This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/O0FS0XMv6ih-2O0cYgo04uq_WqA.roa
File:                     O0FS0XMv6ih-2O0cYgo04uq_WqA.roa (raw, json)
Hash identifier:          GwCmjRKr0uO3lcpx8t6r1Z062xMPZHx+8iaQcQfTG/U=
Subject key identifier:   3B:41:52:D1:73:2F:EA:28:7E:D8:ED:1C:62:0A:34:E2:EA:BF:5A:A0
Certificate issuer:       /CN=8d842656177b4267ab55e4ba165a5ec00f5084bc
Certificate serial:       019B7A5B4C316990E831D9586028AADEA307
Authority key identifier: 8D:84:26:56:17:7B:42:67:AB:55:E4:BA:16:5A:5E:C0:0F:50:84:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYQmVhd7QmerVeS6FlpewA9QhLw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/O0FS0XMv6ih-2O0cYgo04uq_WqA.roa
Signing time:             Thu 01 Jan 2026 16:19:22 +0000
ROA not before:           Thu 01 Jan 2026 16:19:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198819
IP address blocks:        109.235.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/jYQmVhd7QmerVeS6FlpewA9QhLw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/jYQmVhd7QmerVeS6FlpewA9QhLw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYQmVhd7QmerVeS6FlpewA9QhLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:4c:31:69:90:e8:31:d9:58:60:28:aa:de:a3:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d842656177b4267ab55e4ba165a5ec00f5084bc
        Validity
            Not Before: Jan  1 16:19:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b4152d1732fea287ed8ed1c620a34e2eabf5aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5e:75:ad:7e:09:73:a2:11:7e:57:77:1b:e7:
                    19:3b:28:72:0a:a9:3e:bf:c9:65:18:b1:f8:81:b2:
                    33:67:88:3f:dd:87:38:73:36:0c:41:8a:26:13:97:
                    f7:3f:9b:2d:96:29:cc:bd:3b:a6:b7:d4:36:fe:83:
                    66:c1:d6:19:a0:74:50:04:d9:3c:49:e5:b0:eb:6e:
                    6a:8d:5f:be:8c:34:ea:1b:57:d2:a4:1b:f4:24:c1:
                    e6:8f:10:ad:9f:9d:f1:f2:ce:df:c6:b5:6a:93:af:
                    aa:48:f6:88:8d:b0:96:a4:39:bd:0f:bc:bf:83:3c:
                    d2:b2:85:a1:eb:24:4e:32:ec:eb:5b:90:40:f6:d1:
                    8b:3b:e5:a3:cf:f7:f5:ea:6c:4e:d0:41:2a:c0:eb:
                    42:f1:87:6e:7e:ea:ae:a4:ef:25:50:06:2a:73:0c:
                    d2:e5:a7:b9:a6:16:88:3a:8e:ea:a6:1e:50:8c:b4:
                    49:db:2c:96:8e:55:12:aa:2f:a6:0e:06:a6:08:7c:
                    29:ca:c9:a1:96:92:03:5b:b4:47:62:6b:42:6c:21:
                    a7:3c:9e:23:8f:92:a3:0e:f0:cf:15:19:c2:e0:3a:
                    05:1e:c0:76:e1:9a:23:94:61:95:00:85:7b:47:7a:
                    c2:60:a7:35:74:e5:a3:5f:66:31:4b:4d:3c:bd:aa:
                    4e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:41:52:D1:73:2F:EA:28:7E:D8:ED:1C:62:0A:34:E2:EA:BF:5A:A0
            X509v3 Authority Key Identifier:
                keyid:8D:84:26:56:17:7B:42:67:AB:55:E4:BA:16:5A:5E:C0:0F:50:84:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYQmVhd7QmerVeS6FlpewA9QhLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/O0FS0XMv6ih-2O0cYgo04uq_WqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/9360ec-9cd1-4c00-8668-94c2f8269e9c/1/jYQmVhd7QmerVeS6FlpewA9QhLw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.235.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:1a:7c:7c:f9:df:65:f4:c5:9b:80:27:a3:be:19:bb:8e:d1:
         c0:33:bf:81:b1:16:13:78:1e:af:7b:0c:2b:81:e4:f7:f7:84:
         50:ed:6e:75:90:a1:95:2c:4e:da:0c:1c:b8:1d:f7:86:80:24:
         ea:2d:5d:8e:74:db:29:96:90:52:e5:0c:53:b0:73:b3:23:7d:
         08:82:cb:13:48:91:0c:17:3e:55:8b:b2:2d:ba:f0:10:7f:f8:
         27:47:3a:64:18:d8:ed:be:5b:bf:2d:1d:d0:79:9d:ad:42:bd:
         92:03:f1:2c:bb:e8:77:25:0d:9f:b6:4b:15:6e:71:de:a9:d2:
         82:85:ba:0c:4b:95:41:00:52:93:99:1d:71:a8:8e:8c:de:81:
         95:8f:30:0d:6f:72:d4:03:60:91:28:80:d4:c3:e5:39:f7:fa:
         1b:12:c0:1d:d3:ca:92:04:aa:c8:74:5f:06:73:bb:8a:b9:f8:
         8e:a2:03:05:40:7c:80:a0:98:11:8f:c4:c8:5d:f6:76:12:dc:
         e2:b3:a8:94:19:8f:b5:65:ec:d5:65:7f:83:34:ea:fb:9e:fe:
         fa:6d:5e:7e:3c:66:77:a1:70:b8:66:8b:64:fb:b6:7e:16:06:
         39:38:ed:74:4b:b0:30:e9:25:43:68:65:f1:06:c9:be:e4:f7:
         e8:a3:72:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W0wxaZDoMdlYYCiq3qMHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODQyNjU2MTc3YjQyNjdhYjU1ZTRiYTE2NWE1ZWMwMGY1
MDg0YmMwHhcNMjYwMTAxMTYxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjQxNTJkMTczMmZlYTI4N2VkOGVkMWM2MjBhMzRlMmVhYmY1YWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv151rX4Jc6IRfld3G+cZOyhyCqk+
v8llGLH4gbIzZ4g/3Yc4czYMQYomE5f3P5stlinMvTumt9Q2/oNmwdYZoHRQBNk8
SeWw625qjV++jDTqG1fSpBv0JMHmjxCtn53x8s7fxrVqk6+qSPaIjbCWpDm9D7y/
gzzSsoWh6yROMuzrW5BA9tGLO+Wjz/f16mxO0EEqwOtC8YdufuqupO8lUAYqcwzS
5ae5phaIOo7qph5QjLRJ2yyWjlUSqi+mDgamCHwpysmhlpIDW7RHYmtCbCGnPJ4j
j5KjDvDPFRnC4DoFHsB24ZojlGGVAIV7R3rCYKc1dOWjX2YxS008vapOdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtBUtFzL+ooftjtHGIKNOLqv1qgMB8GA1UdIwQY
MBaAFI2EJlYXe0Jnq1XkuhZaXsAPUIS8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallRbVZoZDdRbWVyVmVTNkZscGV3QTlRaEx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS85MzYwZWMtOWNkMS00YzAwLTg2Njgt
OTRjMmY4MjY5ZTljLzEvTzBGUzBYTXY2aWgtMk8wY1lnbzA0dXFfV3FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS85MzYwZWMtOWNkMS00YzAwLTg2NjgtOTRjMmY4MjY5ZTlj
LzEvallRbVZoZDdRbWVyVmVTNkZscGV3QTlRaEx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbevRMA0G
CSqGSIb3DQEBCwUAA4IBAQAGGnx8+d9l9MWbgCejvhm7jtHAM7+BsRYTeB6vewwr
geT394RQ7W51kKGVLE7aDBy4HfeGgCTqLV2OdNsplpBS5QxTsHOzI30IgssTSJEM
Fz5Vi7ItuvAQf/gnRzpkGNjtvlu/LR3QeZ2tQr2SA/Esu+h3JQ2ftksVbnHeqdKC
hboMS5VBAFKTmR1xqI6M3oGVjzANb3LUA2CRKIDUw+U59/obEsAd08qSBKrIdF8G
c7uKufiOogMFQHyAoJgRj8TIXfZ2Etzis6iUGY+1ZezVZX+DNOr7nv76bV5+PGZ3
oXC4Zotk+7Z+FgY5OO10S7Aw6SVDaGXxBsm+5Pfoo3Jy
-----END CERTIFICATE-----