This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214132.roa
File:                     AS214132.roa (raw, json)
Hash identifier:          J7R2F+rzOTRI4j8KNEXD1Snx+vU7pqM625AunLKKhkI=
Subject key identifier:   70:04:23:23:A2:E5:A8:FE:20:66:DA:9A:E7:BE:18:58:0A:4E:FA:97
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1C4DFCA889C269BF9FB3F039E654B15749E36C3A
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214132.roa
Signing time:             Tue 11 Nov 2025 17:16:00 +0000
ROA not before:           Tue 11 Nov 2025 17:11:00 +0000
ROA not after:            Tue 10 Nov 2026 17:16:00 +0000
asID:                     214132
IP address blocks:        185.155.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Dec 2025 00:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:4d:fc:a8:89:c2:69:bf:9f:b3:f0:39:e6:54:b1:57:49:e3:6c:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Nov 11 17:11:00 2025 GMT
            Not After : Nov 10 17:16:00 2026 GMT
        Subject: CN=70042323A2E5A8FE2066DA9AE7BE18580A4EFA97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ad:24:8a:0d:66:01:9b:87:02:7d:ed:0e:c4:
                    f4:30:4e:db:2b:91:47:08:d0:63:98:ee:af:d6:7f:
                    7d:de:aa:23:92:8a:55:d8:5a:c5:f4:5b:51:c7:f0:
                    3f:1f:69:94:8d:33:36:4d:ef:29:ff:0d:44:01:d1:
                    e1:1f:0a:62:3f:6c:6f:99:3e:8b:1e:5b:85:7d:27:
                    52:cc:06:9b:21:7e:07:12:43:df:6a:f6:05:6c:8a:
                    fa:bf:ab:85:18:9c:ad:36:e5:31:6c:2d:8d:7a:d7:
                    7d:de:6a:7c:f6:bd:d0:d2:04:dc:05:37:11:a0:5d:
                    00:26:ea:94:d7:86:14:45:a8:91:80:66:8a:22:b0:
                    a0:7b:9f:3d:e5:07:22:52:7c:c9:1e:ca:42:7e:25:
                    f9:99:6d:06:b4:ad:1f:9c:92:b6:f1:7d:ce:d5:c6:
                    2b:57:9c:5c:a6:74:e2:ec:1f:0c:51:cd:1a:59:dc:
                    ec:13:d1:47:5b:c9:47:16:09:1a:8b:7c:01:a5:31:
                    2e:80:0e:c6:83:f8:ca:ed:30:4a:68:e0:4e:90:1b:
                    ee:77:e9:c2:a3:23:95:58:cc:ec:58:d5:4e:f7:33:
                    60:81:35:f2:7c:e9:f7:21:9c:47:95:c1:b3:2d:8b:
                    24:fa:b5:1c:31:01:65:4c:e1:68:a2:c9:9f:f6:83:
                    99:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:04:23:23:A2:E5:A8:FE:20:66:DA:9A:E7:BE:18:58:0A:4E:FA:97
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS214132.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:ca:e5:69:f3:c0:8e:33:40:e2:5d:ac:f4:9e:be:cd:78:70:
         0a:cf:7f:a6:5b:1c:04:be:4c:f1:9f:c8:f1:ba:88:68:98:b5:
         1b:17:d1:49:dc:cc:17:62:72:c4:0a:7e:36:cb:87:8f:16:05:
         6c:09:a6:ef:b9:1d:96:40:52:05:fe:cf:c5:18:a5:6f:6b:47:
         72:b9:e0:23:1a:90:39:3d:33:9c:7c:04:e0:66:83:0c:e6:e2:
         a4:9a:0c:f8:cb:26:04:22:ff:d7:ad:8f:48:7e:16:ff:4b:30:
         1c:d5:11:02:46:00:bb:de:d3:14:d3:18:4f:f1:40:be:e5:44:
         17:e9:4e:3a:ac:32:ca:9b:c1:2c:b3:fc:fb:5b:68:0f:51:76:
         fd:7a:60:96:d8:40:cf:42:c1:d4:7c:4a:0c:5b:70:6b:78:c4:
         06:31:b2:f7:cf:bf:51:79:1d:52:8a:54:80:42:74:61:0b:89:
         1f:28:c8:41:9c:34:51:22:ae:f2:f4:95:80:99:ec:24:b9:c2:
         4c:4d:db:59:a7:f9:b8:38:d0:6a:1a:2a:78:2a:9c:76:55:4a:
         4f:0f:36:7a:81:c0:97:c1:e9:d4:a6:fb:34:e2:d7:c7:3b:2b:
         ba:70:88:c4:4d:93:63:99:b9:e1:b7:49:9d:90:46:70:c0:87:
         c2:5f:1c:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHE38qInCab+fs/A55lSxV0njbDowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTExMTExNzExMDBaFw0yNjExMTAxNzE2MDBaMDMxMTAvBgNV
BAMTKDcwMDQyMzIzQTJFNUE4RkUyMDY2REE5QUU3QkUxODU4MEE0RUZBOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7rSSKDWYBm4cCfe0OxPQwTtsr
kUcI0GOY7q/Wf33eqiOSilXYWsX0W1HH8D8faZSNMzZN7yn/DUQB0eEfCmI/bG+Z
PoseW4V9J1LMBpshfgcSQ99q9gVsivq/q4UYnK025TFsLY16133eanz2vdDSBNwF
NxGgXQAm6pTXhhRFqJGAZooisKB7nz3lByJSfMkeykJ+JfmZbQa0rR+ckrbxfc7V
xitXnFymdOLsHwxRzRpZ3OwT0UdbyUcWCRqLfAGlMS6ADsaD+MrtMEpo4E6QG+53
6cKjI5VYzOxY1U73M2CBNfJ86fchnEeVwbMtiyT6tRwxAWVM4WiiyZ/2g5lzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUcAQjI6LlqP4gZtqa574YWApO+pcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjE0MTMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZvf
MA0GCSqGSIb3DQEBCwUAA4IBAQDIyuVp88COM0DiXaz0nr7NeHAKz3+mWxwEvkzx
n8jxuohomLUbF9FJ3MwXYnLECn42y4ePFgVsCabvuR2WQFIF/s/FGKVva0dyueAj
GpA5PTOcfATgZoMM5uKkmgz4yyYEIv/XrY9Ifhb/SzAc1RECRgC73tMU0xhP8UC+
5UQX6U46rDLKm8Ess/z7W2gPUXb9emCW2EDPQsHUfEoMW3BreMQGMbL3z79ReR1S
ilSAQnRhC4kfKMhBnDRRIq7y9JWAmewkucJMTdtZp/m4ONBqGip4Kpx2VUpPDzZ6
gcCXwenUpvs04tfHOyu6cIjETZNjmbnht0mdkEZwwIfCXxyk
-----END CERTIFICATE-----