This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3170.roa
File:                     AS3170.roa (raw, json)
Hash identifier:          6YFppASJzhLFFiW5sloFPxKbday59GjKpYPrIgLlhi0=
Subject key identifier:   D9:DF:B1:0A:EE:F7:21:C0:17:90:18:EB:B8:0C:8B:36:F9:2C:9A:0B
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1491D95F3C567B648E4FFFA154A9124A82D894FE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3170.roa
Signing time:             Thu 22 Jan 2026 19:55:35 +0000
ROA not before:           Thu 22 Jan 2026 19:50:35 +0000
ROA not after:            Thu 21 Jan 2027 19:55:35 +0000
asID:                     3170
IP address blocks:        2.58.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:91:d9:5f:3c:56:7b:64:8e:4f:ff:a1:54:a9:12:4a:82:d8:94:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 22 19:50:35 2026 GMT
            Not After : Jan 21 19:55:35 2027 GMT
        Subject: CN=D9DFB10AEEF721C0179018EBB80C8B36F92C9A0B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:fe:9e:bf:43:e0:91:d6:fd:f1:65:2a:53:89:
                    c5:45:8a:3c:84:94:25:90:6b:d6:f0:ad:e9:a1:6e:
                    dd:b0:bf:99:4b:15:30:4b:7a:7b:79:19:c4:2c:dd:
                    2b:eb:ea:bd:05:5f:d2:8c:29:c3:f0:2b:1d:04:d4:
                    8c:2d:73:37:69:20:e5:f4:b2:29:73:ac:6a:4a:f0:
                    6a:b9:42:b5:8a:a7:87:b1:50:c8:ed:e9:d2:d3:a0:
                    55:c4:a7:b0:e1:a3:ef:16:2d:30:a7:4f:90:64:25:
                    fd:9c:ae:d2:f0:90:3c:34:3c:f1:ea:4d:5e:0d:11:
                    65:ed:18:94:0a:71:ec:fc:c2:07:4f:6a:84:da:23:
                    d7:93:93:82:4c:52:1b:94:89:62:e1:62:d4:5d:53:
                    de:40:03:da:07:7a:c4:5b:35:ca:93:0d:0d:86:ca:
                    98:0b:d2:41:79:5b:e6:fd:c8:4b:31:76:72:27:1d:
                    d2:c4:45:38:d7:5e:16:ec:52:fa:0f:f1:d9:60:8e:
                    1a:99:4b:d3:02:df:c5:b8:f6:3d:15:46:22:21:2d:
                    6b:37:6a:43:e1:9a:9f:b0:74:5f:07:9f:fa:83:cd:
                    53:29:02:54:c3:ae:14:84:24:48:9c:28:15:91:cf:
                    38:2f:b0:9e:c3:33:58:8e:f3:a0:05:3a:6d:60:d8:
                    55:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:DF:B1:0A:EE:F7:21:C0:17:90:18:EB:B8:0C:8B:36:F9:2C:9A:0B
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS3170.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.58.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:7f:4f:93:25:ed:84:b5:51:77:13:a7:9d:3d:f1:22:89:ab:
         95:40:12:74:e2:a1:6b:20:9d:7e:43:6e:8d:79:23:b8:84:3c:
         f7:05:32:50:ad:2c:16:ed:36:3f:51:43:2b:20:ac:03:2b:80:
         d1:3f:be:9b:ac:37:5f:58:ea:ed:97:5b:9e:ec:f6:32:86:11:
         8a:27:44:82:32:0f:49:ae:e9:4b:e4:bc:d8:54:13:a4:12:9d:
         bf:38:29:f0:0c:78:aa:9e:a7:86:ba:5a:c1:76:60:40:df:33:
         91:3a:9a:08:1e:5e:39:25:85:d4:ee:df:f0:d4:19:96:70:01:
         2a:d6:86:31:1f:fc:12:e3:8c:ed:c8:04:1e:bf:ee:cc:ef:8e:
         07:ae:25:ff:0b:66:21:b6:48:82:44:46:60:a9:4d:e2:2e:fc:
         04:ec:9f:8b:6e:ac:5d:80:18:a9:6c:9f:fc:88:49:ba:e3:e4:
         c8:6c:a1:1d:6d:63:b6:df:2a:cb:a8:15:57:81:03:89:0f:3a:
         42:51:e3:29:17:4a:19:5f:73:fb:48:d1:0f:aa:56:ff:80:d7:
         bc:40:b2:d8:5c:59:6e:dd:5d:f3:74:22:ab:df:5c:40:0b:90:
         e4:20:93:84:d1:66:e7:ab:66:eb:1e:e2:0f:fe:8e:5a:a9:80:
         2e:41:15:1f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUFJHZXzxWe2SOT/+hVKkSSoLYlP4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAxMjIxOTUwMzVaFw0yNzAxMjExOTU1MzVaMDMxMTAvBgNV
BAMTKEQ5REZCMTBBRUVGNzIxQzAxNzkwMThFQkI4MEM4QjM2RjkyQzlBMEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCR/p6/Q+CR1v3xZSpTicVFijyE
lCWQa9bwremhbt2wv5lLFTBLent5GcQs3Svr6r0FX9KMKcPwKx0E1IwtczdpIOX0
silzrGpK8Gq5QrWKp4exUMjt6dLToFXEp7Dho+8WLTCnT5BkJf2crtLwkDw0PPHq
TV4NEWXtGJQKcez8wgdPaoTaI9eTk4JMUhuUiWLhYtRdU95AA9oHesRbNcqTDQ2G
ypgL0kF5W+b9yEsxdnInHdLERTjXXhbsUvoP8dlgjhqZS9MC38W49j0VRiIhLWs3
akPhmp+wdF8Hn/qDzVMpAlTDrhSEJEicKBWRzzgvsJ7DM1iO86AFOm1g2FVxAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU2d+xCu73IcAXkBjruAyLNvksmgswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzE3MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAAI6rzAN
BgkqhkiG9w0BAQsFAAOCAQEAeH9PkyXthLVRdxOnnT3xIomrlUASdOKhayCdfkNu
jXkjuIQ89wUyUK0sFu02P1FDKyCsAyuA0T++m6w3X1jq7Zdbnuz2MoYRiidEgjIP
Sa7pS+S82FQTpBKdvzgp8Ax4qp6nhrpawXZgQN8zkTqaCB5eOSWF1O7f8NQZlnAB
KtaGMR/8EuOM7cgEHr/uzO+OB64l/wtmIbZIgkRGYKlN4i78BOyfi26sXYAYqWyf
/IhJuuPkyGyhHW1jtt8qy6gVV4EDiQ86QlHjKRdKGV9z+0jRD6pW/4DXvECy2FxZ
bt1d83Qiq99cQAuQ5CCThNFm56tm6x7iD/6OWqmALkEVHw==
-----END CERTIFICATE-----