This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213714.roa
File:                     AS213714.roa (raw, json)
Hash identifier:          +t8suECI+YyoQQWibmdMoK3MvMBevJVzuFZ/dZdMtpw=
Subject key identifier:   1C:A8:F6:70:E1:65:E8:11:2E:08:77:ED:28:6D:9B:7F:3E:B6:AC:B0
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4BE3F9E50770F44553201266BC1FD90FB6D1946A
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213714.roa
Signing time:             Tue 18 Nov 2025 01:08:06 +0000
ROA not before:           Tue 18 Nov 2025 01:03:06 +0000
ROA not after:            Tue 17 Nov 2026 01:08:06 +0000
asID:                     213714
IP address blocks:        2a0f:85c1:b34::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:e3:f9:e5:07:70:f4:45:53:20:12:66:bc:1f:d9:0f:b6:d1:94:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Nov 18 01:03:06 2025 GMT
            Not After : Nov 17 01:08:06 2026 GMT
        Subject: CN=1CA8F670E165E8112E0877ED286D9B7F3EB6ACB0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:3a:91:7f:b5:a6:20:8d:f0:49:e8:e2:4f:52:
                    9e:93:63:45:31:da:c2:39:43:46:10:88:96:62:1d:
                    8f:ac:05:63:7e:cb:05:76:eb:52:6c:ff:03:3e:08:
                    aa:8c:ce:bc:21:2a:4b:ca:4b:7a:07:a2:d3:cc:0f:
                    28:8b:31:85:61:55:62:16:7e:88:01:d9:3e:5c:67:
                    be:d2:35:ff:26:b5:5f:65:17:4a:f0:33:b9:cd:74:
                    1f:7f:21:28:68:89:2f:ab:36:82:82:74:c4:fd:99:
                    96:ce:60:6d:9c:31:ad:5d:6d:95:04:d0:4b:95:40:
                    de:77:f3:ad:2c:3a:ed:bf:fe:31:06:c3:3c:21:9c:
                    8d:f7:8f:8a:d7:d0:25:22:d8:10:7e:cb:e9:ab:53:
                    96:89:72:eb:08:8f:6b:4c:ea:67:5f:06:31:0f:e3:
                    7a:ea:1c:56:9b:20:36:f6:e6:0e:87:5d:0e:e5:03:
                    09:b6:d5:c4:eb:24:1b:b5:44:73:78:64:ff:2b:f5:
                    0d:75:9e:03:77:46:97:0a:38:35:ab:ee:db:89:d9:
                    17:59:cb:59:65:0b:df:e7:cb:40:57:7f:2c:2d:dc:
                    ef:0f:fa:32:59:35:7f:ce:98:cf:a7:ee:21:17:f4:
                    a0:7d:98:90:f0:b3:c7:9d:11:cc:56:3a:2d:9f:c7:
                    3f:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:A8:F6:70:E1:65:E8:11:2E:08:77:ED:28:6D:9B:7F:3E:B6:AC:B0
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213714.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b34::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:88:61:0d:62:4d:e1:7d:b3:b3:25:a2:49:bf:5f:11:6a:9f:
         70:35:26:08:1c:c8:80:e8:b5:ac:30:44:35:8e:3f:d4:59:a3:
         05:af:9c:14:68:e6:76:84:7d:4b:db:45:0f:1c:92:7e:c2:3a:
         b4:07:80:59:56:49:61:a0:c7:4b:1a:21:38:47:51:ac:b4:07:
         c6:87:b0:74:87:68:6d:90:34:62:cf:5a:93:2f:bd:3a:05:4c:
         18:51:90:1c:f7:24:76:c1:46:16:42:c2:24:26:02:cf:dc:77:
         ce:47:ac:cf:83:96:87:48:9f:ef:e6:59:21:10:60:2a:b0:21:
         e0:71:4e:12:c7:73:5c:19:45:fa:95:e8:92:f5:c5:61:07:e4:
         7d:80:1c:b4:ff:fc:e8:c2:d6:6f:a8:1c:0f:c5:c8:63:f4:4b:
         12:59:63:c9:d7:8c:85:7f:33:fc:00:23:0b:d3:0a:a0:d4:69:
         53:5f:f7:e3:c9:da:2e:76:7d:25:1f:12:2e:ae:66:ec:78:57:
         68:41:67:e3:ac:9c:3a:ab:2d:84:79:3c:fd:41:28:44:37:b7:
         7e:ac:39:a6:05:e1:1a:93:7e:4a:de:cd:e8:a0:c5:3f:90:3d:
         9b:22:58:48:8e:eb:f6:a3:1c:3b:08:fe:22:6a:45:81:35:7e:
         84:6b:be:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUS+P55Qdw9EVTIBJmvB/ZD7bRlGowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTExMTgwMTAzMDZaFw0yNjExMTcwMTA4MDZaMDMxMTAvBgNV
BAMTKDFDQThGNjcwRTE2NUU4MTEyRTA4NzdFRDI4NkQ5QjdGM0VCNkFDQjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoOpF/taYgjfBJ6OJPUp6TY0Ux
2sI5Q0YQiJZiHY+sBWN+ywV261Js/wM+CKqMzrwhKkvKS3oHotPMDyiLMYVhVWIW
fogB2T5cZ77SNf8mtV9lF0rwM7nNdB9/IShoiS+rNoKCdMT9mZbOYG2cMa1dbZUE
0EuVQN53860sOu2//jEGwzwhnI33j4rX0CUi2BB+y+mrU5aJcusIj2tM6mdfBjEP
43rqHFabIDb25g6HXQ7lAwm21cTrJBu1RHN4ZP8r9Q11ngN3RpcKODWr7tuJ2RdZ
y1llC9/ny0BXfywt3O8P+jJZNX/OmM+n7iEX9KB9mJDws8edEcxWOi2fxz9ZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUHKj2cOFl6BEuCHftKG2bfz62rLAwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNzE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQs0MA0GCSqGSIb3DQEBCwUAA4IBAQAliGENYk3hfbOzJaJJv18Rap9wNSYIHMiA
6LWsMEQ1jj/UWaMFr5wUaOZ2hH1L20UPHJJ+wjq0B4BZVklhoMdLGiE4R1GstAfG
h7B0h2htkDRiz1qTL706BUwYUZAc9yR2wUYWQsIkJgLP3HfOR6zPg5aHSJ/v5lkh
EGAqsCHgcU4Sx3NcGUX6leiS9cVhB+R9gBy0//zowtZvqBwPxchj9EsSWWPJ14yF
fzP8ACML0wqg1GlTX/fjydoudn0lHxIurmbseFdoQWfjrJw6qy2EeTz9QShEN7d+
rDmmBeEak35K3s3ooMU/kD2bIlhIjuv2oxw7CP4iakWBNX6Ea77f
-----END CERTIFICATE-----