This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214300.roa
File:                     AS214300.roa (raw, json)
Hash identifier:          Ga5BCQi+LS5SJpUfnVTR0//FcKQBWZJAGUDVxSQXxC4=
Subject key identifier:   21:A2:D7:D5:4D:36:A7:BE:81:09:1C:A3:D5:E6:2F:3B:B6:6E:6F:DD
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       1C543E8C66F99EEC40200ABD3D33324CCAA66086
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214300.roa
Signing time:             Fri 26 Dec 2025 12:11:44 +0000
ROA not before:           Fri 26 Dec 2025 12:06:44 +0000
ROA not after:            Fri 25 Dec 2026 12:11:44 +0000
asID:                     214300
IP address blocks:        2a14:7580:f700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Dec 2025 20:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:54:3e:8c:66:f9:9e:ec:40:20:0a:bd:3d:33:32:4c:ca:a6:60:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Dec 26 12:06:44 2025 GMT
            Not After : Dec 25 12:11:44 2026 GMT
        Subject: CN=21A2D7D54D36A7BE81091CA3D5E62F3BB66E6FDD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1b:b0:79:fd:af:af:3b:dc:2f:d1:87:7e:62:
                    c1:bd:6c:39:b6:74:1a:b8:76:7e:58:23:c0:10:09:
                    a1:98:51:bb:6b:ad:73:21:66:4b:c1:44:c0:27:36:
                    bf:77:2d:b2:c7:e9:e0:a6:67:49:5f:9c:b8:12:b4:
                    1f:e2:ae:1d:99:ec:ed:ee:10:b9:ce:68:7c:a5:59:
                    55:42:17:14:01:4e:11:88:9b:9c:ae:1a:e1:67:b9:
                    82:eb:a7:3d:f6:cb:42:3e:04:cd:53:6b:3f:14:31:
                    51:fb:df:a3:be:c0:de:de:1d:9f:41:37:06:8b:06:
                    e8:06:85:90:37:84:89:76:f2:62:a7:27:8d:27:3a:
                    82:cb:a7:be:12:9a:ee:80:e6:7c:c1:0e:e9:94:bb:
                    c4:47:5a:a8:c1:bb:b1:bb:74:3f:3d:65:1b:46:b7:
                    ce:da:04:f3:64:0d:3d:ca:09:2f:3c:48:f2:2f:4f:
                    ef:bf:31:65:43:c8:2c:e3:12:a4:e4:c5:f5:d9:4e:
                    07:ed:11:ad:43:73:ae:13:ea:e3:c0:b2:69:01:52:
                    8a:7f:c8:cb:48:c6:b6:a6:44:1f:4f:95:b8:d4:ab:
                    f4:be:59:51:83:6c:a6:3f:6c:df:4c:9b:76:65:2b:
                    00:bb:0f:29:10:2b:26:5c:a6:75:d9:c1:d5:98:9a:
                    f5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A2:D7:D5:4D:36:A7:BE:81:09:1C:A3:D5:E6:2F:3B:B6:6E:6F:DD
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214300.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:f700::/40

    Signature Algorithm: sha256WithRSAEncryption
         91:78:25:14:9e:88:00:9b:04:1a:46:a7:25:f8:78:59:34:72:
         d6:64:c9:54:f6:6b:e7:87:29:4e:e3:bb:1b:d4:f2:d6:17:7f:
         91:77:0d:7f:10:be:86:2c:7c:17:39:37:4c:0a:b8:6f:d9:a2:
         a7:1d:1c:ea:4e:ad:01:79:1e:b1:a5:31:a6:a3:5a:86:46:e0:
         16:77:d5:eb:1a:7c:09:59:b7:55:ac:b7:36:20:60:d6:02:79:
         e7:1c:7d:1e:9a:09:ba:84:e6:3e:c0:7d:70:26:b7:57:99:fb:
         6f:9b:2b:0d:69:32:c1:b5:0c:07:7e:46:8d:a0:0d:fc:29:f2:
         f1:e5:24:02:e5:81:c7:f3:85:c1:7e:a8:f8:99:d1:bb:2e:2e:
         a7:d2:53:46:3a:33:2e:ba:f1:07:07:7d:60:0f:44:01:88:bf:
         7e:94:83:cf:e9:5c:e4:ec:a0:d4:e7:bc:9a:12:ed:89:3c:12:
         e5:00:6f:29:b2:5e:49:33:40:eb:f4:f3:09:29:34:89:be:0c:
         c9:bd:13:b0:37:49:c9:30:58:0c:6c:6f:e8:0b:0c:79:57:bc:
         29:03:e9:76:34:eb:88:57:36:47:74:68:5c:1d:07:24:b2:87:
         2d:58:0e:44:64:2a:8b:cb:86:b1:0b:3e:44:2b:05:d1:6f:3e:
         8b:86:53:89
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUHFQ+jGb5nuxAIAq9PTMyTMqmYIYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTEyMjYxMjA2NDRaFw0yNjEyMjUxMjExNDRaMDMxMTAvBgNV
BAMTKDIxQTJEN0Q1NEQzNkE3QkU4MTA5MUNBM0Q1RTYyRjNCQjY2RTZGREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0G7B5/a+vO9wv0Yd+YsG9bDm2
dBq4dn5YI8AQCaGYUbtrrXMhZkvBRMAnNr93LbLH6eCmZ0lfnLgStB/irh2Z7O3u
ELnOaHylWVVCFxQBThGIm5yuGuFnuYLrpz32y0I+BM1Taz8UMVH736O+wN7eHZ9B
NwaLBugGhZA3hIl28mKnJ40nOoLLp74Smu6A5nzBDumUu8RHWqjBu7G7dD89ZRtG
t87aBPNkDT3KCS88SPIvT++/MWVDyCzjEqTkxfXZTgftEa1Dc64T6uPAsmkBUop/
yMtIxramRB9PlbjUq/S+WVGDbKY/bN9Mm3ZlKwC7DykQKyZcpnXZwdWYmvVZAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUIaLX1U02p76BCRyj1eYvO7Zub90wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0MzAwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gPcwDQYJKoZIhvcNAQELBQADggEBAJF4JRSeiACbBBpGpyX4eFk0ctZkyVT2a+eH
KU7juxvU8tYXf5F3DX8QvoYsfBc5N0wKuG/ZoqcdHOpOrQF5HrGlMaajWoZG4BZ3
1esafAlZt1WstzYgYNYCeeccfR6aCbqE5j7AfXAmt1eZ+2+bKw1pMsG1DAd+Ro2g
Dfwp8vHlJALlgcfzhcF+qPiZ0bsuLqfSU0Y6My668QcHfWAPRAGIv36Ug8/pXOTs
oNTnvJoS7Yk8EuUAbymyXkkzQOv08wkpNIm+DMm9E7A3SckwWAxsb+gLDHlXvCkD
6XY064hXNkd0aFwdBySyhy1YDkRkKovLhrELPkQrBdFvPouGU4k=
-----END CERTIFICATE-----