This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa File: 383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa (raw, json) Hash identifier: 3Kod0I5hk4dov3UyUEd09VCQD0s9ADOqCG+OImjhnKo= Subject key identifier: 80:4F:1C:16:87:F0:8D:3B:C3:A1:94:9F:3D:7A:1A:45:E4:2B:54:B4 Certificate issuer: /CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf Certificate serial: 4A872E09814BE6B6C0783EE322E31910926CC1BB Authority key identifier: 45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa Signing time: Wed 10 Dec 2025 06:50:49 +0000 ROA not before: Wed 10 Dec 2025 06:50:49 +0000 ROA not after: Tue 10 Mar 2026 23:59:59 +0000 asID: 16509 IP address blocks: 200.224.0.0/16 maxlen: 24 Validation: OK Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.mft rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Thu 25 Dec 2025 00:00:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 4a:87:2e:09:81:4b:e6:b6:c0:78:3e:e3:22:e3:19:10:92:6c:c1:bb Signature Algorithm: sha256WithRSAEncryption Issuer: CN=453f4746354e2ad15ce7ebd8dc21f96c0e5c87cf Validity Not Before: Dec 10 06:50:49 2025 GMT Not After : Mar 10 23:59:59 2026 GMT Subject: serialNumber=005c440eb17a721dc476abad14ddd73e7964fc2b06e92b9ceda544f7eaa542fb, CN=c336411a-6651-4f13-8ef9-de681c7c9444 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a8:d4:43:70:72:bb:be:88:77:fd:50:3b:8e:9b: 4d:8f:f5:c2:8c:ef:5e:ab:0c:6b:e7:e7:04:01:16: 6d:6b:ab:2d:06:6c:5b:b3:c9:7b:95:58:be:e1:f1: 03:68:eb:db:0a:e2:3f:40:fb:5d:39:8e:e8:00:5c: 43:ca:1f:3b:83:45:9c:fc:4d:9c:8a:b4:51:29:7b: c4:68:7f:9c:d1:e2:fe:b0:a3:cd:7a:83:3f:c4:6d: 42:82:9a:4d:87:c5:7c:51:91:74:b1:36:87:a2:cc: 80:84:44:ed:f4:50:df:2b:ed:97:ad:65:05:36:d9: 9a:1e:d5:50:2c:47:59:53:6e:a7:6c:9f:ee:ac:94: a5:fe:fa:fe:b7:6b:33:c0:10:30:5b:9c:fc:94:6a: f5:7d:49:2a:2c:87:cd:fa:b9:92:57:51:77:2c:51: c8:44:22:15:52:db:a2:18:d6:76:43:5f:ca:25:c5: 64:a2:12:37:bf:8d:51:c3:86:2c:f1:a2:6d:f9:b9: f7:9c:98:ff:79:7a:41:f9:4e:ca:e1:30:f6:14:d8: ba:29:62:90:6d:79:23:ee:34:84:08:4c:fa:ed:bd: 76:a9:df:98:67:e6:7a:2a:02:2d:4e:8f:bb:56:15: 5b:51:24:07:fc:9a:9e:3f:cf:64:7d:18:62:b4:94: 0a:d5 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 80:4F:1C:16:87:F0:8D:3B:C3:A1:94:9F:3D:7A:1A:45:E4:2B:54:B4 X509v3 Authority Key Identifier: keyid:45:3F:47:46:35:4E:2A:D1:5C:E7:EB:D8:DC:21:F9:6C:0E:5C:87:CF X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT9HRjVOKtFc5-vY3CH5bA5ch88.cer Subject Information Access: Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/383c1f6d-4e0e-4e33-a2ce-f49386dcc1f1.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/967a255c-d680-42d3-9ec3-ecb3f9da088c/_lAi5THDsQdPYA9nmET6olHuVc8.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 200.224.0.0/16 Signature Algorithm: sha256WithRSAEncryption 70:6c:e7:34:46:87:f4:25:53:55:0b:ca:ef:ff:49:7e:18:28: 55:d7:98:6e:09:ac:7c:16:f9:68:58:04:84:b2:fa:b8:30:0e: eb:ee:cc:57:c3:33:d8:b6:63:7b:f6:83:6f:a3:ca:a4:3e:6c: 0c:cd:ef:bb:48:92:38:76:f3:2b:9c:0c:4a:db:b3:c1:66:4c: ff:85:0b:42:fb:c1:d8:02:0e:1f:55:93:72:ac:71:1c:cb:fe: 5e:26:01:42:79:aa:95:08:52:87:88:fe:d0:a2:7e:6e:59:ad: 85:72:b7:49:59:be:47:5d:e7:2c:4d:9e:52:8e:36:3a:a9:e8: f3:21:ec:18:47:e5:9c:6d:69:91:c6:62:f3:2c:96:c4:60:15: e9:25:7c:5a:33:ce:40:06:a3:99:9a:aa:ac:58:6c:70:04:09: 53:3e:96:67:95:86:34:35:85:bc:55:75:1a:1e:38:18:c3:04: ad:88:28:d2:29:22:16:75:e7:b9:a2:34:4c:55:dd:60:45:72: be:a3:21:4f:52:b5:37:e2:3e:36:81:34:c8:80:54:51:9f:c0: 7e:b5:2a:ce:cd:61:04:ad:24:0d:61:d3:9e:2f:86:82:de:9a: 6d:2e:c3:40:6a:a6:f4:a5:5f:b8:a8:e0:76:7e:b7:1e:ad:04: 4f:5f:90:44 -----BEGIN CERTIFICATE----- MIIFXTCCBEWgAwIBAgIUSocuCYFL5rbAeD7jIuMZEJJswbswDQYJKoZIhvcNAQEL BQAwMzExMC8GA1UEAxMoNDUzZjQ3NDYzNTRlMmFkMTVjZTdlYmQ4ZGMyMWY5NmMw ZTVjODdjZjAeFw0yNTEyMTAwNjUwNDlaFw0yNjAzMTAyMzU5NTlaMHoxSTBHBgNV BAUTQDAwNWM0NDBlYjE3YTcyMWRjNDc2YWJhZDE0ZGRkNzNlNzk2NGZjMmIwNmU5 MmI5Y2VkYTU0NGY3ZWFhNTQyZmIxLTArBgNVBAMTJGMzMzY0MTFhLTY2NTEtNGYx My04ZWY5LWRlNjgxYzdjOTQ0NDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAKjUQ3Byu76Id/1QO46bTY/1wozvXqsMa+fnBAEWbWurLQZsW7PJe5VYvuHx A2jr2wriP0D7XTmO6ABcQ8ofO4NFnPxNnIq0USl7xGh/nNHi/rCjzXqDP8RtQoKa TYfFfFGRdLE2h6LMgIRE7fRQ3yvtl61lBTbZmh7VUCxHWVNup2yf7qyUpf76/rdr M8AQMFuc/JRq9X1JKiyHzfq5kldRdyxRyEQiFVLbohjWdkNfyiXFZKISN7+NUcOG LPGibfm595yY/3l6QflOyuEw9hTYuilikG15I+40hAhM+u29dqnfmGfmeioCLU6P u1YVW1EkB/yanj/PZH0YYrSUCtUCAwEAAaOCAiAwggIcMB0GA1UdDgQWBBSATxwW h/CNO8OhlJ89ehpF5CtUtDAfBgNVHSMEGDAWgBRFP0dGNU4q0Vzn69jcIflsDlyH zzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1JUOUhSalZP S3RGYzUtdlkzQ0g1YkE1Y2g4OC5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu Y29tL3ZvbHVtZS85NjdhMjU1Yy1kNjgwLTQyZDMtOWVjMy1lY2IzZjlkYTA4OGMv MzgzYzFmNmQtNGUwZS00ZTMzLWEyY2UtZjQ5Mzg2ZGNjMWYxLnJvYTCBiAYDVR0f BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u YXdzLmNvbS92b2x1bWUvOTY3YTI1NWMtZDY4MC00MmQzLTllYzMtZWNiM2Y5ZGEw ODhjL19sQWk1VEhEc1FkUFlBOW5tRVQ2b2xIdVZjOC5jcmwwGAYDVR0gAQH/BA4w DDAKBggrBgEFBQcOAjAeBggrBgEFBQcBBwEB/wQPMA0wCwQCAAEwBQMDAMjgMA0G CSqGSIb3DQEBCwUAA4IBAQBwbOc0Rof0JVNVC8rv/0l+GChV15huCax8FvloWASE svq4MA7r7sxXwzPYtmN79oNvo8qkPmwMze+7SJI4dvMrnAxK27PBZkz/hQtC+8HY Ag4fVZNyrHEcy/5eJgFCeaqVCFKHiP7Qon5uWa2FcrdJWb5HXecsTZ5SjjY6qejz IewYR+WcbWmRxmLzLJbEYBXpJXxaM85ABqOZmqqsWGxwBAlTPpZnlYY0NYW8VXUa HjgYwwStiCjSKSIWdee5ojRMVd1gRXK+oyFPUrU34j42gTTIgFRRn8B+tSrOzWEE rSQNYdOeL4aC3pptLsNAaqb0pV+4qOB2frcerQRPX5BE -----END CERTIFICATE-----Generated at Wed Dec 24 09:06:27 2025 by rpki-client