This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215277.roa
File:                     AS215277.roa (raw, json)
Hash identifier:          9tMxVA2JoPoK2UCTKNXSttYiC1lnqcx+oWTp67qebbg=
Subject key identifier:   7A:27:E1:CF:56:8F:39:B7:9A:D9:92:16:C2:A8:98:BB:21:78:20:48
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       203CA30AAFB03FEC332781ACE74095BFE190FEB8
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215277.roa
Signing time:             Sun 18 Jan 2026 18:08:19 +0000
ROA not before:           Sun 18 Jan 2026 18:03:19 +0000
ROA not after:            Sun 17 Jan 2027 18:08:19 +0000
asID:                     215277
IP address blocks:        2a0f:85c1:35b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:3c:a3:0a:af:b0:3f:ec:33:27:81:ac:e7:40:95:bf:e1:90:fe:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 18 18:03:19 2026 GMT
            Not After : Jan 17 18:08:19 2027 GMT
        Subject: CN=7A27E1CF568F39B79AD99216C2A898BB21782048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:75:5e:fb:9b:c3:25:0c:0f:5b:00:f5:51:b9:
                    6d:61:a2:0b:ab:ea:61:79:47:64:f4:a4:c1:32:c0:
                    a6:28:89:7c:01:3f:33:28:f4:bc:43:ea:38:8a:0b:
                    91:60:9a:1b:76:cf:78:b3:33:02:72:6e:2d:1d:aa:
                    be:c0:7b:e1:ed:5a:7a:1f:43:17:75:04:52:e2:a3:
                    d8:c9:1a:fe:67:21:a2:2b:76:a0:0c:47:e0:1d:5d:
                    81:2d:45:09:38:58:2f:e3:0c:af:8b:95:ac:04:39:
                    ed:94:5c:08:0c:c2:d5:42:f8:8d:6b:5b:1c:29:b1:
                    74:f4:a0:cd:ae:22:6d:2b:ac:70:22:c0:74:23:5e:
                    14:db:0d:13:fe:ce:3d:c0:42:1d:4b:0a:6c:2f:39:
                    f6:e4:62:91:03:66:6e:ff:fa:7c:83:c3:80:5d:ad:
                    e7:ed:5e:99:2b:26:00:eb:36:22:2a:c2:02:75:bc:
                    a0:12:6f:8f:84:d6:25:80:7f:ed:97:2c:dc:29:45:
                    48:cd:29:91:d4:80:a1:02:2e:d6:51:94:4e:35:b9:
                    99:d9:01:1f:f8:8f:73:ac:dd:98:a8:ca:6a:a8:bf:
                    97:d7:af:ea:a9:87:1e:5f:cb:d2:e2:54:07:0f:49:
                    f3:c6:06:ae:4a:29:ea:e7:ec:2e:bb:54:80:02:3d:
                    bd:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:27:E1:CF:56:8F:39:B7:9A:D9:92:16:C2:A8:98:BB:21:78:20:48
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS215277.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:35b::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:a3:7d:f6:28:70:4e:58:84:a0:f0:0b:e8:4d:90:8f:88:51:
         04:a2:a9:0a:7f:90:81:8e:9d:fe:0e:af:90:fb:40:13:67:cf:
         28:98:4a:f8:91:63:6e:24:b2:8f:86:b4:56:45:ca:b6:2b:3d:
         38:28:4f:94:94:49:fe:c4:44:03:88:02:57:03:e4:37:b1:73:
         8d:c6:7b:7b:84:76:60:66:7d:44:61:6f:48:ad:0d:8c:7b:d6:
         81:3a:83:a2:1f:03:b7:3b:4f:bf:43:42:19:f5:3f:96:18:2b:
         29:17:74:9c:f7:94:40:d7:5c:4a:d4:4e:3b:e9:70:84:55:0e:
         57:18:7e:51:42:02:cc:16:b1:fa:ca:7a:79:3d:99:9c:b8:02:
         82:e5:70:cb:ee:ee:a3:3d:60:02:43:8d:f2:87:b7:a2:ed:27:
         f2:d3:49:e8:49:1e:be:45:c4:c3:11:70:1c:f0:f5:8e:f4:3d:
         48:4d:a0:f7:4e:1a:bf:c6:08:86:cb:84:04:1d:d8:cc:da:e6:
         14:5c:c8:9b:73:2b:0b:63:b2:ab:c0:52:a9:4f:ac:f7:43:ce:
         be:5e:01:29:b7:c1:36:21:30:44:48:2b:a1:a4:68:46:e8:f6:
         1a:2d:c6:a8:37:4b:b4:d8:db:52:15:15:a8:0f:3b:78:35:c3:
         27:4b:21:8c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUIDyjCq+wP+wzJ4Gs50CVv+GQ/rgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAxMTgxODAzMTlaFw0yNzAxMTcxODA4MTlaMDMxMTAvBgNV
BAMTKDdBMjdFMUNGNTY4RjM5Qjc5QUQ5OTIxNkMyQTg5OEJCMjE3ODIwNDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmdV77m8MlDA9bAPVRuW1hogur
6mF5R2T0pMEywKYoiXwBPzMo9LxD6jiKC5Fgmht2z3izMwJybi0dqr7Ae+HtWnof
Qxd1BFLio9jJGv5nIaIrdqAMR+AdXYEtRQk4WC/jDK+LlawEOe2UXAgMwtVC+I1r
WxwpsXT0oM2uIm0rrHAiwHQjXhTbDRP+zj3AQh1LCmwvOfbkYpEDZm7/+nyDw4Bd
reftXpkrJgDrNiIqwgJ1vKASb4+E1iWAf+2XLNwpRUjNKZHUgKECLtZRlE41uZnZ
AR/4j3Os3Zioymqov5fXr+qphx5fy9LiVAcPSfPGBq5KKern7C67VIACPb3zAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUeifhz1aPObea2ZIWwqiYuyF4IEgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE1Mjc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQNbMA0GCSqGSIb3DQEBCwUAA4IBAQAEo332KHBOWISg8AvoTZCPiFEEoqkKf5CB
jp3+Dq+Q+0ATZ88omEr4kWNuJLKPhrRWRcq2Kz04KE+UlEn+xEQDiAJXA+Q3sXON
xnt7hHZgZn1EYW9IrQ2Me9aBOoOiHwO3O0+/Q0IZ9T+WGCspF3Sc95RA11xK1E47
6XCEVQ5XGH5RQgLMFrH6ynp5PZmcuAKC5XDL7u6jPWACQ43yh7ei7Sfy00noSR6+
RcTDEXAc8PWO9D1ITaD3Thq/xgiGy4QEHdjM2uYUXMibcysLY7KrwFKpT6z3Q86+
XgEpt8E2ITBESCuhpGhG6PYaLcaoN0u02NtSFRWoDzt4NcMnSyGM
-----END CERTIFICATE-----