This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/NQm98rb_Ce1FD2kYuLzSyRfHS3k.roa File: NQm98rb_Ce1FD2kYuLzSyRfHS3k.roa (raw, json) Hash identifier: 0FuRCkyL3oox4mVwcN4bero8WE9ytQ/qMwHkxt0D5lQ= Subject key identifier: 35:09:BD:F2:B6:FF:09:ED:45:0F:69:18:B8:BC:D2:C9:17:C7:4B:79 Certificate issuer: /CN=2f7a464b894841b3b940e0b357b865e393b1dd46 Certificate serial: 019B7C7F999E59D02050BA2B1C57BECFEC22 Authority key identifier: 2F:7A:46:4B:89:48:41:B3:B9:40:E0:B3:57:B8:65:E3:93:B1:DD:46 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L3pGS4lIQbO5QOCzV7hl45Ox3UY.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/NQm98rb_Ce1FD2kYuLzSyRfHS3k.roa Signing time: Fri 02 Jan 2026 02:18:15 +0000 ROA not before: Fri 02 Jan 2026 02:18:15 +0000 ROA not after: Thu 01 Jul 2027 00:00:00 +0000 asID: 213646 IP address blocks: 185.137.220.0/24 maxlen: 24 185.137.222.0/24 maxlen: 24 2a0a:a500::/32 maxlen: 32 2a0a:a506::/32 maxlen: 32 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/L3pGS4lIQbO5QOCzV7hl45Ox3UY.crl rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/L3pGS4lIQbO5QOCzV7hl45Ox3UY.mft rsync://rpki.ripe.net/repository/DEFAULT/L3pGS4lIQbO5QOCzV7hl45Ox3UY.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 26 Jan 2026 22:00:30 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:7c:7f:99:9e:59:d0:20:50:ba:2b:1c:57:be:cf:ec:22 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2f7a464b894841b3b940e0b357b865e393b1dd46 Validity Not Before: Jan 2 02:18:15 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=3509bdf2b6ff09ed450f6918b8bcd2c917c74b79 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:bc:e0:0e:0a:b5:9d:68:85:3d:2f:d9:26:66:d3: 60:7f:0a:ee:53:b2:ba:0b:3a:60:44:4c:c2:c6:3e: 54:b2:2a:47:e3:6f:cb:fd:61:45:f1:ec:24:6b:8b: b2:39:e1:03:9d:52:e1:19:3c:9a:d9:49:2c:6b:76: a9:20:08:05:6b:67:8a:d0:2f:52:ce:79:9a:df:41: 79:33:4d:4a:29:dc:0b:1d:db:cb:01:5f:c3:16:0a: 34:8d:68:82:07:99:af:0f:00:d5:ce:e0:5d:1f:c4: aa:44:40:2d:05:5d:1e:7e:3e:5e:c2:f2:80:59:a1: 6c:b0:11:90:62:47:c2:77:5d:05:4a:c7:d0:40:e2: bd:f8:58:61:52:21:8e:58:b3:f9:89:0a:8d:30:83: d8:d6:61:10:b5:33:30:e6:48:92:c5:18:8d:b2:2b: 6c:72:3c:9e:4a:a5:3a:86:3b:d1:c8:94:7d:66:ae: 74:1f:6b:ab:5d:8f:bd:f5:d3:d1:a1:33:a1:24:78: 67:02:3b:c7:23:d6:59:7c:69:d9:c4:f3:24:bd:d7: c7:78:15:16:7a:09:e6:8b:62:33:62:33:f8:bd:66: 54:bd:96:91:d7:f9:b1:db:8b:53:ab:f9:b4:d3:5e: fd:2d:77:40:93:70:de:07:50:d9:c0:ae:ec:e4:c9: a6:c7 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 35:09:BD:F2:B6:FF:09:ED:45:0F:69:18:B8:BC:D2:C9:17:C7:4B:79 X509v3 Authority Key Identifier: keyid:2F:7A:46:4B:89:48:41:B3:B9:40:E0:B3:57:B8:65:E3:93:B1:DD:46 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L3pGS4lIQbO5QOCzV7hl45Ox3UY.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/NQm98rb_Ce1FD2kYuLzSyRfHS3k.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/65/b2f7a0-06c4-4ab5-85aa-10144c1bcafc/1/L3pGS4lIQbO5QOCzV7hl45Ox3UY.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 185.137.220.0/24 185.137.222.0/24 IPv6: 2a0a:a500::/32 2a0a:a506::/32 Signature Algorithm: sha256WithRSAEncryption 97:22:a0:28:9f:88:66:1f:b1:58:f0:5e:a1:03:54:ec:45:b9: 2e:49:74:34:6e:6d:63:60:3a:9a:91:e9:a9:3c:65:e6:28:a7: c4:de:e8:5f:97:9e:6c:b5:92:d6:b2:a8:ba:7f:2b:68:65:cf: 8f:06:40:cf:69:d2:e4:98:f7:b6:a4:c1:2a:74:26:bc:77:dd: 62:6d:f8:28:56:95:e9:42:1a:f3:a1:b9:1c:52:33:ed:7e:9e: 50:f8:0b:81:c3:bb:eb:d4:dc:76:c5:7c:77:7c:cf:35:bf:40: 37:a9:3e:c3:17:f5:79:50:cd:1e:a7:4d:54:2c:fb:e7:9f:fd: ed:43:98:0a:41:18:e6:61:c1:fa:76:8e:b7:2c:c2:c3:20:b8: 8f:f6:ec:50:77:4a:af:9d:ef:1c:bd:62:e6:5f:6b:05:4c:3a: 66:a9:c0:89:2f:dc:c6:d9:2f:1f:cf:2b:83:9c:9e:52:5e:20: 77:f1:13:cf:9e:76:3f:1a:ad:c9:59:10:7f:e3:08:dc:7a:38: 5e:86:3a:3b:be:0d:0b:c3:a1:61:64:7b:8d:b3:d2:3b:45:7f: ab:84:c5:96:93:00:13:c7:e0:9c:06:2e:60:8d:c4:d8:35:68: 11:8b:0b:77:ce:3d:45:dd:6b:7d:5b:ac:f6:6d:6a:d5:8f:ad: 65:d5:4d:78 -----BEGIN CERTIFICATE----- MIIFGTCCBAGgAwIBAgISAZt8f5meWdAgULorHFe+z+wiMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDJmN2E0NjRiODk0ODQxYjNiOTQwZTBiMzU3Yjg2NWUzOTNi MWRkNDYwHhcNMjYwMTAyMDIxODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD EygzNTA5YmRmMmI2ZmYwOWVkNDUwZjY5MThiOGJjZDJjOTE3Yzc0Yjc5MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOAOCrWdaIU9L9kmZtNgfwruU7K6 CzpgREzCxj5UsipH42/L/WFF8ewka4uyOeEDnVLhGTya2Uksa3apIAgFa2eK0C9S znma30F5M01KKdwLHdvLAV/DFgo0jWiCB5mvDwDVzuBdH8SqREAtBV0efj5ewvKA WaFssBGQYkfCd10FSsfQQOK9+FhhUiGOWLP5iQqNMIPY1mEQtTMw5kiSxRiNsits cjyeSqU6hjvRyJR9Zq50H2urXY+99dPRoTOhJHhnAjvHI9ZZfGnZxPMkvdfHeBUW egnmi2IzYjP4vWZUvZaR1/mx24tTq/m00179LXdAk3DeB1DZwK7s5MmmxwIDAQAB o4ICJTCCAiEwHQYDVR0OBBYEFDUJvfK2/wntRQ9pGLi80skXx0t5MB8GA1UdIwQY MBaAFC96RkuJSEGzuUDgs1e4ZeOTsd1GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvTDNwR1M0bElRYk81UU9DelY3aGw0NU94M1VZLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9iMmY3YTAtMDZjNC00YWI1LTg1YWEt MTAxNDRjMWJjYWZjLzEvTlFtOThyYl9DZTFGRDJrWXVMelN5UmZIUzNrLnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC82NS9iMmY3YTAtMDZjNC00YWI1LTg1YWEtMTAxNDRjMWJjYWZj LzEvTDNwR1M0bElRYk81UU9DelY3aGw0NU94M1VZLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQAuYncAwQA uYneMBQEAgACMA4DBQAqCqUAAwUAKgqlBjANBgkqhkiG9w0BAQsFAAOCAQEAlyKg KJ+IZh+xWPBeoQNU7EW5Lkl0NG5tY2A6mpHpqTxl5iinxN7oX5eebLWS1rKoun8r aGXPjwZAz2nS5Jj3tqTBKnQmvHfdYm34KFaV6UIa86G5HFIz7X6eUPgLgcO769Tc dsV8d3zPNb9AN6k+wxf1eVDNHqdNVCz755/97UOYCkEY5mHB+naOtyzCwyC4j/bs UHdKr53vHL1i5l9rBUw6ZqnAiS/cxtkvH88rg5yeUl4gd/ETz552PxqtyVkQf+MI 3Ho4XoY6O74NC8OhYWR7jbPSO0V/q4TFlpMAE8fgnAYuYI3E2DVoEYsLd849Rd1r fVus9m1q1Y+tZdVNeA== -----END CERTIFICATE-----Generated at Mon Jan 26 03:56:59 2026 by rpki-client