This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214477.roa
File:                     AS214477.roa (raw, json)
Hash identifier:          JL37TBP8ftuTSJ/g0UXAmBDvw8vsBW1jZOl7+Q7hGTM=
Subject key identifier:   A1:C0:C3:31:BE:BA:45:51:B0:95:34:40:A2:17:01:47:99:5D:EE:D2
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       0A064EF894CDFEB2D3872F821485FEEEA9BA9A5E
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214477.roa
Signing time:             Tue 06 Jan 2026 01:00:46 +0000
ROA not before:           Tue 06 Jan 2026 00:55:46 +0000
ROA not after:            Tue 05 Jan 2027 01:00:46 +0000
asID:                     214477
IP address blocks:        2a14:7581:fe0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 13:23:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:06:4e:f8:94:cd:fe:b2:d3:87:2f:82:14:85:fe:ee:a9:ba:9a:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jan  6 00:55:46 2026 GMT
            Not After : Jan  5 01:00:46 2027 GMT
        Subject: CN=A1C0C331BEBA4551B0953440A2170147995DEED2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:51:09:6f:e8:56:7e:71:47:7d:05:0e:0c:88:
                    72:a8:65:f3:74:b0:c2:1e:0f:ea:cf:32:23:65:58:
                    bd:33:fa:de:db:ec:2f:ed:64:1e:bc:9f:8e:f8:d1:
                    73:16:b9:a2:35:cd:3d:06:92:57:64:ba:f4:2d:02:
                    fd:2e:54:94:d5:76:e0:fa:b7:8e:41:e8:25:ee:ce:
                    e7:9a:c9:14:ed:58:51:f9:f8:ca:da:97:97:32:07:
                    53:5c:34:6b:2d:6b:39:39:56:30:02:07:41:de:fd:
                    9d:0c:be:d5:14:ea:82:55:b0:79:4a:1f:09:77:b1:
                    8d:6c:0f:5f:37:c5:fe:53:4a:f6:c9:79:d5:55:5b:
                    ce:b6:fd:23:cc:01:b6:d1:e6:b0:52:6f:65:0c:7e:
                    34:c4:d5:a2:d9:be:b1:a3:e7:d7:e2:5b:41:c0:21:
                    ea:bb:be:2e:71:fc:b8:65:12:91:7c:bf:bb:b3:64:
                    7b:b5:8a:00:53:f0:0b:77:97:44:65:27:f1:d1:e2:
                    d9:78:a3:1e:0b:6c:3b:0c:f2:87:2c:3d:e0:69:3e:
                    84:43:a5:fe:52:a0:8f:b3:53:07:55:c4:64:d1:17:
                    5d:c2:d2:0f:a1:c8:25:f2:f1:d2:a0:f3:75:2e:a1:
                    20:48:69:d3:b4:b0:97:76:ca:d3:e8:1e:02:8f:d6:
                    54:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C0:C3:31:BE:BA:45:51:B0:95:34:40:A2:17:01:47:99:5D:EE:D2
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS214477.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:fe0::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:e9:dc:06:e2:06:4e:ba:d3:3e:a6:d6:18:27:7b:17:b5:0c:
         a6:47:37:80:0e:21:19:ad:03:ca:41:05:c4:da:42:b2:bf:34:
         dc:28:7a:48:44:00:a2:e0:35:17:5f:ed:74:98:4f:d2:1d:68:
         95:51:11:bb:cb:b3:d8:37:6e:0a:71:e2:58:c9:ea:46:5d:6e:
         4a:35:62:71:13:14:3c:4f:50:6d:20:59:da:73:f5:05:0a:b4:
         9d:77:23:5f:35:e5:fc:6d:8c:5b:78:e4:df:4a:d6:bb:7a:e8:
         e3:47:05:95:48:d1:1a:a5:b0:82:45:74:a8:09:a5:bf:ec:5d:
         6b:03:86:ef:3f:54:d3:dd:32:58:cb:e7:a1:dd:15:72:54:e4:
         d2:a8:a7:e3:59:2f:e6:36:08:33:f4:38:40:c2:d6:e2:61:d6:
         87:8f:ef:8f:f1:78:b1:4e:45:d5:ab:ae:6e:81:b7:63:56:ae:
         ca:03:32:1d:8e:e5:67:2e:e5:44:2a:ab:7d:b5:e8:19:87:20:
         12:20:59:2d:79:d7:bc:b9:d3:9c:8f:e8:fe:82:a8:0d:10:9a:
         1b:8c:9a:f9:44:d6:c2:81:23:8f:05:2c:7c:9c:89:61:01:14:
         d8:3b:2b:09:41:43:0a:04:f9:2c:c1:3a:cf:fb:ab:bc:95:19:
         76:61:18:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUCgZO+JTN/rLThy+CFIX+7qm6ml4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAxMDYwMDU1NDZaFw0yNzAxMDUwMTAwNDZaMDMxMTAvBgNV
BAMTKEExQzBDMzMxQkVCQTQ1NTFCMDk1MzQ0MEEyMTcwMTQ3OTk1REVFRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFUQlv6FZ+cUd9BQ4MiHKoZfN0
sMIeD+rPMiNlWL0z+t7b7C/tZB68n4740XMWuaI1zT0GkldkuvQtAv0uVJTVduD6
t45B6CXuzueayRTtWFH5+Mral5cyB1NcNGstazk5VjACB0He/Z0MvtUU6oJVsHlK
Hwl3sY1sD183xf5TSvbJedVVW862/SPMAbbR5rBSb2UMfjTE1aLZvrGj59fiW0HA
Ieq7vi5x/LhlEpF8v7uzZHu1igBT8At3l0RlJ/HR4tl4ox4LbDsM8ocsPeBpPoRD
pf5SoI+zUwdVxGTRF13C0g+hyCXy8dKg83UuoSBIadO0sJd2ytPoHgKP1lT1AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUocDDMb66RVGwlTRAohcBR5ld7tIwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjE0NDc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
gQ/gMA0GCSqGSIb3DQEBCwUAA4IBAQCc6dwG4gZOutM+ptYYJ3sXtQymRzeADiEZ
rQPKQQXE2kKyvzTcKHpIRACi4DUXX+10mE/SHWiVURG7y7PYN24KceJYyepGXW5K
NWJxExQ8T1BtIFnac/UFCrSddyNfNeX8bYxbeOTfSta7eujjRwWVSNEapbCCRXSo
CaW/7F1rA4bvP1TT3TJYy+eh3RVyVOTSqKfjWS/mNggz9DhAwtbiYdaHj++P8Xix
TkXVq65ugbdjVq7KAzIdjuVnLuVEKqt9tegZhyASIFktede8udOcj+j+gqgNEJob
jJr5RNbCgSOPBSx8nIlhARTYOysJQUMKBPkswTrP+6u8lRl2YRiz
-----END CERTIFICATE-----