This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21245.roa
File:                     AS21245.roa (raw, json)
Hash identifier:          h7jdvs365MS+9Eao3uCFXO8hLJz2n0aL+sKNTuELCL8=
Subject key identifier:   BB:AA:41:08:9B:7E:14:EA:E5:37:38:CA:5B:EB:7D:3D:EF:CE:C2:5F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       253205166F19EC6EC7BC52A011EA3C8C3D32226F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21245.roa
Signing time:             Tue 20 Jan 2026 15:50:35 +0000
ROA not before:           Tue 20 Jan 2026 15:45:35 +0000
ROA not after:            Tue 19 Jan 2027 15:50:35 +0000
asID:                     21245
IP address blocks:        82.38.196.0/24 maxlen: 24
                          82.38.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:32:05:16:6f:19:ec:6e:c7:bc:52:a0:11:ea:3c:8c:3d:32:22:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 20 15:45:35 2026 GMT
            Not After : Jan 19 15:50:35 2027 GMT
        Subject: CN=BBAA41089B7E14EAE53738CA5BEB7D3DEFCEC25F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:98:12:26:1f:20:79:20:5d:28:07:a0:cd:ee:
                    75:a6:de:3a:8b:4f:1b:4f:1c:70:52:56:73:59:b5:
                    e0:49:48:52:68:b1:c6:b4:04:7a:73:54:3a:57:f2:
                    92:4f:3e:de:8e:27:61:3a:db:91:4f:c9:73:a1:1c:
                    3a:aa:2a:29:19:38:a0:45:55:b4:f7:a1:1e:75:15:
                    5f:1c:b3:f4:6f:a0:bf:bf:cb:70:02:55:c5:fc:1f:
                    c2:91:e8:07:a2:53:6d:d7:af:7c:c9:ea:a5:bb:f2:
                    3e:cb:f6:8e:ee:8e:ca:95:97:2b:d7:f3:8a:91:e6:
                    f5:c8:bb:16:dd:64:00:f6:fb:db:4f:05:d9:a0:89:
                    ed:7d:3d:1d:2b:98:6c:e1:34:2f:8b:92:2e:c2:45:
                    a7:37:87:1e:90:1a:8a:14:db:7b:35:38:6c:c3:e4:
                    95:93:ec:83:56:01:5b:94:af:91:c2:77:58:86:7a:
                    45:c6:3a:ab:35:61:c8:7c:7e:af:d3:43:6c:d9:78:
                    9d:59:3f:0b:26:61:19:45:4a:38:48:02:59:59:0f:
                    69:cb:5e:5c:9d:85:91:38:da:49:0d:4a:76:bb:b5:
                    df:05:78:1f:58:d7:88:04:df:08:ab:4a:40:05:da:
                    de:89:20:d3:28:75:52:4c:8f:38:ef:66:7e:26:b9:
                    61:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:AA:41:08:9B:7E:14:EA:E5:37:38:CA:5B:EB:7D:3D:EF:CE:C2:5F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21245.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.38.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:d8:13:c0:f8:a8:16:45:ee:b6:5e:1d:0f:cb:a5:62:ef:ee:
         ba:d5:4a:34:e5:f9:fe:9e:3d:f1:a8:7d:3d:5a:00:ee:9a:07:
         de:2a:46:61:63:53:c3:9b:8e:cc:e3:42:6f:3d:95:72:e6:6d:
         c0:11:a1:2f:00:63:4f:98:d1:22:5d:d1:c4:61:50:54:34:f9:
         1a:5e:ef:00:95:04:9b:c7:a6:78:1b:a4:2e:85:71:a8:e1:37:
         0e:f3:01:22:02:e5:26:fc:b1:00:2e:96:6f:97:1a:0b:81:34:
         c5:91:87:fd:48:a6:1a:7a:3a:5f:3f:c7:62:de:46:0c:be:1e:
         d3:f7:08:a7:1c:d0:7b:67:69:a3:a8:cf:96:1b:eb:f8:f7:e7:
         49:0c:04:cc:07:a8:4b:d4:05:5f:23:a6:d9:cc:db:b7:f4:32:
         3a:01:ef:52:62:cb:d6:7d:7c:45:22:0f:1a:ce:88:b0:e1:be:
         da:e5:49:97:63:d1:ac:09:f1:f3:4c:69:90:5c:97:c0:d6:1a:
         6f:e3:18:52:f1:93:c4:b8:a5:75:2a:34:3b:06:9d:e3:1c:58:
         20:18:ae:ff:d1:00:dc:0f:26:1a:7c:be:82:08:e7:cb:17:80:
         00:64:10:ec:4f:9f:fb:77:fb:b9:69:aa:71:a7:37:e2:e5:c1:
         e9:d2:f6:f6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUJTIFFm8Z7G7HvFKgEeo8jD0yIm8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAxMjAxNTQ1MzVaFw0yNzAxMTkxNTUwMzVaMDMxMTAvBgNV
BAMTKEJCQUE0MTA4OUI3RTE0RUFFNTM3MzhDQTVCRUI3RDNERUZDRUMyNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBmBImHyB5IF0oB6DN7nWm3jqL
TxtPHHBSVnNZteBJSFJosca0BHpzVDpX8pJPPt6OJ2E625FPyXOhHDqqKikZOKBF
VbT3oR51FV8cs/RvoL+/y3ACVcX8H8KR6AeiU23Xr3zJ6qW78j7L9o7ujsqVlyvX
84qR5vXIuxbdZAD2+9tPBdmgie19PR0rmGzhNC+Lki7CRac3hx6QGooU23s1OGzD
5JWT7INWAVuUr5HCd1iGekXGOqs1Ych8fq/TQ2zZeJ1ZPwsmYRlFSjhIAllZD2nL
XlydhZE42kkNSna7td8FeB9Y14gE3wirSkAF2t6JINModVJMjzjvZn4muWEZAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUu6pBCJt+FOrlNzjKW+t9Pe/Owl8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEyNDUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFSJsQw
DQYJKoZIhvcNAQELBQADggEBAGjYE8D4qBZF7rZeHQ/LpWLv7rrVSjTl+f6ePfGo
fT1aAO6aB94qRmFjU8ObjszjQm89lXLmbcARoS8AY0+Y0SJd0cRhUFQ0+Rpe7wCV
BJvHpngbpC6FcajhNw7zASIC5Sb8sQAulm+XGguBNMWRh/1Iphp6Ol8/x2LeRgy+
HtP3CKcc0HtnaaOoz5Yb6/j350kMBMwHqEvUBV8jptnM27f0MjoB71Jiy9Z9fEUi
DxrOiLDhvtrlSZdj0awJ8fNMaZBcl8DWGm/jGFLxk8S4pXUqNDsGneMcWCAYrv/R
ANwPJhp8voII58sXgABkEOxPn/t3+7lpqnGnN+LlwenS9vY=
-----END CERTIFICATE-----