This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2xqlqI_mUM51-73mL66AzGIz3Ms.cer
File:                     2xqlqI_mUM51-73mL66AzGIz3Ms.cer (raw, json)
Hash identifier:          hjc4Sxs2EMIbkodlraFZORxZqCTeCCCW4UtEkIa7Qac=
Subject key identifier:   DB:1A:A5:A8:8F:E6:50:CE:75:FB:BD:E6:2F:AE:80:CC:62:33:DC:CB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5C7324E1532EC5BE72412E23EC34D0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/37/7db3b8-9863-49bb-90f0-d5bdcb630177/1/2xqlqI_mUM51-73mL66AzGIz3Ms.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/37/7db3b8-9863-49bb-90f0-d5bdcb630177/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:19:29 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 60240
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:10:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:73:24:e1:53:2e:c5:be:72:41:2e:23:ec:34:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:19:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db1aa5a88fe650ce75fbbde62fae80cc6233dccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:78:da:3b:4e:59:45:9b:82:c0:54:e0:b3:2e:
                    cc:f5:a2:78:91:7f:ad:52:10:82:10:0f:6b:81:d4:
                    cd:86:5f:61:b8:55:8b:eb:49:39:99:8e:0d:45:0d:
                    17:c9:9e:3d:5a:7c:be:c2:f1:78:40:41:f9:c9:54:
                    d7:a6:83:22:b1:40:88:bd:f4:9c:9a:78:1c:d8:67:
                    9c:0f:b7:37:c6:aa:0b:b9:ab:5a:a3:43:02:d5:8c:
                    c0:74:e8:cd:f7:6a:e6:71:99:5e:a9:ff:4c:69:dd:
                    75:14:8f:e6:00:92:02:38:00:02:93:28:b5:bb:6b:
                    c5:e9:43:4d:7a:ce:e1:19:f7:66:db:1d:38:8f:02:
                    31:1c:45:85:ec:ef:5c:a9:52:67:28:8b:c0:fb:9c:
                    b2:5f:77:da:fa:e4:5d:f9:5a:3d:c7:aa:be:67:3f:
                    da:dd:f5:57:eb:80:cc:6b:6a:18:0b:80:51:5e:ba:
                    c4:b8:6e:c6:00:eb:5c:a7:54:0f:24:5b:61:c2:d9:
                    e8:b9:f5:64:be:c6:96:4b:75:fc:38:53:98:10:79:
                    be:d4:96:b5:47:5b:07:a1:da:ca:98:63:c8:95:cb:
                    b9:5f:7e:27:b7:c4:91:3a:2a:db:db:f8:48:67:5b:
                    51:3f:43:ef:f3:90:88:08:f3:81:82:f9:e8:24:2e:
                    8c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:1A:A5:A8:8F:E6:50:CE:75:FB:BD:E6:2F:AE:80:CC:62:33:DC:CB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/7db3b8-9863-49bb-90f0-d5bdcb630177/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/7db3b8-9863-49bb-90f0-d5bdcb630177/1/2xqlqI_mUM51-73mL66AzGIz3Ms.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  60240

    Signature Algorithm: sha256WithRSAEncryption
         4c:b6:99:f8:93:ce:8e:f3:c1:27:4a:39:e0:ca:db:c1:c2:34:
         19:e0:a5:92:da:a1:15:dc:b7:ed:3a:e8:47:6e:84:f9:20:4f:
         95:17:dd:ab:8e:e7:ba:0a:e9:56:18:30:38:6d:c6:b7:2e:36:
         cd:a4:0e:b4:00:54:e9:cf:4a:d3:2e:df:c3:d0:52:07:7c:2b:
         9c:2b:bf:ae:a7:a4:35:74:29:05:75:df:5b:e6:5e:71:6f:0a:
         9a:05:c3:7a:0f:27:df:92:d5:42:67:1d:b5:19:3a:95:00:16:
         47:f6:f1:e5:af:36:1e:8e:45:c6:50:b9:b5:8c:b1:fe:e6:f3:
         45:a0:7b:7f:21:ba:ff:82:08:fe:8c:5a:1d:25:39:40:a1:b9:
         e7:e0:83:35:6d:8f:ac:8b:69:3e:b6:8c:5d:22:a6:5f:35:82:
         64:a0:bd:4e:80:c5:4d:0e:49:73:59:01:b2:3d:6f:9f:6d:5c:
         2b:1d:f7:24:6b:37:60:3b:e2:73:54:9a:36:a9:65:d7:c7:1d:
         a3:4d:15:ad:74:a5:7f:a9:2d:ff:30:ce:2d:d7:51:f8:73:5f:
         f8:62:b2:a5:86:0b:4a:bb:cb:9c:d1:cd:8d:ee:33:27:02:ed:
         da:9a:72:27:ff:0c:63:20:19:87:d4:a7:95:7d:c7:d7:ac:fd:
         6c:54:70:a4
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt9XHMk4VMuxb5yQS4j7DTQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYxOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjFhYTVhODhmZTY1MGNlNzVmYmJkZTYyZmFlODBjYzYyMzNkY2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHjaO05ZRZuCwFTgsy7M9aJ4kX+t
UhCCEA9rgdTNhl9huFWL60k5mY4NRQ0XyZ49Wny+wvF4QEH5yVTXpoMisUCIvfSc
mngc2GecD7c3xqoLuatao0MC1YzAdOjN92rmcZleqf9Mad11FI/mAJICOAACkyi1
u2vF6UNNes7hGfdm2x04jwIxHEWF7O9cqVJnKIvA+5yyX3fa+uRd+Vo9x6q+Zz/a
3fVX64DMa2oYC4BRXrrEuG7GAOtcp1QPJFthwtnoufVkvsaWS3X8OFOYEHm+1Ja1
R1sHodrKmGPIlcu5X34nt8SROirb2/hIZ1tRP0Pv85CICPOBgvnoJC6MkwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFNsapaiP5lDOdfu95i+ugMxiM9zLMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM3LzdkYjNi
OC05ODYzLTQ5YmItOTBmMC1kNWJkY2I2MzAxNzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcvN2RiM2I4
LTk4NjMtNDliYi05MGYwLWQ1YmRjYjYzMDE3Ny8xLzJ4cWxxSV9tVU01MS03M21M
NjZBekdJejNNcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDrUDANBgkqhkiG9w0BAQsFAAOCAQEATLaZ+JPOjvPB
J0o54MrbwcI0GeClktqhFdy37TroR26E+SBPlRfdq47nugrpVhgwOG3Gty42zaQO
tABU6c9K0y7fw9BSB3wrnCu/rqekNXQpBXXfW+ZecW8KmgXDeg8n35LVQmcdtRk6
lQAWR/bx5a82Ho5FxlC5tYyx/ubzRaB7fyG6/4II/oxaHSU5QKG55+CDNW2PrItp
PraMXSKmXzWCZKC9ToDFTQ5Jc1kBsj1vn21cKx33JGs3YDvic1SaNqll18cdo00V
rXSlf6kt/zDOLddR+HNf+GKypYYLSrvLnNHNje4zJwLt2ppyJ/8MYyAZh9SnlX3H
16z9bFRwpA==
-----END CERTIFICATE-----