This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/MhkSjcd42-pF76ZS_MfMJ4okKGQ.roa File: MhkSjcd42-pF76ZS_MfMJ4okKGQ.roa (raw, json) Hash identifier: ahirK5ZrPm5uqUKok8wdkQD20L3L0Tz2FF9Qcr7RAtk= Subject key identifier: 32:19:12:8D:C7:78:DB:EA:45:EF:A6:52:FC:C7:CC:27:8A:24:28:64 Certificate issuer: /CN=e8a851ddae5a64cc38825395be9a507da95ab7cf Certificate serial: 019B6FB4C997AF5E359B50B0550C3F3CA4A0 Authority key identifier: E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/MhkSjcd42-pF76ZS_MfMJ4okKGQ.roa Signing time: Tue 30 Dec 2025 14:41:17 +0000 ROA not before: Tue 30 Dec 2025 14:41:17 +0000 ROA not after: Wed 01 Jul 2026 00:00:00 +0000 asID: 202940 IP address blocks: 89.208.0.0/21 maxlen: 24 89.208.4.0/22 maxlen: 24 89.208.56.0/21 maxlen: 24 89.208.128.0/21 maxlen: 24 89.208.134.0/23 maxlen: 24 141.226.120.0/22 maxlen: 24 147.234.23.0/24 maxlen: 24 147.236.104.0/21 maxlen: 24 147.236.116.0/23 maxlen: 24 147.236.120.0/21 maxlen: 24 147.236.125.0/24 maxlen: 24 147.236.148.0/22 maxlen: 24 147.236.152.0/23 maxlen: 23 147.236.154.0/24 maxlen: 24 147.236.176.0/20 maxlen: 24 147.236.183.0/24 maxlen: 24 185.108.80.0/22 maxlen: 24 185.149.252.0/22 maxlen: 24 185.167.108.0/22 maxlen: 24 185.175.32.0/22 maxlen: 24 185.180.100.0/22 maxlen: 24 185.180.100.0/24 maxlen: 24 185.180.100.0/27 maxlen: 32 185.180.102.0/24 maxlen: 24 185.180.103.0/24 maxlen: 24 185.182.76.0/22 maxlen: 24 185.184.244.0/22 maxlen: 24 188.191.224.0/21 maxlen: 24 188.191.224.0/22 maxlen: 22 188.191.224.0/24 maxlen: 24 188.191.224.0/27 maxlen: 32 188.191.228.0/22 maxlen: 22 217.175.80.0/20 maxlen: 24 217.175.84.0/22 maxlen: 22 217.175.88.0/21 maxlen: 23 2a00:7c40::/29 maxlen: 48 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.mft rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Wed 31 Dec 2025 23:01:22 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:6f:b4:c9:97:af:5e:35:9b:50:b0:55:0c:3f:3c:a4:a0 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=e8a851ddae5a64cc38825395be9a507da95ab7cf Validity Not Before: Dec 30 14:41:17 2025 GMT Not After : Jul 1 00:00:00 2026 GMT Subject: CN=3219128dc778dbea45efa652fcc7cc278a242864 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ac:24:61:dc:a9:0a:58:b4:88:6c:e6:20:73:dc: 78:6e:e6:ce:96:02:e8:a3:de:a7:c3:b0:cc:a3:75: 9b:70:6b:70:10:ca:0a:15:99:12:48:35:ae:45:dd: fc:46:cc:0e:94:0c:ba:17:98:f0:95:93:55:3b:38: 9d:45:87:d1:14:0f:10:9f:53:13:b6:25:91:47:b6: 84:df:b5:86:56:eb:7b:2c:84:34:11:98:dd:5f:51: e1:98:8d:82:a6:95:13:73:8e:e9:f2:b5:47:11:5d: 49:10:76:1a:b7:f3:de:bb:38:78:93:08:ef:d3:87: 83:34:3d:65:ff:56:84:8b:8f:0b:29:4c:58:ed:4e: a5:34:ac:6d:cc:74:f5:c4:6a:34:66:01:ec:07:48: d1:fa:d4:fb:10:c5:02:66:57:6c:04:45:80:36:e5: 91:8b:cf:55:a9:8e:c2:5d:42:1b:51:6c:e9:ee:ba: e3:79:39:79:95:c8:f9:51:f7:88:b6:61:8a:0a:1a: 39:93:23:83:e8:14:2d:d4:47:e0:c8:05:79:4a:06: 7c:29:77:b0:8f:c6:c2:2c:8d:0d:9b:b3:5d:02:c9: 76:df:55:9b:49:ca:21:c1:e1:34:1f:66:a4:89:18: 73:fa:7a:45:40:8b:7f:59:94:4e:1b:09:d9:7a:a8: 8d:af Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 32:19:12:8D:C7:78:DB:EA:45:EF:A6:52:FC:C7:CC:27:8A:24:28:64 X509v3 Authority Key Identifier: keyid:E8:A8:51:DD:AE:5A:64:CC:38:82:53:95:BE:9A:50:7D:A9:5A:B7:CF X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6KhR3a5aZMw4glOVvppQfalat88.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/MhkSjcd42-pF76ZS_MfMJ4okKGQ.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3638d7-3ec3-4595-a631-110c878dcd29/1/6KhR3a5aZMw4glOVvppQfalat88.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 89.208.0.0/21 89.208.56.0/21 89.208.128.0/21 141.226.120.0/22 147.234.23.0/24 147.236.104.0/21 147.236.116.0/23 147.236.120.0/21 147.236.148.0-147.236.154.255 147.236.176.0/20 185.108.80.0/22 185.149.252.0/22 185.167.108.0/22 185.175.32.0/22 185.180.100.0/22 185.182.76.0/22 185.184.244.0/22 188.191.224.0/21 217.175.80.0/20 IPv6: 2a00:7c40::/29 Signature Algorithm: sha256WithRSAEncryption 7f:67:ca:0a:6c:c3:5a:42:1a:89:e3:36:9e:a4:06:8e:d7:e6: 1e:32:6e:90:5e:a3:bf:94:89:6b:92:33:ca:bb:c2:2f:37:18: bc:aa:a5:f4:8a:0a:b4:7a:4d:91:53:3e:48:bb:88:bc:e9:89: 0d:88:3f:90:e8:43:26:10:ae:47:f0:5b:61:40:37:9c:70:4e: 6f:d1:9d:40:a4:7d:15:03:33:dd:09:83:26:78:ed:1a:08:f7: 04:d0:b3:8a:62:35:2d:f9:b1:51:2a:c5:e1:51:6a:43:ee:7d: 40:3b:a5:50:55:1c:4b:fd:71:6d:95:d3:fd:92:c5:ac:64:d0: f5:a5:20:cc:8e:a3:b5:3e:f4:bf:73:a8:26:4c:cc:89:a7:e8: ad:fd:18:07:b9:96:89:67:e2:5e:e7:ac:ec:37:2c:d9:5d:ec: 73:56:98:bd:d9:98:cc:30:b3:ed:66:0a:da:1e:27:4a:b5:13: 88:d7:8b:1c:5f:40:da:4b:5c:1e:49:27:bd:cb:3f:a6:25:36: d9:4c:2d:62:c8:fa:74:b7:2e:b2:70:17:5e:06:50:a6:5f:2b: 4e:80:50:90:be:4b:2e:1b:69:25:15:bf:fe:ce:09:ab:bc:59: 50:b4:a5:5f:fa:cd:4f:1d:fc:94:10:ed:46:3a:a3:7f:c9:12: 23:9f:cd:35 -----BEGIN CERTIFICATE----- MIIFhDCCBGygAwIBAgISAZtvtMmXr141m1CwVQw/PKSgMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKGU4YTg1MWRkYWU1YTY0Y2MzODgyNTM5NWJlOWE1MDdkYTk1 YWI3Y2YwHhcNMjUxMjMwMTQ0MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD EygzMjE5MTI4ZGM3NzhkYmVhNDVlZmE2NTJmY2M3Y2MyNzhhMjQyODY0MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCRh3KkKWLSIbOYgc9x4bubOlgLo o96nw7DMo3WbcGtwEMoKFZkSSDWuRd38RswOlAy6F5jwlZNVOzidRYfRFA8Qn1MT tiWRR7aE37WGVut7LIQ0EZjdX1HhmI2CppUTc47p8rVHEV1JEHYat/Peuzh4kwjv 04eDND1l/1aEi48LKUxY7U6lNKxtzHT1xGo0ZgHsB0jR+tT7EMUCZldsBEWANuWR i89VqY7CXUIbUWzp7rrjeTl5lcj5UfeItmGKCho5kyOD6BQt1EfgyAV5SgZ8KXew j8bCLI0Nm7NdAsl231WbScohweE0H2akiRhz+npFQIt/WZROGwnZeqiNrwIDAQAB o4ICkDCCAowwHQYDVR0OBBYEFDIZEo3HeNvqRe+mUvzHzCeKJChkMB8GA1UdIwQY MBaAFOioUd2uWmTMOIJTlb6aUH2pWrfPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEt MTEwYzg3OGRjZDI5LzEvTWhrU2pjZDQyLXBGNzZaU19NZk1KNG9rS0dRLnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC80OC8zNjM4ZDctM2VjMy00NTk1LWE2MzEtMTEwYzg3OGRjZDI5 LzEvNktoUjNhNWFaTXc0Z2xPVnZwcFFmYWxhdDg4LmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBgAQCAAEwegMEA1nQ AAMEA1nQOAMEA1nQgAMEAo3ieAMEAJPqFwMEA5PsaAMEAZPsdAMEA5PseDAMAwQC k+yUAwQAk+yaAwQEk+ywAwQCuWxQAwQCuZX8AwQCuadsAwQCua8gAwQCubRkAwQC ubZMAwQCubj0AwQDvL/gAwQE2a9QMA0EAgACMAcDBQMqAHxAMA0GCSqGSIb3DQEB CwUAA4IBAQB/Z8oKbMNaQhqJ4zaepAaO1+YeMm6QXqO/lIlrkjPKu8IvNxi8qqX0 igq0ek2RUz5Iu4i86YkNiD+Q6EMmEK5H8FthQDeccE5v0Z1ApH0VAzPdCYMmeO0a CPcE0LOKYjUt+bFRKsXhUWpD7n1AO6VQVRxL/XFtldP9ksWsZND1pSDMjqO1PvS/ c6gmTMyJp+it/RgHuZaJZ+Je56zsNyzZXexzVpi92ZjMMLPtZgraHidKtROI14sc X0DaS1weSSe9yz+mJTbZTC1iyPp0ty6ycBdeBlCmXytOgFCQvksuG2klFb/+zgmr vFlQtKVf+s1PHfyUEO1GOqN/yRIjn801 -----END CERTIFICATE-----Generated at Wed Dec 31 07:36:08 2025 by rpki-client