This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213422.roa
File:                     AS213422.roa (raw, json)
Hash identifier:          MCqvlQsr2ce0PW0vRPFOo3vLTYgADC45SUH6PUqJ/8Q=
Subject key identifier:   48:D1:25:14:6F:C4:53:32:44:68:AF:5B:4A:E2:48:FD:30:5D:C5:45
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1F8CF3410F4D7F2E8A1B5E9A6C2D5A46DE7E5F07
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213422.roa
Signing time:             Sat 17 Jan 2026 16:08:18 +0000
ROA not before:           Sat 17 Jan 2026 16:03:18 +0000
ROA not after:            Sat 16 Jan 2027 16:08:18 +0000
asID:                     213422
IP address blocks:        2a0f:85c1:b7a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:8c:f3:41:0f:4d:7f:2e:8a:1b:5e:9a:6c:2d:5a:46:de:7e:5f:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 17 16:03:18 2026 GMT
            Not After : Jan 16 16:08:18 2027 GMT
        Subject: CN=48D125146FC453324468AF5B4AE248FD305DC545
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b5:3d:4f:08:12:7a:9b:a2:bc:0a:e2:10:2a:
                    77:59:e9:3a:9d:ea:ab:66:fe:24:57:68:f0:65:47:
                    6d:88:92:ca:05:03:d5:cd:79:e7:f8:dc:31:51:7e:
                    c2:d9:3f:99:ea:77:93:be:95:7d:81:24:50:b0:ec:
                    6d:15:1c:b6:5d:de:51:22:ab:31:b0:24:28:56:9e:
                    fc:79:25:97:1a:93:00:73:65:08:ff:c7:4b:ac:9a:
                    2f:dd:84:e0:5f:f5:38:bb:f9:1a:35:08:b5:2d:45:
                    1e:7d:88:76:80:60:9d:02:cb:ce:0a:85:3b:d1:d4:
                    3d:cb:9f:82:9c:00:d3:d5:e8:f4:85:d5:bd:fe:ae:
                    3c:e5:2a:f5:0e:e6:0b:1d:9f:70:fe:a7:7c:25:89:
                    58:11:7c:b2:a7:2f:cd:dc:2a:ca:12:8b:c0:c9:df:
                    9c:6d:b9:76:57:1a:45:9c:27:a0:4f:23:4c:77:ff:
                    4e:ab:1a:07:95:d9:5a:e7:eb:ed:d9:28:ac:48:7e:
                    ca:6f:6b:72:be:d2:f2:d3:c8:ef:d1:db:00:78:e6:
                    bf:e1:29:04:6e:8a:9c:28:b4:4f:17:f8:4e:bf:6e:
                    ce:32:ef:af:8f:93:0f:15:3c:8b:6f:b4:07:32:48:
                    32:8b:ff:e6:bf:3d:a2:a4:ff:98:b9:52:07:7c:93:
                    15:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:D1:25:14:6F:C4:53:32:44:68:AF:5B:4A:E2:48:FD:30:5D:C5:45
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213422.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b7a::/48

    Signature Algorithm: sha256WithRSAEncryption
         bf:43:70:5b:9e:b1:75:4e:3f:8f:70:ff:15:f0:73:29:1f:ab:
         b9:52:2f:a5:7e:ea:ee:90:02:27:ea:d7:8f:dd:3c:e9:e4:21:
         50:98:c8:af:1f:74:66:c2:27:0e:e1:ad:f0:8c:58:22:7a:12:
         bf:77:8b:ba:74:79:59:9e:37:10:10:f7:c0:15:01:2a:a1:db:
         93:e3:d7:b6:ef:00:1b:9b:a1:b9:bf:73:03:dd:f2:7d:47:6c:
         3a:35:93:85:51:61:6b:69:e4:b4:51:02:d1:7e:dc:6b:22:27:
         7d:67:30:3c:36:9c:d6:a2:c6:53:c8:4c:33:28:2b:f1:03:a3:
         56:70:86:c9:59:b0:e3:71:41:a9:cb:9a:f3:93:81:1a:df:68:
         1f:e1:16:d5:f0:d7:09:d7:82:09:d6:9f:fd:56:3c:f4:73:bf:
         6f:2c:53:54:c6:a6:18:c4:1a:56:80:be:df:f7:f9:2a:f2:5b:
         d4:d1:09:d1:e4:a1:c6:a7:49:82:87:db:8f:8b:e0:11:6a:56:
         da:ea:6a:5b:c2:92:05:b9:64:34:83:77:b8:86:bd:63:15:af:
         19:b9:4f:cd:09:da:98:ee:a9:d5:90:7d:c9:ef:3d:dd:f1:b9:
         c4:56:f0:71:f5:58:22:bf:28:8e:15:a7:e9:b2:dc:d9:d9:0d:
         05:ad:7f:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUH4zzQQ9Nfy6KG16abC1aRt5+XwcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAxMTcxNjAzMThaFw0yNzAxMTYxNjA4MThaMDMxMTAvBgNV
BAMTKDQ4RDEyNTE0NkZDNDUzMzI0NDY4QUY1QjRBRTI0OEZEMzA1REM1NDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVtT1PCBJ6m6K8CuIQKndZ6Tqd
6qtm/iRXaPBlR22IksoFA9XNeef43DFRfsLZP5nqd5O+lX2BJFCw7G0VHLZd3lEi
qzGwJChWnvx5JZcakwBzZQj/x0usmi/dhOBf9Ti7+Ro1CLUtRR59iHaAYJ0Cy84K
hTvR1D3Ln4KcANPV6PSF1b3+rjzlKvUO5gsdn3D+p3wliVgRfLKnL83cKsoSi8DJ
35xtuXZXGkWcJ6BPI0x3/06rGgeV2Vrn6+3ZKKxIfspva3K+0vLTyO/R2wB45r/h
KQRuipwotE8X+E6/bs4y76+Pkw8VPItvtAcySDKL/+a/PaKk/5i5Ugd8kxURAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUSNElFG/EUzJEaK9bSuJI/TBdxUUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQt6MA0GCSqGSIb3DQEBCwUAA4IBAQC/Q3BbnrF1Tj+PcP8V8HMpH6u5Ui+lfuru
kAIn6teP3Tzp5CFQmMivH3RmwicO4a3wjFgiehK/d4u6dHlZnjcQEPfAFQEqoduT
49e27wAbm6G5v3MD3fJ9R2w6NZOFUWFraeS0UQLRftxrIid9ZzA8NpzWosZTyEwz
KCvxA6NWcIbJWbDjcUGpy5rzk4Ea32gf4RbV8NcJ14IJ1p/9Vjz0c79vLFNUxqYY
xBpWgL7f9/kq8lvU0QnR5KHGp0mCh9uPi+ARalba6mpbwpIFuWQ0g3e4hr1jFa8Z
uU/NCdqY7qnVkH3J7z3d8bnEVvBx9VgivyiOFafpstzZ2Q0FrX/C
-----END CERTIFICATE-----