This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214371.roa
File:                     AS214371.roa (raw, json)
Hash identifier:          /z1oL1DBNg1N3v0tlMpnC3Iq9NTSYsS8LrSzRINgWOE=
Subject key identifier:   3E:D6:3D:16:B5:63:DD:1A:F7:53:B9:3D:C4:93:0D:AB:07:F6:A7:2A
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       7524005881D7A6A54B5354FF5D565D7337E83596
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214371.roa
Signing time:             Mon 15 Dec 2025 09:41:44 +0000
ROA not before:           Mon 15 Dec 2025 09:36:44 +0000
ROA not after:            Mon 14 Dec 2026 09:41:44 +0000
asID:                     214371
IP address blocks:        103.109.234.0/24 maxlen: 24
                          103.109.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 15:46:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:24:00:58:81:d7:a6:a5:4b:53:54:ff:5d:56:5d:73:37:e8:35:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Dec 15 09:36:44 2025 GMT
            Not After : Dec 14 09:41:44 2026 GMT
        Subject: CN=3ED63D16B563DD1AF753B93DC4930DAB07F6A72A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:01:71:b0:d2:e1:a9:95:44:c8:a1:bc:c1:77:
                    f6:a1:c0:d9:a9:a5:4b:36:c6:0a:45:e3:59:72:a7:
                    f0:b9:0c:9f:7a:f1:e2:d7:dc:1b:6e:f9:2e:78:c3:
                    b9:5c:38:0a:d6:aa:98:c4:2f:86:ea:a1:5c:e6:12:
                    5c:3a:c8:81:c8:9e:c1:05:aa:7a:a1:ce:8b:9d:f2:
                    71:35:2a:5c:80:e1:64:20:ff:5d:56:e4:6b:ca:b6:
                    b1:59:64:55:19:56:09:0b:c9:7d:df:5a:be:cd:5e:
                    6a:f1:2d:7c:ee:ff:c2:77:b5:32:0a:77:7d:10:54:
                    ba:db:3c:b0:ab:c4:47:91:8b:2e:ea:7f:e3:87:59:
                    3c:15:9d:15:2d:fe:99:01:b7:f8:a9:bb:d1:90:6b:
                    9c:43:7f:29:e6:92:00:0b:3e:62:29:6d:0c:41:a6:
                    a5:56:c6:90:ea:66:21:71:f0:51:8b:40:a9:01:64:
                    bc:51:b3:17:28:5f:a9:3b:c0:ef:22:f0:20:bf:a7:
                    03:0e:44:84:15:b1:5d:75:60:b5:1d:6e:b6:87:e0:
                    01:0b:bc:0e:3a:ac:f9:fb:e6:1b:6e:1e:c5:91:03:
                    64:37:f8:6d:8f:d8:51:9d:95:44:b0:fb:30:41:07:
                    f6:16:f7:be:fb:60:a0:4c:1c:80:9c:0c:78:82:11:
                    73:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:D6:3D:16:B5:63:DD:1A:F7:53:B9:3D:C4:93:0D:AB:07:F6:A7:2A
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214371.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.109.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:78:79:70:8f:59:7f:11:8c:a5:f9:6e:1a:77:8e:3a:38:1d:
         e5:d6:84:44:04:3a:df:15:9d:71:d4:27:ca:ea:87:2e:2f:bc:
         15:8c:11:14:5e:64:26:91:dd:84:9e:bb:3b:74:21:ae:b2:b8:
         aa:14:9b:9b:6e:f5:f9:df:2b:d4:c5:f7:e1:00:d1:1c:08:9c:
         1d:28:3c:95:c5:af:f3:ee:be:c1:c2:75:04:b2:3f:e9:14:17:
         5d:4b:48:94:f7:18:db:0f:ab:01:6e:51:63:b4:b8:54:42:7f:
         23:bc:b4:d4:7a:28:46:53:13:c4:1b:b6:d4:a5:7b:59:4c:f7:
         1d:a6:25:5f:65:6f:19:92:c1:10:93:22:37:2a:76:e6:b7:b1:
         6f:69:c8:48:a5:cc:af:0e:1f:58:99:f0:e5:69:45:9f:25:1a:
         75:ba:f1:a9:3f:e2:2f:ec:2e:a7:61:24:85:75:20:71:23:93:
         09:cb:0f:7b:4c:6c:1b:da:66:83:f5:4d:a9:bd:e1:4e:a9:cd:
         74:07:7c:15:b9:b8:9c:d7:29:79:c4:32:00:2e:06:f1:a4:26:
         cb:a3:69:09:fc:95:a8:b9:15:50:2b:2d:66:f5:14:cf:d9:eb:
         aa:76:4a:fb:38:a1:2c:62:3b:6e:bb:77:48:ad:14:9f:69:ad:
         78:cf:82:61
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUdSQAWIHXpqVLU1T/XVZdczfoNZYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNTEyMTUwOTM2NDRaFw0yNjEyMTQwOTQxNDRaMDMxMTAvBgNV
BAMTKDNFRDYzRDE2QjU2M0REMUFGNzUzQjkzREM0OTMwREFCMDdGNkE3MkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsAXGw0uGplUTIobzBd/ahwNmp
pUs2xgpF41lyp/C5DJ968eLX3Btu+S54w7lcOArWqpjEL4bqoVzmElw6yIHInsEF
qnqhzoud8nE1KlyA4WQg/11W5GvKtrFZZFUZVgkLyX3fWr7NXmrxLXzu/8J3tTIK
d30QVLrbPLCrxEeRiy7qf+OHWTwVnRUt/pkBt/ipu9GQa5xDfynmkgALPmIpbQxB
pqVWxpDqZiFx8FGLQKkBZLxRsxcoX6k7wO8i8CC/pwMORIQVsV11YLUdbraH4AEL
vA46rPn75htuHsWRA2Q3+G2P2FGdlUSw+zBBB/YW9777YKBMHICcDHiCEXM9AgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQUPtY9FrVj3Rr3U7k9xJMNqwf2pyowHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0MzcxLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQBZ23qMA0GCSqGSIb3DQEBCwUAA4IBAQBueHlwj1l/
EYyl+W4ad446OB3l1oREBDrfFZ1x1CfK6ocuL7wVjBEUXmQmkd2Enrs7dCGusriq
FJubbvX53yvUxffhANEcCJwdKDyVxa/z7r7BwnUEsj/pFBddS0iU9xjbD6sBblFj
tLhUQn8jvLTUeihGUxPEG7bUpXtZTPcdpiVfZW8ZksEQkyI3Knbmt7FvachIpcyv
Dh9YmfDlaUWfJRp1uvGpP+Iv7C6nYSSFdSBxI5MJyw97TGwb2maD9U2pveFOqc10
B3wVubic1yl5xDIALgbxpCbLo2kJ/JWouRVQKy1m9RTP2euqdkr7OKEsYjtuu3dI
rRSfaa14z4Jh
-----END CERTIFICATE-----