This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213424.roa
File:                     AS213424.roa (raw, json)
Hash identifier:          k+6ykVfkvWqBn2P3rz6qe9iHm4tm3lyGEhI9o+A/lAU=
Subject key identifier:   92:0C:5D:37:EE:7D:7C:F3:F2:25:3B:53:D8:C9:0B:02:C2:2A:21:35
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       7ED9BFCDF8756FC6248F62E17EDEE22DE9EA4572
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213424.roa
Signing time:             Sat 17 Jan 2026 16:08:18 +0000
ROA not before:           Sat 17 Jan 2026 16:03:18 +0000
ROA not after:            Sat 16 Jan 2027 16:08:18 +0000
asID:                     213424
IP address blocks:        2a0f:85c1:b7c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:d9:bf:cd:f8:75:6f:c6:24:8f:62:e1:7e:de:e2:2d:e9:ea:45:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 17 16:03:18 2026 GMT
            Not After : Jan 16 16:08:18 2027 GMT
        Subject: CN=920C5D37EE7D7CF3F2253B53D8C90B02C22A2135
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a7:13:e9:4e:db:59:06:66:74:da:ff:a4:21:
                    e9:cd:8e:44:02:95:c4:76:61:84:b3:1e:5a:61:82:
                    44:0f:9e:1a:e8:a4:5d:2a:d5:33:e5:e7:fb:cc:23:
                    09:7b:b9:52:65:61:10:87:e0:7f:e0:f9:0a:13:90:
                    b3:73:41:5a:30:57:13:1d:18:ee:74:79:7e:ac:58:
                    a5:9d:cf:58:e6:ae:4b:e0:5d:3f:9a:1d:96:62:db:
                    28:44:fb:29:e9:21:63:ce:87:72:bc:8c:32:50:4b:
                    d8:0b:7a:a2:bf:a8:e0:a8:b9:b1:69:3f:7d:e1:ed:
                    1a:b8:d6:0e:4c:20:27:75:f6:46:e5:5b:11:6d:d3:
                    6e:99:8b:60:20:f5:5b:3a:7e:7c:1c:f6:8b:59:7c:
                    76:16:8a:e0:58:1d:2a:6d:89:f0:14:95:95:84:43:
                    d7:7a:6b:f0:76:78:44:73:f4:dd:39:64:f7:a1:0d:
                    19:7c:b7:0d:2c:8a:e3:c2:21:2a:a0:83:48:04:fd:
                    c3:7b:68:47:90:38:7e:7f:95:c2:a6:ce:8b:6f:25:
                    0d:d9:d7:24:de:fd:4d:05:10:7a:57:3c:7b:c1:60:
                    bd:c2:34:c8:b7:bd:fe:25:e2:02:13:73:9d:6a:a5:
                    4b:de:9e:86:eb:40:ba:cf:18:ce:34:44:ee:a1:ed:
                    fa:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:0C:5D:37:EE:7D:7C:F3:F2:25:3B:53:D8:C9:0B:02:C2:2A:21:35
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213424.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         d6:32:95:a7:1d:69:5d:ca:ec:b8:5d:6f:e1:00:66:65:fb:69:
         4c:ca:90:b0:ed:c5:be:15:33:af:3b:11:db:33:13:5e:7e:79:
         e5:2a:54:f6:f1:11:f3:ec:13:95:15:fe:c2:13:92:34:a2:6c:
         a4:7e:1d:de:df:1c:1e:0b:3a:de:fd:8a:5d:df:6a:8f:61:f3:
         9f:23:84:15:12:44:31:82:26:43:1b:79:c4:d6:6a:0a:2d:15:
         a4:5f:16:d1:53:1b:ee:73:ee:c2:59:0e:5a:f1:4b:87:b8:dd:
         0d:80:96:f5:eb:5f:47:00:58:b0:f2:c2:77:9d:92:ab:91:2e:
         16:ba:74:3a:68:58:c9:46:ad:f7:d5:5e:10:f0:6d:bf:b4:2c:
         56:54:b7:c5:e9:d5:62:8d:35:65:07:0c:df:a3:6e:35:81:ad:
         a6:ef:c1:b6:70:7c:c2:71:96:e2:cb:cc:84:6e:54:9c:5e:26:
         4f:9c:2a:2f:2b:5d:b8:53:7d:01:cf:02:03:69:30:f6:5e:a3:
         12:c8:49:e4:06:94:be:4a:73:64:bb:8f:88:e9:6a:8e:3a:84:
         de:7c:1e:49:19:7a:22:57:b5:d3:da:fe:58:e8:ec:0f:cc:87:
         7e:0c:32:7e:bf:31:13:ff:21:d8:80:9e:b3:e7:f4:74:a2:df:
         c6:32:b7:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUftm/zfh1b8Ykj2Lhft7iLenqRXIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAxMTcxNjAzMThaFw0yNzAxMTYxNjA4MThaMDMxMTAvBgNV
BAMTKDkyMEM1RDM3RUU3RDdDRjNGMjI1M0I1M0Q4QzkwQjAyQzIyQTIxMzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWpxPpTttZBmZ02v+kIenNjkQC
lcR2YYSzHlphgkQPnhropF0q1TPl5/vMIwl7uVJlYRCH4H/g+QoTkLNzQVowVxMd
GO50eX6sWKWdz1jmrkvgXT+aHZZi2yhE+ynpIWPOh3K8jDJQS9gLeqK/qOCoubFp
P33h7Rq41g5MICd19kblWxFt026Zi2Ag9Vs6fnwc9otZfHYWiuBYHSptifAUlZWE
Q9d6a/B2eERz9N05ZPehDRl8tw0siuPCISqgg0gE/cN7aEeQOH5/lcKmzotvJQ3Z
1yTe/U0FEHpXPHvBYL3CNMi3vf4l4gITc51qpUvenobrQLrPGM40RO6h7fp5AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUkgxdN+59fPPyJTtT2MkLAsIqITUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQt8MA0GCSqGSIb3DQEBCwUAA4IBAQDWMpWnHWldyuy4XW/hAGZl+2lMypCw7cW+
FTOvOxHbMxNefnnlKlT28RHz7BOVFf7CE5I0omykfh3e3xweCzre/Ypd32qPYfOf
I4QVEkQxgiZDG3nE1moKLRWkXxbRUxvuc+7CWQ5a8UuHuN0NgJb1619HAFiw8sJ3
nZKrkS4WunQ6aFjJRq331V4Q8G2/tCxWVLfF6dVijTVlBwzfo241ga2m78G2cHzC
cZbiy8yEblScXiZPnCovK124U30BzwIDaTD2XqMSyEnkBpS+SnNku4+I6WqOOoTe
fB5JGXoiV7XT2v5Y6OwPzId+DDJ+vzET/yHYgJ6z5/R0ot/GMreS
-----END CERTIFICATE-----