This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213621.roa
File:                     AS213621.roa (raw, json)
Hash identifier:          aaYPW3+a2JVttiJFUO0lRPVUCkmVx4+EyVQjZspcH7k=
Subject key identifier:   C0:E5:AB:E0:2F:84:E7:B0:32:7E:52:2A:BD:43:C9:D1:12:76:4A:60
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4DA9EC105C46F23A319E9A78343EE26579730169
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213621.roa
Signing time:             Mon 15 Dec 2025 23:08:13 +0000
ROA not before:           Mon 15 Dec 2025 23:03:13 +0000
ROA not after:            Mon 14 Dec 2026 23:08:13 +0000
asID:                     213621
IP address blocks:        2a0f:85c1:b3b::/48 maxlen: 56
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 09:56:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:a9:ec:10:5c:46:f2:3a:31:9e:9a:78:34:3e:e2:65:79:73:01:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Dec 15 23:03:13 2025 GMT
            Not After : Dec 14 23:08:13 2026 GMT
        Subject: CN=C0E5ABE02F84E7B0327E522ABD43C9D112764A60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:64:19:37:c5:c6:25:e3:70:d0:84:7b:62:56:
                    b3:25:8e:2c:48:12:a6:d9:99:b2:5d:6b:50:7b:9a:
                    5d:92:c0:15:45:af:aa:ef:d6:59:61:b7:e2:6a:e9:
                    b1:66:fa:53:58:44:20:05:ca:ae:ca:6a:21:ef:48:
                    8d:cf:b8:33:69:df:62:a6:db:3d:02:9c:14:14:fe:
                    6e:52:0a:18:92:da:56:17:02:97:5f:7e:75:35:7f:
                    c3:2a:04:af:c4:57:f4:04:30:11:ad:13:d1:a0:ce:
                    76:8b:61:cf:cd:3c:04:40:c2:38:df:1d:28:f7:84:
                    50:1a:f8:b0:b2:dc:c8:ff:c8:f7:b1:d0:99:e9:ec:
                    ee:fc:c8:50:bd:31:a5:49:d1:fe:55:a7:cc:47:56:
                    0f:ae:34:83:e8:6c:6c:9a:1d:6b:7e:f7:ac:cd:a4:
                    d6:68:d7:f5:8a:6b:5b:31:56:50:45:50:9e:db:a0:
                    55:14:32:fd:95:bd:c2:98:f7:f8:c7:2d:46:38:61:
                    2c:c1:2f:e5:3c:86:1c:1c:48:89:de:89:1c:53:1a:
                    37:2c:55:12:76:63:c8:f2:76:d8:ca:f4:7f:49:a6:
                    b9:3f:31:e4:6e:95:1e:3b:ef:ac:8e:72:6b:48:9f:
                    a8:4c:3d:2a:b1:1b:e1:c3:d7:2e:7d:7c:75:82:9e:
                    3e:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:E5:AB:E0:2F:84:E7:B0:32:7E:52:2A:BD:43:C9:D1:12:76:4A:60
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213621.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b3b::/48

    Signature Algorithm: sha256WithRSAEncryption
         ba:e1:c2:7c:5e:24:92:50:44:0c:34:5c:67:3a:c9:87:c3:ec:
         ba:c1:e2:eb:68:a0:4a:da:51:63:9c:d7:1e:4c:c5:4e:64:24:
         e8:a3:72:be:8d:39:fa:3b:b3:1e:00:4a:65:89:67:a8:b8:e4:
         a8:48:dc:aa:bf:10:6c:34:29:5f:99:da:3b:f8:e6:88:9d:15:
         94:25:bc:69:08:f0:52:e2:75:d1:85:b2:6a:d8:bc:f6:6f:82:
         5c:e1:2b:ca:20:79:5b:b7:24:4f:7a:61:b4:f0:ea:82:b1:7a:
         8e:76:07:fb:50:cb:4a:e5:08:bc:df:61:78:23:36:82:c6:ff:
         5e:63:db:1e:33:4a:6f:97:a3:2b:b6:41:86:e3:aa:7f:8e:2c:
         de:67:6a:98:8d:c1:40:4b:c9:04:a1:f5:95:79:48:cf:92:3c:
         3a:ca:9a:8c:a7:23:f3:b0:81:34:93:8a:51:49:5f:2b:15:26:
         f0:f7:16:4f:01:62:27:35:f0:3f:0c:8e:db:94:4c:20:55:9a:
         ac:09:51:27:d5:b5:d5:7f:de:c7:e0:30:7b:07:1e:8f:69:a2:
         1c:71:56:72:52:14:1a:a5:e2:4e:f6:34:ec:1d:99:93:fa:2a:
         2a:b4:db:3b:13:c6:bf:3a:33:1b:0e:e9:72:fe:0e:a5:ed:ce:
         57:2a:08:15
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUTansEFxG8joxnpp4ND7iZXlzAWkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEyMTUyMzAzMTNaFw0yNjEyMTQyMzA4MTNaMDMxMTAvBgNV
BAMTKEMwRTVBQkUwMkY4NEU3QjAzMjdFNTIyQUJENDNDOUQxMTI3NjRBNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEZBk3xcYl43DQhHtiVrMljixI
EqbZmbJda1B7ml2SwBVFr6rv1llht+Jq6bFm+lNYRCAFyq7KaiHvSI3PuDNp32Km
2z0CnBQU/m5SChiS2lYXApdffnU1f8MqBK/EV/QEMBGtE9GgznaLYc/NPARAwjjf
HSj3hFAa+LCy3Mj/yPex0Jnp7O78yFC9MaVJ0f5Vp8xHVg+uNIPobGyaHWt+96zN
pNZo1/WKa1sxVlBFUJ7boFUUMv2VvcKY9/jHLUY4YSzBL+U8hhwcSIneiRxTGjcs
VRJ2Y8jydtjK9H9Jprk/MeRulR4776yOcmtIn6hMPSqxG+HD1y59fHWCnj7xAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUwOWr4C+E57AyflIqvUPJ0RJ2SmAwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNjIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQs7MA0GCSqGSIb3DQEBCwUAA4IBAQC64cJ8XiSSUEQMNFxnOsmHw+y6weLraKBK
2lFjnNceTMVOZCToo3K+jTn6O7MeAEpliWeouOSoSNyqvxBsNClfmdo7+OaInRWU
JbxpCPBS4nXRhbJq2Lz2b4Jc4SvKIHlbtyRPemG08OqCsXqOdgf7UMtK5Qi832F4
IzaCxv9eY9seM0pvl6MrtkGG46p/jizeZ2qYjcFAS8kEofWVeUjPkjw6ypqMpyPz
sIE0k4pRSV8rFSbw9xZPAWInNfA/DI7blEwgVZqsCVEn1bXVf97H4DB7Bx6PaaIc
cVZyUhQapeJO9jTsHZmT+ioqtNs7E8a/OjMbDuly/g6l7c5XKggV
-----END CERTIFICATE-----