This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6ada7e3e-42a2-45fa-873f-bceaed65b832.roa File: 6ada7e3e-42a2-45fa-873f-bceaed65b832.roa (raw, json) Hash identifier: C4XiZoYLJhL6jF3HH4DveLIkYMj0eYNvF3t0UegPP1g= Subject key identifier: F3:6F:C2:EA:32:5B:7B:C4:4F:A5:D7:51:8B:F1:A6:12:F2:51:95:25 Certificate issuer: /CN=df759b5af3da6c9df033b0de998970a4e79655d0 Certificate serial: 3A754F875639397601ABBEA3404F33E7C44ED216 Authority key identifier: DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer Subject info access: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6ada7e3e-42a2-45fa-873f-bceaed65b832.roa Signing time: Tue 02 Dec 2025 01:40:35 +0000 ROA not before: Tue 02 Dec 2025 01:40:35 +0000 ROA not after: Mon 02 Mar 2026 23:59:59 +0000 asID: 16509 IP address blocks: 2001:3fc1:8000::/36 maxlen: 36 Validation: OK Signature path: rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.mft rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Sun 07 Dec 2025 13:09:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 3a:75:4f:87:56:39:39:76:01:ab:be:a3:40:4f:33:e7:c4:4e:d2:16 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=df759b5af3da6c9df033b0de998970a4e79655d0 Validity Not Before: Dec 2 01:40:35 2025 GMT Not After : Mar 2 23:59:59 2026 GMT Subject: serialNumber=65bae84adba56bc3954598abc42e6029a45d93805ff3d5b99fbfaf6a1faccc9d, CN=98d67deb-bb75-4e77-b1a0-36016b2d6350 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c9:1b:c5:ba:ac:a3:46:0d:31:9f:d1:0e:92:f8: cd:0d:a4:e5:71:92:dc:4a:ee:56:4b:94:d0:97:a9: e0:50:3e:19:cb:63:d5:3c:a9:42:17:9f:17:d0:8a: f5:ed:55:f1:fa:a3:8f:a5:ae:de:11:24:fc:09:9b: dc:21:95:a4:a7:fb:92:10:0e:3f:72:6d:26:e5:b5: 54:eb:4b:16:c0:f6:9b:cc:2e:97:a7:b3:51:60:e3: 09:27:1b:3b:f4:eb:8f:43:99:b8:6c:56:cd:d1:ff: 4c:7f:ca:f2:35:a7:8b:13:6f:5a:20:a2:16:d5:df: e1:04:3d:8f:c1:72:15:54:47:46:c8:4e:f6:1a:9d: 8f:fa:0a:69:33:d7:61:6e:22:30:1c:61:63:4c:ba: 88:6a:ac:3b:ce:ad:d4:08:14:27:03:e7:b0:b0:5d: 73:f9:7b:53:9a:75:d4:ea:2e:d3:fd:a1:27:d1:af: d1:96:46:9d:4a:52:d0:b4:4c:cc:95:65:14:91:e0: 82:1c:69:68:fc:bd:ac:02:cd:73:96:f0:4a:a2:ba: 51:6d:f7:5c:8e:cd:bc:c9:bc:da:9c:c9:01:c8:84: da:a6:4a:d1:83:b2:b6:48:51:7a:c4:da:b4:a1:64: 58:db:56:90:1a:21:e3:2e:ec:d2:e1:27:cb:28:99: c7:09 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: F3:6F:C2:EA:32:5B:7B:C4:4F:A5:D7:51:8B:F1:A6:12:F2:51:95:25 X509v3 Authority Key Identifier: keyid:DF:75:9B:5A:F3:DA:6C:9D:F0:33:B0:DE:99:89:70:A4:E7:96:55:D0 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/33WbWvPabJ3wM7DemYlwpOeWVdA.cer Subject Information Access: Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/6ada7e3e-42a2-45fa-873f-bceaed65b832.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/fe3737fb-095d-444c-92f4-3f7221fb544c/0XE5tZVyuGeaA_h7-1qBp7aY4So.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv6: 2001:3fc1:8000::/36 Signature Algorithm: sha256WithRSAEncryption 0a:83:d6:3d:98:3d:a8:f2:17:8b:bb:5c:a9:0d:63:95:1d:b2: 44:77:68:26:fb:0b:fd:b2:93:2e:0c:a2:8d:42:e9:75:3e:15: 97:44:5b:86:02:f0:fa:46:bc:39:f0:f5:29:ab:71:30:d4:64: e2:d4:c3:88:b8:d5:85:99:f3:8e:0c:81:85:33:09:a0:3b:81: 16:67:a0:d8:b2:0d:08:67:e7:5d:52:7d:76:c0:15:3a:89:fa: ab:13:59:d4:58:d0:33:e5:a2:de:d6:e6:6e:98:f9:cf:60:a3: c6:36:6c:cb:91:8c:7a:d1:79:cd:42:f0:6a:e2:d6:d2:9e:f6: 5a:2d:39:6d:62:e4:b6:1c:b6:4a:b2:81:55:86:d4:41:27:dc: d3:50:5f:25:97:69:94:58:aa:5f:ca:29:f0:f4:5c:da:55:fa: fa:da:ab:2b:7f:d1:47:df:04:0e:8b:07:ce:7e:65:3e:e3:59: fb:fe:c6:49:a2:88:59:b6:48:8f:cd:bf:a9:f9:33:fb:63:85: a7:25:44:c7:31:fa:ba:76:4b:0f:ef:b6:14:c4:d9:46:5b:85: 64:bb:c1:d5:5a:7d:24:e2:7d:7f:51:7d:08:87:02:98:76:51: e3:67:04:07:19:63:63:9b:38:94:32:0b:60:db:74:cf:e5:98: 17:28:34:11 -----BEGIN CERTIFICATE----- MIIFYDCCBEigAwIBAgIUOnVPh1Y5OXYBq76jQE8z58RO0hYwDQYJKoZIhvcNAQEL BQAwMzExMC8GA1UEAxMoZGY3NTliNWFmM2RhNmM5ZGYwMzNiMGRlOTk4OTcwYTRl Nzk2NTVkMDAeFw0yNTEyMDIwMTQwMzVaFw0yNjAzMDIyMzU5NTlaMHoxSTBHBgNV BAUTQDY1YmFlODRhZGJhNTZiYzM5NTQ1OThhYmM0MmU2MDI5YTQ1ZDkzODA1ZmYz ZDViOTlmYmZhZjZhMWZhY2NjOWQxLTArBgNVBAMTJDk4ZDY3ZGViLWJiNzUtNGU3 Ny1iMWEwLTM2MDE2YjJkNjM1MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC ggEBAMkbxbqso0YNMZ/RDpL4zQ2k5XGS3EruVkuU0Jep4FA+Gctj1TypQhefF9CK 9e1V8fqjj6Wu3hEk/Amb3CGVpKf7khAOP3JtJuW1VOtLFsD2m8wul6ezUWDjCScb O/Trj0OZuGxWzdH/TH/K8jWnixNvWiCiFtXf4QQ9j8FyFVRHRshO9hqdj/oKaTPX YW4iMBxhY0y6iGqsO86t1AgUJwPnsLBdc/l7U5p11Oou0/2hJ9Gv0ZZGnUpS0LRM zJVlFJHgghxpaPy9rALNc5bwSqK6UW33XI7NvMm82pzJAciE2qZK0YOytkhResTa tKFkWNtWkBoh4y7s0uEnyyiZxwkCAwEAAaOCAiMwggIfMB0GA1UdDgQWBBTzb8Lq Mlt7xE+l11GL8aYS8lGVJTAfBgNVHSMEGDAWgBTfdZta89psnfAzsN6ZiXCk55ZV 0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzMzV2JXdlBh Ykozd003RGVtWWx3cE9lV1ZkQS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu Y29tL3ZvbHVtZS9mZTM3MzdmYi0wOTVkLTQ0NGMtOTJmNC0zZjcyMjFmYjU0NGMv NmFkYTdlM2UtNDJhMi00NWZhLTg3M2YtYmNlYWVkNjViODMyLnJvYTCBiAYDVR0f BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u YXdzLmNvbS92b2x1bWUvZmUzNzM3ZmItMDk1ZC00NDRjLTkyZjQtM2Y3MjIxZmI1 NDRjLzBYRTV0WlZ5dUdlYUFfaDctMXFCcDdhWTRTby5jcmwwGAYDVR0gAQH/BA4w DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGBCABP8GA MA0GCSqGSIb3DQEBCwUAA4IBAQAKg9Y9mD2o8heLu1ypDWOVHbJEd2gm+wv9spMu DKKNQul1PhWXRFuGAvD6Rrw58PUpq3Ew1GTi1MOIuNWFmfOODIGFMwmgO4EWZ6DY sg0IZ+ddUn12wBU6ifqrE1nUWNAz5aLe1uZumPnPYKPGNmzLkYx60XnNQvBq4tbS nvZaLTltYuS2HLZKsoFVhtRBJ9zTUF8ll2mUWKpfyinw9FzaVfr62qsrf9FH3wQO iwfOfmU+41n7/sZJoohZtkiPzb+p+TP7Y4WnJUTHMfq6dksP77YUxNlGW4Vku8HV Wn0k4n1/UX0IhwKYdlHjZwQHGWNjmziUMgtg23TP5ZgXKDQR -----END CERTIFICATE-----Generated at Sat Dec 6 21:51:22 2025 by rpki-client