This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS17497.roa
File:                     AS17497.roa (raw, json)
Hash identifier:          wFeRoJq6fzitE20SjgRrFqb3LkHMqrYQf3lKooKZSLA=
Subject key identifier:   98:39:C9:95:B9:5B:FC:48:58:3A:E1:59:BF:9C:A1:17:84:28:59:1A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7B7C3B59A64C4619002B3EDB01E2D7A5FCB712D6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS17497.roa
Signing time:             Mon 08 Dec 2025 10:16:51 +0000
ROA not before:           Mon 08 Dec 2025 10:11:51 +0000
ROA not after:            Mon 07 Dec 2026 10:16:51 +0000
asID:                     17497
IP address blocks:        148.135.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:7c:3b:59:a6:4c:46:19:00:2b:3e:db:01:e2:d7:a5:fc:b7:12:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Dec  8 10:11:51 2025 GMT
            Not After : Dec  7 10:16:51 2026 GMT
        Subject: CN=9839C995B95BFC48583AE159BF9CA1178428591A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:22:23:b6:89:62:d6:bf:70:c2:c6:af:cc:30:
                    0b:37:85:ac:f9:90:d6:2a:b8:59:ae:70:39:e0:d5:
                    9e:b0:30:1b:bd:58:bf:15:10:70:75:39:46:05:ed:
                    55:ac:01:a9:5d:c7:fe:84:63:75:8f:90:40:8f:80:
                    7d:d1:be:2d:5e:43:d9:82:34:2a:ad:ec:42:4a:d0:
                    a8:8f:4e:94:cd:0c:fa:86:b2:a6:d0:00:66:ba:80:
                    42:82:12:a4:52:98:eb:9e:23:1b:70:25:59:2d:57:
                    20:38:bc:f3:6e:df:08:dc:f5:a8:42:8a:36:3d:45:
                    bb:22:d6:b3:b6:48:b3:16:a7:36:d5:04:71:89:5b:
                    c9:2b:77:10:b0:f6:52:20:b8:64:e2:e3:88:18:b7:
                    d1:d4:7d:7c:e8:a3:f8:b4:79:da:62:42:6e:4c:d7:
                    f9:2c:4d:67:ec:6c:bd:a0:2b:bc:4a:a1:fb:32:f9:
                    a5:23:7f:9f:ed:7c:e0:9b:d5:04:d5:5a:85:ee:eb:
                    cf:2e:3b:40:71:8e:2f:89:34:c4:df:5d:1f:cc:65:
                    ce:61:98:f1:a2:40:75:81:20:9c:ca:5a:85:66:ad:
                    b7:df:21:34:3c:29:19:a3:24:bf:b8:91:7e:54:2b:
                    57:4c:2c:68:53:26:46:55:f1:67:ae:5e:02:a1:0d:
                    2a:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:39:C9:95:B9:5B:FC:48:58:3A:E1:59:BF:9C:A1:17:84:28:59:1A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS17497.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:68:c7:19:d1:f8:8a:b3:b1:9e:07:fe:2f:a3:b5:16:f0:70:
         0a:00:82:cc:6b:8d:01:f2:2a:07:db:49:35:fe:8d:24:08:4f:
         8a:69:86:cd:5b:da:d9:9b:c1:5e:3b:35:40:e5:6c:f8:b7:98:
         17:b2:52:8e:52:1e:a2:87:41:85:2f:8c:30:bd:87:5d:8d:ec:
         33:70:6a:14:17:5f:94:6e:0f:94:3a:e3:6e:77:4e:48:74:e9:
         c7:c5:8f:25:4d:c1:fc:c4:5c:df:0c:d7:c0:93:5d:28:db:ac:
         25:23:6b:dc:55:f4:11:9c:28:56:c7:e8:a7:00:b9:8e:fb:45:
         1c:bf:ed:45:4d:ff:f8:22:55:f5:8b:72:0f:b4:db:2c:04:3b:
         1b:2c:f4:6a:78:18:3a:bc:53:74:ba:34:33:81:f7:e3:08:35:
         e7:16:ae:5e:66:5c:bd:5b:8a:36:b8:1f:10:f5:1d:fe:92:d1:
         14:b7:b1:45:a9:f0:43:92:d1:f8:ba:8e:4a:d0:d1:a9:5a:a4:
         2f:3b:1f:16:34:c8:0b:d7:65:fd:4f:90:a8:40:c2:b0:95:1b:
         47:fb:ed:68:c1:3f:fa:bd:ce:c8:f9:6e:e2:41:28:56:02:bd:
         d2:a0:4a:20:f0:f6:0e:f1:b8:f4:80:c8:1e:b1:c1:3f:b5:c0:
         8f:9e:d4:96
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUe3w7WaZMRhkAKz7bAeLXpfy3EtYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEyMDgxMDExNTFaFw0yNjEyMDcxMDE2NTFaMDMxMTAvBgNV
BAMTKDk4MzlDOTk1Qjk1QkZDNDg1ODNBRTE1OUJGOUNBMTE3ODQyODU5MUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrIiO2iWLWv3DCxq/MMAs3haz5
kNYquFmucDng1Z6wMBu9WL8VEHB1OUYF7VWsAaldx/6EY3WPkECPgH3Rvi1eQ9mC
NCqt7EJK0KiPTpTNDPqGsqbQAGa6gEKCEqRSmOueIxtwJVktVyA4vPNu3wjc9ahC
ijY9Rbsi1rO2SLMWpzbVBHGJW8krdxCw9lIguGTi44gYt9HUfXzoo/i0edpiQm5M
1/ksTWfsbL2gK7xKofsy+aUjf5/tfOCb1QTVWoXu688uO0Bxji+JNMTfXR/MZc5h
mPGiQHWBIJzKWoVmrbffITQ8KRmjJL+4kX5UK1dMLGhTJkZV8WeuXgKhDSqLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUmDnJlblb/EhYOuFZv5yhF4QoWRowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTc0OTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACUh6ww
DQYJKoZIhvcNAQELBQADggEBAH9oxxnR+IqzsZ4H/i+jtRbwcAoAgsxrjQHyKgfb
STX+jSQIT4pphs1b2tmbwV47NUDlbPi3mBeyUo5SHqKHQYUvjDC9h12N7DNwahQX
X5RuD5Q64253Tkh06cfFjyVNwfzEXN8M18CTXSjbrCUja9xV9BGcKFbH6KcAuY77
RRy/7UVN//giVfWLcg+02ywEOxss9Gp4GDq8U3S6NDOB9+MINecWrl5mXL1bija4
HxD1Hf6S0RS3sUWp8EOS0fi6jkrQ0alapC87HxY0yAvXZf1PkKhAwrCVG0f77WjB
P/q9zsj5buJBKFYCvdKgSiDw9g7xuPSAyB6xwT+1wI+e1JY=
-----END CERTIFICATE-----