This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/Oqj1Ttz2i8mATEEUkFaL7xibRq4.roa File: Oqj1Ttz2i8mATEEUkFaL7xibRq4.roa (raw, json) Hash identifier: o5FJc5XuskwqI7qAYVTfbbhlM+Mf4Qj9G3YZZAgXrmE= Subject key identifier: 3A:A8:F5:4E:DC:F6:8B:C9:80:4C:41:14:90:56:8B:EF:18:9B:46:AE Certificate issuer: /CN=6ad38bd4c0d0e9f3028021984cd83556047f6398 Certificate serial: 019B76EACEF3A4C9953E62B90A483ED6D90D Authority key identifier: 6A:D3:8B:D4:C0:D0:E9:F3:02:80:21:98:4C:D8:35:56:04:7F:63:98 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/Oqj1Ttz2i8mATEEUkFaL7xibRq4.roa Signing time: Thu 01 Jan 2026 00:17:38 +0000 ROA not before: Thu 01 Jan 2026 00:17:38 +0000 ROA not after: Thu 01 Jul 2027 00:00:00 +0000 asID: 18701 IP address blocks: 138.32.24.0/22 maxlen: 22 138.32.24.0/24 maxlen: 24 138.32.25.0/24 maxlen: 24 138.32.26.0/24 maxlen: 24 138.32.168.0/22 maxlen: 22 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.crl rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.mft rsync://rpki.ripe.net/repository/DEFAULT/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 26 Jan 2026 09:00:30 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:76:ea:ce:f3:a4:c9:95:3e:62:b9:0a:48:3e:d6:d9:0d Signature Algorithm: sha256WithRSAEncryption Issuer: CN=6ad38bd4c0d0e9f3028021984cd83556047f6398 Validity Not Before: Jan 1 00:17:38 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=3aa8f54edcf68bc9804c411490568bef189b46ae Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b2:b5:53:ff:5e:48:7a:46:7b:9b:b8:46:cf:12: 32:cd:77:d6:33:f7:38:20:aa:82:eb:d6:73:3e:f6: 38:4d:51:e3:d7:e9:85:da:63:86:ad:79:db:22:2b: 08:ae:dc:b4:b9:eb:a6:ae:1d:cd:49:90:dc:eb:59: cd:53:49:39:65:cc:5d:69:20:b9:a1:f4:03:9d:53: c4:b3:d2:31:0f:db:1a:63:52:66:6a:b8:28:24:6d: b8:e1:42:47:11:67:53:3c:66:30:6f:b5:8a:12:61: 15:9d:b5:7c:33:d5:9a:31:b7:4f:01:f5:79:a3:8a: 77:11:d1:9d:7c:d8:5e:d3:78:a5:37:3a:32:66:51: 99:6c:a3:ec:97:c5:d8:1e:d2:9e:ea:20:dd:2b:07: 39:4d:1a:d8:7f:45:98:1e:b9:60:cd:dd:26:02:60: 88:88:e1:c6:52:b6:96:47:d1:6c:cc:f2:c6:88:fb: f6:9c:85:b0:d9:a6:7a:69:aa:7d:19:7f:fb:a2:54: dd:f1:9e:d4:df:24:6b:50:42:6b:9d:7a:58:3b:3e: e0:33:d8:7c:9b:6a:7d:50:86:36:fa:66:d0:11:95: e1:01:ad:cb:67:4a:0b:9e:9a:e6:9a:9e:fc:f0:02: 17:ab:be:51:95:3e:41:92:11:aa:2d:16:1d:60:a3: bc:fd Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 3A:A8:F5:4E:DC:F6:8B:C9:80:4C:41:14:90:56:8B:EF:18:9B:46:AE X509v3 Authority Key Identifier: keyid:6A:D3:8B:D4:C0:D0:E9:F3:02:80:21:98:4C:D8:35:56:04:7F:63:98 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/Oqj1Ttz2i8mATEEUkFaL7xibRq4.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/61/928618-2a69-4fbf-96c9-ce700074a7fc/1/atOL1MDQ6fMCgCGYTNg1VgR_Y5g.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 138.32.24.0/22 138.32.168.0/22 Signature Algorithm: sha256WithRSAEncryption 14:67:1e:38:1c:fd:eb:5f:4e:6f:8e:5b:0c:c3:ea:16:2b:e1: f4:b9:41:bd:db:63:88:ba:65:19:16:23:d1:5a:09:48:30:8e: 3d:2c:5b:c7:f5:a0:0c:28:43:20:f9:74:35:ec:23:b2:0c:ec: 8e:c6:21:d4:4c:c3:85:c1:71:3e:95:30:c3:31:44:b5:4a:83: 71:f8:06:48:88:bb:bf:98:97:47:ca:ea:41:3a:7e:a2:40:73: 9a:44:85:dc:e4:3a:ae:a6:0f:a4:0a:c8:71:b7:e2:af:d7:e2: 01:00:87:cb:87:63:a9:ad:f6:a6:95:f6:00:94:07:6f:9c:65: 06:4c:b9:0f:3f:8a:87:a2:b6:06:74:e7:19:fa:30:d5:27:83: 7b:89:74:27:8a:e9:f2:a0:89:d9:2f:1f:c1:51:a0:05:95:02: be:7e:3a:a6:db:c1:fd:0e:37:50:08:68:00:a7:bf:6c:02:c9: c3:9c:20:e7:f7:69:ce:f6:1c:1a:8d:18:c9:b7:a4:05:a5:24: 09:50:36:c0:a6:54:64:04:64:fe:9f:70:58:97:4c:08:07:b6: b8:8b:70:f8:56:92:dc:42:b3:c2:10:69:1b:6c:4a:47:20:a6: d3:15:cd:2c:af:42:75:0e:7a:c8:46:5e:11:f2:21:af:7a:32: 0e:78:82:73 -----BEGIN CERTIFICATE----- MIIFAzCCA+ugAwIBAgISAZt26s7zpMmVPmK5Ckg+1tkNMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDZhZDM4YmQ0YzBkMGU5ZjMwMjgwMjE5ODRjZDgzNTU2MDQ3 ZjYzOTgwHhcNMjYwMTAxMDAxNzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD EygzYWE4ZjU0ZWRjZjY4YmM5ODA0YzQxMTQ5MDU2OGJlZjE4OWI0NmFlMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrVT/15IekZ7m7hGzxIyzXfWM/c4 IKqC69ZzPvY4TVHj1+mF2mOGrXnbIisIrty0ueumrh3NSZDc61nNU0k5ZcxdaSC5 ofQDnVPEs9IxD9saY1JmargoJG244UJHEWdTPGYwb7WKEmEVnbV8M9WaMbdPAfV5 o4p3EdGdfNhe03ilNzoyZlGZbKPsl8XYHtKe6iDdKwc5TRrYf0WYHrlgzd0mAmCI iOHGUraWR9FszPLGiPv2nIWw2aZ6aap9GX/7olTd8Z7U3yRrUEJrnXpYOz7gM9h8 m2p9UIY2+mbQEZXhAa3LZ0oLnprmmp788AIXq75RlT5BkhGqLRYdYKO8/QIDAQAB o4ICDzCCAgswHQYDVR0OBBYEFDqo9U7c9ovJgExBFJBWi+8Ym0auMB8GA1UdIwQY MBaAFGrTi9TA0OnzAoAhmEzYNVYEf2OYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvYXRPTDFNRFE2Zk1DZ0NHWVROZzFWZ1JfWTVnLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS85Mjg2MTgtMmE2OS00ZmJmLTk2Yzkt Y2U3MDAwNzRhN2ZjLzEvT3FqMVR0ejJpOG1BVEVFVWtGYUw3eGliUnE0LnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC82MS85Mjg2MTgtMmE2OS00ZmJmLTk2YzktY2U3MDAwNzRhN2Zj LzEvYXRPTDFNRFE2Zk1DZ0NHWVROZzFWZ1JfWTVnLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCiiAYAwQC iiCoMA0GCSqGSIb3DQEBCwUAA4IBAQAUZx44HP3rX05vjlsMw+oWK+H0uUG922OI umUZFiPRWglIMI49LFvH9aAMKEMg+XQ17COyDOyOxiHUTMOFwXE+lTDDMUS1SoNx +AZIiLu/mJdHyupBOn6iQHOaRIXc5Dqupg+kCshxt+Kv1+IBAIfLh2OprfamlfYA lAdvnGUGTLkPP4qHorYGdOcZ+jDVJ4N7iXQniunyoInZLx/BUaAFlQK+fjqm28H9 DjdQCGgAp79sAsnDnCDn92nO9hwajRjJt6QFpSQJUDbAplRkBGT+n3BYl0wIB7a4 i3D4VpLcQrPCEGkbbEpHIKbTFc0sr0J1DnrIRl4R8iGvejIOeIJz -----END CERTIFICATE-----Generated at Sun Jan 25 19:02:25 2026 by rpki-client