This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1gTknpKDBavLjzLe8_78A-u83kQ.cer
File:                     1gTknpKDBavLjzLe8_78A-u83kQ.cer (raw, json)
Hash identifier:          ISrTk2ctW753fQ7sxFLxqVN/e687u+W2TVAEb5x8+sw=
Subject key identifier:   D6:04:E4:9E:92:83:05:AB:CB:8F:32:DE:F3:FE:FC:03:EB:BC:DE:44
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7C1348244C28DB9D4F5D8CEB69D12EF0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/1gTknpKDBavLjzLe8_78A-u83kQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 00:19:57 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 141.19.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 06:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:48:24:4c:28:db:9d:4f:5d:8c:eb:69:d1:2e:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:19:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d604e49e928305abcb8f32def3fefc03ebbcde44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b1:76:38:5b:2a:60:52:fa:2c:85:d4:07:4b:
                    20:dc:0b:1f:49:2c:a0:24:1e:a2:ce:50:47:a0:48:
                    f8:2c:74:4b:ff:c9:b9:81:11:c7:1c:2c:3c:53:a6:
                    52:16:be:34:3e:34:e6:b2:6b:1b:bd:a4:e4:30:2d:
                    5f:16:01:00:5c:8a:07:5e:40:24:9c:80:98:7e:a9:
                    69:09:fd:80:94:f8:16:a7:00:6c:53:c1:41:c8:da:
                    1a:75:ee:07:c7:53:88:70:9c:20:9f:0d:96:64:c4:
                    2c:89:ff:5e:8a:40:e5:95:21:53:a3:e4:a0:e4:00:
                    9b:c0:ef:b4:34:c4:f5:ec:76:08:f3:80:9e:0d:f1:
                    6d:54:0c:03:63:76:c2:fd:e6:9c:5d:60:a1:1d:31:
                    0f:13:19:71:98:b8:bd:43:90:5c:7a:1a:5a:6f:c5:
                    ef:dc:77:1a:bf:d9:78:b9:0e:82:35:e5:3f:fd:74:
                    85:37:3c:90:5f:24:dd:41:78:85:8b:6a:70:b0:8d:
                    ab:00:4d:d8:9e:37:3b:d3:f3:8b:41:95:24:57:54:
                    2c:11:94:39:7c:4f:6c:00:f2:fe:2f:e7:39:39:1a:
                    2b:eb:8b:a5:d2:d5:56:8c:11:64:67:02:7c:e3:ce:
                    cd:07:d0:9a:54:4c:2c:05:19:ea:1c:16:da:44:95:
                    09:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:04:E4:9E:92:83:05:AB:CB:8F:32:DE:F3:FE:FC:03:EB:BC:DE:44
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/a830a2-0271-4de9-bc38-03c82157421a/1/1gTknpKDBavLjzLe8_78A-u83kQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.19.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         39:a3:e0:f1:11:aa:29:3d:34:c4:f2:88:2b:ec:69:7a:38:1d:
         6d:f8:b0:d6:76:5e:72:80:0c:95:fd:8c:fc:d1:87:8c:1f:3b:
         96:d3:38:6c:8d:20:a1:ff:4c:8f:bc:8a:4c:8a:42:4e:66:3c:
         43:c5:8c:c4:56:cf:6f:35:86:10:a8:73:6c:87:71:18:9e:25:
         06:29:66:0a:4b:c5:ef:c3:8a:e1:40:34:d9:3c:a5:18:d2:44:
         43:70:52:c8:1e:eb:25:9e:9a:53:05:3e:40:c6:d8:80:2e:8e:
         a1:ed:42:5e:61:ce:a0:e9:bb:6d:79:96:b1:4e:4c:c3:e2:9c:
         43:84:07:5d:a7:3d:05:7f:79:aa:0e:f3:e5:43:46:9d:ef:e2:
         85:30:83:c6:64:b1:f9:d3:33:c1:46:3a:4c:3f:25:b1:d4:c0:
         2f:0d:61:b8:0f:94:78:7f:04:1c:5b:0a:78:f1:98:43:e2:a7:
         b2:06:81:05:49:7d:8e:34:ee:55:09:4f:9e:8e:ef:64:11:6c:
         d5:05:18:b2:a3:da:42:0b:b6:71:47:d9:18:a6:56:64:54:70:
         98:d8:16:5e:95:d8:fe:e7:e8:12:69:af:4c:c9:28:76:72:7e:
         ba:0f:37:3a:ca:10:94:bd:c0:be:7a:51:aa:59:0f:d1:8e:36:
         9e:78:d9:24
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZt8E0gkTCjbnU9djOtp0S7wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDAxOTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjA0ZTQ5ZTkyODMwNWFiY2I4ZjMyZGVmM2ZlZmMwM2ViYmNkZTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnrF2OFsqYFL6LIXUB0sg3AsfSSyg
JB6izlBHoEj4LHRL/8m5gRHHHCw8U6ZSFr40PjTmsmsbvaTkMC1fFgEAXIoHXkAk
nICYfqlpCf2AlPgWpwBsU8FByNoade4Hx1OIcJwgnw2WZMQsif9eikDllSFTo+Sg
5ACbwO+0NMT17HYI84CeDfFtVAwDY3bC/eacXWChHTEPExlxmLi9Q5Bcehpab8Xv
3Hcav9l4uQ6CNeU//XSFNzyQXyTdQXiFi2pwsI2rAE3Ynjc70/OLQZUkV1QsEZQ5
fE9sAPL+L+c5ORor64ul0tVWjBFkZwJ8487NB9CaVEwsBRnqHBbaRJUJ5QIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFNYE5J6SgwWry48y3vP+/APrvN5EMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEwL2E4MzBh
Mi0wMjcxLTRkZTktYmMzOC0wM2M4MjE1NzQyMWEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAvYTgzMGEy
LTAyNzEtNGRlOS1iYzM4LTAzYzgyMTU3NDIxYS8xLzFnVGtucEtEQmF2TGp6TGU4
Xzc4QS11ODNrUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAjRMwDQYJKoZIhvcNAQELBQADggEBADmj4PER
qik9NMTyiCvsaXo4HW34sNZ2XnKADJX9jPzRh4wfO5bTOGyNIKH/TI+8ikyKQk5m
PEPFjMRWz281hhCoc2yHcRieJQYpZgpLxe/DiuFANNk8pRjSRENwUsge6yWemlMF
PkDG2IAujqHtQl5hzqDpu215lrFOTMPinEOEB12nPQV/eaoO8+VDRp3v4oUwg8Zk
sfnTM8FGOkw/JbHUwC8NYbgPlHh/BBxbCnjxmEPip7IGgQVJfY407lUJT56O72QR
bNUFGLKj2kILtnFH2RimVmRUcJjYFl6V2P7n6BJpr0zJKHZyfroPNzrKEJS9wL56
UapZD9GONp542SQ=
-----END CERTIFICATE-----