This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
File:                     AS214025.roa (raw, json)
Hash identifier:          8K2HzDU9A1NFsNgtIAvK7yqZIU8F+rHdELJQ21llTdI=
Subject key identifier:   25:47:EF:5D:97:9B:4C:68:55:9D:36:24:E9:67:F7:45:59:5B:7F:C2
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1C6C675257C779885AE560A30BB9379E6BFC9A1C
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa
Signing time:             Fri 23 Jan 2026 09:16:27 +0000
ROA not before:           Fri 23 Jan 2026 09:11:27 +0000
ROA not after:            Fri 22 Jan 2027 09:16:27 +0000
asID:                     214025
IP address blocks:        193.107.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:6c:67:52:57:c7:79:88:5a:e5:60:a3:0b:b9:37:9e:6b:fc:9a:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 23 09:11:27 2026 GMT
            Not After : Jan 22 09:16:27 2027 GMT
        Subject: CN=2547EF5D979B4C68559D3624E967F745595B7FC2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:1d:41:c0:02:f8:35:0f:1c:c4:95:09:b2:f5:
                    96:67:f6:04:2d:a2:97:1c:49:99:0b:86:01:90:38:
                    e5:4c:c8:4b:bd:44:fd:b1:28:b5:bd:cd:66:7e:58:
                    54:73:c6:91:f0:e0:04:df:8e:82:0d:bd:6a:4d:83:
                    cb:4e:76:0b:96:13:1f:ec:b1:10:74:7c:44:32:08:
                    75:de:1d:c9:af:13:98:1b:31:0f:8e:26:69:a3:d9:
                    85:ea:fc:49:21:2d:7c:62:78:58:0c:00:9b:01:17:
                    3e:6e:99:a4:c5:46:c0:54:7a:7b:2b:eb:bd:65:7e:
                    a9:0c:56:f8:d2:25:8a:79:aa:3a:d2:0c:8b:95:ec:
                    e4:8c:8d:3c:b9:61:6b:c1:7b:d5:c8:eb:df:6f:2a:
                    9f:f8:1a:aa:70:79:77:ba:2d:20:a3:8a:e1:cc:36:
                    bb:70:74:09:9e:15:8d:2f:b3:49:d8:c2:d7:bf:3d:
                    c2:9a:9e:05:f1:9c:e5:54:14:32:f8:18:7b:fc:82:
                    f6:b0:c4:57:d1:92:4c:cb:ce:e9:ea:8e:c8:5d:be:
                    86:2a:68:ba:e6:ba:24:de:5c:9a:f3:9f:db:8e:23:
                    49:bb:7a:a0:76:11:95:c9:74:bd:df:1e:aa:4f:bc:
                    75:ee:e0:76:a5:cd:9f:b7:c9:5f:a9:d2:9e:2e:ee:
                    e3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:47:EF:5D:97:9B:4C:68:55:9D:36:24:E9:67:F7:45:59:5B:7F:C2
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS214025.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.107.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:71:43:74:db:ab:ce:4e:6f:f3:ff:a8:22:fb:78:b8:0f:96:
         12:69:e3:30:af:7b:0c:72:31:32:f2:36:4b:22:59:4c:50:c5:
         ef:b0:df:65:9b:cf:11:8a:0c:de:4b:b9:cd:ac:c1:ac:80:42:
         8e:5f:b1:c6:0a:79:e4:79:2d:a8:8f:cd:27:dd:e4:91:e8:ce:
         d1:94:41:0e:dc:3e:a4:8d:4a:17:b0:4f:17:2a:27:c4:da:fc:
         d6:78:73:d0:ba:d6:a2:2a:63:a0:d3:07:ca:89:eb:58:ba:1d:
         17:4b:35:3d:95:22:85:57:c9:cd:ce:b6:15:3e:50:ef:2e:03:
         05:ca:b9:9c:e6:27:9a:08:3c:b2:61:4c:c5:4b:49:8e:9f:ee:
         dd:f0:0d:14:db:14:cc:a9:8e:6f:f0:c2:35:a2:c1:55:77:5c:
         90:59:73:2c:4d:0e:cf:00:d8:ac:e4:65:7a:19:19:d2:76:ef:
         00:83:6b:a5:6c:e1:01:7c:d0:57:69:67:95:14:48:eb:5f:c7:
         a1:e1:71:1a:5c:19:32:0d:66:19:cc:a8:c5:dc:76:99:09:e5:
         d8:ce:ba:eb:14:2d:4c:05:24:ce:f9:7b:8a:ec:63:a6:35:1d:
         43:6c:f7:9b:63:f4:8b:d5:b5:29:cd:d0:e7:60:59:e5:95:f2:
         f6:c2:4b:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHGxnUlfHeYha5WCjC7k3nmv8mhwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAxMjMwOTExMjdaFw0yNzAxMjIwOTE2MjdaMDMxMTAvBgNV
BAMTKDI1NDdFRjVEOTc5QjRDNjg1NTlEMzYyNEU5NjdGNzQ1NTk1QjdGQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxHUHAAvg1DxzElQmy9ZZn9gQt
opccSZkLhgGQOOVMyEu9RP2xKLW9zWZ+WFRzxpHw4ATfjoINvWpNg8tOdguWEx/s
sRB0fEQyCHXeHcmvE5gbMQ+OJmmj2YXq/EkhLXxieFgMAJsBFz5umaTFRsBUensr
671lfqkMVvjSJYp5qjrSDIuV7OSMjTy5YWvBe9XI699vKp/4GqpweXe6LSCjiuHM
NrtwdAmeFY0vs0nYwte/PcKangXxnOVUFDL4GHv8gvawxFfRkkzLzunqjshdvoYq
aLrmuiTeXJrzn9uOI0m7eqB2EZXJdL3fHqpPvHXu4HalzZ+3yV+p0p4u7uMBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJUfvXZebTGhVnTYk6Wf3RVlbf8IwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjE0MDI1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWvT
MA0GCSqGSIb3DQEBCwUAA4IBAQADcUN026vOTm/z/6gi+3i4D5YSaeMwr3sMcjEy
8jZLIllMUMXvsN9lm88RigzeS7nNrMGsgEKOX7HGCnnkeS2oj80n3eSR6M7RlEEO
3D6kjUoXsE8XKifE2vzWeHPQutaiKmOg0wfKietYuh0XSzU9lSKFV8nNzrYVPlDv
LgMFyrmc5ieaCDyyYUzFS0mOn+7d8A0U2xTMqY5v8MI1osFVd1yQWXMsTQ7PANis
5GV6GRnSdu8Ag2ulbOEBfNBXaWeVFEjrX8eh4XEaXBkyDWYZzKjF3HaZCeXYzrrr
FC1MBSTO+XuK7GOmNR1DbPebY/SL1bUpzdDnYFnllfL2wksm
-----END CERTIFICATE-----