This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214731.roa
File:                     AS214731.roa (raw, json)
Hash identifier:          ow4nBaSuE9p0ungOoWoCq4ez1GKx0J+XVWMMuvvRwsc=
Subject key identifier:   7C:2D:75:29:60:FA:54:DD:BA:A9:39:9C:22:DF:E6:5A:1C:03:BC:38
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       15CB853890BA3B33BDA8DE47D43ECDE30DBA76AD
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214731.roa
Signing time:             Wed 17 Dec 2025 03:08:13 +0000
ROA not before:           Wed 17 Dec 2025 03:03:13 +0000
ROA not after:            Wed 16 Dec 2026 03:08:13 +0000
asID:                     214731
IP address blocks:        2a0f:85c1:b44::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Dec 2025 09:56:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:cb:85:38:90:ba:3b:33:bd:a8:de:47:d4:3e:cd:e3:0d:ba:76:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Dec 17 03:03:13 2025 GMT
            Not After : Dec 16 03:08:13 2026 GMT
        Subject: CN=7C2D752960FA54DDBAA9399C22DFE65A1C03BC38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f7:c4:c5:12:37:6b:32:b7:a4:e5:ce:df:be:
                    77:3c:47:92:e6:8e:39:2f:e9:62:f1:10:b4:ad:1c:
                    00:83:c2:7b:ac:d3:d1:85:84:e9:7f:36:ad:34:ed:
                    11:f6:ec:c8:7d:d8:19:c9:01:ed:33:53:68:1f:45:
                    d0:d8:23:7c:65:2a:e6:02:2d:d1:4d:57:43:80:53:
                    34:fe:15:46:b2:4f:49:79:e8:fb:7b:2f:b8:9f:65:
                    99:f2:d1:f6:ed:26:54:21:55:ed:65:9a:01:fc:37:
                    c8:f5:bf:72:7a:e3:d0:e3:af:6e:5e:2f:a1:3b:3b:
                    e6:a7:2f:92:8e:68:c5:d4:1e:20:95:68:6d:b2:b7:
                    d3:1e:73:8d:b5:77:ce:e2:8b:20:4a:46:28:79:61:
                    14:81:a8:7f:78:f9:6b:69:23:10:84:c2:e1:1a:b5:
                    88:32:d9:32:e4:ba:bb:33:26:06:6d:2b:ad:cb:66:
                    65:2e:a5:60:c9:f4:53:48:f4:da:49:e1:53:14:51:
                    9f:96:7f:56:0a:01:1c:a7:a9:36:17:ca:b5:e0:d7:
                    9a:12:91:e3:87:ee:3d:17:b1:c9:08:aa:ef:4e:ff:
                    a1:9d:df:63:2b:62:00:4b:89:84:1f:5f:23:c9:b8:
                    bd:06:3c:97:ce:07:3f:c2:48:1a:64:f3:aa:7c:cb:
                    88:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:2D:75:29:60:FA:54:DD:BA:A9:39:9C:22:DF:E6:5A:1C:03:BC:38
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS214731.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b44::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:5f:8e:1d:5d:4b:bf:75:a3:06:d3:e0:95:cf:72:1a:22:6e:
         e6:a6:3a:c6:a7:16:3c:62:39:c0:43:31:30:23:7e:fd:a1:83:
         88:5b:38:fe:49:c9:e9:bc:44:6d:d2:72:10:8e:56:e4:e7:3f:
         62:98:28:03:0a:a4:21:19:ee:bb:cd:d2:1f:15:7e:6a:53:da:
         58:12:94:28:fe:26:1d:50:bd:6a:b2:4b:bf:a4:a0:0e:8b:b6:
         36:f9:4a:e9:e5:7a:6d:9d:4a:c1:70:be:17:1b:eb:ad:ba:85:
         2d:d7:9d:de:d4:9e:05:77:67:08:4d:8b:ff:64:39:f2:06:f5:
         12:6c:42:50:9a:40:10:dc:33:d9:ef:6e:67:43:a6:94:31:04:
         a0:13:3b:b3:18:f9:ea:c8:7f:4d:1d:be:14:ab:40:da:3f:68:
         7c:8b:81:63:a4:ca:10:a2:c7:65:17:8a:c5:25:0a:49:1e:37:
         fa:f4:8d:cd:d0:66:8a:fa:ad:95:25:0e:59:b4:21:c4:1c:c6:
         54:7f:d9:56:dc:92:ea:f7:9b:9a:50:03:f0:9d:ab:df:fb:55:
         3c:89:a8:11:ea:07:19:37:45:84:a9:1f:f9:e2:ae:cc:45:74:
         b5:31:f7:d2:01:4d:e7:04:31:e9:d7:73:b5:85:f5:f6:59:5d:
         f3:4f:95:45
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUFcuFOJC6OzO9qN5H1D7N4w26dq0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEyMTcwMzAzMTNaFw0yNjEyMTYwMzA4MTNaMDMxMTAvBgNV
BAMTKDdDMkQ3NTI5NjBGQTU0RERCQUE5Mzk5QzIyREZFNjVBMUMwM0JDMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCb98TFEjdrMrek5c7fvnc8R5Lm
jjkv6WLxELStHACDwnus09GFhOl/Nq007RH27Mh92BnJAe0zU2gfRdDYI3xlKuYC
LdFNV0OAUzT+FUayT0l56Pt7L7ifZZny0fbtJlQhVe1lmgH8N8j1v3J649Djr25e
L6E7O+anL5KOaMXUHiCVaG2yt9Mec421d87iiyBKRih5YRSBqH94+WtpIxCEwuEa
tYgy2TLkurszJgZtK63LZmUupWDJ9FNI9NpJ4VMUUZ+Wf1YKARynqTYXyrXg15oS
keOH7j0XsckIqu9O/6Gd32MrYgBLiYQfXyPJuL0GPJfOBz/CSBpk86p8y4ipAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUfC11KWD6VN26qTmcIt/mWhwDvDgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE0NzMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQtEMA0GCSqGSIb3DQEBCwUAA4IBAQCdX44dXUu/daMG0+CVz3IaIm7mpjrGpxY8
YjnAQzEwI379oYOIWzj+ScnpvERt0nIQjlbk5z9imCgDCqQhGe67zdIfFX5qU9pY
EpQo/iYdUL1qsku/pKAOi7Y2+Urp5XptnUrBcL4XG+utuoUt153e1J4Fd2cITYv/
ZDnyBvUSbEJQmkAQ3DPZ725nQ6aUMQSgEzuzGPnqyH9NHb4Uq0DaP2h8i4FjpMoQ
osdlF4rFJQpJHjf69I3N0GaK+q2VJQ5ZtCHEHMZUf9lW3JLq95uaUAPwnavf+1U8
iagR6gcZN0WEqR/54q7MRXS1MffSAU3nBDHp13O1hfX2WV3zT5VF
-----END CERTIFICATE-----