This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ZU3aFyKQK8MSJlqY-J-3GKU2Xb8.roa File: ZU3aFyKQK8MSJlqY-J-3GKU2Xb8.roa (raw, json) Hash identifier: KVhzGKTR3xkZshzMudkATVquxJObx9Z+PBT6QxRw58M= Subject key identifier: 65:4D:DA:17:22:90:2B:C3:12:26:5A:98:F8:9F:B7:18:A5:36:5D:BF Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2 Certificate serial: 019B7D5D37F5C0980D80DBD80BF2E7260B3A Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ZU3aFyKQK8MSJlqY-J-3GKU2Xb8.roa Signing time: Fri 02 Jan 2026 06:20:19 +0000 ROA not before: Fri 02 Jan 2026 06:20:19 +0000 ROA not after: Thu 01 Jul 2027 00:00:00 +0000 asID: 31122 IP address blocks: 45.89.32.0/22 maxlen: 24 45.131.248.0/22 maxlen: 24 45.146.184.0/23 maxlen: 24 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Tue 20 Jan 2026 11:01:41 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:7d:5d:37:f5:c0:98:0d:80:db:d8:0b:f2:e7:26:0b:3a Signature Algorithm: sha256WithRSAEncryption Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2 Validity Not Before: Jan 2 06:20:19 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=654dda1722902bc312265a98f89fb718a5365dbf Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:ad:b5:97:22:01:1c:0a:87:98:2d:3b:69:de:b4: 01:d8:ae:51:47:57:05:e5:d5:28:34:3c:df:a8:1a: 44:b4:af:74:b8:9f:a7:47:04:5c:b8:fd:5b:db:c0: 14:5c:9c:e9:fc:7b:8d:8c:1a:77:2b:29:0a:9e:08: 43:b3:2b:3a:ef:43:9f:70:e7:d6:dd:28:c0:6a:30: 1c:81:ac:6f:81:9f:6b:ea:5b:58:b5:64:10:d5:73: 53:11:0d:19:5e:15:2d:99:f4:ba:1b:91:01:ed:8a: 3e:05:b4:4e:a8:c4:cd:98:62:9b:e9:21:42:30:43: f7:c5:95:1a:7e:0f:90:03:3e:5f:6e:5e:e0:48:de: 92:f1:ca:9f:ed:ad:29:f7:bf:b8:2b:91:f3:03:5b: d2:16:aa:87:dd:b4:79:35:ee:8d:b1:5d:c1:e9:94: 50:ae:44:f1:82:01:1f:49:f9:0e:af:52:86:6e:aa: 2a:71:43:3b:92:41:66:b3:9b:2c:4c:49:0e:71:81: 67:72:97:6e:f2:dc:94:50:5c:3a:64:c6:d3:4b:1a: b6:ae:3e:74:fe:a7:6d:51:6a:e0:7d:bb:13:80:e5: 75:1e:d6:39:94:1d:02:1f:4b:56:7c:96:6f:28:3a: 93:c9:82:bb:fc:3d:ba:d5:5d:1f:e3:59:b3:6c:75: 14:7b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 65:4D:DA:17:22:90:2B:C3:12:26:5A:98:F8:9F:B7:18:A5:36:5D:BF X509v3 Authority Key Identifier: keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/ZU3aFyKQK8MSJlqY-J-3GKU2Xb8.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 45.89.32.0/22 45.131.248.0/22 45.146.184.0/23 Signature Algorithm: sha256WithRSAEncryption 81:12:cd:6f:99:70:39:64:ee:0c:10:76:e3:3b:c7:11:b1:33: c8:5b:ac:12:37:74:ed:fc:b9:5d:f8:b4:b0:78:df:7e:ce:81: 2f:77:8b:23:2f:03:3c:3a:04:82:d7:54:97:5c:80:da:d7:62: 00:11:02:19:6f:08:8e:5f:b5:12:78:3b:16:a8:41:9e:1a:4d: 08:04:69:2d:32:13:a7:83:2c:7d:07:a4:e8:ba:22:61:23:42: 89:37:65:52:b3:49:8d:11:0f:37:7f:fe:8b:81:2d:ac:12:7c: db:37:93:14:69:fd:08:b1:15:4a:16:31:25:a8:bc:3f:87:7c: 6e:c4:d3:92:0f:eb:0f:ab:a5:0e:08:af:b3:3f:92:87:f8:9c: 32:6f:59:33:c7:d7:a3:8c:5e:24:49:3c:0b:22:0f:ad:c4:a2: 06:d1:b9:44:0a:99:22:cc:ff:7b:f7:9e:5c:b8:8d:22:d0:0d: af:9b:68:a2:44:9e:d3:1c:a8:d6:ca:ab:e5:ba:c3:36:3a:11: eb:53:ae:d5:c4:32:a5:ff:c4:e8:05:f4:12:e4:28:58:68:f1: 54:3e:d4:64:22:aa:c0:00:77:60:75:77:3e:a7:ba:ab:d2:a5: b1:e7:3b:f5:e7:55:ab:ec:80:d1:7e:5d:7d:55:d0:8b:e9:ca: 68:26:d3:1a -----BEGIN CERTIFICATE----- MIIFCTCCA/GgAwIBAgISAZt9XTf1wJgNgNvYC/LnJgs6MA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw NWIwZTIwHhcNMjYwMTAyMDYyMDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD Eyg2NTRkZGExNzIyOTAyYmMzMTIyNjVhOThmODlmYjcxOGE1MzY1ZGJmMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbWXIgEcCoeYLTtp3rQB2K5RR1cF 5dUoNDzfqBpEtK90uJ+nRwRcuP1b28AUXJzp/HuNjBp3KykKnghDsys670OfcOfW 3SjAajAcgaxvgZ9r6ltYtWQQ1XNTEQ0ZXhUtmfS6G5EB7Yo+BbROqMTNmGKb6SFC MEP3xZUafg+QAz5fbl7gSN6S8cqf7a0p97+4K5HzA1vSFqqH3bR5Ne6NsV3B6ZRQ rkTxggEfSfkOr1KGbqoqcUM7kkFms5ssTEkOcYFncpdu8tyUUFw6ZMbTSxq2rj50 /qdtUWrgfbsTgOV1HtY5lB0CH0tWfJZvKDqTyYK7/D261V0f41mzbHUUewIDAQAB o4ICFTCCAhEwHQYDVR0OBBYEFGVN2hcikCvDEiZamPiftxilNl2/MB8GA1UdIwQY MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt MmNjZWRiOTY2YTU4LzEvWlUzYUZ5S1FLOE1TSmxxWS1KLTNHS1UyWGI4LnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4 LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLVkgAwQC LYP4AwQBLZK4MA0GCSqGSIb3DQEBCwUAA4IBAQCBEs1vmXA5ZO4MEHbjO8cRsTPI W6wSN3Tt/Lld+LSweN9+zoEvd4sjLwM8OgSC11SXXIDa12IAEQIZbwiOX7USeDsW qEGeGk0IBGktMhOngyx9B6TouiJhI0KJN2VSs0mNEQ83f/6LgS2sEnzbN5MUaf0I sRVKFjElqLw/h3xuxNOSD+sPq6UOCK+zP5KH+Jwyb1kzx9ejjF4kSTwLIg+txKIG 0blECpkizP97955cuI0i0A2vm2iiRJ7THKjWyqvlusM2OhHrU67VxDKl/8ToBfQS 5ChYaPFUPtRkIqrAAHdgdXc+p7qr0qWx5zv151Wr7IDRfl19VdCL6cpoJtMa -----END CERTIFICATE-----Generated at Mon Jan 19 19:59:21 2026 by rpki-client