This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
File:                     AS21840.roa (raw, json)
Hash identifier:          KTjTQWRADRL2khhdnwU1uAh2UnNSVxXn2HvzlC8ZeSk=
Subject key identifier:   12:50:FF:93:95:02:73:2F:BB:4C:D8:EF:7A:75:29:0F:89:28:0D:E6
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       525C58682083CDAF0AB3FF9E7775E42EC3897D26
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa
Signing time:             Thu 11 Dec 2025 00:03:58 +0000
ROA not before:           Wed 10 Dec 2025 23:58:58 +0000
ROA not after:            Thu 10 Dec 2026 00:03:58 +0000
asID:                     21840
IP address blocks:        82.22.11.0/24 maxlen: 24
                          82.26.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Dec 2025 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:5c:58:68:20:83:cd:af:0a:b3:ff:9e:77:75:e4:2e:c3:89:7d:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Dec 10 23:58:58 2025 GMT
            Not After : Dec 10 00:03:58 2026 GMT
        Subject: CN=1250FF939502732FBB4CD8EF7A75290F89280DE6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:d1:f6:b6:22:99:af:7e:3d:36:1f:6c:0a:a8:
                    f4:28:10:3b:1a:5a:17:99:3d:41:15:74:4e:af:a9:
                    1c:96:e6:74:cc:a3:d6:f9:30:28:2f:72:77:5f:74:
                    dd:62:7d:53:ca:d7:86:2b:8d:d0:ab:78:f8:50:7d:
                    56:1d:67:a2:cc:21:ec:61:ad:df:22:55:e1:bf:7d:
                    88:a9:61:84:8b:7e:a3:23:8e:93:2d:02:be:14:e8:
                    bc:07:9a:5b:50:e7:00:bf:9c:5a:73:c1:a7:77:31:
                    c7:46:78:81:d0:23:b1:62:05:31:58:85:42:6e:3c:
                    d1:a0:c1:73:f0:5c:b6:54:e6:f1:83:68:af:39:e4:
                    66:4a:6a:7a:31:36:b1:fa:c9:1c:47:fd:ab:ae:a7:
                    71:da:45:3c:36:e6:89:af:62:52:63:55:0f:b2:f4:
                    cb:94:1f:b8:3d:ed:e5:0a:de:81:13:d4:4e:61:91:
                    2e:27:07:7f:23:11:a1:ab:b3:3d:1b:5f:a0:34:47:
                    fb:75:af:58:88:fa:be:be:5c:cf:c5:ca:52:f9:dc:
                    40:6a:d1:d9:c1:b6:21:a6:4b:4a:bd:0d:74:78:cc:
                    67:2b:ed:a7:f3:37:e3:16:23:1b:f3:e7:2a:e0:b5:
                    41:a9:6d:c4:a0:bb:e7:0b:5a:8c:8a:5e:8b:7a:08:
                    ea:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:50:FF:93:95:02:73:2F:BB:4C:D8:EF:7A:75:29:0F:89:28:0D:E6
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS21840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.11.0/24
                  82.26.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:04:bd:f2:0c:67:51:30:5e:a6:62:1c:1f:40:aa:97:63:80:
         d3:d3:23:0b:c3:e0:1d:2f:f4:f2:9c:4d:f2:bb:af:78:42:dd:
         ab:bb:e3:da:1d:28:15:0f:56:51:75:46:71:73:d8:11:6a:24:
         ce:d7:a5:73:69:45:84:18:2c:e7:32:99:34:22:05:c4:a5:51:
         f5:35:45:ff:d4:08:ab:93:63:1d:8f:93:9c:68:20:c1:80:5c:
         de:95:3c:c6:5d:ba:8d:7e:43:13:53:90:76:f2:bf:9d:8a:aa:
         62:ed:97:3f:60:fe:91:32:39:23:b7:0a:fa:25:c1:df:0b:0e:
         7f:4c:c1:1c:cf:68:95:b7:60:a1:6a:cd:f9:a1:d3:2b:d4:46:
         c8:80:f6:bc:6a:e0:33:e8:96:71:be:c5:50:87:71:d3:bf:4f:
         75:a7:1c:51:30:d9:78:da:4e:a0:fc:30:6c:15:a8:45:e4:2a:
         8c:36:c9:7f:64:44:66:0f:0a:84:3e:af:0f:1a:70:a9:96:f8:
         5a:0c:5e:01:61:68:94:0e:cc:22:26:bf:f9:5a:8b:16:3b:2a:
         31:98:60:e8:82:37:74:3e:c1:d9:d6:40:e6:1a:e5:51:1c:90:
         c3:9f:ce:72:a0:93:ac:5f:da:f6:63:23:b4:15:18:1e:85:4f:
         c6:b8:7b:80
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUUlxYaCCDza8Ks/+ed3XkLsOJfSYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEyMTAyMzU4NThaFw0yNjEyMTAwMDAzNThaMDMxMTAvBgNV
BAMTKDEyNTBGRjkzOTUwMjczMkZCQjRDRDhFRjdBNzUyOTBGODkyODBERTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA0fa2Ipmvfj02H2wKqPQoEDsa
WheZPUEVdE6vqRyW5nTMo9b5MCgvcndfdN1ifVPK14YrjdCrePhQfVYdZ6LMIexh
rd8iVeG/fYipYYSLfqMjjpMtAr4U6LwHmltQ5wC/nFpzwad3McdGeIHQI7FiBTFY
hUJuPNGgwXPwXLZU5vGDaK855GZKanoxNrH6yRxH/auup3HaRTw25omvYlJjVQ+y
9MuUH7g97eUK3oET1E5hkS4nB38jEaGrsz0bX6A0R/t1r1iI+r6+XM/FylL53EBq
0dnBtiGmS0q9DXR4zGcr7afzN+MWIxvz5yrgtUGpbcSgu+cLWoyKXot6COo9AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUElD/k5UCcy+7TNjvenUpD4koDeYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE4NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABSFgsD
BABSGqAwDQYJKoZIhvcNAQELBQADggEBAI8EvfIMZ1EwXqZiHB9AqpdjgNPTIwvD
4B0v9PKcTfK7r3hC3au749odKBUPVlF1RnFz2BFqJM7XpXNpRYQYLOcymTQiBcSl
UfU1Rf/UCKuTYx2Pk5xoIMGAXN6VPMZduo1+QxNTkHbyv52KqmLtlz9g/pEyOSO3
Cvolwd8LDn9MwRzPaJW3YKFqzfmh0yvURsiA9rxq4DPolnG+xVCHcdO/T3WnHFEw
2XjaTqD8MGwVqEXkKow2yX9kRGYPCoQ+rw8acKmW+FoMXgFhaJQOzCImv/laixY7
KjGYYOiCN3Q+wdnWQOYa5VEckMOfznKgk6xf2vZjI7QVGB6FT8a4e4A=
-----END CERTIFICATE-----