This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213407.roa
File:                     AS213407.roa (raw, json)
Hash identifier:          +Ga4w/cskwrc1LZZS5RJ5KXMexFr2zMnAcR9uuWH9hc=
Subject key identifier:   B9:08:76:AD:CD:22:9D:79:12:93:0F:C8:90:E7:C1:99:8A:24:98:B1
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5B5D007B939149A21EA13EE42B6283C190021195
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213407.roa
Signing time:             Mon 19 Jan 2026 21:08:20 +0000
ROA not before:           Mon 19 Jan 2026 21:03:20 +0000
ROA not after:            Mon 18 Jan 2027 21:08:20 +0000
asID:                     213407
IP address blocks:        2a0f:85c1:ba0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:5d:00:7b:93:91:49:a2:1e:a1:3e:e4:2b:62:83:c1:90:02:11:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 19 21:03:20 2026 GMT
            Not After : Jan 18 21:08:20 2027 GMT
        Subject: CN=B90876ADCD229D7912930FC890E7C1998A2498B1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:22:9e:ad:ce:d4:84:5e:9a:2f:19:59:62:2c:
                    ef:6c:33:d0:30:32:28:29:9b:5d:be:72:6b:ee:90:
                    51:0e:69:e3:37:5a:89:81:5f:b6:fe:4c:ac:93:09:
                    21:48:d8:61:99:76:19:b9:41:23:b1:12:a0:dd:d8:
                    a9:dc:4c:bb:90:7c:2e:07:dc:75:6d:0c:f8:86:e8:
                    ad:6c:a0:b1:52:9b:06:44:0d:b6:86:8c:d5:bc:c9:
                    09:cc:a0:e1:8a:10:10:e9:74:37:ad:b0:1e:44:60:
                    fe:57:c4:28:af:0d:92:b3:6d:39:16:5a:80:e0:a3:
                    64:48:d4:c5:4c:8e:36:c2:56:65:7b:41:98:f0:17:
                    0b:ce:1e:8c:af:f4:97:9e:de:e1:fa:7f:cb:85:04:
                    0d:10:bc:f0:34:62:a4:36:01:91:7d:1b:c6:86:e3:
                    73:f9:32:9d:3f:69:ca:2f:bf:13:8f:03:d4:38:72:
                    c9:12:af:26:21:e4:a3:1d:30:26:22:fd:1b:95:33:
                    ee:63:42:61:44:65:ac:f5:9b:d8:31:ab:27:21:b6:
                    47:85:0d:ff:f1:1a:cc:6e:50:6d:89:aa:8d:cd:a7:
                    15:7d:28:47:d0:dd:b5:a2:04:68:6f:c8:11:20:c3:
                    ad:c2:66:08:83:4c:e4:75:00:54:90:fa:9d:ab:66:
                    c3:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:08:76:AD:CD:22:9D:79:12:93:0F:C8:90:E7:C1:99:8A:24:98:B1
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213407.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:ba0::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:03:d8:9a:4f:dc:fb:df:09:2e:f9:7f:92:56:5b:e8:62:39:
         53:86:11:d5:2b:95:5e:15:d9:e9:bd:60:9b:13:9f:19:27:b4:
         88:7e:75:21:cf:27:4d:bb:44:35:f2:2f:de:08:c0:db:2c:40:
         88:80:eb:57:f4:40:40:e4:38:43:4b:1b:9f:b0:fa:9a:b5:e2:
         10:92:f7:78:31:0a:0d:06:84:8e:fa:55:e6:4c:60:7b:1e:19:
         11:6e:a8:2e:ba:98:74:f5:38:af:70:3a:13:f0:e7:6c:f7:59:
         e4:35:20:19:58:f3:83:ac:70:08:c6:5d:61:e8:38:41:ef:8f:
         bc:bc:2d:a2:e5:35:88:c9:48:d7:ac:9e:3b:37:28:ab:fd:e9:
         f2:46:ba:3b:80:50:8b:16:13:49:82:a9:b8:a2:ba:03:b4:ae:
         88:79:91:66:b9:d0:4a:c6:f5:02:22:ef:ea:af:2c:45:6f:52:
         75:e0:c7:cb:94:73:7b:a2:01:6d:e9:6f:20:0b:90:58:15:46:
         c0:3c:c4:23:3f:77:35:11:b7:fc:6d:f0:d2:1f:85:a9:19:f9:
         07:47:9d:ea:9d:66:dc:61:95:20:0b:2e:71:a3:e5:dc:1d:ab:
         fa:2d:25:65:27:74:9b:66:65:07:49:de:3d:31:7d:2b:f5:05:
         94:a1:fc:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUW10Ae5ORSaIeoT7kK2KDwZACEZUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAxMTkyMTAzMjBaFw0yNzAxMTgyMTA4MjBaMDMxMTAvBgNV
BAMTKEI5MDg3NkFEQ0QyMjlENzkxMjkzMEZDODkwRTdDMTk5OEEyNDk4QjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyIp6tztSEXpovGVliLO9sM9Aw
Migpm12+cmvukFEOaeM3WomBX7b+TKyTCSFI2GGZdhm5QSOxEqDd2KncTLuQfC4H
3HVtDPiG6K1soLFSmwZEDbaGjNW8yQnMoOGKEBDpdDetsB5EYP5XxCivDZKzbTkW
WoDgo2RI1MVMjjbCVmV7QZjwFwvOHoyv9Jee3uH6f8uFBA0QvPA0YqQ2AZF9G8aG
43P5Mp0/acovvxOPA9Q4cskSryYh5KMdMCYi/RuVM+5jQmFEZaz1m9gxqychtkeF
Df/xGsxuUG2Jqo3NpxV9KEfQ3bWiBGhvyBEgw63CZgiDTOR1AFSQ+p2rZsOvAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUuQh2rc0inXkSkw/IkOfBmYokmLEwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQugMA0GCSqGSIb3DQEBCwUAA4IBAQB9A9iaT9z73wku+X+SVlvoYjlThhHVK5Ve
FdnpvWCbE58ZJ7SIfnUhzydNu0Q18i/eCMDbLECIgOtX9EBA5DhDSxufsPqateIQ
kvd4MQoNBoSO+lXmTGB7HhkRbqguuph09TivcDoT8Ods91nkNSAZWPODrHAIxl1h
6DhB74+8vC2i5TWIyUjXrJ47Nyir/enyRro7gFCLFhNJgqm4oroDtK6IeZFmudBK
xvUCIu/qryxFb1J14MfLlHN7ogFt6W8gC5BYFUbAPMQjP3c1Ebf8bfDSH4WpGfkH
R53qnWbcYZUgCy5xo+XcHav6LSVlJ3SbZmUHSd49MX0r9QWUofxs
-----END CERTIFICATE-----