This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/a3a530-25aa-4023-9a80-4e347d551c3f/1/3umndGzAD5rCZWRXYXf_uY9ZlGQ.roa File: 3umndGzAD5rCZWRXYXf_uY9ZlGQ.roa (raw, json) Hash identifier: +hSbfwDC34My2nrMGTb3S+msbWLWB8nIUFlFpyrQ6XM= Subject key identifier: DE:E9:A7:74:6C:C0:0F:9A:C2:65:64:57:61:77:FF:B9:8F:59:94:64 Certificate issuer: /CN=2254bcc03293e3ad0e19a7a3fd1b1cfbd34c0990 Certificate serial: 019B7BA399EAD2230B42B0DE59D5BB975ADE Authority key identifier: 22:54:BC:C0:32:93:E3:AD:0E:19:A7:A3:FD:1B:1C:FB:D3:4C:09:90 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IlS8wDKT460OGaej_Rsc-9NMCZA.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/46/a3a530-25aa-4023-9a80-4e347d551c3f/1/3umndGzAD5rCZWRXYXf_uY9ZlGQ.roa Signing time: Thu 01 Jan 2026 22:17:57 +0000 ROA not before: Thu 01 Jan 2026 22:17:57 +0000 ROA not after: Thu 01 Jul 2027 00:00:00 +0000 asID: 209886 IP address blocks: 85.235.88.0/22 maxlen: 22 85.235.88.0/23 maxlen: 23 85.235.90.0/23 maxlen: 23 2a10:1ac0::/29 maxlen: 29 2a10:1ac0::/30 maxlen: 30 2a10:1ac4::/30 maxlen: 30 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/46/a3a530-25aa-4023-9a80-4e347d551c3f/1/IlS8wDKT460OGaej_Rsc-9NMCZA.crl rsync://rpki.ripe.net/repository/DEFAULT/46/a3a530-25aa-4023-9a80-4e347d551c3f/1/IlS8wDKT460OGaej_Rsc-9NMCZA.mft rsync://rpki.ripe.net/repository/DEFAULT/IlS8wDKT460OGaej_Rsc-9NMCZA.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Sat 10 Jan 2026 19:01:42 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:7b:a3:99:ea:d2:23:0b:42:b0:de:59:d5:bb:97:5a:de Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2254bcc03293e3ad0e19a7a3fd1b1cfbd34c0990 Validity Not Before: Jan 1 22:17:57 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=dee9a7746cc00f9ac26564576177ffb98f599464 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c2:df:65:94:45:5d:c2:55:58:5f:0f:f9:21:56: cd:ec:76:4d:6b:b6:22:f5:9f:1b:67:dd:68:df:2b: 65:52:57:80:28:de:b1:eb:d3:27:b0:a4:eb:0b:40: 08:56:53:40:0b:49:52:74:13:c0:45:bc:6b:7d:d1: a9:e9:af:03:a4:e2:f3:86:82:f4:f3:3a:27:9d:3f: 61:25:db:f9:b7:fd:6a:9c:c1:66:72:29:9c:40:99: 4c:05:58:07:cd:7b:08:a7:fa:67:ee:ac:1c:00:27: d0:86:f0:cf:e1:66:a2:34:df:19:83:31:15:a0:5e: 14:0b:13:d6:cd:cf:68:9f:55:a1:8b:2c:69:16:83: 08:ae:4e:8f:80:62:15:67:1e:18:25:13:68:45:3f: a3:6e:0f:a7:2c:fc:3c:ab:5c:f6:87:20:bd:66:7b: 1f:54:c0:68:ca:c3:6b:09:9f:f3:1d:9e:c6:a2:3b: 59:98:6a:77:1a:51:be:b4:74:87:69:03:31:a5:52: aa:c8:fc:b8:c7:05:37:5c:8d:34:94:b2:b0:64:5a: 5c:75:88:38:fe:89:66:b6:72:db:60:d3:04:39:ad: d7:35:51:c5:f4:cf:92:0c:65:70:a9:8a:3b:22:8e: 33:51:86:1c:da:85:97:78:80:e4:58:77:de:23:a5: f8:41 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: DE:E9:A7:74:6C:C0:0F:9A:C2:65:64:57:61:77:FF:B9:8F:59:94:64 X509v3 Authority Key Identifier: keyid:22:54:BC:C0:32:93:E3:AD:0E:19:A7:A3:FD:1B:1C:FB:D3:4C:09:90 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IlS8wDKT460OGaej_Rsc-9NMCZA.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a3a530-25aa-4023-9a80-4e347d551c3f/1/3umndGzAD5rCZWRXYXf_uY9ZlGQ.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/46/a3a530-25aa-4023-9a80-4e347d551c3f/1/IlS8wDKT460OGaej_Rsc-9NMCZA.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 85.235.88.0/22 IPv6: 2a10:1ac0::/29 Signature Algorithm: sha256WithRSAEncryption c7:6f:ee:c7:23:af:47:77:e2:c4:88:4d:1a:32:04:71:17:00: 3a:5e:91:69:2b:80:83:d5:98:91:ce:99:5c:6a:a6:47:53:6e: e9:cf:e0:46:40:c1:de:38:e0:25:49:c4:8d:3a:d7:b3:eb:db: 35:7b:d9:f1:ec:71:81:a7:b5:89:7a:c5:6e:fd:5a:ad:27:2a: bc:c7:89:d8:6e:69:1b:43:a3:84:15:a7:3d:a4:67:4b:fa:39: 28:51:51:83:a2:13:24:f6:e3:51:66:06:c2:fe:91:37:d1:fd: cf:33:33:2a:cc:1d:4e:40:ef:47:96:73:67:da:80:08:b6:44: ef:ec:e8:1b:ef:9b:d1:6e:86:68:a9:53:17:08:05:bb:d6:c5: 6b:43:af:7c:06:5a:06:0e:eb:94:08:f4:f2:1d:e2:9e:19:01: 92:a6:b2:f8:4e:b1:1c:b9:03:54:6a:bd:dc:45:f9:ff:a3:28: a9:a0:86:20:d8:8a:c5:52:32:6f:9c:b0:fe:ae:31:0c:ba:23: 2c:15:d8:90:44:32:98:17:3b:a5:af:df:82:cd:0b:45:bd:7d: a3:3d:47:7a:c4:d5:19:f5:13:a0:cc:cf:b8:9f:35:65:31:91: 2d:61:c1:5a:5a:79:e0:c3:35:7a:3c:f6:6d:96:29:ec:8a:18: d4:26:52:17 -----BEGIN CERTIFICATE----- MIIFDDCCA/SgAwIBAgISAZt7o5nq0iMLQrDeWdW7l1reMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDIyNTRiY2MwMzI5M2UzYWQwZTE5YTdhM2ZkMWIxY2ZiZDM0 YzA5OTAwHhcNMjYwMTAxMjIxNzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD EyhkZWU5YTc3NDZjYzAwZjlhYzI2NTY0NTc2MTc3ZmZiOThmNTk5NDY0MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwt9llEVdwlVYXw/5IVbN7HZNa7Yi 9Z8bZ91o3ytlUleAKN6x69MnsKTrC0AIVlNAC0lSdBPARbxrfdGp6a8DpOLzhoL0 8zonnT9hJdv5t/1qnMFmcimcQJlMBVgHzXsIp/pn7qwcACfQhvDP4WaiNN8ZgzEV oF4UCxPWzc9on1WhiyxpFoMIrk6PgGIVZx4YJRNoRT+jbg+nLPw8q1z2hyC9Znsf VMBoysNrCZ/zHZ7GojtZmGp3GlG+tHSHaQMxpVKqyPy4xwU3XI00lLKwZFpcdYg4 /olmtnLbYNMEOa3XNVHF9M+SDGVwqYo7Io4zUYYc2oWXeIDkWHfeI6X4QQIDAQAB o4ICGDCCAhQwHQYDVR0OBBYEFN7pp3RswA+awmVkV2F3/7mPWZRkMB8GA1UdIwQY MBaAFCJUvMAyk+OtDhmno/0bHPvTTAmQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvSWxTOHdES1Q0NjBPR2Flal9Sc2MtOU5NQ1pBLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni9hM2E1MzAtMjVhYS00MDIzLTlhODAt NGUzNDdkNTUxYzNmLzEvM3VtbmRHekFENXJDWldSWFlYZl91WTlabEdRLnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC80Ni9hM2E1MzAtMjVhYS00MDIzLTlhODAtNGUzNDdkNTUxYzNm LzEvSWxTOHdES1Q0NjBPR2Flal9Sc2MtOU5NQ1pBLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVetYMA0E AgACMAcDBQMqEBrAMA0GCSqGSIb3DQEBCwUAA4IBAQDHb+7HI69Hd+LEiE0aMgRx FwA6XpFpK4CD1ZiRzplcaqZHU27pz+BGQMHeOOAlScSNOtez69s1e9nx7HGBp7WJ esVu/VqtJyq8x4nYbmkbQ6OEFac9pGdL+jkoUVGDohMk9uNRZgbC/pE30f3PMzMq zB1OQO9HlnNn2oAItkTv7Ogb75vRboZoqVMXCAW71sVrQ698BloGDuuUCPTyHeKe GQGSprL4TrEcuQNUar3cRfn/oyipoIYg2IrFUjJvnLD+rjEMuiMsFdiQRDKYFzul r9+CzQtFvX2jPUd6xNUZ9ROgzM+4nzVlMZEtYcFaWnngwzV6PPZtlinsihjUJlIX -----END CERTIFICATE-----Generated at Sat Jan 10 04:07:54 2026 by rpki-client