This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/On-fZDYhkE0t3STfnrwHHk8OLbg.roa File: On-fZDYhkE0t3STfnrwHHk8OLbg.roa (raw, json) Hash identifier: PoN/FCKn6RWFIWeJOBqUzWNAYRaUFSvltrDRTJe4ZHQ= Subject key identifier: 3A:7F:9F:64:36:21:90:4D:2D:DD:24:DF:9E:BC:07:1E:4F:0E:2D:B8 Certificate issuer: /CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5 Certificate serial: 019B7C809E94C6C7BBF254313E43D22F71E8 Authority key identifier: 4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/On-fZDYhkE0t3STfnrwHHk8OLbg.roa Signing time: Fri 02 Jan 2026 02:19:22 +0000 ROA not before: Fri 02 Jan 2026 02:19:22 +0000 ROA not after: Thu 01 Jul 2027 00:00:00 +0000 asID: 20454 IP address blocks: 84.32.46.0/23 maxlen: 23 88.216.44.0/23 maxlen: 23 88.216.134.0/23 maxlen: 23 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.mft rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Tue 20 Jan 2026 09:01:26 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:7c:80:9e:94:c6:c7:bb:f2:54:31:3e:43:d2:2f:71:e8 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=4fbd45fce356e2a65f1e4d1daf7814b6d6bda3c5 Validity Not Before: Jan 2 02:19:22 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=3a7f9f643621904d2ddd24df9ebc071e4f0e2db8 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:f8:d1:c5:ca:c6:27:9b:0f:1b:7c:c7:24:d2:ab: b0:36:07:79:9c:3a:a4:1e:11:74:97:f9:3a:24:eb: a8:8a:0b:0b:8a:c0:2b:8b:e1:98:b8:65:12:c9:1e: ab:88:5f:a6:2d:b6:46:5f:1f:9b:b2:35:f3:69:d5: cf:53:ac:0d:c3:b0:44:44:b1:1e:94:b6:18:eb:bf: f3:0a:b8:88:f9:11:30:8f:78:8b:9a:f0:3c:d9:ad: 4b:e6:33:52:70:d4:81:92:40:6a:d3:c2:d9:28:c2: 42:73:32:5d:90:92:fe:68:5b:a4:fa:19:e7:92:70: 1f:aa:08:38:6d:be:99:b6:ce:ad:92:f6:d9:ef:5d: ad:94:78:7a:c6:2b:08:05:dd:23:df:eb:eb:d0:d9: 88:4d:2c:00:cc:94:5c:01:34:44:e0:7a:b9:00:5c: b0:91:8b:c0:4a:77:86:39:3c:da:51:4e:db:a6:88: 12:5e:8b:4d:fc:91:6a:d2:06:b1:b5:cc:76:bb:83: 17:a8:e2:c1:2b:42:aa:e8:ff:5d:f3:40:7a:f3:33: af:44:b7:20:b9:21:23:ea:39:4f:ba:b8:45:a5:1e: 4f:7d:6b:de:19:da:59:db:f9:ac:a0:db:6d:8d:e5: 30:ba:44:dd:8b:b7:59:08:92:e7:3f:12:85:ea:7d: b5:4d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 3A:7F:9F:64:36:21:90:4D:2D:DD:24:DF:9E:BC:07:1E:4F:0E:2D:B8 X509v3 Authority Key Identifier: keyid:4F:BD:45:FC:E3:56:E2:A6:5F:1E:4D:1D:AF:78:14:B6:D6:BD:A3:C5 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T71F_ONW4qZfHk0dr3gUtta9o8U.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/On-fZDYhkE0t3STfnrwHHk8OLbg.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/394c93-dca3-4bc5-8c9b-23481bf091c3/1/T71F_ONW4qZfHk0dr3gUtta9o8U.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 84.32.46.0/23 88.216.44.0/23 88.216.134.0/23 Signature Algorithm: sha256WithRSAEncryption 0d:ec:9e:7c:12:82:d7:0e:27:92:84:a0:90:fc:dd:16:8e:5f: 16:69:e5:c9:0b:8e:b8:a0:0a:02:50:81:7a:e8:5f:81:fc:1a: 14:fa:1b:f3:88:02:4e:8d:99:e4:7a:43:b6:58:58:b7:99:9f: 21:59:1f:2f:c7:da:4f:c5:7b:a1:cf:cb:e2:d1:9b:ac:4b:a3: 5e:ea:c7:af:d3:01:18:62:5b:a0:74:9c:28:24:df:47:f2:1b: b6:af:7e:5a:79:c9:ff:6e:a9:00:94:73:49:71:9c:c7:26:23: 42:ab:d8:a1:d5:08:7b:22:42:bc:94:3b:ae:fa:1f:3f:db:15: 49:05:ba:c9:83:3f:73:26:8c:e2:d5:de:f5:a8:d2:df:f3:ad: a4:a3:c2:3a:65:52:51:11:88:e0:a5:4a:de:37:55:5d:68:e4: 24:08:86:1d:8d:a3:c7:f2:7b:eb:3d:a6:c6:1e:98:5a:62:50: 24:b8:2a:11:f7:9a:15:2e:29:aa:ed:7d:fe:73:d2:b0:d3:2a: 59:9a:4d:71:ac:f7:79:2a:5a:9e:e8:09:e3:be:15:d2:c2:a5: 46:8c:7a:8a:46:24:0f:4d:4b:56:b9:7f:78:a4:6f:80:b0:be: 72:8f:c8:b6:6b:b2:d1:df:07:7e:9f:e5:d9:4c:da:cb:bf:57: e2:a3:a5:72 -----BEGIN CERTIFICATE----- MIIFCTCCA/GgAwIBAgISAZt8gJ6Uxse78lQxPkPSL3HoMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDRmYmQ0NWZjZTM1NmUyYTY1ZjFlNGQxZGFmNzgxNGI2ZDZi ZGEzYzUwHhcNMjYwMTAyMDIxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD EygzYTdmOWY2NDM2MjE5MDRkMmRkZDI0ZGY5ZWJjMDcxZTRmMGUyZGI4MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+NHFysYnmw8bfMck0quwNgd5nDqk HhF0l/k6JOuoigsLisAri+GYuGUSyR6riF+mLbZGXx+bsjXzadXPU6wNw7BERLEe lLYY67/zCriI+REwj3iLmvA82a1L5jNScNSBkkBq08LZKMJCczJdkJL+aFuk+hnn knAfqgg4bb6Zts6tkvbZ712tlHh6xisIBd0j3+vr0NmITSwAzJRcATRE4Hq5AFyw kYvASneGOTzaUU7bpogSXotN/JFq0gaxtcx2u4MXqOLBK0Kq6P9d80B68zOvRLcg uSEj6jlPurhFpR5PfWveGdpZ2/msoNttjeUwukTdi7dZCJLnPxKF6n21TQIDAQAB o4ICFTCCAhEwHQYDVR0OBBYEFDp/n2Q2IZBNLd0k3568Bx5PDi24MB8GA1UdIwQY MBaAFE+9RfzjVuKmXx5NHa94FLbWvaPFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWIt MjM0ODFiZjA5MWMzLzEvT24tZlpEWWhrRTB0M1NUZm5yd0hIazhPTGJnLnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC80Yy8zOTRjOTMtZGNhMy00YmM1LThjOWItMjM0ODFiZjA5MWMz LzEvVDcxRl9PTlc0cVpmSGswZHIzZ1V0dGE5bzhVLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBVCAuAwQB WNgsAwQBWNiGMA0GCSqGSIb3DQEBCwUAA4IBAQAN7J58EoLXDieShKCQ/N0Wjl8W aeXJC464oAoCUIF66F+B/BoU+hvziAJOjZnkekO2WFi3mZ8hWR8vx9pPxXuhz8vi 0ZusS6Ne6sev0wEYYlugdJwoJN9H8hu2r35aecn/bqkAlHNJcZzHJiNCq9ih1Qh7 IkK8lDuu+h8/2xVJBbrJgz9zJozi1d71qNLf862ko8I6ZVJREYjgpUreN1VdaOQk CIYdjaPH8nvrPabGHphaYlAkuCoR95oVLimq7X3+c9Kw0ypZmk1xrPd5Klqe6Anj vhXSwqVGjHqKRiQPTUtWuX94pG+AsL5yj8i2a7LR3wd+n+XZTNrLv1fio6Vy -----END CERTIFICATE-----Generated at Mon Jan 19 13:54:14 2026 by rpki-client