This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS17497.roa
File:                     AS17497.roa (raw, json)
Hash identifier:          k/f61K6UFXa+omzJp7gvr0rqzOJmJQa9lf3vc17/UgM=
Subject key identifier:   A2:88:B7:9C:CA:8F:BB:CA:AD:F1:58:71:75:9F:43:3D:6F:5C:F4:8B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       52146B7E33F2F63ACB59B28FE6E274C6C93EAB33
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS17497.roa
Signing time:             Thu 15 Jan 2026 09:00:37 +0000
ROA not before:           Thu 15 Jan 2026 08:55:37 +0000
ROA not after:            Thu 14 Jan 2027 09:00:37 +0000
asID:                     17497
IP address blocks:        148.135.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Jan 2026 20:24:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:14:6b:7e:33:f2:f6:3a:cb:59:b2:8f:e6:e2:74:c6:c9:3e:ab:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jan 15 08:55:37 2026 GMT
            Not After : Jan 14 09:00:37 2027 GMT
        Subject: CN=A288B79CCA8FBBCAADF15871759F433D6F5CF48B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b9:0d:31:da:75:e0:f0:f9:c4:6c:b3:55:04:
                    2a:47:de:c1:2c:26:5c:a3:26:ee:c7:6e:1d:5d:e9:
                    ba:68:8a:25:57:d0:62:16:2e:b7:26:41:91:5d:b9:
                    9a:6f:d0:48:f7:72:2f:cf:e8:75:74:c2:da:e7:f5:
                    23:00:98:57:d4:c1:7d:8d:72:04:b0:6a:c5:1e:00:
                    64:df:7d:76:32:f6:66:59:e3:f1:04:5d:b9:b2:f8:
                    51:1f:12:d0:81:e4:5c:9f:02:9e:06:da:de:ea:da:
                    68:a8:6b:f0:45:09:7a:d6:80:17:d8:a3:35:e4:09:
                    d6:d6:2d:2d:38:5d:c0:ff:55:f6:48:e8:12:c1:2f:
                    4c:41:3b:b1:cd:bd:75:98:04:a5:d4:df:fa:ef:69:
                    0c:d0:26:1a:29:5f:6b:be:45:c1:d4:c4:4a:98:b0:
                    71:20:43:00:8e:7e:c6:37:22:7b:91:b0:e3:e0:0b:
                    5b:ec:66:26:09:8a:fd:b9:0d:82:72:d7:7d:97:04:
                    1a:47:43:d5:d9:0e:7d:26:94:ca:c0:f9:28:93:dc:
                    d8:43:e9:48:11:64:fa:51:cd:e5:4a:16:22:75:2b:
                    f0:7a:e8:94:62:35:36:b9:83:c4:98:29:cf:41:05:
                    d8:04:84:53:f6:60:a4:ca:72:ce:3d:9f:e9:d9:9f:
                    10:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:88:B7:9C:CA:8F:BB:CA:AD:F1:58:71:75:9F:43:3D:6F:5C:F4:8B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS17497.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:a4:cd:8d:64:0f:1a:aa:b1:5d:6b:59:a1:9b:89:5f:10:32:
         33:95:b5:92:bc:0d:5e:f6:f4:fb:44:83:6f:ec:8b:f4:5c:62:
         32:a3:4d:8e:28:7d:b3:02:af:85:ab:ec:57:f1:85:73:3e:ea:
         3a:24:55:c1:ad:50:35:cd:bb:ea:b1:1c:ad:95:56:c2:62:5a:
         33:5f:f2:e3:d6:8a:ca:ca:75:c7:86:df:0c:ad:50:eb:76:70:
         8b:0d:18:0f:b2:f3:8c:10:62:67:10:60:d6:77:03:c7:4c:6f:
         0c:be:3b:50:f7:67:d4:23:23:a1:ca:c1:4f:84:86:29:76:11:
         8d:c7:90:cd:1f:7d:b2:10:6b:19:23:fe:a0:7b:7f:22:df:be:
         a8:09:fa:20:79:aa:e2:60:9c:2b:e6:26:dd:ea:a8:59:6b:30:
         10:c6:f1:e0:38:ad:66:c5:22:36:5d:26:44:e9:8d:9a:3b:74:
         a0:d3:02:04:09:6d:15:f2:ea:47:52:d4:ce:47:37:50:61:ab:
         e1:59:c6:77:14:2c:8c:06:94:b8:6b:ff:82:97:e4:83:58:bd:
         c2:4e:92:e8:33:53:7f:b0:04:ac:22:69:2d:26:93:7a:a7:42:
         4a:d2:e8:67:b5:4c:cd:c0:8e:a5:23:71:3b:86:e7:f5:1e:e3:
         d8:eb:08:8e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUUhRrfjPy9jrLWbKP5uJ0xsk+qzMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAxMTUwODU1MzdaFw0yNzAxMTQwOTAwMzdaMDMxMTAvBgNV
BAMTKEEyODhCNzlDQ0E4RkJCQ0FBREYxNTg3MTc1OUY0MzNENkY1Q0Y0OEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8uQ0x2nXg8PnEbLNVBCpH3sEs
JlyjJu7Hbh1d6bpoiiVX0GIWLrcmQZFduZpv0Ej3ci/P6HV0wtrn9SMAmFfUwX2N
cgSwasUeAGTffXYy9mZZ4/EEXbmy+FEfEtCB5FyfAp4G2t7q2mioa/BFCXrWgBfY
ozXkCdbWLS04XcD/VfZI6BLBL0xBO7HNvXWYBKXU3/rvaQzQJhopX2u+RcHUxEqY
sHEgQwCOfsY3InuRsOPgC1vsZiYJiv25DYJy132XBBpHQ9XZDn0mlMrA+SiT3NhD
6UgRZPpRzeVKFiJ1K/B66JRiNTa5g8SYKc9BBdgEhFP2YKTKcs49n+nZnxAJAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUooi3nMqPu8qt8VhxdZ9DPW9c9IswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTc0OTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACUh6ww
DQYJKoZIhvcNAQELBQADggEBAEikzY1kDxqqsV1rWaGbiV8QMjOVtZK8DV729PtE
g2/si/RcYjKjTY4ofbMCr4Wr7FfxhXM+6jokVcGtUDXNu+qxHK2VVsJiWjNf8uPW
isrKdceG3wytUOt2cIsNGA+y84wQYmcQYNZ3A8dMbwy+O1D3Z9QjI6HKwU+Ehil2
EY3HkM0ffbIQaxkj/qB7fyLfvqgJ+iB5quJgnCvmJt3qqFlrMBDG8eA4rWbFIjZd
JkTpjZo7dKDTAgQJbRXy6kdS1M5HN1Bhq+FZxncULIwGlLhr/4KX5INYvcJOkugz
U3+wBKwiaS0mk3qnQkrS6Ge1TM3AjqUjcTuG5/Ue49jrCI4=
-----END CERTIFICATE-----