This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/IzKLl8rsyApu-A00RSExE5h1TOI.roa File: IzKLl8rsyApu-A00RSExE5h1TOI.roa (raw, json) Hash identifier: qDnHohfWZ5jnRSQUPq/XpCYzaTr2MjT2NSY5X2wK03Q= Subject key identifier: 23:32:8B:97:CA:EC:C8:0A:6E:F8:0D:34:45:21:31:13:98:75:4C:E2 Certificate issuer: /CN=08bf59899b7aca30a3c7d5db93b212d98709c89b Certificate serial: 019B7EA6BAB25EF7644275951CD2C6547BDD Authority key identifier: 08:BF:59:89:9B:7A:CA:30:A3:C7:D5:DB:93:B2:12:D9:87:09:C8:9B Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/IzKLl8rsyApu-A00RSExE5h1TOI.roa Signing time: Fri 02 Jan 2026 12:20:14 +0000 ROA not before: Fri 02 Jan 2026 12:20:14 +0000 ROA not after: Thu 01 Jul 2027 00:00:00 +0000 asID: 58308 IP address blocks: 91.109.120.0/21 maxlen: 21 185.144.152.0/22 maxlen: 22 2a01:66c0::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.crl rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.mft rsync://rpki.ripe.net/repository/DEFAULT/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 02 Feb 2026 21:00:30 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:7e:a6:ba:b2:5e:f7:64:42:75:95:1c:d2:c6:54:7b:dd Signature Algorithm: sha256WithRSAEncryption Issuer: CN=08bf59899b7aca30a3c7d5db93b212d98709c89b Validity Not Before: Jan 2 12:20:14 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=23328b97caecc80a6ef80d344521311398754ce2 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b5:c1:71:e6:7d:25:a5:c4:63:8d:b2:a2:dd:ce: 3a:e5:82:11:70:c6:b3:a8:e0:4e:8c:b7:7a:1a:96: 6b:28:8a:61:ea:d7:c4:e1:59:96:ee:22:00:77:70: 12:09:46:81:ca:30:27:62:a3:43:5b:e4:af:12:4f: 55:b4:d6:d6:37:f3:17:ef:0e:49:f4:75:af:36:68: 4f:e9:42:99:49:8b:8e:71:42:73:58:a5:2f:bf:5a: 76:b8:18:0e:a1:80:a3:94:80:da:d4:33:93:bb:4c: 0c:71:c9:fd:61:dc:bf:88:fd:71:90:09:69:f3:97: 25:37:36:a5:fa:4d:75:6c:e7:89:cf:53:c4:1c:cb: d5:2a:2d:9f:2b:10:2e:3e:60:fa:81:fa:59:96:bd: 25:c7:d3:50:8e:fc:9e:47:f5:9c:8d:e3:a5:51:81: be:8f:ec:6e:4c:2b:ab:40:3c:44:5d:e0:4c:33:bd: da:42:d5:8c:91:30:ca:b7:5d:81:4b:c7:41:80:9d: 9a:76:8c:d7:2e:4f:ab:f0:d6:8b:df:5f:79:f1:19: a5:c1:fe:03:d7:7e:fd:c2:b4:59:0e:64:d4:f3:a7: e4:1d:6d:c5:da:48:81:05:fc:68:65:e3:1b:fd:55: d6:7c:53:d1:65:09:c9:c1:86:11:de:bf:56:7e:33: 40:cd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 23:32:8B:97:CA:EC:C8:0A:6E:F8:0D:34:45:21:31:13:98:75:4C:E2 X509v3 Authority Key Identifier: keyid:08:BF:59:89:9B:7A:CA:30:A3:C7:D5:DB:93:B2:12:D9:87:09:C8:9B X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/IzKLl8rsyApu-A00RSExE5h1TOI.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/98/ce1677-d927-44c6-a909-3b2b51a5e3da/1/CL9ZiZt6yjCjx9Xbk7IS2YcJyJs.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 91.109.120.0/21 185.144.152.0/22 IPv6: 2a01:66c0::/32 Signature Algorithm: sha256WithRSAEncryption 0c:4c:da:c7:10:d9:91:0c:d4:76:ae:2e:64:12:68:aa:ba:20: db:b6:55:bc:f6:78:a8:22:0a:dc:1a:2d:56:ae:05:ae:d8:4c: 76:ad:4b:6b:a5:7d:9a:f2:f7:34:6f:af:51:94:47:9a:a5:0c: e5:d6:e9:a7:da:42:59:90:14:3f:d2:af:17:48:83:c7:fc:2c: 19:be:39:c7:84:5e:ef:d8:27:f6:4e:9c:ef:f3:8b:1a:47:33: 71:85:ef:52:1f:34:98:75:75:45:3b:78:05:98:d5:8b:34:2c: 2f:65:7d:1f:ca:56:02:b9:6a:a4:59:b0:8e:ae:48:0b:15:47: 96:5f:e8:29:79:f7:77:8c:c4:9b:45:f2:a8:ec:9a:f5:85:59: ff:1d:05:25:c6:91:35:31:0b:4f:8d:ee:ba:72:f4:e3:fa:18: ca:e3:84:fb:3d:a9:9e:7a:f4:9f:76:e7:a1:fe:9c:dc:8b:f9: c7:e6:a3:e6:db:ce:4b:9e:85:44:39:52:1e:63:55:42:d1:59: 5c:db:c2:6e:06:5a:20:c4:de:e5:93:f2:22:55:4b:08:10:62: a6:ff:e3:ff:e7:6b:d4:11:85:8a:1a:fd:4e:97:1c:24:a8:21: 30:c2:3e:97:03:45:2d:c3:17:df:07:a7:14:f2:57:70:a7:99: 07:93:74:c8 -----BEGIN CERTIFICATE----- MIIFEjCCA/qgAwIBAgISAZt+prqyXvdkQnWVHNLGVHvdMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDA4YmY1OTg5OWI3YWNhMzBhM2M3ZDVkYjkzYjIxMmQ5ODcw OWM4OWIwHhcNMjYwMTAyMTIyMDE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD EygyMzMyOGI5N2NhZWNjODBhNmVmODBkMzQ0NTIxMzExMzk4NzU0Y2UyMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcFx5n0lpcRjjbKi3c465YIRcMaz qOBOjLd6GpZrKIph6tfE4VmW7iIAd3ASCUaByjAnYqNDW+SvEk9VtNbWN/MX7w5J 9HWvNmhP6UKZSYuOcUJzWKUvv1p2uBgOoYCjlIDa1DOTu0wMccn9Ydy/iP1xkAlp 85clNzal+k11bOeJz1PEHMvVKi2fKxAuPmD6gfpZlr0lx9NQjvyeR/WcjeOlUYG+ j+xuTCurQDxEXeBMM73aQtWMkTDKt12BS8dBgJ2adozXLk+r8NaL31958Rmlwf4D 1379wrRZDmTU86fkHW3F2kiBBfxoZeMb/VXWfFPRZQnJwYYR3r9WfjNAzQIDAQAB o4ICHjCCAhowHQYDVR0OBBYEFCMyi5fK7MgKbvgNNEUhMROYdUziMB8GA1UdIwQY MBaAFAi/WYmbesowo8fV25OyEtmHCcibMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvQ0w5WmladDZ5akNqeDlYYms3SVMyWWNKeUpzLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC9jZTE2NzctZDkyNy00NGM2LWE5MDkt M2IyYjUxYTVlM2RhLzEvSXpLTGw4cnN5QXB1LUEwMFJTRXhFNWgxVE9JLnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC85OC9jZTE2NzctZDkyNy00NGM2LWE5MDktM2IyYjUxYTVlM2Rh LzEvQ0w5WmladDZ5akNqeDlYYms3SVMyWWNKeUpzLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDW214AwQC uZCYMA0EAgACMAcDBQAqAWbAMA0GCSqGSIb3DQEBCwUAA4IBAQAMTNrHENmRDNR2 ri5kEmiquiDbtlW89nioIgrcGi1WrgWu2Ex2rUtrpX2a8vc0b69RlEeapQzl1umn 2kJZkBQ/0q8XSIPH/CwZvjnHhF7v2Cf2Tpzv84saRzNxhe9SHzSYdXVFO3gFmNWL NCwvZX0fylYCuWqkWbCOrkgLFUeWX+gpefd3jMSbRfKo7Jr1hVn/HQUlxpE1MQtP je66cvTj+hjK44T7PameevSfdueh/pzci/nH5qPm285LnoVEOVIeY1VC0Vlc28Ju BlogxN7lk/IiVUsIEGKm/+P/52vUEYWKGv1OlxwkqCEwwj6XA0UtwxffB6cU8ldw p5kHk3TI -----END CERTIFICATE-----Generated at Mon Feb 2 08:05:06 2026 by rpki-client