This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS17497.roa
File:                     AS17497.roa (raw, json)
Hash identifier:          gWDlAFSSxeGNlkwlzfpr1uE379s7siRjsx3HkY5qa1E=
Subject key identifier:   5B:91:DC:06:89:58:15:99:F1:19:3E:9E:11:FC:11:43:ED:29:F9:CD
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5BD4EDB0F64CED0B7A60B9B76B8C7B56789EC9BA
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS17497.roa
Signing time:             Mon 08 Dec 2025 10:16:55 +0000
ROA not before:           Mon 08 Dec 2025 10:11:55 +0000
ROA not after:            Mon 07 Dec 2026 10:16:55 +0000
asID:                     17497
IP address blocks:        82.23.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Dec 2025 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:d4:ed:b0:f6:4c:ed:0b:7a:60:b9:b7:6b:8c:7b:56:78:9e:c9:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Dec  8 10:11:55 2025 GMT
            Not After : Dec  7 10:16:55 2026 GMT
        Subject: CN=5B91DC0689581599F1193E9E11FC1143ED29F9CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d0:ae:b2:32:fd:fa:73:56:af:58:c4:cb:3c:
                    00:06:bf:b7:86:fa:65:2b:31:3c:cf:87:72:de:cb:
                    80:e9:44:fa:ce:40:10:64:2d:2e:ed:9b:43:d5:24:
                    cc:1d:d9:89:7d:21:91:95:f7:57:7e:1c:71:91:57:
                    15:9e:90:aa:25:7e:af:b4:12:93:f5:60:28:1c:69:
                    d2:4f:8e:8f:8a:fe:ad:c4:10:de:21:f3:23:d2:17:
                    0c:a7:c0:19:e1:e3:da:60:66:69:4e:89:6a:c4:39:
                    7a:f0:33:ad:18:41:bb:78:92:50:2f:84:9a:f5:07:
                    3d:fb:45:8a:0e:ce:1a:1c:8d:e9:e9:b0:26:04:e5:
                    72:61:a7:b9:a6:d5:5d:db:c9:7f:f6:f5:a9:05:61:
                    cc:78:60:9b:87:80:f4:d2:c5:a8:b1:6c:9e:c1:7e:
                    50:6b:59:91:39:af:3f:f7:05:6c:b5:f0:80:69:f3:
                    0c:29:f4:40:24:96:97:69:ba:43:7d:1f:f8:9e:76:
                    b7:c9:9b:78:16:c5:ce:f5:f3:18:92:c3:52:e6:ec:
                    a0:85:8a:2f:14:bd:62:18:8d:db:be:d2:fd:ee:90:
                    6e:79:32:f4:d9:33:28:c3:c5:fc:07:89:f2:4b:b2:
                    3d:e3:8c:14:44:79:3b:9c:bb:e5:03:77:40:e1:d3:
                    44:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:91:DC:06:89:58:15:99:F1:19:3E:9E:11:FC:11:43:ED:29:F9:CD
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS17497.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:0e:c3:b1:d3:2b:66:01:f7:6b:80:23:8a:c4:75:1c:ca:8d:
         84:84:5a:68:79:55:fd:af:b8:82:29:ab:45:1d:44:22:bb:73:
         6f:59:e7:ec:92:61:71:cc:df:6e:89:71:a1:2e:fe:7b:86:57:
         db:44:5d:2b:b1:e1:12:4d:cf:59:00:d3:83:42:d2:6a:55:91:
         5e:72:0f:7c:5c:f5:86:d3:84:c6:96:96:1b:5d:06:6d:4d:da:
         11:72:0a:e5:2b:eb:17:74:87:2d:a1:a9:6d:2b:da:17:ae:27:
         89:77:4a:59:b8:e7:2b:b3:98:06:41:2b:4e:e1:a3:7d:d5:2d:
         fa:81:14:f2:52:19:d7:df:4a:2d:0c:a7:a9:22:2d:14:07:73:
         05:37:33:81:f4:b3:f5:7a:ae:3d:9f:33:0c:2f:74:47:b0:9c:
         9a:7c:62:2d:5c:bd:39:67:01:b0:0b:7a:42:d3:c7:b7:a4:c4:
         70:17:d6:e5:91:7f:a8:1b:48:86:ee:72:1a:c0:99:a9:cf:4f:
         88:15:c7:93:0c:98:43:9e:99:b6:11:6a:92:17:17:57:54:1a:
         c3:50:d8:bf:5f:8d:e6:86:74:5f:75:e0:e2:16:ed:78:8a:36:
         de:d1:33:6b:6a:0a:4a:ad:36:ab:ed:dc:a0:1b:75:2c:36:2f:
         6a:4d:39:98
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUW9TtsPZM7Qt6YLm3a4x7VnieybowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEyMDgxMDExNTVaFw0yNjEyMDcxMDE2NTVaMDMxMTAvBgNV
BAMTKDVCOTFEQzA2ODk1ODE1OTlGMTE5M0U5RTExRkMxMTQzRUQyOUY5Q0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa0K6yMv36c1avWMTLPAAGv7eG
+mUrMTzPh3Ley4DpRPrOQBBkLS7tm0PVJMwd2Yl9IZGV91d+HHGRVxWekKolfq+0
EpP1YCgcadJPjo+K/q3EEN4h8yPSFwynwBnh49pgZmlOiWrEOXrwM60YQbt4klAv
hJr1Bz37RYoOzhocjenpsCYE5XJhp7mm1V3byX/29akFYcx4YJuHgPTSxaixbJ7B
flBrWZE5rz/3BWy18IBp8wwp9EAklpdpukN9H/iedrfJm3gWxc718xiSw1Lm7KCF
ii8UvWIYjdu+0v3ukG55MvTZMyjDxfwHifJLsj3jjBREeTucu+UDd0Dh00QrAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUW5HcBolYFZnxGT6eEfwRQ+0p+c0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTc0OTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSF60w
DQYJKoZIhvcNAQELBQADggEBAC0Ow7HTK2YB92uAI4rEdRzKjYSEWmh5Vf2vuIIp
q0UdRCK7c29Z5+ySYXHM326JcaEu/nuGV9tEXSux4RJNz1kA04NC0mpVkV5yD3xc
9YbThMaWlhtdBm1N2hFyCuUr6xd0hy2hqW0r2heuJ4l3Slm45yuzmAZBK07ho33V
LfqBFPJSGdffSi0Mp6kiLRQHcwU3M4H0s/V6rj2fMwwvdEewnJp8Yi1cvTlnAbAL
ekLTx7ekxHAX1uWRf6gbSIbuchrAmanPT4gVx5MMmEOembYRapIXF1dUGsNQ2L9f
jeaGdF914OIW7XiKNt7RM2tqCkqtNqvt3KAbdSw2L2pNOZg=
-----END CERTIFICATE-----