This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213493.roa
File:                     AS213493.roa (raw, json)
Hash identifier:          Ryr5Jcv8PO+8Xb1/L8eHv/OlW04B3/7izlO3QZcKX2g=
Subject key identifier:   63:03:E1:82:AD:6E:06:B2:52:EA:99:93:39:0F:26:CF:E5:80:45:38
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       723D7CC845576A36E6E7D4409EDF5840695915B7
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213493.roa
Signing time:             Thu 01 Jan 2026 21:08:15 +0000
ROA not before:           Thu 01 Jan 2026 21:03:15 +0000
ROA not after:            Thu 31 Dec 2026 21:08:15 +0000
asID:                     213493
IP address blocks:        2a0f:85c1:b72::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:3d:7c:c8:45:57:6a:36:e6:e7:d4:40:9e:df:58:40:69:59:15:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan  1 21:03:15 2026 GMT
            Not After : Dec 31 21:08:15 2026 GMT
        Subject: CN=6303E182AD6E06B252EA9993390F26CFE5804538
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f4:b3:0b:18:8c:b1:f9:10:98:ed:25:34:b3:
                    80:75:87:3f:91:32:c7:99:8d:b9:72:40:8f:57:29:
                    b7:25:6b:8b:95:f1:27:9b:b5:8f:7f:e8:68:e7:f4:
                    ac:29:f9:ca:08:0c:ac:14:de:55:5d:6b:1e:18:7c:
                    0d:e9:dc:88:68:06:8b:7c:03:c8:af:a4:1b:3f:d8:
                    3e:f3:22:56:fd:4e:e8:d3:f9:f8:7a:7e:0b:08:38:
                    ae:1f:7d:76:54:2d:7c:35:2c:fd:fc:25:ec:8f:d3:
                    25:e4:1b:f2:12:53:9a:a6:34:92:cc:d3:6e:d5:ed:
                    c7:af:b0:9f:bd:fd:7d:8e:53:57:67:b2:f7:09:ef:
                    a7:d4:75:2a:b4:9a:04:e9:b8:a1:3b:ee:a8:c0:68:
                    6e:ce:b3:d6:6f:75:5f:df:69:f6:2b:5d:a2:02:c0:
                    be:45:ed:a0:01:aa:e9:bd:e7:10:95:d4:d9:9f:d8:
                    41:a2:05:ba:45:9f:18:b4:2c:d8:e5:51:01:00:05:
                    ae:5a:d7:df:ca:de:72:5a:d4:55:3e:aa:54:97:f0:
                    a9:50:b4:54:7b:73:47:93:da:5a:f2:1b:25:f4:05:
                    f6:4c:1c:c7:7f:89:dc:9c:2b:95:f2:52:83:16:0a:
                    b4:97:36:19:b2:18:63:a3:1e:98:e2:ae:fe:8c:30:
                    9d:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:03:E1:82:AD:6E:06:B2:52:EA:99:93:39:0F:26:CF:E5:80:45:38
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213493.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b72::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:7c:7b:0f:23:4f:bc:a4:6f:07:91:b4:21:97:01:22:64:aa:
         76:df:5e:b9:23:7f:e9:9a:9d:49:15:47:2d:b2:42:bc:34:f3:
         43:1a:20:f6:ed:51:22:e5:58:25:e6:68:c8:f7:09:c3:0d:3d:
         22:9a:d1:50:a3:91:14:f3:4d:25:5c:7d:5c:17:31:89:ea:a6:
         1f:5f:b4:65:6e:29:5e:2f:13:58:31:74:97:46:ad:ff:54:86:
         cf:ab:e6:8b:63:ab:4c:3d:cd:8d:2d:43:7e:42:22:16:ab:e1:
         7c:05:36:7e:34:91:0e:58:35:32:ea:3e:5b:f7:a5:44:f0:51:
         6a:d9:7b:f1:bc:d4:eb:0a:5d:f8:61:a1:b7:e0:ad:2b:49:04:
         02:1f:44:7b:cf:59:24:aa:09:ad:c5:ac:2c:ba:fb:53:7a:5e:
         c5:69:6a:2d:38:38:a4:48:54:37:92:5e:75:5e:1c:44:16:3c:
         0c:44:09:fe:e3:0e:03:a7:60:79:dd:e4:0e:42:74:7d:9a:4d:
         6d:4a:19:ec:7f:ab:09:66:71:48:74:96:bc:e7:f1:23:a8:83:
         2d:3c:87:fb:aa:c4:5c:2c:94:d6:be:6d:f2:26:23:76:3d:81:
         05:ea:c8:00:49:23:f5:48:ee:81:f0:85:65:c9:8d:75:50:a4:
         f9:0e:d3:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUcj18yEVXajbm59RAnt9YQGlZFbcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAxMDEyMTAzMTVaFw0yNjEyMzEyMTA4MTVaMDMxMTAvBgNV
BAMTKDYzMDNFMTgyQUQ2RTA2QjI1MkVBOTk5MzM5MEYyNkNGRTU4MDQ1MzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDg9LMLGIyx+RCY7SU0s4B1hz+R
MseZjblyQI9XKbcla4uV8SebtY9/6Gjn9Kwp+coIDKwU3lVdax4YfA3p3IhoBot8
A8ivpBs/2D7zIlb9TujT+fh6fgsIOK4ffXZULXw1LP38JeyP0yXkG/ISU5qmNJLM
027V7cevsJ+9/X2OU1dnsvcJ76fUdSq0mgTpuKE77qjAaG7Os9ZvdV/fafYrXaIC
wL5F7aABqum95xCV1Nmf2EGiBbpFnxi0LNjlUQEABa5a19/K3nJa1FU+qlSX8KlQ
tFR7c0eT2lryGyX0BfZMHMd/idycK5XyUoMWCrSXNhmyGGOjHpjirv6MMJ2DAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUYwPhgq1uBrJS6pmTOQ8mz+WARTgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQtyMA0GCSqGSIb3DQEBCwUAA4IBAQAnfHsPI0+8pG8HkbQhlwEiZKp23165I3/p
mp1JFUctskK8NPNDGiD27VEi5Vgl5mjI9wnDDT0imtFQo5EU800lXH1cFzGJ6qYf
X7RlbileLxNYMXSXRq3/VIbPq+aLY6tMPc2NLUN+QiIWq+F8BTZ+NJEOWDUy6j5b
96VE8FFq2XvxvNTrCl34YaG34K0rSQQCH0R7z1kkqgmtxawsuvtTel7FaWotODik
SFQ3kl51XhxEFjwMRAn+4w4Dp2B53eQOQnR9mk1tShnsf6sJZnFIdJa85/EjqIMt
PIf7qsRcLJTWvm3yJiN2PYEF6sgASSP1SO6B8IVlyY11UKT5DtPf
-----END CERTIFICATE-----