This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/kZx2IxBD5HOKLTGnyUCslhrff3s.roa File: kZx2IxBD5HOKLTGnyUCslhrff3s.roa (raw, json) Hash identifier: Vt6Cc39kOpNIWweAmZd5zbwANosQpiB4xiB1jbdvahg= Subject key identifier: 91:9C:76:23:10:43:E4:73:8A:2D:31:A7:C9:40:AC:96:1A:DF:7F:7B Certificate issuer: /CN=9a1e69368abd34538fe77ddaabcdc835af595eba Certificate serial: 019B7AC78A48B5D69BE954988C080DEBA026 Authority key identifier: 9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/kZx2IxBD5HOKLTGnyUCslhrff3s.roa Signing time: Thu 01 Jan 2026 18:17:35 +0000 ROA not before: Thu 01 Jan 2026 18:17:35 +0000 ROA not after: Thu 01 Jul 2027 00:00:00 +0000 asID: 34918 IP address blocks: 5.202.0.0/20 maxlen: 20 5.202.0.0/24 maxlen: 24 5.202.1.0/24 maxlen: 24 5.202.2.0/24 maxlen: 24 5.202.3.0/24 maxlen: 24 5.202.4.0/24 maxlen: 24 5.202.5.0/24 maxlen: 24 5.202.6.0/24 maxlen: 24 5.202.7.0/24 maxlen: 24 5.202.8.0/24 maxlen: 24 5.202.9.0/24 maxlen: 24 5.202.10.0/24 maxlen: 24 5.202.11.0/24 maxlen: 24 5.202.12.0/24 maxlen: 24 5.202.13.0/24 maxlen: 24 5.202.14.0/24 maxlen: 24 5.202.15.0/24 maxlen: 24 85.9.96.0/20 maxlen: 20 85.9.96.0/21 maxlen: 21 85.9.96.0/22 maxlen: 22 85.9.100.0/22 maxlen: 22 85.9.104.0/21 maxlen: 21 85.9.105.0/24 maxlen: 24 85.9.106.0/24 maxlen: 24 85.9.107.0/24 maxlen: 24 85.9.108.0/24 maxlen: 24 85.9.109.0/24 maxlen: 24 85.9.110.0/24 maxlen: 24 85.9.111.0/24 maxlen: 24 85.9.112.0/22 maxlen: 22 85.9.112.0/24 maxlen: 24 85.9.113.0/24 maxlen: 24 85.9.114.0/24 maxlen: 24 85.9.115.0/24 maxlen: 24 85.9.120.0/21 maxlen: 21 85.9.120.0/22 maxlen: 22 85.9.124.0/22 maxlen: 22 185.126.0.0/20 maxlen: 20 185.126.0.0/21 maxlen: 21 185.126.0.0/22 maxlen: 22 185.126.0.0/24 maxlen: 24 185.126.1.0/24 maxlen: 24 185.126.2.0/24 maxlen: 24 185.126.3.0/24 maxlen: 24 185.126.4.0/24 maxlen: 24 185.126.5.0/24 maxlen: 24 185.126.6.0/24 maxlen: 24 185.126.7.0/24 maxlen: 24 185.126.8.0/21 maxlen: 21 185.126.8.0/24 maxlen: 24 185.126.9.0/24 maxlen: 24 185.126.10.0/24 maxlen: 24 185.126.11.0/24 maxlen: 24 185.126.12.0/24 maxlen: 24 185.126.13.0/24 maxlen: 24 185.126.14.0/24 maxlen: 24 185.126.15.0/24 maxlen: 24 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.mft rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 12 Jan 2026 18:00:54 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:7a:c7:8a:48:b5:d6:9b:e9:54:98:8c:08:0d:eb:a0:26 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=9a1e69368abd34538fe77ddaabcdc835af595eba Validity Not Before: Jan 1 18:17:35 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=919c76231043e4738a2d31a7c940ac961adf7f7b Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:e5:1e:b3:dc:a9:10:ea:41:7b:08:a6:72:ce:e7: bc:54:db:4f:d2:f7:52:34:c0:93:6a:99:51:7d:8f: ff:1d:63:a8:0e:6b:44:2a:a5:77:6a:18:e9:e5:39: c9:f6:e7:00:cb:65:f9:8f:9f:ad:03:53:2c:41:96: ab:18:ca:63:de:ce:b2:53:09:8b:13:30:b8:7c:ec: bc:90:ab:19:61:37:a2:04:98:cc:64:91:3f:1a:3c: 36:40:97:97:71:8b:98:53:ef:7c:d6:36:3b:f5:30: 92:63:59:21:3b:e2:b5:23:61:da:8d:21:a0:df:17: 2f:1a:28:03:d9:1b:f3:b9:11:50:a1:4b:82:4f:bd: 26:96:7c:3f:9a:4e:97:6c:31:5b:b7:d5:4f:7b:e9: 9b:fa:89:0f:df:ef:8a:a3:8a:2f:6d:54:2f:a2:b3: 48:ae:dd:62:a2:09:a8:ad:bb:4e:02:40:27:1a:f9: 90:d1:b5:dd:48:e5:9e:73:78:b2:3f:cd:d5:b1:b8: ef:25:75:85:4b:7d:2b:6c:8e:53:9e:6e:9a:05:92: 89:53:af:a2:8c:6e:a3:55:d3:83:2e:fe:d6:7a:48: 73:2b:cf:da:9b:2f:e7:a2:04:d3:1e:5b:01:59:71: c0:6c:fd:4b:cc:10:d3:81:64:03:3f:10:84:40:74: d6:db Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 91:9C:76:23:10:43:E4:73:8A:2D:31:A7:C9:40:AC:96:1A:DF:7F:7B X509v3 Authority Key Identifier: keyid:9A:1E:69:36:8A:BD:34:53:8F:E7:7D:DA:AB:CD:C8:35:AF:59:5E:BA X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mh5pNoq9NFOP533aq83INa9ZXro.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/kZx2IxBD5HOKLTGnyUCslhrff3s.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/db/7886f4-5fcc-4d44-bd62-10982e040d53/1/mh5pNoq9NFOP533aq83INa9ZXro.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 5.202.0.0/20 85.9.96.0-85.9.115.255 85.9.120.0/21 185.126.0.0/20 Signature Algorithm: sha256WithRSAEncryption 4e:20:93:0f:3b:5b:3b:b5:ea:aa:0f:e6:66:75:68:b8:b9:bf: 3a:df:c8:c5:ee:82:c7:82:90:df:28:61:e6:8d:f8:93:3f:3c: e6:54:ea:68:de:74:34:f1:8c:f9:98:6c:6f:2a:69:07:52:e7: 27:c7:1a:43:0a:16:ae:12:d4:19:d8:b8:a2:5d:33:66:36:eb: 6f:4a:a4:6b:2e:47:dc:72:8b:96:40:a8:fc:b9:37:d1:08:84: 78:a2:69:7b:64:e5:5b:42:a6:54:91:f7:63:2e:10:69:d9:b9: a1:94:90:d1:8a:d3:c2:53:93:2a:67:ba:13:58:6e:8f:5b:2b: be:74:60:61:32:0b:7c:7b:8c:66:f3:7a:9f:f9:d4:02:6d:ab: 22:1d:5a:51:2c:de:02:4b:c8:d3:d3:58:28:2d:45:0b:91:6f: c0:9d:c2:12:c8:58:53:4e:a1:6e:a4:c4:8a:db:11:31:21:9e: 4c:29:64:31:de:9b:97:25:95:6b:a0:1e:ab:65:08:7b:b3:6c: f1:66:db:10:b9:d4:58:5a:8e:a2:b3:d8:96:60:7b:29:73:f7: 39:d2:61:68:f1:0a:b7:5d:d8:fd:90:93:b1:89:0f:a9:e8:82: c4:b9:57:37:e7:ec:86:4f:2b:54:19:29:fe:f7:86:28:69:a8: cd:30:7f:76 -----BEGIN CERTIFICATE----- MIIFFzCCA/+gAwIBAgISAZt6x4pItdab6VSYjAgN66AmMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDlhMWU2OTM2OGFiZDM0NTM4ZmU3N2RkYWFiY2RjODM1YWY1 OTVlYmEwHhcNMjYwMTAxMTgxNzM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD Eyg5MTljNzYyMzEwNDNlNDczOGEyZDMxYTdjOTQwYWM5NjFhZGY3ZjdiMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5R6z3KkQ6kF7CKZyzue8VNtP0vdS NMCTaplRfY//HWOoDmtEKqV3ahjp5TnJ9ucAy2X5j5+tA1MsQZarGMpj3s6yUwmL EzC4fOy8kKsZYTeiBJjMZJE/Gjw2QJeXcYuYU+981jY79TCSY1khO+K1I2HajSGg 3xcvGigD2RvzuRFQoUuCT70mlnw/mk6XbDFbt9VPe+mb+okP3++Ko4ovbVQvorNI rt1iogmorbtOAkAnGvmQ0bXdSOWec3iyP83VsbjvJXWFS30rbI5Tnm6aBZKJU6+i jG6jVdODLv7WekhzK8/amy/nogTTHlsBWXHAbP1LzBDTgWQDPxCEQHTW2wIDAQAB o4ICIzCCAh8wHQYDVR0OBBYEFJGcdiMQQ+Rzii0xp8lArJYa3397MB8GA1UdIwQY MBaAFJoeaTaKvTRTj+d92qvNyDWvWV66MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjIt MTA5ODJlMDQwZDUzLzEva1p4Mkl4QkQ1SE9LTFRHbnlVQ3NsaHJmZjNzLnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC9kYi83ODg2ZjQtNWZjYy00ZDQ0LWJkNjItMTA5ODJlMDQwZDUz LzEvbWg1cE5vcTlORk9QNTMzYXE4M0lOYTlaWHJvLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQEBcoAMAwD BAVVCWADBAJVCXADBANVCXgDBAS5fgAwDQYJKoZIhvcNAQELBQADggEBAE4gkw87 Wzu16qoP5mZ1aLi5vzrfyMXugseCkN8oYeaN+JM/POZU6mjedDTxjPmYbG8qaQdS 5yfHGkMKFq4S1BnYuKJdM2Y2629KpGsuR9xyi5ZAqPy5N9EIhHiiaXtk5VtCplSR 92MuEGnZuaGUkNGK08JTkypnuhNYbo9bK750YGEyC3x7jGbzep/51AJtqyIdWlEs 3gJLyNPTWCgtRQuRb8CdwhLIWFNOoW6kxIrbETEhnkwpZDHem5cllWugHqtlCHuz bPFm2xC51FhajqKz2JZgeylz9znSYWjxCrdd2P2Qk7GJD6nogsS5Vzfn7IZPK1QZ Kf73hihpqM0wf3Y= -----END CERTIFICATE-----Generated at Sun Jan 11 23:53:44 2026 by rpki-client