This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216155.roa
File:                     AS216155.roa (raw, json)
Hash identifier:          NB7dD0rx6orglUEAGNDDQwlbV0GZiYwioNcvGnbPXjY=
Subject key identifier:   5D:59:02:22:1D:92:C4:2F:11:D9:54:74:C4:38:AD:36:33:5E:CD:D9
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       08AACC3DA2D7587433B9E330075FFE594E3F544F
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216155.roa
Signing time:             Sat 20 Dec 2025 23:08:15 +0000
ROA not before:           Sat 20 Dec 2025 23:03:15 +0000
ROA not after:            Sat 19 Dec 2026 23:08:15 +0000
asID:                     216155
IP address blocks:        2a0f:85c1:b60::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 23:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:aa:cc:3d:a2:d7:58:74:33:b9:e3:30:07:5f:fe:59:4e:3f:54:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Dec 20 23:03:15 2025 GMT
            Not After : Dec 19 23:08:15 2026 GMT
        Subject: CN=5D5902221D92C42F11D95474C438AD36335ECDD9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ea:7a:91:b9:af:52:ed:b6:cf:ca:3e:42:48:
                    b6:ff:75:e3:df:18:14:ec:e1:dc:42:32:49:9f:de:
                    e5:a7:f7:4a:56:a7:ae:d7:02:3b:24:97:2c:88:df:
                    e5:93:16:0f:6b:a7:4d:4d:b9:e0:7d:3c:2c:c5:18:
                    61:d4:39:6f:02:de:b4:2d:c7:ba:6a:5f:41:91:b7:
                    6b:fb:8d:72:84:d4:2e:36:53:66:7a:76:71:90:2a:
                    b3:8a:81:0d:8b:1b:6d:3a:ad:89:c8:e3:94:fc:c7:
                    4f:03:bf:1b:4d:84:8a:29:d8:db:0c:39:cb:9a:b1:
                    f8:a4:9d:b8:53:40:25:52:1c:96:96:da:8d:6d:f0:
                    d8:1d:77:41:9b:34:96:e7:be:f2:f8:6e:c0:22:89:
                    7e:a7:79:ee:3a:f8:7c:d9:22:69:57:ef:19:17:91:
                    83:e7:84:6a:18:ae:a4:08:40:14:96:a1:a0:94:d9:
                    ef:db:92:fb:45:20:31:b5:62:7d:95:25:1c:aa:de:
                    40:62:63:d3:30:67:53:77:a7:4f:13:df:a5:1f:a4:
                    3b:aa:bc:ab:e2:0d:29:01:1c:88:1c:0b:d3:df:ef:
                    68:bc:12:0e:e4:5e:70:4b:8d:ff:02:e8:c1:f1:29:
                    cb:19:5b:7d:2e:6c:bc:70:1c:74:b7:5d:07:95:4b:
                    ec:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:59:02:22:1D:92:C4:2F:11:D9:54:74:C4:38:AD:36:33:5E:CD:D9
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS216155.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b60::/44

    Signature Algorithm: sha256WithRSAEncryption
         4d:d0:b5:21:1f:65:0c:78:39:98:80:ce:91:8d:08:44:0d:2d:
         6c:99:cc:2b:8e:cd:a3:c0:0e:15:15:5f:02:eb:7d:04:16:d2:
         87:52:e8:67:4e:98:99:e7:63:5b:c6:95:d4:6a:d4:9c:fc:99:
         0a:be:6d:99:1e:bf:f4:08:02:12:f3:40:46:23:3a:e1:47:c1:
         56:92:81:75:91:e3:19:d3:52:cc:21:c9:71:8f:be:8e:a0:60:
         79:b2:54:5f:71:5e:7d:99:06:00:55:1a:c3:35:e8:e4:38:56:
         96:fb:03:32:8d:0a:e4:9e:82:9f:5e:d7:44:61:f3:10:80:bd:
         3d:a8:c4:d9:78:50:6b:12:a2:56:4c:33:f5:ec:b9:74:57:d7:
         be:9b:1b:0d:3d:41:d3:55:c2:24:7a:b9:b3:5e:0b:f1:7f:be:
         6d:c4:12:ea:2f:4d:bc:b3:8f:a9:e0:91:e9:d8:5a:ee:5c:d5:
         d2:28:31:6d:0d:4f:48:59:59:28:46:6e:06:f3:1c:7a:9e:54:
         35:43:2e:4e:9c:ee:f4:32:1a:53:6f:6d:69:05:99:6e:40:fb:
         d0:2f:e4:03:75:d1:71:2e:6b:8b:f7:04:a9:81:5d:17:5f:61:
         76:97:4b:c8:13:98:a6:8b:04:d0:6a:7a:62:2f:07:7a:5e:81:
         1a:a4:1d:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUCKrMPaLXWHQzueMwB1/+WU4/VE8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEyMjAyMzAzMTVaFw0yNjEyMTkyMzA4MTVaMDMxMTAvBgNV
BAMTKDVENTkwMjIyMUQ5MkM0MkYxMUQ5NTQ3NEM0MzhBRDM2MzM1RUNERDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC86nqRua9S7bbPyj5CSLb/dePf
GBTs4dxCMkmf3uWn90pWp67XAjsklyyI3+WTFg9rp01NueB9PCzFGGHUOW8C3rQt
x7pqX0GRt2v7jXKE1C42U2Z6dnGQKrOKgQ2LG206rYnI45T8x08DvxtNhIop2NsM
OcuasfiknbhTQCVSHJaW2o1t8Ngdd0GbNJbnvvL4bsAiiX6nee46+HzZImlX7xkX
kYPnhGoYrqQIQBSWoaCU2e/bkvtFIDG1Yn2VJRyq3kBiY9MwZ1N3p08T36UfpDuq
vKviDSkBHIgcC9Pf72i8Eg7kXnBLjf8C6MHxKcsZW30ubLxwHHS3XQeVS+ytAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUXVkCIh2SxC8R2VR0xDitNjNezdkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjE2MTU1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQtgMA0GCSqGSIb3DQEBCwUAA4IBAQBN0LUhH2UMeDmYgM6RjQhEDS1smcwrjs2j
wA4VFV8C630EFtKHUuhnTpiZ52NbxpXUatSc/JkKvm2ZHr/0CAIS80BGIzrhR8FW
koF1keMZ01LMIclxj76OoGB5slRfcV59mQYAVRrDNejkOFaW+wMyjQrknoKfXtdE
YfMQgL09qMTZeFBrEqJWTDP17Ll0V9e+mxsNPUHTVcIkermzXgvxf75txBLqL028
s4+p4JHp2FruXNXSKDFtDU9IWVkoRm4G8xx6nlQ1Qy5OnO70MhpTb21pBZluQPvQ
L+QDddFxLmuL9wSpgV0XX2F2l0vIE5imiwTQanpiLwd6XoEapB2g
-----END CERTIFICATE-----