This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213431.roa
File:                     AS213431.roa (raw, json)
Hash identifier:          6vXftrbz2v4KrPYBB484oqdiegSPoltjEhL5CeJsYj4=
Subject key identifier:   05:A2:61:87:7F:90:72:B3:9E:4F:E2:21:A4:B0:C9:4F:CD:5A:2A:C0
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       20545B496C116B839E7B282043E422B75E6BDD54
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213431.roa
Signing time:             Sat 17 Jan 2026 16:08:18 +0000
ROA not before:           Sat 17 Jan 2026 16:03:18 +0000
ROA not after:            Sat 16 Jan 2027 16:08:18 +0000
asID:                     213431
IP address blocks:        2a0f:85c1:b77::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:54:5b:49:6c:11:6b:83:9e:7b:28:20:43:e4:22:b7:5e:6b:dd:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 17 16:03:18 2026 GMT
            Not After : Jan 16 16:08:18 2027 GMT
        Subject: CN=05A261877F9072B39E4FE221A4B0C94FCD5A2AC0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:13:0e:9a:97:26:9b:0a:59:e7:b8:41:74:d4:
                    1b:ad:f2:03:86:ec:52:8a:2a:b6:2a:59:90:77:34:
                    00:a7:70:36:79:fc:7f:86:3b:27:50:d1:f8:1d:95:
                    c3:aa:57:3c:e6:00:6b:57:30:2c:a8:a7:06:2f:76:
                    e5:bb:1e:64:28:1a:62:36:0d:e7:da:82:f7:ed:4f:
                    d4:0a:f4:3c:33:a6:f6:56:ea:ce:0f:8b:cd:88:de:
                    dd:08:ed:4e:44:cf:a2:cb:ac:81:70:c4:32:40:99:
                    ea:19:74:af:8f:4d:14:2b:66:a5:a4:6c:e3:fa:76:
                    d2:a3:fa:a9:1c:2a:4f:66:c0:45:69:71:f2:06:2e:
                    98:95:45:79:53:50:29:25:f6:a8:80:c3:7b:19:b4:
                    ac:79:ae:c8:19:36:65:6f:9b:f6:95:fd:29:d7:20:
                    fb:39:40:a8:89:a9:75:51:8d:d1:24:b2:24:7d:72:
                    d0:35:61:02:6f:8f:5b:cc:e9:4a:cc:76:59:b9:69:
                    10:6f:8d:41:47:2c:fa:dc:5d:bb:a2:3f:3f:62:b1:
                    e1:1f:62:93:26:07:96:46:76:46:6d:b1:7b:d9:68:
                    a7:1d:50:90:78:0f:c8:c5:cd:c6:05:cb:4c:43:72:
                    c3:5d:5a:f3:a8:b6:43:6b:d9:8b:4b:8e:dd:c5:7c:
                    e3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A2:61:87:7F:90:72:B3:9E:4F:E2:21:A4:B0:C9:4F:CD:5A:2A:C0
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b77::/48

    Signature Algorithm: sha256WithRSAEncryption
         ab:0f:99:34:7c:6f:45:d1:cb:6a:7d:39:46:1a:f9:b1:14:ad:
         74:0a:0b:13:99:cf:f1:70:8b:33:cc:fc:8b:c6:61:ba:5d:99:
         e4:f6:dd:aa:bc:f2:bf:0a:c6:83:0f:80:1f:42:7a:4e:a4:a9:
         68:ec:67:b5:85:71:e7:81:77:6f:3c:13:5c:57:24:ae:f6:39:
         51:cd:4f:d9:f2:89:1a:81:03:b3:6e:fd:12:6a:f0:19:f5:8d:
         90:7f:e0:f0:47:85:fb:10:77:86:e0:a1:89:f7:36:ec:ae:dd:
         49:5b:75:c6:f6:39:d0:86:78:a8:ae:7c:ba:07:cb:b5:7d:6d:
         16:b5:31:ff:db:62:d1:04:c6:b7:77:8f:81:c5:f1:f4:3d:f1:
         73:57:91:c6:d8:5f:66:1d:d7:36:d3:d3:15:6f:a0:72:2a:5d:
         f9:06:4e:ba:b8:db:10:98:fc:7e:38:fd:db:dd:a7:9a:cb:ba:
         84:d6:b7:3f:d4:9e:02:8e:ed:5e:3b:e2:20:0c:47:57:78:82:
         6b:c6:5b:19:98:58:12:6d:aa:3a:49:70:b4:91:3c:f5:01:b6:
         44:94:24:c8:80:7e:d8:cd:3f:3f:98:fb:b8:f3:28:8c:02:98:
         40:8f:3f:57:85:09:24:8a:cb:bd:18:3d:ff:09:28:4a:99:ec:
         bc:10:73:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUIFRbSWwRa4OeeyggQ+Qit15r3VQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAxMTcxNjAzMThaFw0yNzAxMTYxNjA4MThaMDMxMTAvBgNV
BAMTKDA1QTI2MTg3N0Y5MDcyQjM5RTRGRTIyMUE0QjBDOTRGQ0Q1QTJBQzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiEw6alyabClnnuEF01But8gOG
7FKKKrYqWZB3NACncDZ5/H+GOydQ0fgdlcOqVzzmAGtXMCyopwYvduW7HmQoGmI2
DefagvftT9QK9DwzpvZW6s4Pi82I3t0I7U5Ez6LLrIFwxDJAmeoZdK+PTRQrZqWk
bOP6dtKj+qkcKk9mwEVpcfIGLpiVRXlTUCkl9qiAw3sZtKx5rsgZNmVvm/aV/SnX
IPs5QKiJqXVRjdEksiR9ctA1YQJvj1vM6UrMdlm5aRBvjUFHLPrcXbuiPz9iseEf
YpMmB5ZGdkZtsXvZaKcdUJB4D8jFzcYFy0xDcsNdWvOotkNr2YtLjt3FfOPFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUBaJhh3+QcrOeT+IhpLDJT81aKsAwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQt3MA0GCSqGSIb3DQEBCwUAA4IBAQCrD5k0fG9F0ctqfTlGGvmxFK10CgsTmc/x
cIszzPyLxmG6XZnk9t2qvPK/CsaDD4AfQnpOpKlo7Ge1hXHngXdvPBNcVySu9jlR
zU/Z8okagQOzbv0SavAZ9Y2Qf+DwR4X7EHeG4KGJ9zbsrt1JW3XG9jnQhniorny6
B8u1fW0WtTH/22LRBMa3d4+BxfH0PfFzV5HG2F9mHdc209MVb6ByKl35Bk66uNsQ
mPx+OP3b3aeay7qE1rc/1J4Cju1eO+IgDEdXeIJrxlsZmFgSbao6SXC0kTz1AbZE
lCTIgH7YzT8/mPu48yiMAphAjz9XhQkkisu9GD3/CShKmey8EHNj
-----END CERTIFICATE-----