bf:
                    b1:27:db:08:05:55:fe:7c:79:12:c9:a2:1b:33:0d:
                    43:86:b2:b3:05:d8:aa:22:de:11:85:5c:10:73:cc:
                    f1:eb:57:e9:14:ef:79:d2:72:b2:b8:f5:de:73:0b:
                    41:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:8B:7B:87:D4:05:6A:61:55:A8:11:58:51:8D:AD:16:ED:92:D3:C7
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214457.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:99:82:8d:b7:5c:c3:79:47:c3:71:25:5f:60:61:a1:6e:7b:
         3b:e5:45:fd:52:63:69:9a:8a:7b:0d:c3:25:d3:2d:b7:15:85:
         4f:d1:05:79:d9:86:36:3a:4c:97:65:61:d9:45:d0:d8:1e:0f:
         74:21:4f:1f:a6:d6:58:53:ff:e7:d2:d9:ff:8c:ec:a0:00:ea:
         f8:13:c4:85:68:9d:40:98:1c:c2:c4:41:26:38:69:b7:04:71:
         93:40:72:e7:89:88:d0:0e:3b:b3:7e:22:a4:52:96:f2:27:d7:
         95:3a:09:d5:78:ea:31:14:43:01:7c:1f:85:f9:a0:87:7e:e5:
         e4:d3:3b:87:5c:46:7d:c8:0c:1f:34:71:8e:a0:0f:e1:d9:ff:
         4c:77:0b:3b:fc:a3:90:be:24:df:50:66:05:e1:d3:61:ac:67:
         59:fc:61:2f:99:ac:d3:b8:bf:1a:a3:b6:f8:7f:0e:20:51:eb:
         7d:98:5e:7d:c8:50:81:05:48:37:08:13:92:2d:44:c9:86:a0:
         04:14:c0:52:a4:35:48:6c:2c:fd:1c:bc:5d:53:40:ec:a6:d2:
         99:4b:88:a2:bb:2a:f5:a4:9b:5b:00:74:7c:32:2b:0e:00:7e:
         ac:5b:c8:5f:7b:4e:13:2b:d2:9b:73:2c:df:ea:ae:d3:61:bc:
         ae:a7:e0:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTaquKyt1m7uqMls+cSUDzsu2rZIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEyMTcxNTUwMzJaFw0yNjEyMTYxNTU1MzJaMDMxMTAvBgNV
BAMTKDdDOEI3Qjg3RDQwNTZBNjE1NUE4MTE1ODUxOERBRDE2RUQ5MkQzQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvkH9IGCgUg8TLdTmp5NVdNnwL
ZNr5RvGdJXHxvcbuYPgtqTYG1/VZClZBtTnrpDg/DxBLHJDKlBUOOGjax3D6ucfJ
KRZ7maqFnG96suOOqPu78q93m9vVOgncKBNCSLHZmZmQ4lP2SUGi2cCLpB/oPhCn
VOpcWx0ara0Wan8jqkeIiQZAtjQEytJSBhTXJb0j8KSiU3NE/F4ie5Ksvzzuk0Dm
a5kgikOZjrPZJ2PkkHexpHwaZNFScxeSyCZvI4vTAULkpfsRXweskSIEPkn7v7En
2wgFVf58eRLJohszDUOGsrMF2Koi3hGFXBBzzPHrV+kU73nScrK49d5zC0F7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfIt7h9QFamFVqBFYUY2tFu2S08cwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NDU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUh1A
MA0GCSqGSIb3DQEBCwUAA4IBAQAqmYKNt1zDeUfDcSVfYGGhbns75UX9UmNpmop7
DcMl0y23FYVP0QV52YY2OkyXZWHZRdDYHg90IU8fptZYU//n0tn/jOygAOr4E8SF
aJ1AmBzCxEEmOGm3BHGTQHLniYjQDjuzfiKkUpbyJ9eVOgnVeOoxFEMBfB+F+aCH
fuXk0zuHXEZ9yAwfNHGOoA/h2f9Mdws7/KOQviTfUGYF4dNhrGdZ/GEvmazTuL8a
o7b4fw4gUet9mF59yFCBBUg3CBOSLUTJhqAEFMBSpDVIbCz9HLxdU0DsptKZS4ii
uyr1pJtbAHR8MisOAH6sW8hfe04TK9Kbcyzf6q7TYbyup+AX
-----END CERTIFICATE-----