This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137517.roa
File:                     AS137517.roa (raw, json)
Hash identifier:          UlO13PRMCAGTOhZCOtgdJFdZ0wza0fZpMioN2ITXg3k=
Subject key identifier:   03:80:F7:DF:6B:39:A0:A6:A5:30:43:AE:72:AE:8B:CC:7E:77:2A:DD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1CC893E1B50FA0D0191CA16F12774CAF1D8FB0D0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137517.roa
Signing time:             Wed 26 Nov 2025 02:55:12 +0000
ROA not before:           Wed 26 Nov 2025 02:50:12 +0000
ROA not after:            Wed 25 Nov 2026 02:55:12 +0000
asID:                     137517
IP address blocks:        45.89.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 10:42:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:c8:93:e1:b5:0f:a0:d0:19:1c:a1:6f:12:77:4c:af:1d:8f:b0:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov 26 02:50:12 2025 GMT
            Not After : Nov 25 02:55:12 2026 GMT
        Subject: CN=0380F7DF6B39A0A6A53043AE72AE8BCC7E772ADD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7a:c1:95:9c:97:91:6b:d4:09:51:3c:9f:7b:
                    f1:0d:61:50:77:fe:d0:fe:2e:a3:cb:b7:33:56:a3:
                    cd:22:5d:1c:e1:4f:40:0b:2b:60:3f:1d:1a:af:08:
                    82:e4:ca:2d:7d:0f:e9:66:8c:9b:c1:82:86:7a:a2:
                    58:1b:f5:8a:8f:fd:e2:d8:58:e2:62:cd:0f:77:85:
                    aa:4e:00:87:e4:c3:55:c8:fc:39:1c:31:11:10:2a:
                    44:b1:84:ef:a3:03:5f:59:f4:38:75:b8:7e:8c:5a:
                    9e:52:ae:4b:ff:df:a6:0a:2f:c2:39:06:33:09:71:
                    ba:fe:b1:e1:fa:8b:9c:8e:0f:1e:d6:2f:53:50:3c:
                    46:01:b0:2a:5d:20:5a:f4:02:a1:f7:d8:bd:ab:01:
                    3a:43:9c:f5:0a:d9:9b:eb:2a:3e:33:fe:a0:ce:25:
                    4b:69:a8:18:40:53:af:c0:a3:90:a9:51:34:44:83:
                    ad:76:db:16:ae:46:98:b4:27:5d:bb:b1:25:a7:47:
                    05:45:be:a5:0d:71:36:b4:43:b0:f2:66:eb:e2:d6:
                    37:c2:db:63:f0:a9:b2:fe:e4:9f:ef:3e:e1:8d:a8:
                    c3:32:57:3f:28:68:27:7f:97:56:07:ae:7c:5b:89:
                    ae:1b:56:25:cf:0c:35:e6:11:aa:87:91:17:98:57:
                    d6:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:80:F7:DF:6B:39:A0:A6:A5:30:43:AE:72:AE:8B:CC:7E:77:2A:DD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS137517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:82:e6:4f:ff:05:14:71:18:7d:fe:71:30:7b:23:c8:d8:74:
         63:2e:87:dc:49:64:e4:45:b3:65:bd:6d:2e:f6:da:46:04:ad:
         cf:97:d1:1b:5a:01:8f:0a:25:b8:85:2c:17:b7:4c:e0:92:04:
         f8:da:a4:d6:11:81:a0:f7:ab:48:00:70:af:9f:4d:0d:aa:a5:
         f6:c7:57:90:67:5f:cc:2d:62:d1:16:cc:55:9e:20:3b:c9:3e:
         1f:19:3d:82:78:a6:ca:39:b5:fd:0c:e2:11:60:61:72:15:ff:
         47:df:69:d6:bc:9a:c9:2f:fd:34:f8:d8:86:c5:2d:d2:5c:25:
         32:26:01:9e:15:0b:be:c3:0c:40:ed:87:49:d8:c2:24:d4:f2:
         d5:53:4c:7c:f2:8b:12:32:0f:bf:9d:43:ba:3d:2a:c8:6a:40:
         7c:b2:b8:aa:26:41:2c:c0:d0:56:05:24:1f:1b:47:16:57:61:
         96:8e:9b:36:26:d7:57:02:35:86:b0:fb:75:18:b6:44:63:fb:
         af:f9:77:5c:03:02:6d:7d:7e:4e:d7:b1:98:8d:50:05:32:1c:
         be:ce:42:e8:03:54:e7:4e:bd:0d:24:f6:fa:39:a6:57:98:14:
         d8:f0:55:a3:63:d5:ce:6e:27:b3:48:2f:26:5b:e3:d0:bb:67:
         15:99:97:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHMiT4bUPoNAZHKFvEndMrx2PsNAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTExMjYwMjUwMTJaFw0yNjExMjUwMjU1MTJaMDMxMTAvBgNV
BAMTKDAzODBGN0RGNkIzOUEwQTZBNTMwNDNBRTcyQUU4QkNDN0U3NzJBREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmesGVnJeRa9QJUTyfe/ENYVB3
/tD+LqPLtzNWo80iXRzhT0ALK2A/HRqvCILkyi19D+lmjJvBgoZ6olgb9YqP/eLY
WOJizQ93hapOAIfkw1XI/DkcMREQKkSxhO+jA19Z9Dh1uH6MWp5Srkv/36YKL8I5
BjMJcbr+seH6i5yODx7WL1NQPEYBsCpdIFr0AqH32L2rATpDnPUK2ZvrKj4z/qDO
JUtpqBhAU6/Ao5CpUTREg6122xauRpi0J127sSWnRwVFvqUNcTa0Q7DyZuvi1jfC
22PwqbL+5J/vPuGNqMMyVz8oaCd/l1YHrnxbia4bViXPDDXmEaqHkReYV9bLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUA4D332s5oKalMEOucq6LzH53Kt0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTM3NTE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVn9
MA0GCSqGSIb3DQEBCwUAA4IBAQCBguZP/wUUcRh9/nEweyPI2HRjLofcSWTkRbNl
vW0u9tpGBK3Pl9EbWgGPCiW4hSwXt0zgkgT42qTWEYGg96tIAHCvn00NqqX2x1eQ
Z1/MLWLRFsxVniA7yT4fGT2CeKbKObX9DOIRYGFyFf9H32nWvJrJL/00+NiGxS3S
XCUyJgGeFQu+wwxA7YdJ2MIk1PLVU0x88osSMg+/nUO6PSrIakB8sriqJkEswNBW
BSQfG0cWV2GWjps2JtdXAjWGsPt1GLZEY/uv+XdcAwJtfX5O17GYjVAFMhy+zkLo
A1TnTr0NJPb6OaZXmBTY8FWjY9XObiezSC8mW+PQu2cVmZcN
-----END CERTIFICATE-----