This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211693.roa
File:                     AS211693.roa (raw, json)
Hash identifier:          B4nFxiVDnRwm5edFiqARaUoRk8gPlyQ2UOMTkqdhvh4=
Subject key identifier:   A3:57:76:35:BF:36:9A:2E:54:20:70:87:87:1F:26:5C:9A:86:01:D4
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       34029A3BC6502756FF2D9ACB8EEB8625466FED88
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211693.roa
Signing time:             Sat 13 Dec 2025 13:49:28 +0000
ROA not before:           Sat 13 Dec 2025 13:44:28 +0000
ROA not after:            Sat 12 Dec 2026 13:49:28 +0000
asID:                     211693
IP address blocks:        82.39.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 07:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:02:9a:3b:c6:50:27:56:ff:2d:9a:cb:8e:eb:86:25:46:6f:ed:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Dec 13 13:44:28 2025 GMT
            Not After : Dec 12 13:49:28 2026 GMT
        Subject: CN=A3577635BF369A2E54207087871F265C9A8601D4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5f:f0:16:09:90:12:f4:a3:c3:97:46:7d:d8:
                    8d:95:d6:74:e9:22:5f:0c:46:91:ab:ee:5f:35:bd:
                    91:4b:9b:1a:1e:dc:d3:ee:8f:c5:c2:8e:7b:7e:59:
                    78:ce:d5:26:f4:cd:6b:f2:0e:4d:46:90:e0:bb:cd:
                    fc:5c:b3:1f:86:d0:e2:b3:88:b6:65:46:7f:18:b2:
                    5c:8c:e6:de:6d:f0:66:f0:78:52:98:60:a2:4b:c7:
                    eb:89:5f:a1:c5:98:cd:5c:4d:bd:a8:6a:95:5e:88:
                    89:99:15:46:34:ca:56:36:f2:d4:47:79:d5:e0:3e:
                    2a:a8:1c:69:9c:9b:77:8c:ff:16:94:c5:f7:b2:1a:
                    b1:aa:64:f1:0e:d5:7a:b0:72:0a:92:bb:df:19:2d:
                    bb:59:c1:f8:6a:d8:46:c6:b6:63:54:f6:d5:48:42:
                    b1:19:72:f3:cb:d8:3a:13:bd:73:7f:43:79:8e:5b:
                    4a:ff:73:f7:d7:a8:a3:4a:ae:f8:8a:bd:12:73:10:
                    35:cd:c3:82:f3:26:c9:82:4f:6b:b2:75:de:8a:6f:
                    a5:6b:6a:82:d1:b0:11:36:f0:12:16:19:6e:88:5b:
                    40:bf:cb:48:c0:85:c5:3e:67:7e:d6:fc:7d:a9:75:
                    b2:ee:c4:23:01:2f:b8:ab:54:73:ba:63:69:1b:22:
                    87:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:57:76:35:BF:36:9A:2E:54:20:70:87:87:1F:26:5C:9A:86:01:D4
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211693.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:c3:d0:3b:d4:75:b2:8d:c8:4a:97:97:ab:60:c6:06:22:5b:
         ca:b4:ce:f7:7e:f8:99:86:31:73:42:90:0b:ea:f7:c0:27:21:
         67:21:4a:e8:4a:e2:82:52:88:4f:5b:50:4b:90:76:8a:b2:33:
         00:1f:eb:45:aa:a3:25:05:ba:7e:8f:60:18:cd:93:de:b6:26:
         5f:4a:89:11:cc:64:16:fd:80:63:2f:84:60:64:4f:ff:5b:47:
         3e:74:54:62:1d:28:65:ac:88:1a:9c:6f:91:22:83:c4:73:2a:
         b6:a7:44:af:5a:05:19:be:18:5f:4f:e4:9b:a1:eb:17:1d:d0:
         82:e3:c7:cb:55:f8:a7:39:06:b6:9d:c8:69:5e:b4:b3:16:de:
         2b:07:c4:2d:46:b4:08:72:a8:ba:d9:80:1f:99:97:7a:cc:63:
         20:9a:71:cb:28:f6:f5:db:57:53:f4:d9:2f:de:6f:3c:11:7d:
         6e:f7:53:cf:09:b9:92:7b:95:7b:95:f2:55:f5:30:71:59:b3:
         7b:4e:6a:6f:bd:f4:06:78:eb:0d:ce:99:3f:00:3f:e2:ac:1e:
         63:00:2b:e8:1d:02:4c:0a:9f:35:f8:be:f8:f7:95:9d:6c:14:
         27:d0:b2:41:eb:42:80:18:c7:4b:5b:8c:e9:e5:c5:6a:92:5f:
         1a:51:71:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNAKaO8ZQJ1b/LZrLjuuGJUZv7YgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEyMTMxMzQ0MjhaFw0yNjEyMTIxMzQ5MjhaMDMxMTAvBgNV
BAMTKEEzNTc3NjM1QkYzNjlBMkU1NDIwNzA4Nzg3MUYyNjVDOUE4NjAxRDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTX/AWCZAS9KPDl0Z92I2V1nTp
Il8MRpGr7l81vZFLmxoe3NPuj8XCjnt+WXjO1Sb0zWvyDk1GkOC7zfxcsx+G0OKz
iLZlRn8YslyM5t5t8GbweFKYYKJLx+uJX6HFmM1cTb2oapVeiImZFUY0ylY28tRH
edXgPiqoHGmcm3eM/xaUxfeyGrGqZPEO1XqwcgqSu98ZLbtZwfhq2EbGtmNU9tVI
QrEZcvPL2DoTvXN/Q3mOW0r/c/fXqKNKrviKvRJzEDXNw4LzJsmCT2uydd6Kb6Vr
aoLRsBE28BIWGW6IW0C/y0jAhcU+Z37W/H2pdbLuxCMBL7irVHO6Y2kbIoeLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUo1d2Nb82mi5UIHCHhx8mXJqGAdQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjExNjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUier
MA0GCSqGSIb3DQEBCwUAA4IBAQCkw9A71HWyjchKl5erYMYGIlvKtM73fviZhjFz
QpAL6vfAJyFnIUroSuKCUohPW1BLkHaKsjMAH+tFqqMlBbp+j2AYzZPetiZfSokR
zGQW/YBjL4RgZE//W0c+dFRiHShlrIganG+RIoPEcyq2p0SvWgUZvhhfT+SboesX
HdCC48fLVfinOQa2nchpXrSzFt4rB8QtRrQIcqi62YAfmZd6zGMgmnHLKPb121dT
9Nkv3m88EX1u91PPCbmSe5V7lfJV9TBxWbN7TmpvvfQGeOsNzpk/AD/irB5jACvo
HQJMCp81+L7495WdbBQn0LJB60KAGMdLW4zp5cVqkl8aUXHd
-----END CERTIFICATE-----