This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216211.roa
File:                     AS216211.roa (raw, json)
Hash identifier:          TPYH9LQ1Zh3H3F3uquukkxNg4MtGUxPU6WYaxaL5gZI=
Subject key identifier:   FD:A1:F1:B2:A3:71:40:95:52:72:AF:FC:BE:8C:38:D4:CA:3B:1B:02
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       48B5DE7B3F08E83A215307777F686FF39509E243
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216211.roa
Signing time:             Tue 02 Dec 2025 12:15:04 +0000
ROA not before:           Tue 02 Dec 2025 12:10:04 +0000
ROA not after:            Tue 01 Dec 2026 12:15:04 +0000
asID:                     216211
IP address blocks:        143.14.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 13:09:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:b5:de:7b:3f:08:e8:3a:21:53:07:77:7f:68:6f:f3:95:09:e2:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Dec  2 12:10:04 2025 GMT
            Not After : Dec  1 12:15:04 2026 GMT
        Subject: CN=FDA1F1B2A37140955272AFFCBE8C38D4CA3B1B02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:24:3b:e4:58:f8:a9:76:24:84:85:29:d8:5b:
                    a9:d0:85:a8:c8:34:91:54:3a:9c:55:57:7b:bc:54:
                    ae:34:24:3b:ba:66:f5:c3:91:11:78:5a:3a:29:3b:
                    f9:9a:91:f3:0c:31:21:7d:c7:5e:80:b8:bd:93:2c:
                    4e:34:7e:e7:85:a6:af:d5:fc:0c:a5:4b:0a:58:b3:
                    3b:d6:02:1e:15:db:b4:c5:48:60:34:f7:99:a7:d1:
                    1a:a1:5b:cd:9a:ef:c3:d5:aa:a8:a6:3b:87:4d:ec:
                    68:64:43:a3:bc:00:57:60:99:2d:13:fb:21:7d:5f:
                    66:3c:52:54:4e:4f:02:e2:4b:6c:73:80:b7:7c:74:
                    51:a4:96:0f:c5:e0:00:2d:40:93:01:cf:45:01:dd:
                    44:5e:d0:a4:b8:60:cc:5f:bf:6b:84:7d:70:98:8a:
                    12:8d:3e:88:7f:a6:8a:0d:7b:9b:ac:59:a3:4b:4a:
                    12:ef:51:26:99:6c:cb:eb:85:fb:c5:0b:09:2f:99:
                    38:01:dd:b0:0a:19:a0:d5:86:77:82:c0:79:e9:6b:
                    97:80:56:fe:d7:de:37:f4:ad:ca:a8:bf:eb:e2:6e:
                    d9:bb:1c:d0:88:1b:05:64:7a:a9:56:2d:45:79:bf:
                    ef:84:90:5a:12:21:ec:80:57:33:18:2a:f7:2a:fc:
                    0b:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:A1:F1:B2:A3:71:40:95:52:72:AF:FC:BE:8C:38:D4:CA:3B:1B:02
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216211.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7a:bc:35:bd:e8:4b:54:f5:6f:92:87:a5:9a:eb:5c:90:10:82:
         b1:c9:2e:0e:c4:29:e1:cc:1a:9d:aa:45:b0:37:db:a1:dc:ec:
         e4:10:b6:17:09:95:54:fe:d8:e9:b8:91:7e:8e:3a:00:17:f0:
         73:ea:33:ae:bf:1d:c1:23:96:90:16:99:da:6d:5a:2c:53:54:
         30:a2:21:f6:f0:58:4e:b7:fa:f2:e9:f5:ad:ed:ad:52:df:02:
         06:60:a8:94:8b:e5:83:c4:c9:e7:62:cc:9a:a1:46:dd:4e:4b:
         e7:7e:51:b6:85:f5:8e:51:ae:09:5f:82:a9:0a:82:06:6e:9e:
         bc:2a:88:ef:55:9f:60:71:80:36:16:98:e9:28:a9:da:dc:9a:
         3c:dd:97:c7:df:97:59:62:f9:ac:18:d4:4d:a9:99:7a:11:77:
         bc:89:a0:3e:cd:d9:f7:b1:b6:e4:f9:15:a4:cf:c7:0e:9a:17:
         cf:76:9a:40:8e:fc:51:7d:d4:e7:ee:62:f2:02:33:24:0e:a8:
         e3:0e:1c:54:29:79:64:00:0b:c8:b9:6f:4a:55:0d:e0:96:fe:
         dc:6a:7d:fe:6c:66:b7:f0:ce:bd:a2:d7:d7:60:29:cb:17:54:
         00:c8:7c:6a:4e:a5:01:11:31:10:3e:06:d2:89:66:84:97:03:
         2e:22:7a:98
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSLXeez8I6DohUwd3f2hv85UJ4kMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEyMDIxMjEwMDRaFw0yNjEyMDExMjE1MDRaMDMxMTAvBgNV
BAMTKEZEQTFGMUIyQTM3MTQwOTU1MjcyQUZGQ0JFOEMzOEQ0Q0EzQjFCMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4JDvkWPipdiSEhSnYW6nQhajI
NJFUOpxVV3u8VK40JDu6ZvXDkRF4WjopO/makfMMMSF9x16AuL2TLE40fueFpq/V
/AylSwpYszvWAh4V27TFSGA095mn0RqhW82a78PVqqimO4dN7GhkQ6O8AFdgmS0T
+yF9X2Y8UlROTwLiS2xzgLd8dFGklg/F4AAtQJMBz0UB3URe0KS4YMxfv2uEfXCY
ihKNPoh/pooNe5usWaNLShLvUSaZbMvrhfvFCwkvmTgB3bAKGaDVhneCwHnpa5eA
Vv7X3jf0rcqov+vibtm7HNCIGwVkeqlWLUV5v++EkFoSIeyAVzMYKvcq/AvhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/aHxsqNxQJVScq/8vow41Mo7GwIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE2MjExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCjw5o
MA0GCSqGSIb3DQEBCwUAA4IBAQB6vDW96EtU9W+Sh6Wa61yQEIKxyS4OxCnhzBqd
qkWwN9uh3OzkELYXCZVU/tjpuJF+jjoAF/Bz6jOuvx3BI5aQFpnabVosU1QwoiH2
8FhOt/ry6fWt7a1S3wIGYKiUi+WDxMnnYsyaoUbdTkvnflG2hfWOUa4JX4KpCoIG
bp68KojvVZ9gcYA2FpjpKKna3Jo83ZfH35dZYvmsGNRNqZl6EXe8iaA+zdn3sbbk
+RWkz8cOmhfPdppAjvxRfdTn7mLyAjMkDqjjDhxUKXlkAAvIuW9KVQ3glv7can3+
bGa38M69otfXYCnLF1QAyHxqTqUBETEQPgbSiWaElwMuInqY
-----END CERTIFICATE-----