This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-2fE4ThzE8A0RTje_SzPoDTnwww.cer
File:                     1-2fE4ThzE8A0RTje_SzPoDTnwww.cer (raw, json)
Hash identifier:          goBVxS9HMwTUmaM7kd+ekXPTO/PqYLerbs66TIcjSNY=
Subject key identifier:   FB:67:C4:E1:38:73:13:C0:34:45:38:DE:FD:2C:CF:A0:34:E7:C3:0C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7BA3869B58F54920B21B47581F6AF8EC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1c/43b363-d64a-4507-a6fd-e50ce5367e7b/1/1-2fE4ThzE8A0RTje_SzPoDTnwww.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1c/43b363-d64a-4507-a6fd-e50ce5367e7b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 22:17:53 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 203629
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:86:9b:58:f5:49:20:b2:1b:47:58:1f:6a:f8:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fb67c4e1387313c0344538defd2ccfa034e7c30c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:1c:93:d3:f3:6d:7f:24:fc:b9:00:af:d8:40:
                    4a:d8:e8:65:f6:94:4b:be:16:0f:8d:07:fc:29:ea:
                    67:d7:6a:21:aa:f3:aa:16:bf:bc:c8:73:74:5a:40:
                    68:39:6c:2e:93:86:e7:50:70:a7:8e:e0:eb:b6:bb:
                    b2:00:86:b7:ba:a8:e9:cc:a7:13:a9:d1:e8:c6:6d:
                    f6:ff:bd:76:6f:c4:75:8c:72:72:a7:85:b7:c6:e7:
                    b5:bb:90:c6:74:27:84:6d:9a:d9:ef:11:96:c1:22:
                    14:5a:43:55:5d:95:ab:98:35:10:d9:76:61:05:1e:
                    7e:b3:51:76:f6:fe:83:96:73:ef:0b:f8:9f:be:73:
                    be:93:93:25:52:c8:6a:bf:a4:ef:f0:1a:03:8d:98:
                    64:cb:6d:c9:7f:57:55:82:ec:92:d2:ef:c2:cb:de:
                    59:2f:7d:8d:7f:91:36:05:bd:20:cf:61:00:58:06:
                    7c:6f:a8:b1:5a:01:8a:9d:89:a3:de:ba:30:cc:46:
                    aa:96:e6:f4:50:cc:ab:31:4e:94:47:91:ec:4b:3a:
                    06:2f:e4:2c:aa:99:40:88:18:34:31:0d:f5:be:c4:
                    50:24:f9:1a:c2:50:23:71:96:6a:3c:b3:92:2e:63:
                    ea:25:ae:f9:c9:38:05:53:c2:18:6e:32:5a:3b:ec:
                    5b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:67:C4:E1:38:73:13:C0:34:45:38:DE:FD:2C:CF:A0:34:E7:C3:0C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/43b363-d64a-4507-a6fd-e50ce5367e7b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/43b363-d64a-4507-a6fd-e50ce5367e7b/1/1-2fE4ThzE8A0RTje_SzPoDTnwww.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203629

    Signature Algorithm: sha256WithRSAEncryption
         7c:c5:0d:fe:64:af:ab:79:de:87:f9:3e:15:19:83:77:c5:e7:
         cc:06:32:21:6d:01:d9:69:6f:32:0c:d0:be:59:a5:cb:0b:9b:
         15:c5:ae:96:9a:15:f9:26:19:07:fc:37:a8:fd:e3:e8:2c:61:
         bd:93:7a:1f:51:99:1f:20:f1:97:6f:30:6b:b0:cf:45:28:ac:
         80:3d:be:34:56:ca:f6:47:51:51:66:2d:b9:10:30:2d:08:f2:
         f7:85:2d:7d:66:2a:81:70:af:95:1d:7b:4d:de:b5:7d:68:b1:
         38:e2:bb:10:86:06:62:40:9f:f8:76:43:ea:8f:9a:63:e0:78:
         9a:97:8e:94:7b:f4:15:14:04:ae:5d:2a:81:ae:6a:c6:ce:f8:
         e1:45:ec:21:ae:48:03:68:7b:8c:45:d3:3a:bd:c4:bb:c8:6b:
         fa:2e:59:dc:9f:49:d8:ce:db:e5:d4:06:ff:50:fe:21:2c:97:
         1a:26:2f:a0:b5:3a:28:95:65:53:ab:30:18:9a:30:b3:2e:36:
         f0:83:00:7c:af:ec:f8:b3:60:54:e3:65:d2:e2:4b:0f:bc:eb:
         69:81:da:55:37:81:a5:eb:d6:49:72:08:97:b1:17:77:d9:03:
         47:87:c0:9d:dd:9f:6d:81:6c:1d:d8:44:d0:0a:8e:4b:6b:9c:
         d9:cb:9d:4d
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgISAZt7o4abWPVJILIbR1gfavjsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMjIxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjY3YzRlMTM4NzMxM2MwMzQ0NTM4ZGVmZDJjY2ZhMDM0ZTdjMzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ByT0/NtfyT8uQCv2EBK2Ohl9pRL
vhYPjQf8Kepn12ohqvOqFr+8yHN0WkBoOWwuk4bnUHCnjuDrtruyAIa3uqjpzKcT
qdHoxm32/712b8R1jHJyp4W3xue1u5DGdCeEbZrZ7xGWwSIUWkNVXZWrmDUQ2XZh
BR5+s1F29v6DlnPvC/ifvnO+k5MlUshqv6Tv8BoDjZhky23Jf1dVguyS0u/Cy95Z
L32Nf5E2Bb0gz2EAWAZ8b6ixWgGKnYmj3rowzEaqlub0UMyrMU6UR5HsSzoGL+Qs
qplAiBg0MQ31vsRQJPkawlAjcZZqPLOSLmPqJa75yTgFU8IYbjJaO+xbywIDAQAB
o4ICgDCCAnwwHQYDVR0OBBYEFPtnxOE4cxPANEU43v0sz6A058MMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFjLzQzYjM2
My1kNjRhLTQ1MDctYTZmZC1lNTBjZTUzNjdlN2IvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWMvNDNiMzYz
LWQ2NGEtNDUwNy1hNmZkLWU1MGNlNTM2N2U3Yi8xLzEtMmZFNFRoekU4QTBSVGpl
X1N6UG9EVG53d3cubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEF
BQcBCAEB/wQLMAmgBzAFAgMDG20wDQYJKoZIhvcNAQELBQADggEBAHzFDf5kr6t5
3of5PhUZg3fF58wGMiFtAdlpbzIM0L5ZpcsLmxXFrpaaFfkmGQf8N6j94+gsYb2T
eh9RmR8g8ZdvMGuwz0UorIA9vjRWyvZHUVFmLbkQMC0I8veFLX1mKoFwr5Ude03e
tX1osTjiuxCGBmJAn/h2Q+qPmmPgeJqXjpR79BUUBK5dKoGuasbO+OFF7CGuSANo
e4xF0zq9xLvIa/ouWdyfSdjO2+XUBv9Q/iEslxomL6C1OiiVZVOrMBiaMLMuNvCD
AHyv7PizYFTjZdLiSw+862mB2lU3gaXr1klyCJexF3fZA0eHwJ3dn22BbB3YRNAK
jktrnNnLnU0=
-----END CERTIFICATE-----