This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213427.roa
File:                     AS213427.roa (raw, json)
Hash identifier:          6ZHN2Y5aJwMEnB4hkYGUyLaU5Rt4OKwoUnZX+lH+Lrg=
Subject key identifier:   DF:B9:08:9F:70:86:57:AF:C2:EA:47:0D:F2:15:56:6E:19:16:F7:CE
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       53BB78B1C90DE07125F1E1223455BEFED8A58DCC
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213427.roa
Signing time:             Mon 19 Jan 2026 21:08:20 +0000
ROA not before:           Mon 19 Jan 2026 21:03:20 +0000
ROA not after:            Mon 18 Jan 2027 21:08:20 +0000
asID:                     213427
IP address blocks:        2a0f:85c1:b74::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:bb:78:b1:c9:0d:e0:71:25:f1:e1:22:34:55:be:fe:d8:a5:8d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 19 21:03:20 2026 GMT
            Not After : Jan 18 21:08:20 2027 GMT
        Subject: CN=DFB9089F708657AFC2EA470DF215566E1916F7CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:cf:5a:1d:c4:46:ac:06:21:59:98:d8:fa:e4:
                    de:aa:71:46:7a:08:f8:93:2f:6c:01:1f:ba:f3:fb:
                    7c:b2:9b:be:6f:dd:72:8f:10:43:91:b3:c0:d2:29:
                    51:d6:f5:d1:7a:09:4e:f3:b2:22:63:27:a4:fb:97:
                    e8:54:c3:10:dd:12:89:31:69:49:b5:36:c6:31:d6:
                    0a:24:ff:81:c0:d5:0f:5d:e9:96:e6:7d:f9:ca:a0:
                    0d:78:22:6c:72:75:0e:24:46:b2:b3:8d:4c:4c:24:
                    02:88:3e:7e:31:ba:32:9d:8f:c1:8e:27:a0:69:b0:
                    19:59:c7:b8:b2:e4:f2:6d:b0:fb:e3:a5:09:70:41:
                    e7:75:05:15:be:25:32:5c:12:4f:c6:1c:94:31:50:
                    fc:f2:c5:dd:b3:85:e5:2e:f2:0c:bb:4d:2c:e1:75:
                    8d:6a:c9:4d:2a:96:29:1d:fb:c1:d9:a9:39:e1:84:
                    78:20:04:09:f8:9b:9f:69:32:59:1a:0a:45:4c:4d:
                    00:4c:23:03:1e:fa:46:72:72:f2:e7:c6:1b:c0:cd:
                    1c:69:cc:9f:63:f0:32:69:6a:b0:21:1f:d9:89:e9:
                    57:6d:ec:1f:7b:3d:19:44:6d:64:0f:68:0d:7f:0b:
                    76:a8:11:ec:25:0c:b2:44:ae:30:1d:df:a8:03:0b:
                    75:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:B9:08:9F:70:86:57:AF:C2:EA:47:0D:F2:15:56:6E:19:16:F7:CE
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b74::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:17:f0:37:b2:02:1c:76:0d:24:61:df:b1:e1:10:c5:be:f2:
         15:0b:93:49:5e:30:3f:36:11:6e:d4:6a:9c:03:a9:11:66:3e:
         81:ce:28:4a:85:c0:ad:40:ae:3d:c4:38:a6:38:9e:4f:0e:8e:
         e6:68:7e:1f:7c:ad:48:80:73:a8:b5:cd:b2:70:0a:d9:44:05:
         a4:a6:53:79:0c:64:2d:87:5a:ac:36:f3:bb:61:03:c9:08:3c:
         af:11:a3:78:c6:d3:16:bd:48:f3:47:72:6a:87:23:d3:fb:d0:
         3c:51:97:48:23:19:0e:9a:c1:5e:20:bc:d0:a1:8d:be:01:df:
         d7:55:bd:4e:82:c6:76:67:cd:90:8a:f6:2f:99:8f:0f:c1:f8:
         34:e4:99:53:18:61:30:75:e9:09:57:60:6e:ca:6f:cc:0a:dc:
         75:57:3a:d7:91:56:09:b9:77:81:9f:a7:93:a7:c1:69:5d:c0:
         cf:df:4e:6a:0f:12:7b:f6:fa:e5:98:d8:22:b3:04:02:5a:c8:
         99:31:cf:50:12:fd:86:bc:ca:ad:8f:98:ca:61:68:9c:29:cb:
         ec:c9:d1:1d:cc:ac:3a:13:ef:b1:5e:6e:ce:08:0c:9b:1b:98:
         8e:4e:42:8c:d4:78:c5:2c:61:25:a7:24:69:c3:1c:ca:04:67:
         e2:42:36:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUU7t4sckN4HEl8eEiNFW+/tiljcwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAxMTkyMTAzMjBaFw0yNzAxMTgyMTA4MjBaMDMxMTAvBgNV
BAMTKERGQjkwODlGNzA4NjU3QUZDMkVBNDcwREYyMTU1NjZFMTkxNkY3Q0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/z1odxEasBiFZmNj65N6qcUZ6
CPiTL2wBH7rz+3yym75v3XKPEEORs8DSKVHW9dF6CU7zsiJjJ6T7l+hUwxDdEokx
aUm1NsYx1gok/4HA1Q9d6ZbmffnKoA14ImxydQ4kRrKzjUxMJAKIPn4xujKdj8GO
J6BpsBlZx7iy5PJtsPvjpQlwQed1BRW+JTJcEk/GHJQxUPzyxd2zheUu8gy7TSzh
dY1qyU0qlikd+8HZqTnhhHggBAn4m59pMlkaCkVMTQBMIwMe+kZycvLnxhvAzRxp
zJ9j8DJparAhH9mJ6Vdt7B97PRlEbWQPaA1/C3aoEewlDLJErjAd36gDC3W7AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU37kIn3CGV6/C6kcN8hVWbhkW984wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDI3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQt0MA0GCSqGSIb3DQEBCwUAA4IBAQAtF/A3sgIcdg0kYd+x4RDFvvIVC5NJXjA/
NhFu1GqcA6kRZj6BzihKhcCtQK49xDimOJ5PDo7maH4ffK1IgHOotc2ycArZRAWk
plN5DGQth1qsNvO7YQPJCDyvEaN4xtMWvUjzR3JqhyPT+9A8UZdIIxkOmsFeILzQ
oY2+Ad/XVb1OgsZ2Z82QivYvmY8Pwfg05JlTGGEwdekJV2Buym/MCtx1VzrXkVYJ
uXeBn6eTp8FpXcDP305qDxJ79vrlmNgiswQCWsiZMc9QEv2GvMqtj5jKYWicKcvs
ydEdzKw6E++xXm7OCAybG5iOTkKM1HjFLGElpyRpwxzKBGfiQjYQ
-----END CERTIFICATE-----