This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214428.roa
File:                     AS214428.roa (raw, json)
Hash identifier:          GjD0kCEEYTup9Ug3rNnw79A92AF5OWaT1D8cEu/N544=
Subject key identifier:   F2:5B:2A:35:19:B0:4B:EC:CD:CB:35:0D:FA:A5:86:0D:20:FF:36:86
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       7CD97FD7D1393FB1B2A10ED395AAB6930E2C871C
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214428.roa
Signing time:             Tue 18 Nov 2025 01:08:06 +0000
ROA not before:           Tue 18 Nov 2025 01:03:06 +0000
ROA not after:            Tue 17 Nov 2026 01:08:06 +0000
asID:                     214428
IP address blocks:        2a0f:85c1:845::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:d9:7f:d7:d1:39:3f:b1:b2:a1:0e:d3:95:aa:b6:93:0e:2c:87:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Nov 18 01:03:06 2025 GMT
            Not After : Nov 17 01:08:06 2026 GMT
        Subject: CN=F25B2A3519B04BECCDCB350DFAA5860D20FF3686
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:0a:02:83:35:2d:0a:c6:04:b6:11:4b:06:01:
                    c1:9a:ff:2d:98:0e:e0:44:f6:26:15:f1:45:91:5a:
                    00:13:41:59:b5:2f:21:49:74:ce:43:17:b3:3a:0d:
                    b4:06:a3:f6:59:18:ba:53:a9:b2:b5:93:f9:9b:6a:
                    c7:8d:30:0d:07:41:32:57:82:b1:ff:c7:06:18:d7:
                    d1:b6:b0:9a:2a:d5:bf:4e:e0:7c:fb:09:e4:f1:3f:
                    4f:44:ee:b8:df:97:fd:3f:03:bc:48:83:8c:25:50:
                    ea:14:21:56:6b:24:f3:ab:03:36:63:22:94:21:fa:
                    30:56:5c:65:a2:81:1a:8e:c3:6a:48:04:b7:be:9a:
                    89:0f:a8:75:cd:12:c1:22:fc:3c:f0:d5:14:4a:3c:
                    09:c3:da:e6:bf:f9:6a:7e:5a:d3:cc:50:63:22:b3:
                    60:ee:f2:5c:96:5a:02:85:ef:6c:7a:4e:6d:f5:1e:
                    4e:37:95:28:29:95:31:04:3d:4c:05:4c:2b:d9:44:
                    f6:e9:3f:84:8a:88:15:ac:02:6c:26:56:9e:ed:5f:
                    af:a7:69:4d:e1:64:5a:e1:92:e7:69:b5:be:ad:fa:
                    1d:5c:de:e3:0e:c5:24:96:75:6a:e6:96:c2:bb:5b:
                    54:d3:1e:ef:c3:84:fc:da:d6:0b:3f:e5:3c:ed:b4:
                    5f:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:5B:2A:35:19:B0:4B:EC:CD:CB:35:0D:FA:A5:86:0D:20:FF:36:86
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214428.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:845::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:39:6f:c3:92:98:72:a4:58:f0:23:ae:06:11:27:2c:10:39:
         8e:f9:6f:31:8a:51:52:ef:cb:88:3a:a4:1f:05:7d:c4:18:4e:
         d7:5d:2c:4c:82:0a:d4:cd:9e:71:5d:b9:9f:1f:3f:b0:96:3b:
         20:f7:1c:f0:8c:72:5b:b3:00:9b:75:e5:61:2f:dc:fb:d9:0d:
         d8:ec:be:a8:dc:11:13:33:71:80:09:e1:12:15:1d:36:01:9f:
         bd:d2:22:97:a7:75:0e:c8:a6:e7:aa:93:11:14:86:c0:f8:85:
         80:36:54:de:58:30:4f:49:75:4f:6b:7d:61:b6:7f:bb:2c:2c:
         69:0f:3a:13:a1:5b:bf:7e:f0:20:42:d3:52:90:51:c1:a4:03:
         a2:73:4e:40:16:34:23:51:ad:d9:43:64:de:e4:ed:0c:e5:7b:
         e5:8a:1e:01:d2:12:4a:d3:a5:c9:1e:07:e3:76:7c:f1:75:68:
         17:bf:85:da:ba:e2:99:12:20:58:d3:65:a0:89:35:66:7c:56:
         c4:9f:b1:21:54:a3:20:f8:02:e5:24:be:8d:89:2f:a4:67:ab:
         2b:47:7e:37:a8:45:fa:7a:93:8a:36:5f:1b:02:65:8e:3a:14:
         bc:1a:bd:33:90:d1:e2:f1:7e:cf:dc:6b:40:35:ab:84:5e:0b:
         55:8b:ff:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUfNl/19E5P7GyoQ7Tlaq2kw4shxwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTExMTgwMTAzMDZaFw0yNjExMTcwMTA4MDZaMDMxMTAvBgNV
BAMTKEYyNUIyQTM1MTlCMDRCRUNDRENCMzUwREZBQTU4NjBEMjBGRjM2ODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5CgKDNS0KxgS2EUsGAcGa/y2Y
DuBE9iYV8UWRWgATQVm1LyFJdM5DF7M6DbQGo/ZZGLpTqbK1k/mbaseNMA0HQTJX
grH/xwYY19G2sJoq1b9O4Hz7CeTxP09E7rjfl/0/A7xIg4wlUOoUIVZrJPOrAzZj
IpQh+jBWXGWigRqOw2pIBLe+mokPqHXNEsEi/Dzw1RRKPAnD2ua/+Wp+WtPMUGMi
s2Du8lyWWgKF72x6Tm31Hk43lSgplTEEPUwFTCvZRPbpP4SKiBWsAmwmVp7tX6+n
aU3hZFrhkudptb6t+h1c3uMOxSSWdWrmlsK7W1TTHu/DhPza1gs/5TzttF81AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU8lsqNRmwS+zNyzUN+qWGDSD/NoYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NDI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhFMA0GCSqGSIb3DQEBCwUAA4IBAQAbOW/DkphypFjwI64GEScsEDmO+W8xilFS
78uIOqQfBX3EGE7XXSxMggrUzZ5xXbmfHz+wljsg9xzwjHJbswCbdeVhL9z72Q3Y
7L6o3BETM3GACeESFR02AZ+90iKXp3UOyKbnqpMRFIbA+IWANlTeWDBPSXVPa31h
tn+7LCxpDzoToVu/fvAgQtNSkFHBpAOic05AFjQjUa3ZQ2Te5O0M5Xvlih4B0hJK
06XJHgfjdnzxdWgXv4XauuKZEiBY02WgiTVmfFbEn7EhVKMg+ALlJL6NiS+kZ6sr
R343qEX6epOKNl8bAmWOOhS8Gr0zkNHi8X7P3GtANauEXgtVi/9Z
-----END CERTIFICATE-----