This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213769.roa
File:                     AS213769.roa (raw, json)
Hash identifier:          P1eXT342tt4jc5/+0oh/vLwKpZDMxBFCECyZ0H8O3Ao=
Subject key identifier:   A4:F5:78:29:B4:EA:9C:F1:C4:A8:B7:65:01:A7:A3:26:BC:6D:6F:6E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       7F671F8403CE41FA9B44E6C874CC791573520B6D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213769.roa
Signing time:             Fri 07 Nov 2025 13:07:58 +0000
ROA not before:           Fri 07 Nov 2025 13:02:58 +0000
ROA not after:            Fri 06 Nov 2026 13:07:58 +0000
asID:                     213769
IP address blocks:        2a0f:85c1:8f4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:67:1f:84:03:ce:41:fa:9b:44:e6:c8:74:cc:79:15:73:52:0b:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Nov  7 13:02:58 2025 GMT
            Not After : Nov  6 13:07:58 2026 GMT
        Subject: CN=A4F57829B4EA9CF1C4A8B76501A7A326BC6D6F6E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cc:90:67:ef:2a:6c:bf:bb:9c:f4:fd:77:b6:
                    8a:54:92:40:c9:41:dc:f9:c9:08:50:7a:44:ec:eb:
                    e5:a7:5c:d7:77:9c:bf:89:b3:c5:fd:4b:ea:42:04:
                    68:07:1a:05:6a:c3:69:44:8c:3f:0a:4f:ae:40:a1:
                    ce:b2:cc:73:a8:e2:fe:09:dd:b5:4a:36:34:1b:45:
                    50:27:22:56:38:c8:0b:8d:15:2d:76:ab:34:aa:f4:
                    17:e8:71:e8:d4:35:16:dc:07:d3:79:8d:2d:7f:9e:
                    99:e7:1d:13:f9:58:3e:37:de:5a:6b:6c:db:7b:42:
                    15:ab:cf:1e:aa:9c:bf:ea:34:1d:3a:05:1a:38:66:
                    59:61:9a:df:ce:07:fa:4e:eb:54:25:93:78:aa:3f:
                    1e:83:53:69:6b:bf:2f:82:e9:f8:95:46:80:6c:e0:
                    b9:84:ed:76:2d:9a:de:08:ce:8f:20:6c:4f:96:aa:
                    c2:5e:7c:0f:2f:c7:29:bc:d0:3c:23:54:c4:86:e0:
                    b1:18:ec:6d:60:2c:83:52:bd:7f:6e:cf:38:bf:1a:
                    b4:09:1a:99:a3:20:75:15:5d:3c:3a:05:52:6c:a0:
                    b4:cc:ed:5e:38:35:4d:35:4e:b3:78:18:cf:b6:d1:
                    5c:c1:b6:a2:45:be:a3:47:e5:87:df:42:99:cb:81:
                    41:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F5:78:29:B4:EA:9C:F1:C4:A8:B7:65:01:A7:A3:26:BC:6D:6F:6E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213769.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:af:a4:45:06:bf:55:89:13:fc:d3:ac:5a:74:4e:d7:6c:65:
         92:c8:05:34:9a:80:44:8c:38:e3:88:60:1e:36:8e:ad:da:60:
         9d:1a:9f:0d:d6:df:fc:18:71:28:d5:5c:0b:5c:af:6c:0a:35:
         62:dd:bb:54:c5:16:44:7a:ff:1a:2c:89:cf:a3:58:d2:39:c1:
         79:24:82:ed:4c:36:1b:b4:c1:4d:54:d5:b4:b7:b5:fc:ad:68:
         9b:c2:13:eb:f3:25:b5:4b:23:ed:be:b0:2f:f9:44:97:d4:d2:
         17:ee:4c:d8:83:e3:8d:80:cb:07:31:92:33:ab:55:8e:a8:4e:
         88:4c:c8:de:94:26:82:31:51:9c:13:c8:70:8f:0d:3d:c7:af:
         79:79:12:7d:87:80:a0:c9:0f:50:92:c7:a6:87:7c:d1:f0:84:
         1d:e6:85:3f:44:1c:69:30:ae:72:65:ce:09:1c:1a:bf:32:da:
         7f:1e:6d:40:2a:81:e6:cf:a5:6a:d1:50:d4:27:f2:54:40:ad:
         ba:4c:20:9c:a1:3c:fd:e9:78:67:f0:cd:26:b3:3f:5f:ad:db:
         f8:7c:87:16:a4:ae:6c:16:0d:d8:6e:ca:90:32:fb:b6:66:39:
         f9:cb:23:96:5e:93:86:ef:8c:3e:8b:15:28:5f:0c:63:61:0b:
         b3:05:08:13
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUf2cfhAPOQfqbRObIdMx5FXNSC20wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTExMDcxMzAyNThaFw0yNjExMDYxMzA3NThaMDMxMTAvBgNV
BAMTKEE0RjU3ODI5QjRFQTlDRjFDNEE4Qjc2NTAxQTdBMzI2QkM2RDZGNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/zJBn7ypsv7uc9P13topUkkDJ
Qdz5yQhQekTs6+WnXNd3nL+Js8X9S+pCBGgHGgVqw2lEjD8KT65Aoc6yzHOo4v4J
3bVKNjQbRVAnIlY4yAuNFS12qzSq9BfocejUNRbcB9N5jS1/npnnHRP5WD433lpr
bNt7QhWrzx6qnL/qNB06BRo4Zllhmt/OB/pO61Qlk3iqPx6DU2lrvy+C6fiVRoBs
4LmE7XYtmt4Izo8gbE+WqsJefA8vxym80DwjVMSG4LEY7G1gLINSvX9uzzi/GrQJ
GpmjIHUVXTw6BVJsoLTM7V44NU01TrN4GM+20VzBtqJFvqNH5YffQpnLgUGfAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUpPV4KbTqnPHEqLdlAaejJrxtb24wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNzY5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQj0MA0GCSqGSIb3DQEBCwUAA4IBAQC1r6RFBr9ViRP806xadE7XbGWSyAU0moBE
jDjjiGAeNo6t2mCdGp8N1t/8GHEo1VwLXK9sCjVi3btUxRZEev8aLInPo1jSOcF5
JILtTDYbtMFNVNW0t7X8rWibwhPr8yW1SyPtvrAv+USX1NIX7kzYg+ONgMsHMZIz
q1WOqE6ITMjelCaCMVGcE8hwjw09x695eRJ9h4CgyQ9Qksemh3zR8IQd5oU/RBxp
MK5yZc4JHBq/Mtp/Hm1AKoHmz6Vq0VDUJ/JUQK26TCCcoTz96Xhn8M0msz9frdv4
fIcWpK5sFg3YbsqQMvu2Zjn5yyOWXpOG74w+ixUoXwxjYQuzBQgT
-----END CERTIFICATE-----