This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/KDQ-cFcPwQDy3bGFF_WSaIsvNNQ.roa File: KDQ-cFcPwQDy3bGFF_WSaIsvNNQ.roa (raw, json) Hash identifier: nE15hquAwl/5m54NEuxKdixrl7Q9eNfNpFSjwL6hasY= Subject key identifier: 28:34:3E:70:57:0F:C1:00:F2:DD:B1:85:17:F5:92:68:8B:2F:34:D4 Certificate issuer: /CN=a71cc0d58b16adbbf7fa5c2fdbc3659f9c73c7ba Certificate serial: 019B77C6DE9C613091FA609C44EDB510632C Authority key identifier: A7:1C:C0:D5:8B:16:AD:BB:F7:FA:5C:2F:DB:C3:65:9F:9C:73:C7:BA Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/pxzA1YsWrbv3-lwv28Nln5xzx7o.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/KDQ-cFcPwQDy3bGFF_WSaIsvNNQ.roa Signing time: Thu 01 Jan 2026 04:18:00 +0000 ROA not before: Thu 01 Jan 2026 04:18:00 +0000 ROA not after: Thu 01 Jul 2027 00:00:00 +0000 asID: 5588 IP address blocks: 5.56.33.0/24 maxlen: 24 5.56.37.0/24 maxlen: 24 5.56.38.0/24 maxlen: 24 2a01:47c0::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/pxzA1YsWrbv3-lwv28Nln5xzx7o.crl rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/pxzA1YsWrbv3-lwv28Nln5xzx7o.mft rsync://rpki.ripe.net/repository/DEFAULT/pxzA1YsWrbv3-lwv28Nln5xzx7o.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Tue 27 Jan 2026 15:35:31 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:77:c6:de:9c:61:30:91:fa:60:9c:44:ed:b5:10:63:2c Signature Algorithm: sha256WithRSAEncryption Issuer: CN=a71cc0d58b16adbbf7fa5c2fdbc3659f9c73c7ba Validity Not Before: Jan 1 04:18:00 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=28343e70570fc100f2ddb18517f592688b2f34d4 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:9b:16:e2:8c:7a:40:b5:fc:7a:6a:72:cd:2f:c7: e0:52:77:e0:80:ec:81:e0:73:df:f0:a0:b1:76:d2: 2c:dc:b0:80:a2:8e:aa:fa:eb:22:15:ee:d4:bf:50: 2e:bb:6a:1b:28:92:7d:86:f5:46:24:8b:60:65:4d: af:cf:87:2f:09:14:eb:f4:6b:62:a7:0f:91:b0:fa: 68:34:ae:7a:12:6d:31:6c:38:6e:3c:58:eb:a3:94: c6:54:a9:75:b4:72:70:18:8e:07:36:3a:6b:c3:b9: 0d:f9:d9:73:97:82:37:bc:da:6f:54:c4:93:f2:b9: ef:bf:63:ba:1c:75:ea:4a:74:4e:0b:cc:35:58:1b: 8f:d3:45:6c:bc:f9:17:b2:eb:f0:5f:b6:79:00:29: 52:8a:b9:4e:14:64:56:9a:ab:8e:a6:51:99:7f:33: a3:56:02:a6:ab:32:8d:04:4e:6e:43:3a:f4:5c:17: 77:32:a6:3c:3f:36:20:c6:17:f1:76:72:08:45:09: 75:75:a6:d0:67:40:6d:f0:0f:ee:ac:df:a2:99:b4: 21:fa:46:a3:cc:45:e6:12:c9:09:28:95:9a:78:1e: e7:f6:9c:cc:b2:9a:39:54:72:1b:0b:cd:00:20:e8: d5:24:d3:41:58:5f:2e:c0:a5:5f:ca:26:c7:25:f9: 63:4f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 28:34:3E:70:57:0F:C1:00:F2:DD:B1:85:17:F5:92:68:8B:2F:34:D4 X509v3 Authority Key Identifier: keyid:A7:1C:C0:D5:8B:16:AD:BB:F7:FA:5C:2F:DB:C3:65:9F:9C:73:C7:BA X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pxzA1YsWrbv3-lwv28Nln5xzx7o.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/KDQ-cFcPwQDy3bGFF_WSaIsvNNQ.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/15/5f5a60-9026-4b66-baaa-de640d012065/1/pxzA1YsWrbv3-lwv28Nln5xzx7o.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 5.56.33.0/24 5.56.37.0-5.56.38.255 IPv6: 2a01:47c0::/32 Signature Algorithm: sha256WithRSAEncryption c8:17:7d:22:d1:a0:51:be:09:a5:ee:ae:6a:ab:f8:09:9b:5b: 34:05:68:df:2b:51:e4:ef:b3:c2:24:b4:2d:77:97:1c:9a:6a: 0d:e4:e5:bd:3b:ec:2a:f1:e6:48:1d:d9:e5:b5:70:dc:79:a4: e2:1e:73:6e:da:a8:96:f9:f6:9e:be:df:5f:30:14:58:34:05: a3:bf:b1:26:52:c6:9d:d5:a1:61:9e:18:fa:c2:97:38:5a:08: a9:d8:34:c6:73:a5:1d:da:5e:75:66:1a:68:e1:30:fe:74:45: e5:e8:59:29:03:e7:7e:cb:fb:ba:23:c6:37:38:b3:7d:bb:35: da:b3:45:e7:df:db:26:9a:f3:51:99:45:fc:f6:e3:e2:5a:b2: 0a:b0:83:0b:69:6d:e4:76:fc:36:c6:15:17:75:3b:9a:bc:c8: 48:c9:a6:f9:77:8a:dd:91:4a:61:21:2b:4b:d3:1e:80:5a:9f: 8d:ba:54:11:c8:e8:fb:1a:2d:fe:79:86:a9:c0:dc:01:1a:eb: a8:c0:34:4a:2c:cd:c2:be:48:40:a2:b5:db:de:cc:6d:e6:40: 60:91:15:e9:e0:6c:01:da:8d:f3:ad:fa:10:79:94:5a:3d:33: c5:16:1f:48:65:55:12:30:bb:30:15:64:ef:3a:6b:9a:94:73: 4a:98:36:69 -----BEGIN CERTIFICATE----- MIIFGjCCBAKgAwIBAgISAZt3xt6cYTCR+mCcRO21EGMsMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKGE3MWNjMGQ1OGIxNmFkYmJmN2ZhNWMyZmRiYzM2NTlmOWM3 M2M3YmEwHhcNMjYwMTAxMDQxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD EygyODM0M2U3MDU3MGZjMTAwZjJkZGIxODUxN2Y1OTI2ODhiMmYzNGQ0MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxbijHpAtfx6anLNL8fgUnfggOyB 4HPf8KCxdtIs3LCAoo6q+usiFe7Uv1Auu2obKJJ9hvVGJItgZU2vz4cvCRTr9Gti pw+RsPpoNK56Em0xbDhuPFjro5TGVKl1tHJwGI4HNjprw7kN+dlzl4I3vNpvVMST 8rnvv2O6HHXqSnROC8w1WBuP00VsvPkXsuvwX7Z5AClSirlOFGRWmquOplGZfzOj VgKmqzKNBE5uQzr0XBd3MqY8PzYgxhfxdnIIRQl1dabQZ0Bt8A/urN+imbQh+kaj zEXmEskJKJWaeB7n9pzMspo5VHIbC80AIOjVJNNBWF8uwKVfyibHJfljTwIDAQAB o4ICJjCCAiIwHQYDVR0OBBYEFCg0PnBXD8EA8t2xhRf1kmiLLzTUMB8GA1UdIwQY MBaAFKccwNWLFq279/pcL9vDZZ+cc8e6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvcHh6QTFZc1dyYnYzLWx3djI4TmxuNXh6eDdvLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS81ZjVhNjAtOTAyNi00YjY2LWJhYWEt ZGU2NDBkMDEyMDY1LzEvS0RRLWNGY1B3UUR5M2JHRkZfV1NhSXN2Tk5RLnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC8xNS81ZjVhNjAtOTAyNi00YjY2LWJhYWEtZGU2NDBkMDEyMDY1 LzEvcHh6QTFZc1dyYnYzLWx3djI4TmxuNXh6eDdvLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMDwGCCsGAQUFBwEHAQH/BC0wKzAaBAIAATAUAwQABTghMAwD BAAFOCUDBAAFOCYwDQQCAAIwBwMFACoBR8AwDQYJKoZIhvcNAQELBQADggEBAMgX fSLRoFG+CaXurmqr+AmbWzQFaN8rUeTvs8IktC13lxyaag3k5b077Crx5kgd2eW1 cNx5pOIec27aqJb59p6+318wFFg0BaO/sSZSxp3VoWGeGPrClzhaCKnYNMZzpR3a XnVmGmjhMP50ReXoWSkD537L+7ojxjc4s327NdqzReff2yaa81GZRfz24+Jasgqw gwtpbeR2/DbGFRd1O5q8yEjJpvl3it2RSmEhK0vTHoBan426VBHI6PsaLf55hqnA 3AEa66jANEoszcK+SECitdvezG3mQGCRFengbAHajfOt+hB5lFo9M8UWH0hlVRIw uzAVZO86a5qUc0qYNmk= -----END CERTIFICATE-----Generated at Mon Jan 26 18:53:51 2026 by rpki-client