This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/249r9UNKqjLT5fETsAxbsUAvZ_Y.cer
File:                     249r9UNKqjLT5fETsAxbsUAvZ_Y.cer (raw, json)
Hash identifier:          JX7DZiXpKUAb5R5WNmqwVme/5bfvIPi7TA9jljPoUV8=
Subject key identifier:   DB:8F:6B:F5:43:4A:AA:32:D3:E5:F1:13:B0:0C:5B:B1:40:2F:67:F6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7C7F579FAC7D265FC7B4546CE6F4224C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1a/9f3394-6b7b-4ca0-9e21-d9796794c61c/1/249r9UNKqjLT5fETsAxbsUAvZ_Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1a/9f3394-6b7b-4ca0-9e21-d9796794c61c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 02:17:58 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 216401
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:10:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:57:9f:ac:7d:26:5f:c7:b4:54:6c:e6:f4:22:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db8f6bf5434aaa32d3e5f113b00c5bb1402f67f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0b:12:a5:17:9b:a2:cc:26:0b:86:45:1e:a5:
                    83:6d:23:ef:7e:1a:b5:17:5c:f1:a9:9f:76:f8:fd:
                    94:ae:7a:4b:d3:f9:66:d9:1e:d9:2d:43:05:2f:1a:
                    89:fd:90:07:44:38:70:2b:31:e5:74:22:ac:e9:45:
                    06:27:35:d2:c3:4b:a7:de:b4:29:91:18:ce:39:4b:
                    4f:2b:a6:a0:15:60:63:05:ae:45:3e:0e:cb:22:82:
                    6a:ed:cf:ad:06:0b:0c:16:d9:00:d8:55:10:ab:17:
                    55:20:6a:dd:40:60:b2:bc:8e:33:74:36:a6:3b:23:
                    b8:ff:2a:a4:d5:9e:28:7f:4f:49:e0:6c:43:59:47:
                    b3:2c:83:06:05:62:04:8e:5f:76:8c:20:70:67:43:
                    01:09:42:29:e7:86:99:a0:c7:7c:71:be:e9:8d:22:
                    03:b0:a6:c4:b1:31:a0:79:35:67:9a:77:1f:f3:cb:
                    50:a9:2c:7e:5d:54:a6:14:2d:47:2b:5a:ea:65:59:
                    c5:17:52:46:a2:46:2b:9b:d3:19:6b:0e:b0:e8:cb:
                    79:c2:4e:b9:6a:9f:51:b0:94:6b:53:a2:5e:8e:41:
                    2a:fe:14:7d:6c:05:fa:fe:e2:47:07:f7:bd:8c:e0:
                    62:9f:03:e1:b7:0b:22:a5:2d:24:5e:d0:63:f0:6c:
                    b7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:8F:6B:F5:43:4A:AA:32:D3:E5:F1:13:B0:0C:5B:B1:40:2F:67:F6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/9f3394-6b7b-4ca0-9e21-d9796794c61c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/9f3394-6b7b-4ca0-9e21-d9796794c61c/1/249r9UNKqjLT5fETsAxbsUAvZ_Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216401

    Signature Algorithm: sha256WithRSAEncryption
         7f:ea:f4:69:90:92:9c:8c:93:db:a5:e8:ed:12:14:85:00:d7:
         17:ba:f1:14:c4:55:5d:e7:5c:dc:dd:9c:3a:4d:f8:fe:fe:03:
         0c:a6:fe:4b:96:93:aa:d3:c4:07:8c:b5:8e:8e:18:82:97:85:
         ef:58:06:9c:78:95:9d:17:c0:67:94:72:eb:13:a4:e4:20:ce:
         6a:59:24:d9:dd:70:d4:87:58:80:2e:b7:3b:e8:6c:45:72:ec:
         dd:7a:67:fa:aa:9f:18:51:b9:e0:8b:66:9e:3b:91:91:67:cf:
         35:b0:b7:27:1e:14:a4:7c:58:66:a2:52:43:47:3c:da:9d:af:
         ee:b9:98:8a:f2:e6:4d:97:f6:c9:9b:e3:99:97:61:c7:e1:8e:
         3d:ca:dc:e0:36:4d:84:34:8a:b0:5a:90:ff:30:7f:e1:fe:f9:
         d5:09:e6:a2:de:e5:ff:61:6b:f1:06:d8:03:4d:87:d6:76:d5:
         42:ba:ca:06:1d:57:36:82:6c:c4:36:5d:d6:7e:9f:16:41:7e:
         a2:2e:1f:08:b5:74:ed:9a:12:de:17:b5:74:80:07:2d:5c:3a:
         c5:8f:00:01:fc:1e:a8:3d:bb:2c:6d:8f:c2:0e:22:27:51:16:
         a5:df:0d:b6:40:14:c1:81:df:da:6a:cd:66:ab:78:94:7f:5a:
         fe:22:45:83
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt8f1efrH0mX8e0VGzm9CJMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDIxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjhmNmJmNTQzNGFhYTMyZDNlNWYxMTNiMDBjNWJiMTQwMmY2N2Y2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAsSpReboswmC4ZFHqWDbSPvfhq1
F1zxqZ92+P2UrnpL0/lm2R7ZLUMFLxqJ/ZAHRDhwKzHldCKs6UUGJzXSw0un3rQp
kRjOOUtPK6agFWBjBa5FPg7LIoJq7c+tBgsMFtkA2FUQqxdVIGrdQGCyvI4zdDam
OyO4/yqk1Z4of09J4GxDWUezLIMGBWIEjl92jCBwZ0MBCUIp54aZoMd8cb7pjSID
sKbEsTGgeTVnmncf88tQqSx+XVSmFC1HK1rqZVnFF1JGokYrm9MZaw6w6Mt5wk65
ap9RsJRrU6JejkEq/hR9bAX6/uJHB/e9jOBinwPhtwsipS0kXtBj8Gy3lwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFNuPa/VDSqoy0+XxE7AMW7FAL2f2MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFhLzlmMzM5
NC02YjdiLTRjYTAtOWUyMS1kOTc5Njc5NGM2MWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWEvOWYzMzk0
LTZiN2ItNGNhMC05ZTIxLWQ5Nzk2Nzk0YzYxYy8xLzI0OXI5VU5LcWpMVDVmRVRz
QXhic1VBdlpfWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNNUTANBgkqhkiG9w0BAQsFAAOCAQEAf+r0aZCSnIyT
26Xo7RIUhQDXF7rxFMRVXedc3N2cOk34/v4DDKb+S5aTqtPEB4y1jo4YgpeF71gG
nHiVnRfAZ5Ry6xOk5CDOalkk2d1w1IdYgC63O+hsRXLs3Xpn+qqfGFG54ItmnjuR
kWfPNbC3Jx4UpHxYZqJSQ0c82p2v7rmYivLmTZf2yZvjmZdhx+GOPcrc4DZNhDSK
sFqQ/zB/4f751Qnmot7l/2Fr8QbYA02H1nbVQrrKBh1XNoJsxDZd1n6fFkF+oi4f
CLV07ZoS3he1dIAHLVw6xY8AAfweqD27LG2Pwg4iJ1EWpd8NtkAUwYHf2mrNZqt4
lH9a/iJFgw==
-----END CERTIFICATE-----