This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/WSR87e3Ee1tCNbfum8rM02_xB8c.roa
File:                     WSR87e3Ee1tCNbfum8rM02_xB8c.roa (raw, json)
Hash identifier:          qVtjtU8RmU9TX2RXNkWcIFQwTFAnao/WjTXbBMNqj5k=
Subject key identifier:   59:24:7C:ED:ED:C4:7B:5B:42:35:B7:EE:9B:CA:CC:D3:6F:F1:07:C7
Certificate issuer:       /CN=4bd1f50df263fe509fc5de9c5a473a28e3812639
Certificate serial:       019B7F135ECF7CF1FCE34B4CC4DCD2882538
Authority key identifier: 4B:D1:F5:0D:F2:63:FE:50:9F:C5:DE:9C:5A:47:3A:28:E3:81:26:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S9H1DfJj_lCfxd6cWkc6KOOBJjk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/WSR87e3Ee1tCNbfum8rM02_xB8c.roa
Signing time:             Fri 02 Jan 2026 14:18:54 +0000
ROA not before:           Fri 02 Jan 2026 14:18:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212597
IP address blocks:        98.158.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/S9H1DfJj_lCfxd6cWkc6KOOBJjk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/S9H1DfJj_lCfxd6cWkc6KOOBJjk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S9H1DfJj_lCfxd6cWkc6KOOBJjk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 11:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:13:5e:cf:7c:f1:fc:e3:4b:4c:c4:dc:d2:88:25:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4bd1f50df263fe509fc5de9c5a473a28e3812639
        Validity
            Not Before: Jan  2 14:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=59247cededc47b5b4235b7ee9bcaccd36ff107c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f2:7f:cd:a9:f4:94:20:5f:dc:a9:d2:e6:63:
                    e8:b4:1f:a2:ba:32:0b:73:f0:28:6a:8c:52:48:74:
                    05:c5:ad:a8:ad:c6:95:23:66:4a:28:e4:e7:b9:7a:
                    1d:a0:b4:a7:91:2d:c8:4b:ea:a0:59:91:e1:2b:69:
                    6c:e1:f4:e4:de:19:a2:76:54:ad:ae:b4:f5:08:de:
                    44:ce:e9:fc:ef:af:4b:fc:3a:57:81:ed:fb:8c:bf:
                    bc:25:47:cc:fa:b6:d8:92:47:45:d8:ff:5c:02:e1:
                    99:e5:f0:84:f0:68:87:93:39:66:05:73:8c:7b:44:
                    bc:6f:a7:96:b2:2f:8c:f4:52:51:d7:02:59:cd:1c:
                    ee:1e:87:f3:a2:1f:b9:da:72:cc:0f:33:b5:81:56:
                    eb:33:3e:ad:fd:96:b2:f5:fb:b6:2b:9a:b8:0b:1f:
                    b8:83:49:d7:18:a9:59:af:02:d1:66:40:bd:cb:03:
                    f6:5e:ce:61:c4:57:ea:21:36:eb:25:15:ac:50:81:
                    f8:b3:ef:32:9c:0e:92:11:87:05:29:d3:18:a8:3e:
                    f0:0e:b7:9f:5a:e5:c5:41:2a:c6:c0:7e:a9:d8:97:
                    74:33:bd:31:5f:67:7f:41:b1:59:04:44:3e:63:d4:
                    9a:8a:29:9d:44:ce:f7:3d:ad:1b:67:1f:1e:4d:20:
                    8b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:24:7C:ED:ED:C4:7B:5B:42:35:B7:EE:9B:CA:CC:D3:6F:F1:07:C7
            X509v3 Authority Key Identifier:
                keyid:4B:D1:F5:0D:F2:63:FE:50:9F:C5:DE:9C:5A:47:3A:28:E3:81:26:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S9H1DfJj_lCfxd6cWkc6KOOBJjk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/WSR87e3Ee1tCNbfum8rM02_xB8c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/7d20a2-b881-461c-bbf5-2b6809339702/1/S9H1DfJj_lCfxd6cWkc6KOOBJjk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  98.158.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:d8:20:2b:5e:ff:a6:2f:2b:0b:d9:99:b1:80:7b:bc:9e:1c:
         de:f8:ac:56:f6:d7:1c:0b:a9:cc:51:0b:8a:38:2d:db:52:d6:
         0e:a7:f0:b9:bd:fd:3a:47:c7:c5:25:30:fb:2e:d0:ac:cf:3e:
         bf:e3:79:93:f0:1e:1c:30:a1:0d:35:48:47:a5:80:ed:57:7a:
         74:81:c7:90:ad:df:bb:d2:9a:81:f4:7f:9e:69:cd:26:8e:a5:
         51:5f:4b:64:fc:4d:1d:e8:2a:ba:9d:c4:61:4c:5c:78:81:8b:
         96:2d:d4:fd:7f:a1:d2:45:f5:2a:c5:93:12:ad:33:76:1c:3e:
         0f:1d:65:c4:78:81:66:48:9b:f0:c7:ea:01:fc:93:88:d9:a9:
         31:cc:24:a1:4b:17:fe:5e:ec:9c:49:02:d3:43:b9:eb:69:61:
         d4:90:7c:ae:5a:ff:38:2f:b6:70:32:d8:73:0e:2e:eb:1c:93:
         8e:15:97:09:6f:22:78:97:05:b3:c1:aa:d0:f6:4d:ea:0e:c7:
         35:1c:19:44:52:8c:38:82:97:8d:07:95:42:24:a9:e7:dc:15:
         03:65:f1:0f:eb:7d:57:5f:0f:31:5e:34:05:62:fe:0c:05:c6:
         d6:8d:c5:9e:2d:30:22:78:31:3c:6c:14:2b:bd:09:ac:a0:a3:
         50:d2:34:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/E17PfPH840tMxNzSiCU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZDFmNTBkZjI2M2ZlNTA5ZmM1ZGU5YzVhNDczYTI4ZTM4
MTI2MzkwHhcNMjYwMTAyMTQxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTI0N2NlZGVkYzQ3YjViNDIzNWI3ZWU5YmNhY2NkMzZmZjEwN2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfJ/zan0lCBf3KnS5mPotB+iujIL
c/AoaoxSSHQFxa2orcaVI2ZKKOTnuXodoLSnkS3IS+qgWZHhK2ls4fTk3hmidlSt
rrT1CN5Ezun8769L/DpXge37jL+8JUfM+rbYkkdF2P9cAuGZ5fCE8GiHkzlmBXOM
e0S8b6eWsi+M9FJR1wJZzRzuHofzoh+52nLMDzO1gVbrMz6t/Zay9fu2K5q4Cx+4
g0nXGKlZrwLRZkC9ywP2Xs5hxFfqITbrJRWsUIH4s+8ynA6SEYcFKdMYqD7wDref
WuXFQSrGwH6p2Jd0M70xX2d/QbFZBEQ+Y9SaiimdRM73Pa0bZx8eTSCLrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkkfO3txHtbQjW37pvKzNNv8QfHMB8GA1UdIwQY
MBaAFEvR9Q3yY/5Qn8XenFpHOijjgSY5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzlIMURmSmpfbENmeGQ2Y1drYzZLT09CSmprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC83ZDIwYTItYjg4MS00NjFjLWJiZjUt
MmI2ODA5MzM5NzAyLzEvV1NSODdlM0VlMXRDTmJmdW04ck0wMl94QjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC83ZDIwYTItYjg4MS00NjFjLWJiZjUtMmI2ODA5MzM5NzAy
LzEvUzlIMURmSmpfbENmeGQ2Y1drYzZLT09CSmprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAYp7uMA0G
CSqGSIb3DQEBCwUAA4IBAQBQ2CArXv+mLysL2ZmxgHu8nhze+KxW9tccC6nMUQuK
OC3bUtYOp/C5vf06R8fFJTD7LtCszz6/43mT8B4cMKENNUhHpYDtV3p0gceQrd+7
0pqB9H+eac0mjqVRX0tk/E0d6Cq6ncRhTFx4gYuWLdT9f6HSRfUqxZMSrTN2HD4P
HWXEeIFmSJvwx+oB/JOI2akxzCShSxf+XuycSQLTQ7nraWHUkHyuWv84L7ZwMthz
Di7rHJOOFZcJbyJ4lwWzwarQ9k3qDsc1HBlEUow4gpeNB5VCJKnn3BUDZfEP631X
Xw8xXjQFYv4MBcbWjcWeLTAieDE8bBQrvQmsoKNQ0jQQ
-----END CERTIFICATE-----