This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/eea21a-c9d3-4c6d-9a52-9b2c6b08a84a/1/kfw5lT51mmJB9r-mzPnYBcO07ic.roa File: kfw5lT51mmJB9r-mzPnYBcO07ic.roa (raw, json) Hash identifier: lu7TOjtxr8LPfyeKuliFVqXP9APAZsRzOs+MqTY5wZs= Subject key identifier: 91:FC:39:95:3E:75:9A:62:41:F6:BF:A6:CC:F9:D8:05:C3:B4:EE:27 Certificate issuer: /CN=40ef5849930cc9dd74211fb37e24118249a1fc40 Certificate serial: 019B7834D56C8246750721271EE5B4FD6DF4 Authority key identifier: 40:EF:58:49:93:0C:C9:DD:74:21:1F:B3:7E:24:11:82:49:A1:FC:40 Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QO9YSZMMyd10IR-zfiQRgkmh_EA.cer Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/eea21a-c9d3-4c6d-9a52-9b2c6b08a84a/1/kfw5lT51mmJB9r-mzPnYBcO07ic.roa Signing time: Thu 01 Jan 2026 06:18:06 +0000 ROA not before: Thu 01 Jan 2026 06:18:06 +0000 ROA not after: Thu 01 Jul 2027 00:00:00 +0000 asID: 13768 IP address blocks: 5.44.16.0/21 maxlen: 21 5.44.24.0/22 maxlen: 22 5.44.28.0/22 maxlen: 22 46.20.112.0/20 maxlen: 20 62.128.128.0/19 maxlen: 19 62.128.132.0/24 maxlen: 24 62.128.133.0/24 maxlen: 24 62.128.140.0/22 maxlen: 22 83.137.128.0/21 maxlen: 21 83.137.134.0/23 maxlen: 23 83.222.224.0/19 maxlen: 19 83.222.246.0/24 maxlen: 24 83.222.249.0/24 maxlen: 24 95.130.72.0/21 maxlen: 21 95.130.73.0/24 maxlen: 24 176.74.160.0/21 maxlen: 21 176.74.168.0/22 maxlen: 22 176.74.172.0/22 maxlen: 22 176.74.173.0/24 maxlen: 24 176.74.176.0/22 maxlen: 22 176.74.180.0/22 maxlen: 22 176.74.180.0/24 maxlen: 24 176.74.184.0/21 maxlen: 21 176.74.188.0/22 maxlen: 22 185.29.176.0/22 maxlen: 22 185.29.176.0/23 maxlen: 23 185.33.4.0/23 maxlen: 23 185.33.6.0/23 maxlen: 23 212.53.64.0/19 maxlen: 19 212.53.65.0/24 maxlen: 24 212.53.66.0/24 maxlen: 24 212.53.67.0/24 maxlen: 24 212.53.85.0/24 maxlen: 24 2a03:8a00::/36 maxlen: 36 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/80/eea21a-c9d3-4c6d-9a52-9b2c6b08a84a/1/QO9YSZMMyd10IR-zfiQRgkmh_EA.crl rsync://rpki.ripe.net/repository/DEFAULT/80/eea21a-c9d3-4c6d-9a52-9b2c6b08a84a/1/QO9YSZMMyd10IR-zfiQRgkmh_EA.mft rsync://rpki.ripe.net/repository/DEFAULT/QO9YSZMMyd10IR-zfiQRgkmh_EA.cer rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 26 Jan 2026 13:21:19 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:78:34:d5:6c:82:46:75:07:21:27:1e:e5:b4:fd:6d:f4 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=40ef5849930cc9dd74211fb37e24118249a1fc40 Validity Not Before: Jan 1 06:18:06 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=91fc39953e759a6241f6bfa6ccf9d805c3b4ee27 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b0:71:cb:ff:33:34:8d:55:35:54:e8:aa:f0:93: 4c:e5:9c:c1:d9:fa:1f:2b:88:2f:64:98:b3:96:0e: 18:9b:87:04:d1:1a:cb:9e:9e:e6:28:b2:47:70:c2: 00:7c:e9:3a:d0:3e:97:dc:58:b5:63:86:ba:e0:1e: b6:b9:bf:39:1a:b2:b7:33:bd:e0:b8:2c:63:b0:fa: 21:b0:74:6c:38:8d:34:6d:37:5a:e8:6e:bf:a1:01: f0:7a:84:ca:d4:d8:b0:f4:c1:4e:33:81:04:36:85: a9:7f:cb:35:b4:92:40:3c:56:b7:c8:c6:d0:60:78: 01:3d:5a:11:87:d1:f9:c7:45:7d:1e:12:91:0b:ed: 56:6e:9c:0e:7f:8d:b4:f2:2c:5b:d1:6e:a8:37:c2: c5:53:34:9a:85:be:83:bf:51:7b:fd:9e:0e:a7:7d: f0:52:d8:bf:ab:0e:10:a4:c3:06:73:76:9b:6c:86: 95:39:b3:2e:fc:91:1c:df:a2:d3:cf:26:5d:4e:24: 80:ff:c0:33:5e:b9:b5:37:6b:e6:eb:be:0a:a1:a4: 89:e0:a9:41:24:1c:a8:a8:42:3d:93:7c:97:1e:de: c9:cb:7f:3b:c8:68:1d:62:df:6f:ee:5d:77:20:10: e3:77:55:5c:49:df:74:76:d8:4f:1a:1a:e5:50:08: ce:59 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 91:FC:39:95:3E:75:9A:62:41:F6:BF:A6:CC:F9:D8:05:C3:B4:EE:27 X509v3 Authority Key Identifier: keyid:40:EF:58:49:93:0C:C9:DD:74:21:1F:B3:7E:24:11:82:49:A1:FC:40 X509v3 Key Usage: critical Digital Signature Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QO9YSZMMyd10IR-zfiQRgkmh_EA.cer Subject Information Access: Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/eea21a-c9d3-4c6d-9a52-9b2c6b08a84a/1/kfw5lT51mmJB9r-mzPnYBcO07ic.roa X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/80/eea21a-c9d3-4c6d-9a52-9b2c6b08a84a/1/QO9YSZMMyd10IR-zfiQRgkmh_EA.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 5.44.16.0/20 46.20.112.0/20 62.128.128.0/19 83.137.128.0/21 83.222.224.0/19 95.130.72.0/21 176.74.160.0/19 185.29.176.0/22 185.33.4.0/22 212.53.64.0/19 IPv6: 2a03:8a00::/36 Signature Algorithm: sha256WithRSAEncryption 6a:5d:5e:f4:97:6f:fd:33:8c:da:71:e9:38:e6:66:1f:b0:0b: ed:67:48:ab:5d:44:62:ea:67:09:a2:68:3e:12:07:80:4a:35: 6a:a5:dc:53:10:70:ad:ef:f0:11:d5:73:dd:63:14:58:5d:cb: 6f:7f:73:d0:77:8e:66:b3:2b:e4:1e:64:bd:5d:6c:f8:bc:dc: 86:df:f0:ee:db:c7:a1:90:d6:e7:45:b1:21:c3:29:ed:cb:02: dc:e4:cd:a4:78:2b:0e:0f:fd:87:dd:c3:67:33:50:cc:06:38: dc:28:b4:be:1f:29:5e:75:2d:fd:0a:5b:b8:ac:00:ce:1a:23: 6c:70:f6:22:61:90:b2:ff:b4:d8:65:24:70:b6:6f:d9:88:f6: 40:9c:b5:96:0f:db:eb:86:fa:55:23:5d:44:5d:c4:4b:f9:3d: 35:77:7a:c2:f6:a9:b2:48:09:40:37:c4:d9:56:8d:85:47:57: ea:77:e9:40:67:f1:e6:0d:38:25:0a:d6:6e:2b:e9:95:2c:e1: 9b:96:68:bf:8f:aa:9b:2a:7f:07:04:83:22:02:cf:88:88:01: f5:4a:d1:b1:dd:40:c0:f7:a1:2a:b2:7a:1c:20:ca:98:94:5d: 05:21:68:94:b6:17:d1:ed:8b:f0:c7:4e:8b:55:4e:47:06:97: bd:d8:2a:85 -----BEGIN CERTIFICATE----- MIIFQzCCBCugAwIBAgISAZt4NNVsgkZ1ByEnHuW0/W30MA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDQwZWY1ODQ5OTMwY2M5ZGQ3NDIxMWZiMzdlMjQxMTgyNDlh MWZjNDAwHhcNMjYwMTAxMDYxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD Eyg5MWZjMzk5NTNlNzU5YTYyNDFmNmJmYTZjY2Y5ZDgwNWMzYjRlZTI3MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHHL/zM0jVU1VOiq8JNM5ZzB2fof K4gvZJizlg4Ym4cE0RrLnp7mKLJHcMIAfOk60D6X3Fi1Y4a64B62ub85GrK3M73g uCxjsPohsHRsOI00bTda6G6/oQHweoTK1Niw9MFOM4EENoWpf8s1tJJAPFa3yMbQ YHgBPVoRh9H5x0V9HhKRC+1WbpwOf4208ixb0W6oN8LFUzSahb6Dv1F7/Z4Op33w Uti/qw4QpMMGc3abbIaVObMu/JEc36LTzyZdTiSA/8AzXrm1N2vm674KoaSJ4KlB JByoqEI9k3yXHt7Jy387yGgdYt9v7l13IBDjd1VcSd90dthPGhrlUAjOWQIDAQAB o4ICTzCCAkswHQYDVR0OBBYEFJH8OZU+dZpiQfa/psz52AXDtO4nMB8GA1UdIwQY MBaAFEDvWEmTDMnddCEfs34kEYJJofxAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv c2l0b3J5L0RFRkFVTFQvUU85WVNaTU15ZDEwSVItemZpUVJna21oX0VBLmNlcjCB jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9lZWEyMWEtYzlkMy00YzZkLTlhNTIt OWIyYzZiMDhhODRhLzEva2Z3NWxUNTFtbUpCOXItbXpQbllCY08wN2ljLnJvYTCB gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv cnkvREVGQVVMVC84MC9lZWEyMWEtYzlkMy00YzZkLTlhNTItOWIyYzZiMDhhODRh LzEvUU85WVNaTU15ZDEwSVItemZpUVJna21oX0VBLmNybDAYBgNVHSABAf8EDjAM MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBCBAIAATA8AwQEBSwQAwQE LhRwAwQFPoCAAwQDU4mAAwQFU97gAwQDX4JIAwQFsEqgAwQCuR2wAwQCuSEEAwQF 1DVAMA4EAgACMAgDBgQqA4oAADANBgkqhkiG9w0BAQsFAAOCAQEAal1e9Jdv/TOM 2nHpOOZmH7AL7WdIq11EYupnCaJoPhIHgEo1aqXcUxBwre/wEdVz3WMUWF3Lb39z 0HeOZrMr5B5kvV1s+Lzcht/w7tvHoZDW50WxIcMp7csC3OTNpHgrDg/9h93DZzNQ zAY43Ci0vh8pXnUt/QpbuKwAzhojbHD2ImGQsv+02GUkcLZv2Yj2QJy1lg/b64b6 VSNdRF3ES/k9NXd6wvapskgJQDfE2VaNhUdX6nfpQGfx5g04JQrWbivplSzhm5Zo v4+qmyp/BwSDIgLPiIgB9UrRsd1AwPehKrJ6HCDKmJRdBSFolLYX0e2L8MdOi1VO RwaXvdgqhQ== -----END CERTIFICATE-----Generated at Sun Jan 25 21:05:02 2026 by rpki-client