This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa File: 42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa (raw, json) Hash identifier: P0cEXXqwTWSz2MRLWJ4GBJZIi3AFA7uRr41C/9eKU4k= Subject key identifier: 24:79:A9:0D:9B:7C:AD:BF:E1:A7:39:65:D2:8F:25:C6:6F:B9:87:F0 Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf Certificate serial: 440B13590E9BC913F50BEFB1180875C22FBB5EDF Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa Signing time: Wed 10 Dec 2025 06:50:08 +0000 ROA not before: Wed 10 Dec 2025 06:50:08 +0000 ROA not after: Tue 10 Mar 2026 23:59:59 +0000 asID: 16509 IP address blocks: 51.164.0.0/15 maxlen: 24 Validation: OK Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Wed 17 Dec 2025 14:45:26 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 44:0b:13:59:0e:9b:c9:13:f5:0b:ef:b1:18:08:75:c2:2f:bb:5e:df Signature Algorithm: sha256WithRSAEncryption Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf Validity Not Before: Dec 10 06:50:08 2025 GMT Not After : Mar 10 23:59:59 2026 GMT Subject: serialNumber=96dcee941d2ed6b3c1c40d3f49ae11235afcc8383946d2845b7620b645f6e09e, CN=c336411a-6651-4f13-8ef9-de681c7c9444 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ac:a6:32:85:2d:a9:a9:7f:a9:fc:8d:2e:97:21: 4f:12:3c:3e:6b:1d:dc:a5:27:c6:21:d4:81:0b:57: cf:c6:c2:40:25:f8:d6:b7:71:2e:4c:46:22:d3:91: b3:b5:5f:22:a0:fa:6f:3e:f3:d7:bc:fa:77:98:07: 34:1a:16:47:28:2f:30:15:ee:0c:7b:68:76:63:23: a8:60:06:13:c1:d2:81:78:19:64:ed:54:b6:49:0f: f5:68:a9:55:fb:7a:b3:5a:26:80:ef:e6:75:eb:dd: ae:2c:6f:9f:aa:16:b2:3e:53:60:db:5d:9c:c6:d7: 84:d5:13:c8:47:9e:a9:61:e0:34:2e:30:37:61:d0: 1e:a5:1c:0b:c3:96:15:50:83:55:fe:e6:59:2c:0b: 8b:00:36:18:41:e8:e2:03:18:75:32:24:8a:be:1a: d2:c5:11:4c:96:07:73:40:c1:cf:15:fe:f9:b0:c4: 19:ca:ae:7f:36:f1:7b:31:07:99:72:f0:7e:9d:31: 1f:4c:cb:ed:37:27:39:4d:33:2e:b6:e4:17:d7:dd: 13:f5:59:a7:2b:8a:19:9d:08:78:85:4e:6b:3b:6a: 80:e2:de:66:b6:f9:e5:c4:82:d6:c0:7a:98:e4:df: bf:8e:af:cd:0a:19:4e:74:29:7a:0a:d9:d0:59:11: 06:0d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 24:79:A9:0D:9B:7C:AD:BF:E1:A7:39:65:D2:8F:25:C6:6F:B9:87:F0 X509v3 Authority Key Identifier: keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer Subject Information Access: Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/42efa1a8-f804-47c5-8a3d-6f3ea05e1a5b.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 51.164.0.0/15 Signature Algorithm: sha256WithRSAEncryption 0e:1d:cc:b2:3f:c7:d2:36:5e:72:d9:33:2c:e6:c6:78:71:e5: dd:c8:01:d5:c4:28:13:d3:53:b3:1a:7a:29:78:ac:db:86:35: 54:72:09:01:81:59:6d:e5:c6:a5:26:06:9c:6b:09:2b:1b:4f: 6e:42:f4:fe:ad:34:07:39:1b:5f:af:bf:de:24:17:28:b1:7b: e3:01:da:7b:83:dd:42:30:91:10:f5:6d:0e:85:1f:e8:30:8d: 2b:e5:05:7e:85:3b:a9:64:12:ab:78:ed:88:d5:2c:35:7d:9c: 57:f8:a6:1a:53:8f:53:e8:d3:76:1b:da:e7:86:54:a4:ab:02: f1:e7:fb:c0:80:d2:28:fa:f0:49:da:6f:eb:68:2d:91:61:8b: d1:33:0c:f2:5a:a6:d5:97:eb:92:5c:05:5a:06:c0:3b:52:a3: f9:63:91:17:4c:1d:db:71:df:2c:87:26:fc:3f:29:7b:43:46: db:21:78:78:df:d5:39:37:8b:d5:16:0f:81:2b:48:08:8a:41: 82:4c:b8:4b:db:55:dd:f0:47:60:22:41:4d:de:89:3c:6c:ba: d6:aa:64:ff:28:aa:36:e2:b2:e5:85:ee:ec:5f:e6:a6:9c:4a: c7:29:6c:b8:62:0b:ab:61:41:df:4e:62:99:ef:16:bf:85:67: 35:1c:89:bb -----BEGIN CERTIFICATE----- MIIFXTCCBEWgAwIBAgIURAsTWQ6byRP1C++xGAh1wi+7Xt8wDQYJKoZIhvcNAQEL BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw ZTVjODdjZjAeFw0yNTEyMTAwNjUwMDhaFw0yNjAzMTAyMzU5NTlaMHoxSTBHBgNV BAUTQDk2ZGNlZTk0MWQyZWQ2YjNjMWM0MGQzZjQ5YWUxMTIzNWFmY2M4MzgzOTQ2 ZDI4NDViNzYyMGI2NDVmNmUwOWUxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAKymMoUtqal/qfyNLpchTxI8Pmsd3KUnxiHUgQtXz8bCQCX41rdxLkxGItOR s7VfIqD6bz7z17z6d5gHNBoWRygvMBXuDHtodmMjqGAGE8HSgXgZZO1UtkkP9Wip Vft6s1omgO/mdevdrixvn6oWsj5TYNtdnMbXhNUTyEeeqWHgNC4wN2HQHqUcC8OW FVCDVf7mWSwLiwA2GEHo4gMYdTIkir4a0sURTJYHc0DBzxX++bDEGcqufzbxezEH mXLwfp0xH0zL7TcnOU0zLrbkF9fdE/VZpyuKGZ0IeIVOaztqgOLeZrb55cSC1sB6 mOTfv46vzQoZTnQpegrZ0FkRBg0CAwEAAaOCAiAwggIcMB0GA1UdDgQWBBQkeakN m3ytv+GnOWXSjyXGb7mH8DAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv NDJlZmExYTgtZjgwNC00N2M1LThhM2QtNmYzZWEwNWUxYTViLnJvYTCBiAYDVR0f BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDATOkMA0G CSqGSIb3DQEBCwUAA4IBAQAOHcyyP8fSNl5y2TMs5sZ4ceXdyAHVxCgT01OzGnop eKzbhjVUcgkBgVlt5calJgacawkrG09uQvT+rTQHORtfr7/eJBcosXvjAdp7g91C MJEQ9W0OhR/oMI0r5QV+hTupZBKreO2I1Sw1fZxX+KYaU49T6NN2G9rnhlSkqwLx 5/vAgNIo+vBJ2m/raC2RYYvRMwzyWqbVl+uSXAVaBsA7UqP5Y5EXTB3bcd8shyb8 Pyl7Q0bbIXh439U5N4vVFg+BK0gIikGCTLhL21Xd8EdgIkFN3ok8bLrWqmT/KKo2 4rLlhe7sX+amnErHKWy4YgurYUHfTmKZ7xa/hWc1HIm7 -----END CERTIFICATE-----Generated at Wed Dec 17 00:25:34 2025 by rpki-client