This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214716.roa
File:                     AS214716.roa (raw, json)
Hash identifier:          4I7/XL53hr8gEz+Zsw7pJEekkUZa0XEQUYrfRa8mwj0=
Subject key identifier:   65:BC:F6:32:94:BB:21:94:B6:CE:A5:62:55:2E:82:EB:84:D1:CF:DB
Certificate issuer:       /CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
Certificate serial:       42BDE0E42582F26C76804B88004137344C195157
Authority key identifier: D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214716.roa
Signing time:             Wed 14 Jan 2026 18:22:00 +0000
ROA not before:           Wed 14 Jan 2026 18:17:00 +0000
ROA not after:            Wed 13 Jan 2027 18:22:00 +0000
asID:                     214716
IP address blocks:        85.155.98.0/24 maxlen: 24
                          103.109.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:bd:e0:e4:25:82:f2:6c:76:80:4b:88:00:41:37:34:4c:19:51:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d14b6fcf2b2c69be085e9f959872dcbe8ea54177
        Validity
            Not Before: Jan 14 18:17:00 2026 GMT
            Not After : Jan 13 18:22:00 2027 GMT
        Subject: CN=65BCF63294BB2194B6CEA562552E82EB84D1CFDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:78:62:bc:24:80:f3:3a:e8:29:0c:62:b6:1e:
                    1d:01:22:e1:d7:4b:39:0f:cd:e9:3f:86:d0:af:28:
                    cf:ad:64:f9:c4:bd:80:ce:5d:5d:3e:98:32:b7:fb:
                    76:79:a6:0d:b8:1a:54:b3:92:ba:6c:50:ac:e9:d5:
                    b5:6d:e9:e6:da:f0:43:c7:b9:f1:f0:6e:6f:ff:92:
                    ac:45:be:4c:d7:ff:0a:b1:cf:9d:2f:74:9f:50:8f:
                    0a:96:95:66:ab:f1:68:31:bf:ee:6a:76:c5:78:45:
                    39:37:02:53:0f:03:4b:db:f1:b1:8b:f1:64:2e:a1:
                    13:0b:ad:51:15:fc:dd:06:1f:c7:dc:00:8a:86:2f:
                    d2:20:5d:04:69:b7:ae:d9:26:db:c1:c1:da:d7:fd:
                    31:79:86:d5:48:d4:28:2a:1b:02:ea:09:00:f7:d9:
                    f1:02:50:43:cd:cc:b6:a0:8f:e9:4c:2a:34:76:44:
                    92:b1:d6:ed:5e:9c:9b:86:60:c6:99:e0:06:2a:15:
                    36:fb:d3:a0:c1:60:f0:47:dd:2a:80:f9:15:3f:45:
                    48:ab:c9:32:72:7d:92:8c:46:73:34:22:d0:96:a8:
                    eb:e5:fa:92:f9:f7:b6:91:83:66:c4:bc:d0:e9:98:
                    44:55:5d:64:77:21:d1:72:3d:8c:be:4c:e9:b2:df:
                    4c:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:BC:F6:32:94:BB:21:94:B6:CE:A5:62:55:2E:82:EB:84:D1:CF:DB
            X509v3 Authority Key Identifier:
                keyid:D1:4B:6F:CF:2B:2C:69:BE:08:5E:9F:95:98:72:DC:BE:8E:A5:41:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/D14B6FCF2B2C69BE085E9F959872DCBE8EA54177.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0Utvzyssab4IXp-VmHLcvo6lQXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/7/AS214716.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.155.98.0/24
                  103.109.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:d4:c7:6e:82:3a:f6:19:cb:ff:5d:b3:45:13:22:6c:ec:5b:
         cf:0a:74:c2:b1:3a:be:66:f4:dc:9b:d6:ec:ae:80:fa:8c:f1:
         82:23:61:55:aa:c5:d3:b5:aa:6c:bb:05:52:ec:93:29:e0:33:
         46:0b:ae:b0:ff:df:b7:0a:16:ec:ad:88:18:da:ac:b2:98:cc:
         4e:fc:19:54:c9:20:40:ba:bb:c1:19:cf:b1:fb:91:78:59:b9:
         01:c2:20:61:e2:34:86:3f:1c:87:a9:d9:17:3c:ba:b5:38:de:
         fc:88:7e:e3:9c:ae:a0:d4:0a:cb:ef:25:6a:83:39:c0:39:73:
         b4:6e:8e:27:3e:1e:01:f2:af:66:04:64:38:1b:d9:30:d7:0c:
         11:64:d3:b3:63:4a:0c:50:49:bc:ce:68:12:75:8e:81:8e:e3:
         37:e7:d9:5a:36:84:46:14:4e:6a:38:80:28:ec:80:22:25:65:
         36:69:1e:85:16:76:bd:34:26:6e:a1:0a:4d:c2:80:b1:78:63:
         8b:50:ba:4e:39:4c:5d:4f:72:72:c3:d7:79:27:3b:31:e7:92:
         a6:6c:36:98:37:de:50:00:84:2e:c3:c4:46:2a:ed:59:b4:6b:
         3e:e0:73:99:54:6a:cd:33:31:dc:f0:6c:93:25:bc:00:ae:1e:
         bc:df:fb:c3
-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIUQr3g5CWC8mx2gEuIAEE3NEwZUVcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDE0YjZmY2YyYjJjNjliZTA4NWU5Zjk1OTg3MmRjYmU4
ZWE1NDE3NzAeFw0yNjAxMTQxODE3MDBaFw0yNzAxMTMxODIyMDBaMDMxMTAvBgNV
BAMTKDY1QkNGNjMyOTRCQjIxOTRCNkNFQTU2MjU1MkU4MkVCODREMUNGREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0eGK8JIDzOugpDGK2Hh0BIuHX
SzkPzek/htCvKM+tZPnEvYDOXV0+mDK3+3Z5pg24GlSzkrpsUKzp1bVt6eba8EPH
ufHwbm//kqxFvkzX/wqxz50vdJ9QjwqWlWar8Wgxv+5qdsV4RTk3AlMPA0vb8bGL
8WQuoRMLrVEV/N0GH8fcAIqGL9IgXQRpt67ZJtvBwdrX/TF5htVI1CgqGwLqCQD3
2fECUEPNzLagj+lMKjR2RJKx1u1enJuGYMaZ4AYqFTb706DBYPBH3SqA+RU/RUir
yTJyfZKMRnM0ItCWqOvl+pL597aRg2bEvNDpmERVXWR3IdFyPYy+TOmy30wTAgMB
AAGjggH1MIIB8TAdBgNVHQ4EFgQUZbz2MpS7IZS2zqViVS6C64TRz9swHwYDVR0j
BBgwFoAU0Utvzyssab4IXp+VmHLcvo6lQXcwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvNy9EMTRCNkZDRjJC
MkM2OUJFMDg1RTlGOTU5ODcyRENCRThFQTU0MTc3LmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMFV0dnp5c3NhYjRJWHAtVm1ITGN2bzZsUVhjLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC83L0FT
MjE0NzE2LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEH
AQH/BBYwFDASBAIAATAMAwQAVZtiAwQAZ23qMA0GCSqGSIb3DQEBCwUAA4IBAQC8
1Mdugjr2Gcv/XbNFEyJs7FvPCnTCsTq+ZvTcm9bsroD6jPGCI2FVqsXTtapsuwVS
7JMp4DNGC66w/9+3ChbsrYgY2qyymMxO/BlUySBAurvBGc+x+5F4WbkBwiBh4jSG
PxyHqdkXPLq1ON78iH7jnK6g1ArL7yVqgznAOXO0bo4nPh4B8q9mBGQ4G9kw1wwR
ZNOzY0oMUEm8zmgSdY6BjuM359laNoRGFE5qOIAo7IAiJWU2aR6FFna9NCZuoQpN
woCxeGOLULpOOUxdT3Jyw9d5Jzsx55KmbDaYN95QAIQuw8RGKu1ZtGs+4HOZVGrN
MzHc8GyTJbwArh683/vD
-----END CERTIFICATE-----