This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/4PouleIk6L2i1ReL6WtewlVXsXc.roa File: 4PouleIk6L2i1ReL6WtewlVXsXc.roa (raw, json) Hash identifier: 8NOM6VJ9gfwRBC5YJgM+6KXIMLhBMYpSbqONCg3loVo= Subject key identifier: E0:FA:2E:95:E2:24:E8:BD:A2:D5:17:8B:E9:6B:5E:C2:55:57:B1:77 Certificate issuer: /CN=1efa596a3126ace029c6d70d529257e07b38ba06 Certificate serial: 019B7758FCB80EAE24F086B4353728495C15 Authority key identifier: 1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/4PouleIk6L2i1ReL6WtewlVXsXc.roa Signing time: Thu 01 Jan 2026 02:17:59 +0000 ROA not before: Thu 01 Jan 2026 02:17:59 +0000 ROA not after: Thu 01 Jul 2027 00:00:00 +0000 asID: 378 IP address blocks: 128.139.0.0/16 maxlen: 16 128.139.0.0/17 maxlen: 17 128.139.4.0/24 maxlen: 24 128.139.6.0/24 maxlen: 24 128.139.7.0/24 maxlen: 24 128.139.128.0/17 maxlen: 17 128.139.199.0/24 maxlen: 24 128.139.200.0/24 maxlen: 24 132.78.0.0/16 maxlen: 16 185.115.212.0/22 maxlen: 22 192.114.0.0/21 maxlen: 21 192.114.16.0/21 maxlen: 21 192.114.48.0/21 maxlen: 21 192.114.56.0/22 maxlen: 22 192.114.60.0/23 maxlen: 23 192.114.92.0/22 maxlen: 22 192.114.96.0/20 maxlen: 20 192.114.100.0/24 maxlen: 24 192.114.101.0/24 maxlen: 24 192.114.102.0/24 maxlen: 24 192.114.124.0/22 maxlen: 22 192.114.128.0/20 maxlen: 20 192.114.192.0/18 maxlen: 18 192.115.32.0/20 maxlen: 20 192.115.46.0/24 maxlen: 24 192.115.64.0/22 maxlen: 22 192.115.164.0/22 maxlen: 22 192.115.168.0/21 maxlen: 21 192.115.192.0/21 maxlen: 21 192.117.80.0/20 maxlen: 20 2001:bf8::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.mft rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 26 Jan 2026 07:00:30 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:77:58:fc:b8:0e:ae:24:f0:86:b4:35:37:28:49:5c:15 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=1efa596a3126ace029c6d70d529257e07b38ba06 Validity Not Before: Jan 1 02:17:59 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=e0fa2e95e224e8bda2d5178be96b5ec25557b177 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a3:cf:d7:68:e0:ed:c8:48:98:47:0e:d3:93:51: bb:39:6f:b7:0a:f1:c3:72:e1:e2:e6:53:e1:62:0a: 96:5f:f6:fd:94:b2:62:48:92:bf:ba:d5:79:0b:e8: 56:b0:14:76:43:06:af:bc:a2:b3:8d:70:33:83:65: a9:83:27:06:6f:df:ca:5a:2d:ec:be:42:9c:08:7b: f2:ad:20:9b:68:36:59:0c:10:3d:68:6e:22:56:7c: 43:e4:bd:1d:29:05:a6:3a:08:a7:bf:a2:a8:61:95: 3e:9d:45:a0:00:60:ad:c8:36:11:58:0e:c3:fe:c3: 12:ab:3a:3f:72:b1:1e:1c:42:0a:38:83:94:2f:ff: b6:1a:19:2c:0b:80:75:3a:5a:12:a1:3b:ee:91:3c: 36:91:bf:de:43:b2:6c:5f:81:f8:ee:28:e0:c8:e2: 3a:5d:b7:81:f8:fc:53:3f:e5:a1:72:2a:1d:1a:83: 6d:61:94:79:73:42:29:23:36:cd:8d:0c:03:8e:f8: 31:dd:a8:24:3b:38:27:b1:fd:b9:be:96:47:d6:0d: c7:d6:29:e7:78:7d:d4:0d:ca:1c:50:a4:5a:45:6e: 9c:a6:7d:04:5f:ec:5b:10:5b:0e:5f:97:55:e2:e9: 63:1a:04:d1:1e:30:c8:7b:d7:d4:2d:53:cd:41:ce: e0:8b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: E0:FA:2E:95:E2:24:E8:BD:A2:D5:17:8B:E9:6B:5E:C2:55:57:B1:77 X509v3 Authority Key Identifier: keyid:1E:FA:59:6A:31:26:AC:E0:29:C6:D7:0D:52:92:57:E0:7B:38:BA:06 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HvpZajEmrOApxtcNUpJX4Hs4ugY.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/4PouleIk6L2i1ReL6WtewlVXsXc.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/3cc78a-8fb5-475a-8882-9d0c620735f1/1/HvpZajEmrOApxtcNUpJX4Hs4ugY.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 128.139.0.0/16 132.78.0.0/16 185.115.212.0/22 192.114.0.0/21 192.114.16.0/21 192.114.48.0-192.114.61.255 192.114.92.0-192.114.111.255 192.114.124.0-192.114.143.255 192.114.192.0/18 192.115.32.0/20 192.115.64.0/22 192.115.164.0-192.115.175.255 192.115.192.0/21 192.117.80.0/20 IPv6: 2001:bf8::/32 Signature Algorithm: sha256WithRSAEncryption a5:82:fb:f1:66:7a:c2:89:60:70:f0:46:d6:ad:ca:5a:53:65: a3:2f:a5:2a:04:a0:c7:ff:6a:87:8e:c4:21:0a:c3:e3:34:d4: f8:c2:91:cb:90:8b:6a:4e:9e:47:f3:84:7d:a0:54:05:49:1d: 2d:6d:bb:54:fa:48:cf:f5:8b:f4:f5:f0:f8:c6:d2:6e:c8:8d: f9:fe:c7:f0:11:be:7f:4b:ef:60:ef:50:a0:b6:23:02:b3:07: e0:70:a7:99:21:25:6a:4a:d2:9c:ac:24:38:69:65:21:a7:de: e5:c8:0a:02:1f:8a:95:26:b2:70:3a:51:2b:4f:85:4c:be:d2: bb:7c:21:88:b4:3a:62:cd:56:6c:8a:00:34:ff:85:6e:04:7a: c3:9e:0e:fd:aa:d6:ae:c2:28:3c:e6:e9:df:37:35:52:31:1e: 43:f6:49:de:c6:5c:38:00:73:9a:2a:4f:78:c9:ea:94:93:a1: 25:d4:0f:d2:95:e4:fa:54:15:af:82:07:67:c0:30:a4:94:e8: dd:31:f7:c2:4d:7a:ae:25:bd:2f:10:c8:9e:fe:fa:e7:31:dc: 30:53:fe:75:32:1e:fe:81:99:73:51:db:21:77:10:3b:0b:c4: 00:5a:0e:e3:c2:ff:61:36:7a:b5:45:3b:4e:85:86:7f:84:0c: 54:01:8f:a5 -----BEGIN CERTIFICATE----- MIIFezCCBGOgAwIBAgISAZt3WPy4Dq4k8Ia0NTcoSVwVMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDFlZmE1OTZhMzEyNmFjZTAyOWM2ZDcwZDUyOTI1N2UwN2Iz OGJhMDYwHhcNMjYwMTAxMDIxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD EyhlMGZhMmU5NWUyMjRlOGJkYTJkNTE3OGJlOTZiNWVjMjU1NTdiMTc3MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8/XaODtyEiYRw7Tk1G7OW+3CvHD cuHi5lPhYgqWX/b9lLJiSJK/utV5C+hWsBR2QwavvKKzjXAzg2WpgycGb9/KWi3s vkKcCHvyrSCbaDZZDBA9aG4iVnxD5L0dKQWmOginv6KoYZU+nUWgAGCtyDYRWA7D /sMSqzo/crEeHEIKOIOUL/+2GhksC4B1OloSoTvukTw2kb/eQ7JsX4H47ijgyOI6 XbeB+PxTP+WhciodGoNtYZR5c0IpIzbNjQwDjvgx3agkOzgnsf25vpZH1g3H1inn eH3UDcocUKRaRW6cpn0EX+xbEFsOX5dV4uljGgTRHjDIe9fULVPNQc7giwIDAQAB o4IChzCCAoMwHQYDVR0OBBYEFOD6LpXiJOi9otUXi+lrXsJVV7F3MB8GA1UdIwQY MBaAFB76WWoxJqzgKcbXDVKSV+B7OLoGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODIt OWQwYzYyMDczNWYxLzEvNFBvdWxlSWs2TDJpMVJlTDZXdGV3bFZYc1hjLnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC8yYS8zY2M3OGEtOGZiNS00NzVhLTg4ODItOWQwYzYyMDczNWYx LzEvSHZwWmFqRW1yT0FweHRjTlVwSlg0SHM0dWdZLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMIGcBggrBgEFBQcBBwEB/wSBjDCBiTB4BAIAATByAwMAgIsD AwCETgMEArlz1AMEA8ByAAMEA8ByEDAMAwQEwHIwAwQBwHI8MAwDBALAclwDBATA cmAwDAMEAsByfAMEBMBygAMEBsBywAMEBMBzIAMEAsBzQDAMAwQCwHOkAwQEwHOg AwQDwHPAAwQEwHVQMA0EAgACMAcDBQAgAQv4MA0GCSqGSIb3DQEBCwUAA4IBAQCl gvvxZnrCiWBw8EbWrcpaU2WjL6UqBKDH/2qHjsQhCsPjNNT4wpHLkItqTp5H84R9 oFQFSR0tbbtU+kjP9Yv09fD4xtJuyI35/sfwEb5/S+9g71CgtiMCswfgcKeZISVq StKcrCQ4aWUhp97lyAoCH4qVJrJwOlErT4VMvtK7fCGItDpizVZsigA0/4VuBHrD ng79qtauwig85unfNzVSMR5D9knexlw4AHOaKk94yeqUk6El1A/SleT6VBWvggdn wDCklOjdMffCTXquJb0vEMie/vrnMdwwU/51Mh7+gZlzUdshdxA7C8QAWg7jwv9h Nnq1RTtOhYZ/hAxUAY+l -----END CERTIFICATE-----Generated at Sun Jan 25 16:12:36 2026 by rpki-client