This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa File: 2a407bd1-1674-49d7-8265-4aa9aa99f947.roa (raw, json) Hash identifier: mq+ysRV7E8IWrsLfl9U8nfNPzM35ucf9elBTMyfb7HA= Subject key identifier: 4E:B6:71:4A:DC:6E:55:28:2E:5C:ED:D9:8D:56:CB:D3:EB:15:5C:22 Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0 Certificate serial: 5A3CCAF5A48A4A2341D50C4DCFDFD5E0B01CC2DE Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa Signing time: Tue 02 Dec 2025 01:30:11 +0000 ROA not before: Tue 02 Dec 2025 01:30:11 +0000 ROA not after: Mon 02 Mar 2026 23:59:59 +0000 asID: 16509 IP address blocks: 2001:3fc5:9000::/36 maxlen: 48 Validation: OK Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Sun 07 Dec 2025 05:00:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 5a:3c:ca:f5:a4:8a:4a:23:41:d5:0c:4d:cf:df:d5:e0:b0:1c:c2:de Signature Algorithm: sha256WithRSAEncryption Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0 Validity Not Before: Dec 2 01:30:11 2025 GMT Not After : Mar 2 23:59:59 2026 GMT Subject: serialNumber=495a68a3253d0fcdf5d058f27272ddeea1ec20fff2de849bfaac2c4d98752432, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a8:c3:9a:65:b3:0c:2a:08:57:e7:01:1e:bb:82: db:e5:37:3d:6e:15:62:ea:2c:13:4c:01:e5:7b:af: d4:f9:7f:19:c3:fa:bb:c4:3a:43:5b:4b:f5:0c:c5: 7c:43:13:f6:19:90:c2:53:8a:dd:1b:83:de:d7:c0: bb:77:dc:61:be:c0:46:0b:41:f0:03:47:c5:eb:58: 91:c7:7a:30:cc:ad:ac:65:ed:78:66:3e:ae:87:ef: f3:52:36:73:4e:ab:1e:48:db:6f:9d:04:39:68:31: 64:bb:f9:83:ac:d8:3d:27:62:14:f7:59:aa:68:a3: 73:15:17:12:3a:7d:e1:cc:79:81:43:04:6e:dd:b4: 42:bf:87:8d:c8:77:cf:20:71:15:f5:c1:71:a8:9e: 24:53:e8:df:0c:ed:ce:1f:32:41:f4:75:48:82:61: 88:7c:a3:c8:3b:80:d9:4e:06:3c:e4:8f:5e:12:1c: 2e:f6:c5:bb:30:4c:d6:9d:0c:20:a2:22:f7:58:6d: c8:2e:eb:d0:33:7a:25:a2:7e:af:5c:59:bb:f8:09: e2:f7:b0:35:88:1b:2a:66:01:c6:0a:6a:cc:f4:29: 5b:cc:16:3e:9c:e0:93:9a:57:af:4f:2e:70:2e:e1: 93:ae:a3:7e:4f:e0:8e:29:7e:9f:f4:df:56:cd:6c: e3:c9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 4E:B6:71:4A:DC:6E:55:28:2E:5C:ED:D9:8D:56:CB:D3:EB:15:5C:22 X509v3 Authority Key Identifier: keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer Subject Information Access: Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/2a407bd1-1674-49d7-8265-4aa9aa99f947.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 2001:3fc5:9000::/36 Signature Algorithm: sha256WithRSAEncryption 93:45:c8:d9:47:a1:57:4b:83:a9:92:fb:ac:8d:b7:fc:cb:1a: c9:90:70:4f:f9:73:6f:5d:15:67:48:1f:a9:24:08:da:fc:1b: 70:51:fe:05:d7:b9:b7:9b:e6:a4:0a:fb:d9:4e:50:09:e0:1f: d8:71:54:5c:cb:b6:8a:dd:c7:9b:71:1b:14:b1:ac:ff:24:8b: 8d:ee:8f:48:db:4c:a9:79:2c:72:78:03:af:05:77:a2:e9:a9: 14:be:d4:1e:de:f0:ae:d4:37:6f:b9:2d:a3:51:25:8f:85:98: 60:b9:d6:00:75:ce:4c:92:d1:33:c3:e6:6f:b9:eb:f9:e4:23: ca:86:d7:e0:c9:29:f2:17:85:d5:cf:6c:39:84:fb:30:4a:58: 92:33:eb:ba:8c:c2:eb:7c:a3:39:41:55:ae:05:35:1e:06:01: 80:55:15:7c:5b:e9:47:f8:dc:37:3f:35:db:ed:0e:f8:5f:43: ce:b2:af:f5:bf:d1:b7:e8:29:f1:2a:4f:a0:f6:0a:89:70:ba: 09:2c:f5:4a:22:66:88:d2:93:cf:d9:2f:bf:58:9f:c6:6c:44: fd:fa:23:c9:8f:b9:50:55:4a:16:85:2b:05:75:03:ab:ea:2d: f2:fd:c9:c0:24:ac:4c:76:db:e3:63:51:97:dd:2e:ae:76:ff: 02:9d:06:21 -----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIUWjzK9aSKSiNB1QxNz9/V4LAcwt4wDQYJKoZIhvcNAQEL BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl Nzk2NTVkMDAeFw0yNTEyMDIwMTMwMTFaFw0yNjAzMDIyMzU5NTlaMHoxSTBHBgNV BAUTQDQ5NWE2OGEzMjUzZDBmY2RmNWQwNThmMjcyNzJkZGVlYTFlYzIwZmZmMmRl ODQ5YmZhYWMyYzRkOTg3NTI0MzIxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3 Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAKjDmmWzDCoIV+cBHruC2+U3PW4VYuosE0wB5Xuv1Pl/GcP6u8Q6Q1tL9QzF fEMT9hmQwlOK3RuD3tfAu3fcYb7ARgtB8ANHxetYkcd6MMytrGXteGY+rofv81I2 c06rHkjbb50EOWgxZLv5g6zYPSdiFPdZqmijcxUXEjp94cx5gUMEbt20Qr+Hjch3 zyBxFfXBcaieJFPo3wztzh8yQfR1SIJhiHyjyDuA2U4GPOSPXhIcLvbFuzBM1p0M IKIi91htyC7r0DN6JaJ+r1xZu/gJ4vewNYgbKmYBxgpqzPQpW8wWPpzgk5pXr08u cC7hk66jfk/gjil+n/TfVs1s48kCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBROtnFK 3G5VKC5c7dmNVsvT6xVcIjAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV 0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv MmE0MDdiZDEtMTY3NC00OWQ3LTgyNjUtNGFhOWFhOTlmOTQ3LnJvYTCBiAYDVR0f BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1 NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8WQ MA0GCSqGSIb3DQEBCwUAA4IBAQCTRcjZR6FXS4Opkvusjbf8yxrJkHBP+XNvXRVn SB+pJAja/BtwUf4F17m3m+akCvvZTlAJ4B/YcVRcy7aK3cebcRsUsaz/JIuN7o9I 20ypeSxyeAOvBXei6akUvtQe3vCu1DdvuS2jUSWPhZhgudYAdc5MktEzw+Zvuev5 5CPKhtfgySnyF4XVz2w5hPswSliSM+u6jMLrfKM5QVWuBTUeBgGAVRV8W+lH+Nw3 PzXb7Q74X0POsq/1v9G36CnxKk+g9gqJcLoJLPVKImaI0pPP2S+/WJ/GbET9+iPJ j7lQVUoWhSsFdQOr6i3y/cnAJKxMdtvjY1GX3S6udv8CnQYh -----END CERTIFICATE-----Generated at Sat Dec 6 11:45:33 2025 by rpki-client