This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214939.roa
File:                     AS214939.roa (raw, json)
Hash identifier:          yc1BWTNpmvbTrqcOvTuAsxy7mtaasIldebqdnT+bZZ0=
Subject key identifier:   58:7A:6C:12:B2:7B:5F:D5:B5:AA:28:95:33:A5:BF:56:DF:E9:91:C9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7D7E1616F9AE73832DB5AE4299872858B0D1CA7D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214939.roa
Signing time:             Tue 02 Dec 2025 18:18:44 +0000
ROA not before:           Tue 02 Dec 2025 18:13:44 +0000
ROA not after:            Tue 01 Dec 2026 18:18:44 +0000
asID:                     214939
IP address blocks:        82.21.0.0/24 maxlen: 24
                          82.21.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Dec 2025 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:7e:16:16:f9:ae:73:83:2d:b5:ae:42:99:87:28:58:b0:d1:ca:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Dec  2 18:13:44 2025 GMT
            Not After : Dec  1 18:18:44 2026 GMT
        Subject: CN=587A6C12B27B5FD5B5AA289533A5BF56DFE991C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:6d:cc:34:20:af:0b:e4:8c:08:28:1e:45:24:
                    14:1d:bf:fe:66:e4:ca:8e:a8:62:5d:02:da:6c:4f:
                    89:99:56:0b:be:35:95:cb:37:4e:54:0d:da:a7:bb:
                    4c:e1:59:19:19:70:c3:7c:f7:96:f1:3a:6b:32:01:
                    b1:d9:6e:1e:fe:fe:2d:c0:4e:f3:01:63:16:bb:8a:
                    da:5f:be:f9:d7:72:1e:43:06:5c:b5:f2:72:ed:df:
                    61:1c:e7:4b:90:4a:ff:8a:da:9a:07:2c:64:1b:1c:
                    5d:e8:6b:6f:d1:c8:75:e2:6f:3d:99:ab:7a:03:e7:
                    6d:22:eb:2c:08:cd:30:fb:15:15:32:0f:fe:57:d5:
                    a5:93:93:42:a0:7b:18:04:f0:16:c9:48:0a:47:dd:
                    91:11:af:8e:57:a4:7f:01:b7:e0:7c:3a:64:cf:ec:
                    ab:8a:24:ee:49:cd:7c:eb:22:3b:eb:93:6d:ed:58:
                    bb:7a:ae:59:95:77:f3:ca:18:80:2a:f3:df:0e:ab:
                    c2:ae:e9:c6:0d:1c:d3:f2:d2:47:f8:e7:b4:a8:f6:
                    06:be:f7:25:b4:d6:81:ff:45:25:f8:fa:f7:03:5c:
                    8c:4e:b1:b6:fe:01:cd:97:37:f6:d0:da:f7:f8:97:
                    89:54:bc:63:17:6d:41:34:b1:73:ea:08:06:cd:a7:
                    2b:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:7A:6C:12:B2:7B:5F:D5:B5:AA:28:95:33:A5:BF:56:DF:E9:91:C9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.0.0/24
                  82.21.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:96:ec:c6:39:09:dd:21:f6:81:ab:87:90:b4:02:0c:c4:e5:
         de:f2:8c:db:df:52:3b:cd:40:f4:d9:b7:38:37:b3:59:09:cd:
         30:ae:87:55:a6:56:ad:db:a5:c5:68:07:54:68:b4:4b:d6:11:
         54:2c:2c:b0:3c:a3:26:16:74:e6:16:42:3d:cb:d3:1c:62:6a:
         94:36:74:dc:76:10:f8:5f:c6:e2:29:f6:89:e9:58:90:66:c5:
         bc:04:78:b6:b8:d9:b3:b0:19:10:38:7e:d5:32:3f:0e:7f:8d:
         46:14:b2:54:54:60:94:3e:a9:f3:50:98:f9:c7:3d:9e:22:44:
         ae:5d:aa:03:aa:ea:2a:af:02:37:e1:21:c5:6b:60:51:f4:1f:
         2d:53:7b:e6:9d:26:50:1a:33:dd:d6:9d:91:8d:99:1a:f3:2e:
         ac:28:b0:b8:ac:6c:77:b1:4e:f2:a4:57:c7:a8:fb:27:b2:6a:
         15:8a:cc:c7:ac:16:6d:e2:b2:53:1a:b5:95:79:bf:5d:7d:fc:
         dc:8e:cd:9c:61:d3:90:e0:aa:27:ae:b9:c1:01:f1:48:3c:f4:
         6b:50:a8:34:5a:38:09:f4:aa:94:70:ad:30:98:99:5e:4e:3f:
         a7:b8:30:84:7b:2a:16:63:76:43:aa:2a:ed:64:55:c7:e5:ef:
         44:b8:94:80
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUfX4WFvmuc4Mtta5CmYcoWLDRyn0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEyMDIxODEzNDRaFw0yNjEyMDExODE4NDRaMDMxMTAvBgNV
BAMTKDU4N0E2QzEyQjI3QjVGRDVCNUFBMjg5NTMzQTVCRjU2REZFOTkxQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDybcw0IK8L5IwIKB5FJBQdv/5m
5MqOqGJdAtpsT4mZVgu+NZXLN05UDdqnu0zhWRkZcMN895bxOmsyAbHZbh7+/i3A
TvMBYxa7itpfvvnXch5DBly18nLt32Ec50uQSv+K2poHLGQbHF3oa2/RyHXibz2Z
q3oD520i6ywIzTD7FRUyD/5X1aWTk0KgexgE8BbJSApH3ZERr45XpH8Bt+B8OmTP
7KuKJO5JzXzrIjvrk23tWLt6rlmVd/PKGIAq898Oq8Ku6cYNHNPy0kf457So9ga+
9yW01oH/RSX4+vcDXIxOsbb+Ac2XN/bQ2vf4l4lUvGMXbUE0sXPqCAbNpytVAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUWHpsErJ7X9W1qiiVM6W/Vt/pkckwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0OTM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUhUA
AwQAUhUDMA0GCSqGSIb3DQEBCwUAA4IBAQBUluzGOQndIfaBq4eQtAIMxOXe8ozb
31I7zUD02bc4N7NZCc0wrodVplat26XFaAdUaLRL1hFULCywPKMmFnTmFkI9y9Mc
YmqUNnTcdhD4X8biKfaJ6ViQZsW8BHi2uNmzsBkQOH7VMj8Of41GFLJUVGCUPqnz
UJj5xz2eIkSuXaoDquoqrwI34SHFa2BR9B8tU3vmnSZQGjPd1p2RjZka8y6sKLC4
rGx3sU7ypFfHqPsnsmoViszHrBZt4rJTGrWVeb9dffzcjs2cYdOQ4KonrrnBAfFI
PPRrUKg0WjgJ9KqUcK0wmJleTj+nuDCEeyoWY3ZDqirtZFXH5e9EuJSA
-----END CERTIFICATE-----