This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa File: 5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa (raw, json) Hash identifier: 7l+P4sSwljcUkAzwrWYwDuFhBV2cfc0AjE6CLHz7IGU= Subject key identifier: 2A:35:2E:63:CB:A5:6C:09:3E:D3:13:71:BB:B0:AC:4A:BD:44:FA:6C Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0 Certificate serial: 09E35DBA652CFC4D1B4DF66353B3B2CFBB271F81 Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa Signing time: Tue 02 Dec 2025 01:40:57 +0000 ROA not before: Tue 02 Dec 2025 01:40:57 +0000 ROA not after: Mon 02 Mar 2026 23:59:59 +0000 asID: 16509 IP address blocks: 2001:3fc3:a800::/40 maxlen: 40 Validation: OK Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Sun 07 Dec 2025 13:09:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 09:e3:5d:ba:65:2c:fc:4d:1b:4d:f6:63:53:b3:b2:cf:bb:27:1f:81 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0 Validity Not Before: Dec 2 01:40:57 2025 GMT Not After : Mar 2 23:59:59 2026 GMT Subject: serialNumber=e564b71192669f53e6241a261e7a9233c51e070d7482c1bcb6e0bd292343d8d7, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:eb:5b:a6:f4:65:ee:49:5d:fb:94:82:72:47:ad: 9e:8f:71:ce:68:d7:00:c4:5e:b1:7e:a1:95:71:4b: 12:90:ae:32:30:22:f4:ff:e1:7d:90:c6:26:4c:ea: bd:6f:4b:f3:f2:e1:15:d2:53:f4:8c:ec:63:e5:de: 33:70:f3:3b:7b:83:54:e4:02:5d:d6:7a:af:d9:d3: 5b:55:44:be:82:e0:e0:0d:51:12:d8:95:04:83:f7: b4:5d:26:57:8d:3f:1d:c0:ab:96:79:e5:b8:9b:ba: 2f:24:4b:6e:ea:ac:58:a9:cf:2c:34:80:66:b8:9b: ed:4c:ef:70:0f:94:89:ea:bb:fa:3a:98:62:96:9c: fd:ad:21:47:19:8f:9f:41:34:f8:a3:c0:37:02:16: 96:da:a7:60:ef:fa:4e:5a:88:78:ab:ed:0c:dd:0c: 6f:72:0d:33:23:f0:3f:59:31:7c:84:d1:03:56:47: c5:b8:a6:ec:c7:99:1e:7c:96:28:4f:bd:ac:8d:2f: 85:8a:d9:6e:30:bd:47:5b:70:18:2d:14:9f:cf:36: 06:2f:8c:ae:fc:76:92:81:6b:5c:7f:5f:82:69:f9: aa:ae:dc:1f:8d:18:df:c5:a7:05:ba:5e:27:a0:dd: 58:99:92:77:75:f3:70:fe:82:46:0c:ac:70:83:ae: 34:49 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 2A:35:2E:63:CB:A5:6C:09:3E:D3:13:71:BB:B0:AC:4A:BD:44:FA:6C X509v3 Authority Key Identifier: keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer Subject Information Access: Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/5b9ab97a-08fa-4cc6-888f-fb954293fc73.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 2001:3fc3:a800::/40 Signature Algorithm: sha256WithRSAEncryption b5:cc:67:ef:a1:cb:76:78:94:56:57:06:f1:32:d2:d8:d2:94: f0:2a:1f:72:a3:fd:ea:b2:b0:c5:d8:9a:20:8e:73:15:35:53: a0:83:ce:35:a7:70:1e:2f:5e:44:93:07:13:6b:91:4a:44:60: 92:02:f8:dd:21:5d:ee:90:ab:58:48:0a:0f:df:12:67:ea:5b: fc:22:d0:1f:cd:83:0b:6f:b5:67:26:29:f7:a5:8a:b1:19:37: 68:67:7d:38:b1:87:0c:c0:ea:cd:03:d1:34:3b:31:65:c7:cc: 54:bb:d9:84:97:0e:17:14:c3:3b:f4:28:ad:8e:2b:08:c7:46: 6d:f4:2b:6f:ef:4a:04:6d:95:c6:fb:f3:1f:fe:1b:88:1a:c9: 15:a1:93:1a:0a:ae:8a:7e:54:2f:7d:48:7d:18:11:56:30:f2: b8:b2:57:e2:77:33:53:32:8f:86:67:78:61:de:25:5e:45:94: 76:90:92:f9:fa:d9:83:6c:13:3e:5d:c8:1d:3e:83:3f:a0:bf: 57:a5:12:a2:72:94:72:8f:83:ec:ec:13:e3:3e:2f:a9:75:07: 39:50:bc:f3:71:de:33:c4:8b:87:46:93:66:f5:b6:7a:6b:b0: 43:72:80:c4:e6:c4:b9:92:9e:74:0a:2a:6b:98:6c:84:37:15: bb:f0:ce:2b -----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIUCeNdumUs/E0bTfZjU7Oyz7snH4EwDQYJKoZIhvcNAQEL BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl Nzk2NTVkMDAeFw0yNTEyMDIwMTQwNTdaFw0yNjAzMDIyMzU5NTlaMHoxSTBHBgNV BAUTQGU1NjRiNzExOTI2NjlmNTNlNjI0MWEyNjFlN2E5MjMzYzUxZTA3MGQ3NDgy YzFiY2I2ZTBiZDI5MjM0M2Q4ZDcxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3 Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAOtbpvRl7kld+5SCcketno9xzmjXAMResX6hlXFLEpCuMjAi9P/hfZDGJkzq vW9L8/LhFdJT9IzsY+XeM3DzO3uDVOQCXdZ6r9nTW1VEvoLg4A1REtiVBIP3tF0m V40/HcCrlnnluJu6LyRLbuqsWKnPLDSAZrib7UzvcA+Uieq7+jqYYpac/a0hRxmP n0E0+KPANwIWltqnYO/6TlqIeKvtDN0Mb3INMyPwP1kxfITRA1ZHxbim7MeZHnyW KE+9rI0vhYrZbjC9R1twGC0Un882Bi+Mrvx2koFrXH9fgmn5qq7cH40Y38WnBbpe J6DdWJmSd3XzcP6CRgyscIOuNEkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQqNS5j y6VsCT7TE3G7sKxKvUT6bDAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV 0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv NWI5YWI5N2EtMDhmYS00Y2M2LTg4OGYtZmI5NTQyOTNmYzczLnJvYTCBiAYDVR0f BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1 NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACABP8Oo MA0GCSqGSIb3DQEBCwUAA4IBAQC1zGfvoct2eJRWVwbxMtLY0pTwKh9yo/3qsrDF 2JogjnMVNVOgg841p3AeL15EkwcTa5FKRGCSAvjdIV3ukKtYSAoP3xJn6lv8ItAf zYMLb7VnJin3pYqxGTdoZ304sYcMwOrNA9E0OzFlx8xUu9mElw4XFMM79CitjisI x0Zt9Ctv70oEbZXG+/Mf/huIGskVoZMaCq6KflQvfUh9GBFWMPK4slfidzNTMo+G Z3hh3iVeRZR2kJL5+tmDbBM+XcgdPoM/oL9XpRKicpRyj4Ps7BPjPi+pdQc5ULzz cd4zxIuHRpNm9bZ6a7BDcoDE5sS5kp50CiprmGyENxW78M4r -----END CERTIFICATE-----Generated at Sat Dec 6 20:52:01 2025 by rpki-client