This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/heZWa-nDsLNKBdqbBZekXp42CiA.roa File: heZWa-nDsLNKBdqbBZekXp42CiA.roa (raw, json) Hash identifier: 7kvYHqKErqAELMX67JsP/VdRc65Dz7AjJssOIVr2+RM= Subject key identifier: 85:E6:56:6B:E9:C3:B0:B3:4A:05:DA:9B:05:97:A4:5E:9E:36:0A:20 Certificate issuer: /CN=aca66a5938af567a9e29b4f76f115607c2b8aa20 Certificate serial: 019C05BA700E35531FBD1D5AF962CD35C811 Authority key identifier: AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/heZWa-nDsLNKBdqbBZekXp42CiA.roa Signing time: Wed 28 Jan 2026 17:50:30 +0000 ROA not before: Wed 28 Jan 2026 17:50:30 +0000 ROA not after: Thu 01 Jul 2027 00:00:00 +0000 asID: 22616 IP address blocks: 147.161.128.0/23 maxlen: 24 159.254.58.0/23 maxlen: 24 159.254.60.0/23 maxlen: 24 159.254.64.0/23 maxlen: 24 159.254.66.0/23 maxlen: 24 159.254.69.0/24 maxlen: 24 159.254.84.0/24 maxlen: 24 159.254.85.0/24 maxlen: 24 159.254.86.0/24 maxlen: 24 159.254.92.0/24 maxlen: 24 159.254.93.0/24 maxlen: 24 159.254.94.0/24 maxlen: 24 159.254.95.0/24 maxlen: 24 159.254.96.0/24 maxlen: 24 159.254.97.0/24 maxlen: 24 159.254.99.0/24 maxlen: 24 159.254.100.0/24 maxlen: 24 159.254.182.0/23 maxlen: 24 159.254.184.0/23 maxlen: 24 159.254.202.0/24 maxlen: 24 159.254.209.0/24 maxlen: 24 159.254.217.0/24 maxlen: 24 164.137.4.0/24 maxlen: 24 164.137.5.0/24 maxlen: 24 164.137.6.0/24 maxlen: 24 164.137.7.0/24 maxlen: 24 164.137.8.0/24 maxlen: 24 164.137.9.0/24 maxlen: 24 164.137.10.0/24 maxlen: 24 164.137.11.0/24 maxlen: 24 164.137.12.0/24 maxlen: 24 164.137.13.0/24 maxlen: 24 164.137.14.0/24 maxlen: 24 164.137.15.0/24 maxlen: 24 164.137.16.0/24 maxlen: 24 164.137.17.0/24 maxlen: 24 164.137.18.0/24 maxlen: 24 164.137.19.0/24 maxlen: 24 164.137.20.0/24 maxlen: 24 164.137.21.0/24 maxlen: 24 164.137.22.0/24 maxlen: 24 164.137.23.0/24 maxlen: 24 164.137.24.0/24 maxlen: 24 164.137.25.0/24 maxlen: 24 164.137.26.0/24 maxlen: 24 164.137.27.0/24 maxlen: 24 164.137.28.0/24 maxlen: 24 164.137.29.0/24 maxlen: 24 164.137.30.0/24 maxlen: 24 164.137.31.0/24 maxlen: 24 164.137.32.0/24 maxlen: 24 164.137.33.0/24 maxlen: 24 164.137.34.0/24 maxlen: 24 164.137.35.0/24 maxlen: 24 164.137.36.0/24 maxlen: 24 164.137.37.0/24 maxlen: 24 164.137.38.0/24 maxlen: 24 164.137.39.0/24 maxlen: 24 164.137.40.0/24 maxlen: 24 164.137.41.0/24 maxlen: 24 164.137.42.0/24 maxlen: 24 164.137.43.0/24 maxlen: 24 164.137.44.0/24 maxlen: 24 164.137.45.0/24 maxlen: 24 164.137.46.0/24 maxlen: 24 164.137.47.0/24 maxlen: 24 164.137.48.0/24 maxlen: 24 164.137.49.0/24 maxlen: 24 164.137.50.0/24 maxlen: 24 164.137.51.0/24 maxlen: 24 164.137.52.0/24 maxlen: 24 164.137.53.0/24 maxlen: 24 2a03:eec0:3212::/48 maxlen: 48 2a03:eec0:321b::/48 maxlen: 48 2a03:eec0:322b::/48 maxlen: 48 2a03:eec0:322c::/48 maxlen: 48 2a03:eec0:322d::/48 maxlen: 48 2a03:eec0:322e::/48 maxlen: 48 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.mft rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 02 Feb 2026 19:01:25 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9c:05:ba:70:0e:35:53:1f:bd:1d:5a:f9:62:cd:35:c8:11 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=aca66a5938af567a9e29b4f76f115607c2b8aa20 Validity Not Before: Jan 28 17:50:30 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=85e6566be9c3b0b34a05da9b0597a45e9e360a20 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ee:a0:3b:6f:59:64:bd:0b:5b:c8:e1:2b:52:8f: 37:c5:40:6f:15:fc:8c:c0:80:1f:17:70:00:b9:e8: 63:a9:24:4f:eb:8d:53:d2:45:ce:f0:74:bc:fe:3f: 58:23:c2:0f:77:72:eb:ed:73:3b:2b:fc:d4:08:b8: 08:d4:12:41:13:29:85:28:64:be:90:f9:4b:24:0d: 3e:a3:2a:03:9a:9b:51:47:4c:b0:3a:d0:11:4a:61: ef:86:a1:bf:ee:b9:09:39:69:0c:6d:54:b1:e7:01: e8:25:cb:ea:2f:dd:57:0f:3e:2e:c8:4b:b9:2a:8f: 3d:e8:02:89:33:2d:2e:3c:93:93:5f:6f:e4:0f:c6: b0:66:d9:ef:59:68:b4:33:b9:b1:11:63:26:9d:75: 2c:9a:4f:18:68:3a:2f:db:7d:c7:e6:31:8b:62:1d: a8:5b:82:77:db:4f:64:7a:69:ce:55:cd:e9:b6:e8: ff:9c:0f:73:b0:dc:3a:09:04:92:c9:59:dd:a9:ba: a1:a3:34:bf:10:21:cd:51:6b:d1:ac:30:11:2a:af: 65:40:08:00:7a:c5:6d:a0:e8:fa:e3:c5:46:da:a1: 98:d3:69:12:2f:46:6f:bb:55:05:d6:93:0a:ee:6e: f6:16:fb:67:6a:34:60:e4:7f:8d:f2:2e:25:3a:52: 92:a1 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 85:E6:56:6B:E9:C3:B0:B3:4A:05:DA:9B:05:97:A4:5E:9E:36:0A:20 X509v3 Authority Key Identifier: keyid:AC:A6:6A:59:38:AF:56:7A:9E:29:B4:F7:6F:11:56:07:C2:B8:AA:20 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKZqWTivVnqeKbT3bxFWB8K4qiA.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/heZWa-nDsLNKBdqbBZekXp42CiA.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/15089b-18d7-4ff0-9d28-b9b65402b928/1/rKZqWTivVnqeKbT3bxFWB8K4qiA.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 147.161.128.0/23 159.254.58.0-159.254.61.255 159.254.64.0/22 159.254.69.0/24 159.254.84.0-159.254.86.255 159.254.92.0-159.254.97.255 159.254.99.0-159.254.100.255 159.254.182.0-159.254.185.255 159.254.202.0/24 159.254.209.0/24 159.254.217.0/24 164.137.4.0-164.137.53.255 IPv6: 2a03:eec0:3212::/48 2a03:eec0:321b::/48 2a03:eec0:322b::-2a03:eec0:322e:ffff:ffff:ffff:ffff:ffff Signature Algorithm: sha256WithRSAEncryption 29:25:89:83:0c:3d:0b:a6:4c:8d:7f:8d:0e:1c:d0:9f:2c:3b: 8a:91:ef:fd:e3:30:2a:cb:8a:a8:7a:91:93:64:49:9a:13:ce: 73:8f:f1:6a:7f:13:f1:6b:9c:07:c5:da:1b:5f:4e:dd:4c:fe: d0:b7:87:46:c4:45:a7:4b:9b:d2:b7:55:cc:9d:33:bd:bc:9a: fd:ed:29:31:4a:7a:fd:9a:b8:ae:5a:65:6d:ac:a8:01:18:cc: c9:71:36:fb:87:8a:d8:d3:e9:ec:90:cf:bb:2c:dd:3a:b7:c1: e3:d2:3c:a3:22:71:f5:1a:05:8e:af:28:3d:06:e2:60:3e:45: 77:80:d7:cc:df:c8:2f:3c:9d:86:8f:ec:fe:1a:c0:14:f2:b7: 6d:a5:37:66:8d:35:8f:a3:e2:02:de:18:3b:7c:55:4b:36:fd: 8d:7e:27:34:b3:1d:01:e4:9f:e1:bc:86:9c:ee:69:72:48:96: 26:6e:ff:c1:d8:37:0d:c4:0f:4c:cb:80:4d:43:14:47:c5:88: 97:ee:ee:04:ce:e8:93:1e:d3:e9:9b:dd:08:a9:e4:0f:4c:86: 83:9d:6e:fc:44:c6:4e:33:29:12:34:5b:37:86:07:55:47:8a: 84:86:3e:8d:f3:0b:83:e4:76:67:06:ba:1a:e5:16:56:c2:8e: 83:54:0d:5d -----BEGIN CERTIFICATE----- MIIFoDCCBIigAwIBAgISAZwFunAONVMfvR1a+WLNNcgRMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKGFjYTY2YTU5MzhhZjU2N2E5ZTI5YjRmNzZmMTE1NjA3YzJi OGFhMjAwHhcNMjYwMTI4MTc1MDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD Eyg4NWU2NTY2YmU5YzNiMGIzNGEwNWRhOWIwNTk3YTQ1ZTllMzYwYTIwMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7qA7b1lkvQtbyOErUo83xUBvFfyM wIAfF3AAuehjqSRP641T0kXO8HS8/j9YI8IPd3Lr7XM7K/zUCLgI1BJBEymFKGS+ kPlLJA0+oyoDmptRR0ywOtARSmHvhqG/7rkJOWkMbVSx5wHoJcvqL91XDz4uyEu5 Ko896AKJMy0uPJOTX2/kD8awZtnvWWi0M7mxEWMmnXUsmk8YaDov233H5jGLYh2o W4J3209kemnOVc3ptuj/nA9zsNw6CQSSyVndqbqhozS/ECHNUWvRrDARKq9lQAgA esVtoOj648VG2qGY02kSL0Zvu1UF1pMK7m72FvtnajRg5H+N8i4lOlKSoQIDAQAB o4ICrDCCAqgwHQYDVR0OBBYEFIXmVmvpw7CzSgXamwWXpF6eNgogMB8GA1UdIwQY MBaAFKymalk4r1Z6nim0928RVgfCuKogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgt YjliNjU0MDJiOTI4LzEvaGVaV2EtbkRzTE5LQmRxYkJaZWtYcDQyQ2lBLnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC8yZi8xNTA4OWItMThkNy00ZmYwLTlkMjgtYjliNjU0MDJiOTI4 LzEvcktacVdUaXZWbnFlS2JUM2J4RldCOEs0cWlBLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjB+BAIAATB4AwQBk6GA MAwDBAGf/joDBAGf/jwDBAKf/kADBACf/kUwDAMEAp/+VAMEAJ/+VjAMAwQCn/5c AwQBn/5gMAwDBACf/mMDBACf/mQwDAMEAZ/+tgMEAZ/+uAMEAJ/+ygMEAJ/+0QME AJ/+2TAMAwQCpIkEAwQBpIk0MCwEAgACMCYDBwAqA+7AMhIDBwAqA+7AMhswEgMH ACoD7sAyKwMHACoD7sAyLjANBgkqhkiG9w0BAQsFAAOCAQEAKSWJgww9C6ZMjX+N DhzQnyw7ipHv/eMwKsuKqHqRk2RJmhPOc4/xan8T8WucB8XaG19O3Uz+0LeHRsRF p0ub0rdVzJ0zvbya/e0pMUp6/Zq4rlplbayoARjMyXE2+4eK2NPp7JDPuyzdOrfB 49I8oyJx9RoFjq8oPQbiYD5Fd4DXzN/ILzydho/s/hrAFPK3baU3Zo01j6PiAt4Y O3xVSzb9jX4nNLMdAeSf4byGnO5pckiWJm7/wdg3DcQPTMuATUMUR8WIl+7uBM7o kx7T6ZvdCKnkD0yGg51u/ETGTjMpEjRbN4YHVUeKhIY+jfMLg+R2Zwa6GuUWVsKO g1QNXQ== -----END CERTIFICATE-----Generated at Mon Feb 2 03:04:22 2026 by rpki-client