This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216199.roa
File:                     AS216199.roa (raw, json)
Hash identifier:          wIdrgfRhgdnnswv/NWiO4J6T73dhMQKEMxyF8Ntu/OM=
Subject key identifier:   1D:04:B7:1D:FE:E4:FE:09:21:86:52:86:5C:D5:27:8A:E2:E7:CD:B7
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       523795FD9BD83EBFD43B4E0AFDC4D16F4DA2379F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216199.roa
Signing time:             Wed 17 Dec 2025 21:29:38 +0000
ROA not before:           Wed 17 Dec 2025 21:24:38 +0000
ROA not after:            Wed 16 Dec 2026 21:29:38 +0000
asID:                     216199
IP address blocks:        82.22.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Dec 2025 07:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:37:95:fd:9b:d8:3e:bf:d4:3b:4e:0a:fd:c4:d1:6f:4d:a2:37:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Dec 17 21:24:38 2025 GMT
            Not After : Dec 16 21:29:38 2026 GMT
        Subject: CN=1D04B71DFEE4FE09218652865CD5278AE2E7CDB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:2c:f5:f8:8a:16:d6:d1:f8:8b:9f:af:78:68:
                    13:c8:21:10:67:69:af:e6:d6:63:b1:63:b5:05:3f:
                    dd:bb:a5:e3:a5:c7:e6:9e:71:ad:fb:6a:7a:01:f1:
                    4b:86:6a:a1:ac:46:78:7f:f3:7e:0d:98:fc:93:b5:
                    cb:37:58:ce:bf:64:f3:83:27:93:a4:27:7f:4d:9a:
                    bc:31:b0:47:91:f4:e0:a1:a7:8c:df:dd:bf:0f:61:
                    67:18:dc:93:45:d2:e7:be:e5:93:00:70:7e:0e:de:
                    28:38:eb:08:ab:30:5e:92:7f:c7:ac:b2:9e:85:c4:
                    60:3b:91:72:5a:79:a8:30:5c:5c:b1:23:2f:59:f1:
                    6c:69:fd:72:98:71:bc:e8:91:a7:7a:5d:5f:41:5c:
                    85:fc:71:35:99:83:dc:e9:8b:c6:cc:e7:c1:66:ce:
                    f8:db:a0:05:72:03:d7:c0:30:20:b1:2d:a6:78:d9:
                    a5:73:e4:0a:ed:01:9c:4f:f6:8c:d4:ce:d1:c3:91:
                    b9:5a:3b:ee:49:0a:80:38:1c:52:a7:b0:a9:1c:83:
                    22:12:08:d1:23:04:75:d6:be:0b:a1:40:c4:73:1f:
                    9c:87:06:99:14:f0:67:7b:c2:d2:28:6c:d7:f8:1a:
                    28:e3:b4:54:09:8a:d0:ce:8e:31:b8:21:43:27:1b:
                    57:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:04:B7:1D:FE:E4:FE:09:21:86:52:86:5C:D5:27:8A:E2:E7:CD:B7
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216199.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:db:b3:48:8a:9f:85:73:ae:26:07:36:ec:4b:a2:ea:3f:b3:
         7b:db:ed:85:41:fb:d2:67:67:3b:e0:82:01:f3:fc:d5:64:aa:
         5c:8c:a7:c5:34:0c:cc:0a:4e:83:96:e5:7d:d5:56:72:c4:4d:
         31:28:bf:0d:fc:5e:01:9b:e8:89:cc:5f:43:d7:4d:13:3c:b6:
         65:cb:cc:bc:4a:bd:c0:dc:70:79:5e:5b:ca:cb:78:bd:0a:c9:
         fd:d4:6c:6f:26:5a:75:60:14:c2:7b:b8:97:1b:81:d1:eb:98:
         aa:5a:4b:1e:77:d9:61:4d:07:7d:18:cc:56:a8:05:c8:33:a8:
         8f:34:65:54:e0:d9:a0:a7:6b:1c:19:43:54:61:8e:d5:8b:1e:
         8b:92:3f:fd:97:3d:77:60:be:c7:3c:0a:29:0f:1f:9e:1f:b8:
         3f:10:df:11:f3:87:82:5e:0e:eb:47:98:b8:fc:e9:78:61:d5:
         79:33:58:7b:dd:ab:28:47:3c:e0:49:08:83:b7:f4:eb:c9:a4:
         03:82:cd:13:56:81:42:58:a5:2d:08:3e:f8:b4:f3:75:1c:02:
         a5:a3:ba:09:08:51:61:99:8f:71:77:a6:8a:a9:01:02:f7:b9:
         c8:7f:9f:bb:80:21:f3:75:ad:f6:5d:76:df:d6:3c:60:db:9a:
         cd:da:18:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUjeV/ZvYPr/UO04K/cTRb02iN58wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEyMTcyMTI0MzhaFw0yNjEyMTYyMTI5MzhaMDMxMTAvBgNV
BAMTKDFEMDRCNzFERkVFNEZFMDkyMTg2NTI4NjVDRDUyNzhBRTJFN0NEQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrLPX4ihbW0fiLn694aBPIIRBn
aa/m1mOxY7UFP927peOlx+aeca37anoB8UuGaqGsRnh/834NmPyTtcs3WM6/ZPOD
J5OkJ39NmrwxsEeR9OChp4zf3b8PYWcY3JNF0ue+5ZMAcH4O3ig46wirMF6Sf8es
sp6FxGA7kXJaeagwXFyxIy9Z8Wxp/XKYcbzokad6XV9BXIX8cTWZg9zpi8bM58Fm
zvjboAVyA9fAMCCxLaZ42aVz5ArtAZxP9ozUztHDkblaO+5JCoA4HFKnsKkcgyIS
CNEjBHXWvguhQMRzH5yHBpkU8Gd7wtIobNf4GijjtFQJitDOjjG4IUMnG1cLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHQS3Hf7k/gkhhlKGXNUniuLnzbcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE2MTk5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhYE
MA0GCSqGSIb3DQEBCwUAA4IBAQBq27NIip+Fc64mBzbsS6LqP7N72+2FQfvSZ2c7
4IIB8/zVZKpcjKfFNAzMCk6DluV91VZyxE0xKL8N/F4Bm+iJzF9D100TPLZly8y8
Sr3A3HB5XlvKy3i9Csn91GxvJlp1YBTCe7iXG4HR65iqWksed9lhTQd9GMxWqAXI
M6iPNGVU4Nmgp2scGUNUYY7Vix6Lkj/9lz13YL7HPAopDx+eH7g/EN8R84eCXg7r
R5i4/Ol4YdV5M1h73asoRzzgSQiDt/TryaQDgs0TVoFCWKUtCD74tPN1HAKlo7oJ
CFFhmY9xd6aKqQEC97nIf5+7gCHzda32XXbf1jxg25rN2hhh
-----END CERTIFICATE-----