This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1da9e970-b050-44d0-83e9-f0e83f98a196.roa File: 1da9e970-b050-44d0-83e9-f0e83f98a196.roa (raw, json) Hash identifier: Y5YoCWqtjSep/GlpWOodlUUqVSBhMLfmOdmWhaGpJYw= Subject key identifier: 90:1E:58:C4:8D:BD:B0:82:55:B4:3B:CC:46:C1:75:03:99:9D:3D:C7 Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0 Certificate serial: 292BF8E6D0F3F25ABF144496AE45B5A312C8ECD7 Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1da9e970-b050-44d0-83e9-f0e83f98a196.roa Signing time: Tue 02 Dec 2025 01:30:17 +0000 ROA not before: Tue 02 Dec 2025 01:30:17 +0000 ROA not after: Mon 02 Mar 2026 23:59:59 +0000 asID: 14618 IP address blocks: 2001:3fc4::/36 maxlen: 48 Validation: OK Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Sun 07 Dec 2025 21:29:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 29:2b:f8:e6:d0:f3:f2:5a:bf:14:44:96:ae:45:b5:a3:12:c8:ec:d7 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0 Validity Not Before: Dec 2 01:30:17 2025 GMT Not After : Mar 2 23:59:59 2026 GMT Subject: serialNumber=ff6d925ff9e03d2ea1cb4b3dc21d9a4b7aecefd553bc33238d1f200436bc1575, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:95:c1:d4:81:f1:6b:11:be:79:8a:04:79:4e:bf: a1:eb:6e:e5:a7:af:87:04:20:fe:51:98:d5:ec:a1: f2:eb:5a:8c:4f:44:2e:d7:82:2f:7d:b6:21:98:86: 81:33:bf:0c:aa:90:53:ee:6f:d8:b4:4a:f6:82:25: 85:10:92:0f:01:17:7a:eb:a5:c3:a7:29:9a:4d:d0: ba:44:c1:ab:93:ee:0c:8e:41:eb:8b:27:0c:dc:b1: 5f:c0:07:25:d4:0e:f3:68:a5:c0:48:06:28:31:77: 85:35:da:2a:3a:e9:ab:f1:ec:89:53:35:c8:2e:62: 08:9c:8a:d6:2c:a7:65:17:fa:34:d3:2b:4a:8e:6c: e7:6b:27:ec:ad:f8:d0:bd:65:d5:60:d2:5c:9c:af: 57:1b:ca:a7:91:19:7e:1a:17:4c:bb:4e:cd:aa:3a: 19:88:75:16:06:36:a9:cd:b8:ee:4b:f9:91:3f:eb: 1d:7e:ca:dc:f6:4c:ed:47:c9:fb:3a:ed:c1:79:be: d0:74:b2:cd:b7:76:45:3a:5c:88:24:79:5a:68:3c: 48:50:c2:13:6b:25:be:ee:77:05:50:99:5f:e8:ae: 68:e5:2e:13:68:5a:4a:5e:f7:e1:6e:e9:9b:03:46: be:2c:aa:14:aa:df:0e:2b:20:9d:1c:d4:f9:ef:30: 4c:af Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 90:1E:58:C4:8D:BD:B0:82:55:B4:3B:CC:46:C1:75:03:99:9D:3D:C7 X509v3 Authority Key Identifier: keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer Subject Information Access: Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/1da9e970-b050-44d0-83e9-f0e83f98a196.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 2001:3fc4::/36 Signature Algorithm: sha256WithRSAEncryption 57:a3:7c:92:64:8b:9f:50:20:cd:6b:9d:1b:76:c3:2e:17:2a: 33:72:ce:d9:e9:bf:28:9a:3c:cf:d9:4d:4e:2e:4d:f4:24:16: 3a:13:fa:18:bf:7f:60:71:74:63:41:da:6f:e1:db:0c:18:74: fa:0f:16:d8:81:a5:04:70:3b:d1:c3:32:ca:cb:92:df:37:25: 90:d0:77:46:32:09:fd:c6:e6:49:2d:cc:86:15:23:be:14:9a: ed:34:68:ea:93:b4:cb:82:1b:62:f2:3e:2a:b2:13:5a:ca:17: ae:15:82:ad:c7:d6:29:7a:51:cd:08:82:4b:28:eb:00:38:31: ef:b6:b8:cb:ea:59:a5:4a:a7:e5:67:30:56:e3:19:ab:e5:a8: d4:82:6a:0c:1d:50:96:99:0b:f0:ea:9a:e2:7c:31:da:14:e6: f7:94:ba:25:92:cc:19:a2:2d:1f:94:58:ef:de:e2:d8:a3:49: f2:8e:4c:2b:a4:94:27:5d:da:58:c5:98:2f:be:39:6f:6a:45: 8d:ae:b3:d9:c9:94:2f:f0:c0:da:81:75:f1:0a:42:c9:8e:02: 36:46:b4:9a:c0:78:58:22:e5:9e:b9:bb:ae:c9:93:32:4e:d6: 1f:30:d7:9a:29:f7:b1:e9:48:12:08:c8:bb:67:99:ae:a4:b8: 9a:a6:d7:6a -----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIUKSv45tDz8lq/FESWrkW1oxLI7NcwDQYJKoZIhvcNAQEL BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl Nzk2NTVkMDAeFw0yNTEyMDIwMTMwMTdaFw0yNjAzMDIyMzU5NTlaMHoxSTBHBgNV BAUTQGZmNmQ5MjVmZjllMDNkMmVhMWNiNGIzZGMyMWQ5YTRiN2FlY2VmZDU1M2Jj MzMyMzhkMWYyMDA0MzZiYzE1NzUxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3 Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAJXB1IHxaxG+eYoEeU6/oetu5aevhwQg/lGY1eyh8utajE9ELteCL322IZiG gTO/DKqQU+5v2LRK9oIlhRCSDwEXeuulw6cpmk3QukTBq5PuDI5B64snDNyxX8AH JdQO82ilwEgGKDF3hTXaKjrpq/HsiVM1yC5iCJyK1iynZRf6NNMrSo5s52sn7K34 0L1l1WDSXJyvVxvKp5EZfhoXTLtOzao6GYh1FgY2qc247kv5kT/rHX7K3PZM7UfJ +zrtwXm+0HSyzbd2RTpciCR5Wmg8SFDCE2slvu53BVCZX+iuaOUuE2haSl734W7p mwNGviyqFKrfDisgnRzU+e8wTK8CAwEAAaOCAiMwggIfMB0GA1UdDgQWBBSQHljE jb2wglW0O8xGwXUDmZ09xzAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV 0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv MWRhOWU5NzAtYjA1MC00NGQwLTgzZTktZjBlODNmOThhMTk2LnJvYTCBiAYDVR0f BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1 NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8QA MA0GCSqGSIb3DQEBCwUAA4IBAQBXo3ySZIufUCDNa50bdsMuFyozcs7Z6b8omjzP 2U1OLk30JBY6E/oYv39gcXRjQdpv4dsMGHT6DxbYgaUEcDvRwzLKy5LfNyWQ0HdG Mgn9xuZJLcyGFSO+FJrtNGjqk7TLghti8j4qshNayheuFYKtx9YpelHNCIJLKOsA ODHvtrjL6lmlSqflZzBW4xmr5ajUgmoMHVCWmQvw6prifDHaFOb3lLolkswZoi0f lFjv3uLYo0nyjkwrpJQnXdpYxZgvvjlvakWNrrPZyZQv8MDagXXxCkLJjgI2RrSa wHhYIuWeubuuyZMyTtYfMNeaKfex6UgSCMi7Z5mupLiaptdq -----END CERTIFICATE-----Generated at Sun Dec 7 01:06:45 2025 by rpki-client