This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213416.roa
File:                     AS213416.roa (raw, json)
Hash identifier:          +zWyjBw8nbT82mkPKj+FAge7TVBktlcJzOsQ8xqUiuw=
Subject key identifier:   4C:56:FC:F7:8D:99:C4:EE:FE:4E:90:82:A9:0A:7A:FC:A3:0C:FA:D1
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       29473CE5D085B6537E1C22E96F48723D7A182E9D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213416.roa
Signing time:             Sat 17 Jan 2026 16:08:18 +0000
ROA not before:           Sat 17 Jan 2026 16:03:18 +0000
ROA not after:            Sat 16 Jan 2027 16:08:18 +0000
asID:                     213416
IP address blocks:        2a0f:85c1:b7e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:47:3c:e5:d0:85:b6:53:7e:1c:22:e9:6f:48:72:3d:7a:18:2e:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 17 16:03:18 2026 GMT
            Not After : Jan 16 16:08:18 2027 GMT
        Subject: CN=4C56FCF78D99C4EEFE4E9082A90A7AFCA30CFAD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ec:14:ef:6d:c7:3d:2d:2c:02:bc:07:a6:00:
                    c4:e7:d2:59:d0:44:e0:ee:a0:8e:2d:e6:ab:93:24:
                    66:cf:7c:93:a3:0c:1b:61:c1:a6:16:19:2a:46:48:
                    ee:c4:ec:19:62:75:d2:0d:69:d3:1b:ec:c8:ce:c5:
                    cd:e6:f0:06:64:c7:c8:a1:b3:21:45:a1:c8:58:88:
                    7d:ca:76:39:d8:48:85:10:6b:7e:be:78:e9:62:32:
                    ac:79:48:c0:1b:61:79:c1:0f:5e:62:33:f3:c6:65:
                    b6:ad:e3:13:d0:32:16:24:18:c1:86:1f:da:3f:5b:
                    00:c2:bc:b9:e3:e7:a4:1a:1a:fb:e2:af:9c:3d:c8:
                    98:1b:c9:83:62:88:41:d4:00:0b:78:f3:d1:e9:a1:
                    91:9b:b9:f1:f0:f3:c1:a2:db:4b:b2:68:1c:5a:18:
                    1b:d6:28:59:08:45:b3:e6:d7:0e:39:e6:0b:bd:21:
                    43:e1:22:88:20:05:6f:57:b0:57:58:da:aa:25:29:
                    15:f0:a3:b4:d5:0a:43:04:f3:b1:a8:7a:98:f7:78:
                    81:cb:0b:d8:02:43:60:3a:38:0d:e9:9d:b0:5e:18:
                    26:be:4e:f7:5f:a1:96:61:85:4e:0a:8f:08:8d:09:
                    80:4b:d6:85:3e:d3:eb:e0:6c:1f:b6:a8:28:6b:52:
                    42:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:56:FC:F7:8D:99:C4:EE:FE:4E:90:82:A9:0A:7A:FC:A3:0C:FA:D1
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213416.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b7e::/48

    Signature Algorithm: sha256WithRSAEncryption
         e9:3a:62:67:cf:e1:87:3b:fe:08:51:f3:95:82:ad:0a:92:9a:
         79:d7:8e:ec:e2:0e:9a:88:36:a7:16:ac:3f:8c:c0:39:36:0c:
         13:98:14:66:3c:3b:42:4d:11:3b:11:d1:01:f3:be:77:39:df:
         98:5e:8f:e2:f3:47:4c:5e:13:12:2f:e9:bd:df:6b:eb:da:e3:
         22:02:0d:76:06:c5:fd:a2:c7:67:7b:24:80:c6:0c:ea:58:dd:
         a5:2b:1b:65:77:d8:14:9b:e4:08:62:bc:ce:79:14:1a:7e:9a:
         d2:f8:4a:b0:8e:11:ca:97:cf:88:4b:f0:f1:f7:a7:2d:12:bc:
         5a:ed:b4:26:6c:3e:3e:e0:8a:32:50:10:5d:0d:ff:12:4a:46:
         ac:e2:9c:a4:e2:b2:f2:18:e5:99:ab:59:55:a0:60:48:8e:01:
         44:db:39:ef:65:3f:73:cf:1c:7f:46:67:da:84:da:a2:e8:78:
         47:2d:99:68:4a:73:dd:96:5b:0a:af:8c:04:9b:30:1f:6d:53:
         2d:a4:17:8d:07:6a:1a:19:4a:8c:2f:f9:8f:0b:15:0b:db:f8:
         e9:9d:73:ae:c8:34:a6:6d:b9:d9:7f:10:45:99:9f:72:2c:34:
         17:c0:5d:d8:7b:f8:3b:8d:89:d0:1e:bd:03:d0:f6:9b:a5:25:
         bd:58:82:7c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKUc85dCFtlN+HCLpb0hyPXoYLp0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAxMTcxNjAzMThaFw0yNzAxMTYxNjA4MThaMDMxMTAvBgNV
BAMTKDRDNTZGQ0Y3OEQ5OUM0RUVGRTRFOTA4MkE5MEE3QUZDQTMwQ0ZBRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDG7BTvbcc9LSwCvAemAMTn0lnQ
RODuoI4t5quTJGbPfJOjDBthwaYWGSpGSO7E7BliddINadMb7MjOxc3m8AZkx8ih
syFFochYiH3KdjnYSIUQa36+eOliMqx5SMAbYXnBD15iM/PGZbat4xPQMhYkGMGG
H9o/WwDCvLnj56QaGvvir5w9yJgbyYNiiEHUAAt489HpoZGbufHw88Gi20uyaBxa
GBvWKFkIRbPm1w455gu9IUPhIoggBW9XsFdY2qolKRXwo7TVCkME87Goepj3eIHL
C9gCQ2A6OA3pnbBeGCa+TvdfoZZhhU4KjwiNCYBL1oU+0+vgbB+2qChrUkK9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUTFb8942ZxO7+TpCCqQp6/KMM+tEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDE2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQt+MA0GCSqGSIb3DQEBCwUAA4IBAQDpOmJnz+GHO/4IUfOVgq0Kkpp5147s4g6a
iDanFqw/jMA5NgwTmBRmPDtCTRE7EdEB8753Od+YXo/i80dMXhMSL+m932vr2uMi
Ag12BsX9osdneySAxgzqWN2lKxtld9gUm+QIYrzOeRQafprS+EqwjhHKl8+IS/Dx
96ctErxa7bQmbD4+4IoyUBBdDf8SSkas4pyk4rLyGOWZq1lVoGBIjgFE2znvZT9z
zxx/RmfahNqi6HhHLZloSnPdllsKr4wEmzAfbVMtpBeNB2oaGUqML/mPCxUL2/jp
nXOuyDSmbbnZfxBFmZ9yLDQXwF3Ye/g7jYnQHr0D0PabpSW9WIJ8
-----END CERTIFICATE-----