This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213543.roa
File:                     AS213543.roa (raw, json)
Hash identifier:          bauoTJ5RcFEATacsbQiHLVok/YZYbLyDwicldC1MQZU=
Subject key identifier:   AC:28:D0:D2:55:FF:8D:F9:94:9A:72:72:28:01:6C:1A:AB:9B:9A:A1
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0EBABB249197861938A877CE234736B8BE108FD6
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213543.roa
Signing time:             Tue 30 Dec 2025 11:08:15 +0000
ROA not before:           Tue 30 Dec 2025 11:03:15 +0000
ROA not after:            Tue 29 Dec 2026 11:08:15 +0000
asID:                     213543
IP address blocks:        2a0f:85c1:b4e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:ba:bb:24:91:97:86:19:38:a8:77:ce:23:47:36:b8:be:10:8f:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Dec 30 11:03:15 2025 GMT
            Not After : Dec 29 11:08:15 2026 GMT
        Subject: CN=AC28D0D255FF8DF9949A727228016C1AAB9B9AA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:be:af:fe:4f:5c:3f:46:a9:cd:e3:6f:9d:c6:
                    d7:c4:e7:9b:a5:c5:cf:e4:ff:84:06:58:3b:df:f4:
                    89:2b:0c:07:f9:52:1d:b4:f4:e8:57:1f:a8:81:6b:
                    1f:78:17:b8:9d:3e:e2:e3:cf:4e:69:6e:84:ca:01:
                    71:ee:35:e7:ec:0c:22:7b:b8:38:4c:c7:1f:59:ac:
                    6c:c8:54:27:9f:f4:ca:e3:b4:93:dc:25:31:df:b3:
                    33:e1:f6:f8:f5:d6:21:91:96:dc:93:9a:73:ed:73:
                    f7:f7:e5:1b:04:83:0e:ca:25:46:85:bf:0a:a1:44:
                    1a:9b:ee:8f:95:19:43:5a:50:cb:4c:ff:14:2e:4c:
                    9f:da:da:a1:9e:6b:bc:7d:8a:d5:ac:21:2c:bd:df:
                    b7:1b:c8:fc:87:e8:22:75:07:cd:fd:45:8f:ee:f0:
                    23:6e:d4:9e:e6:51:46:0a:5e:2d:bf:81:03:78:9a:
                    d8:56:10:0e:af:60:a4:0e:99:f5:7e:8b:12:0c:a2:
                    4b:cd:1d:23:22:12:53:6f:a6:a7:d7:b5:d8:42:90:
                    dc:aa:0c:b5:b9:08:54:a5:8e:d2:29:97:ce:30:e1:
                    70:fc:f1:71:25:9f:72:6f:4c:5e:a0:0f:38:80:b1:
                    6e:ff:e9:d8:81:50:2c:52:da:4b:c1:92:4b:1b:2e:
                    25:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:28:D0:D2:55:FF:8D:F9:94:9A:72:72:28:01:6C:1A:AB:9B:9A:A1
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213543.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b4e::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:da:23:31:b0:ac:43:84:e1:76:96:8c:87:ac:12:45:b4:ee:
         d4:7b:b7:3e:6f:af:ff:19:d7:63:24:1b:05:44:0f:29:17:b9:
         d3:c1:a3:3a:1c:d4:05:03:2f:2c:1c:5b:24:2a:af:81:07:72:
         12:07:4d:62:21:b6:62:a3:ce:c3:f6:80:4b:a7:11:97:c5:af:
         e5:c5:7f:97:cd:f2:33:0d:42:f1:1f:4f:7e:87:e5:a6:94:f1:
         fe:2c:f4:1c:0a:1c:1e:12:9e:b5:56:0b:6f:b6:af:5a:9a:02:
         df:4f:d4:34:87:78:47:fb:de:10:b7:4a:58:ed:88:3c:1f:99:
         04:e9:e2:bd:d7:71:c1:3b:d2:ab:5b:04:f6:f3:e8:f1:25:e8:
         f2:e0:b7:79:1f:1f:1c:58:b0:81:a0:8a:90:1e:a4:f8:c6:71:
         38:93:22:58:e2:69:c8:17:17:6d:d6:07:dd:04:eb:14:5c:b7:
         5f:62:18:12:3d:7f:fa:54:b9:ad:1f:c2:67:eb:3a:7e:34:26:
         09:20:23:ad:5c:8b:7b:a7:2f:15:42:cf:d0:1d:ae:33:80:a0:
         80:bd:59:0b:74:9a:7a:3d:fa:06:ef:c2:c1:4a:86:14:27:ee:
         6e:af:4d:45:da:c1:e2:57:86:87:eb:92:02:30:b4:e3:d7:f1:
         be:51:96:8d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUDrq7JJGXhhk4qHfOI0c2uL4Qj9YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEyMzAxMTAzMTVaFw0yNjEyMjkxMTA4MTVaMDMxMTAvBgNV
BAMTKEFDMjhEMEQyNTVGRjhERjk5NDlBNzI3MjI4MDE2QzFBQUI5QjlBQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBvq/+T1w/RqnN42+dxtfE55ul
xc/k/4QGWDvf9IkrDAf5Uh209OhXH6iBax94F7idPuLjz05pboTKAXHuNefsDCJ7
uDhMxx9ZrGzIVCef9MrjtJPcJTHfszPh9vj11iGRltyTmnPtc/f35RsEgw7KJUaF
vwqhRBqb7o+VGUNaUMtM/xQuTJ/a2qGea7x9itWsISy937cbyPyH6CJ1B839RY/u
8CNu1J7mUUYKXi2/gQN4mthWEA6vYKQOmfV+ixIMokvNHSMiElNvpqfXtdhCkNyq
DLW5CFSljtIpl84w4XD88XEln3JvTF6gDziAsW7/6diBUCxS2kvBkksbLiUFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUrCjQ0lX/jfmUmnJyKAFsGqubmqEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNTQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQtOMA0GCSqGSIb3DQEBCwUAA4IBAQCE2iMxsKxDhOF2loyHrBJFtO7Ue7c+b6//
GddjJBsFRA8pF7nTwaM6HNQFAy8sHFskKq+BB3ISB01iIbZio87D9oBLpxGXxa/l
xX+XzfIzDULxH09+h+WmlPH+LPQcChweEp61Vgtvtq9amgLfT9Q0h3hH+94Qt0pY
7Yg8H5kE6eK913HBO9KrWwT28+jxJejy4Ld5Hx8cWLCBoIqQHqT4xnE4kyJY4mnI
Fxdt1gfdBOsUXLdfYhgSPX/6VLmtH8Jn6zp+NCYJICOtXIt7py8VQs/QHa4zgKCA
vVkLdJp6PfoG78LBSoYUJ+5ur01F2sHiV4aH65ICMLTj1/G+UZaN
-----END CERTIFICATE-----