This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214663.roa
File:                     AS214663.roa (raw, json)
Hash identifier:          ghhY/208STb6S/1mzCE0NSSCmx6Q/CG/8mlzCEW2XM8=
Subject key identifier:   D4:AB:52:1A:88:20:66:16:76:AB:F3:D4:B4:C0:51:57:E6:5C:DF:89
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       11C64455529715EA547CB6C0EAD205F0EA8782FF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214663.roa
Signing time:             Sat 13 Dec 2025 14:59:58 +0000
ROA not before:           Sat 13 Dec 2025 14:54:58 +0000
ROA not after:            Sat 12 Dec 2026 14:59:58 +0000
asID:                     214663
IP address blocks:        82.38.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 07:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:c6:44:55:52:97:15:ea:54:7c:b6:c0:ea:d2:05:f0:ea:87:82:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Dec 13 14:54:58 2025 GMT
            Not After : Dec 12 14:59:58 2026 GMT
        Subject: CN=D4AB521A8820661676ABF3D4B4C05157E65CDF89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:05:a2:3e:0a:8a:61:7c:fc:08:51:0d:3d:33:
                    fb:e7:66:0f:de:a1:8f:a4:75:48:1e:81:82:1d:4f:
                    31:5a:c4:7d:49:30:10:08:85:20:b7:37:1a:e4:47:
                    4c:cf:c1:d0:69:8e:d2:9a:e3:24:d1:0e:dc:e1:fa:
                    9f:73:c8:9f:52:3b:13:d2:64:b4:3e:7a:19:23:85:
                    5e:a7:12:b9:bf:18:11:8e:9a:39:fe:51:36:cf:ba:
                    d5:65:d8:dc:a1:b1:8b:e5:19:07:f0:df:d2:c7:05:
                    28:bc:58:d9:45:68:89:37:91:01:4f:2e:4f:2b:94:
                    c8:30:31:2f:3a:73:d1:36:aa:0a:7d:98:d1:41:63:
                    15:20:6a:bd:47:5e:f4:67:8d:1c:f9:fc:e4:13:96:
                    1e:a9:40:03:e3:fe:65:29:86:65:6d:37:20:af:30:
                    f0:a2:37:3b:fb:ad:10:7f:36:e3:98:8a:51:f0:f3:
                    fa:ee:94:cf:0a:84:d0:e1:1e:fa:0a:e2:76:db:fa:
                    c1:cb:aa:1a:37:3b:61:f9:27:8b:25:8c:df:1c:e3:
                    c3:0c:6f:98:62:d3:cf:5d:df:96:e4:cf:d1:32:03:
                    cc:c0:71:ea:52:ac:69:ac:de:dd:ee:2f:7b:45:b6:
                    a6:c6:12:f7:a7:c0:93:c0:93:3f:d2:75:47:cd:ad:
                    f4:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:AB:52:1A:88:20:66:16:76:AB:F3:D4:B4:C0:51:57:E6:5C:DF:89
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214663.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.38.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:78:c3:49:35:49:8e:88:21:b5:e4:ed:1d:f5:00:4b:21:43:
         ef:ba:ca:9d:13:75:92:ca:69:e1:9c:79:96:97:02:6d:7b:97:
         af:74:97:6f:a6:7f:22:74:cf:95:22:c2:52:93:6d:1d:35:cf:
         38:1b:20:0f:8c:9f:e7:71:7a:bc:4b:2b:85:73:e1:a3:55:cb:
         67:44:0b:e3:fa:74:a4:61:26:84:a9:9a:bc:c9:20:69:63:8a:
         6d:d7:99:a5:4b:bb:69:a3:62:72:68:32:53:e2:27:78:1e:c1:
         9c:8d:d4:e8:53:0f:f3:ef:b4:0a:b6:89:92:b6:a3:06:83:20:
         95:ac:ab:e8:70:09:01:16:47:b9:3b:f4:ca:15:83:02:d4:f2:
         18:e4:26:63:13:ec:55:96:eb:f2:ed:8a:b3:6f:06:2f:f6:7c:
         f7:9c:11:41:f9:7b:5a:bd:04:36:28:57:52:ff:4a:e9:d3:15:
         ea:21:db:b6:47:e3:36:7d:b5:57:8b:89:dc:7e:f7:38:f2:0f:
         51:05:2a:9e:56:0f:2f:b5:4f:b7:d5:4a:6e:3a:5f:b7:f6:47:
         a6:a1:06:8a:1b:7b:97:a5:5f:11:b4:62:2a:50:7b:1a:48:b5:
         c2:3c:fb:e1:82:8d:5e:39:07:f7:50:0b:62:7f:35:a6:70:51:
         85:67:46:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEcZEVVKXFepUfLbA6tIF8OqHgv8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEyMTMxNDU0NThaFw0yNjEyMTIxNDU5NThaMDMxMTAvBgNV
BAMTKEQ0QUI1MjFBODgyMDY2MTY3NkFCRjNENEI0QzA1MTU3RTY1Q0RGODkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZBaI+CophfPwIUQ09M/vnZg/e
oY+kdUgegYIdTzFaxH1JMBAIhSC3NxrkR0zPwdBpjtKa4yTRDtzh+p9zyJ9SOxPS
ZLQ+ehkjhV6nErm/GBGOmjn+UTbPutVl2NyhsYvlGQfw39LHBSi8WNlFaIk3kQFP
Lk8rlMgwMS86c9E2qgp9mNFBYxUgar1HXvRnjRz5/OQTlh6pQAPj/mUphmVtNyCv
MPCiNzv7rRB/NuOYilHw8/rulM8KhNDhHvoK4nbb+sHLqho3O2H5J4sljN8c48MM
b5hi089d35bkz9EyA8zAcepSrGms3t3uL3tFtqbGEvenwJPAkz/SdUfNrfSDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1KtSGoggZhZ2q/PUtMBRV+Zc34kwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NjYzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUiaG
MA0GCSqGSIb3DQEBCwUAA4IBAQBleMNJNUmOiCG15O0d9QBLIUPvusqdE3WSymnh
nHmWlwJte5evdJdvpn8idM+VIsJSk20dNc84GyAPjJ/ncXq8SyuFc+GjVctnRAvj
+nSkYSaEqZq8ySBpY4pt15mlS7tpo2JyaDJT4id4HsGcjdToUw/z77QKtomStqMG
gyCVrKvocAkBFke5O/TKFYMC1PIY5CZjE+xVluvy7YqzbwYv9nz3nBFB+XtavQQ2
KFdS/0rp0xXqIdu2R+M2fbVXi4ncfvc48g9RBSqeVg8vtU+31UpuOl+39kemoQaK
G3uXpV8RtGIqUHsaSLXCPPvhgo1eOQf3UAtifzWmcFGFZ0bD
-----END CERTIFICATE-----