This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3ThzMD0tbiOKW9he1YZ7ZDFY_BQ.cer
File:                     3ThzMD0tbiOKW9he1YZ7ZDFY_BQ.cer (raw, json)
Hash identifier:          pMIhBhH/yPmu3sIGGbsrfkhLnpYr3oQoTxxatd5N5bw=
Subject key identifier:   DD:38:73:30:3D:2D:6E:23:8A:5B:D8:5E:D5:86:7B:64:31:58:FC:14
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7BA393C96EC8DD007937E7BA73256113
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/78/5e28da-32e1-40b9-bb30-d3db277ecdfa/1/3ThzMD0tbiOKW9he1YZ7ZDFY_BQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/78/5e28da-32e1-40b9-bb30-d3db277ecdfa/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 22:17:56 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 205211
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:93:c9:6e:c8:dd:00:79:37:e7:ba:73:25:61:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dd3873303d2d6e238a5bd85ed5867b643158fc14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:34:9b:27:c8:07:76:87:17:55:b7:ae:3e:29:
                    ed:2e:93:b2:59:37:7b:6e:a2:ef:98:52:0c:49:a8:
                    71:b0:75:32:2d:01:b6:70:17:b5:c2:11:ce:b8:20:
                    b2:72:54:e8:55:da:71:34:ee:09:76:8b:56:ac:42:
                    61:2f:04:6e:ce:fc:c0:fa:ef:40:ee:bf:90:67:6f:
                    3a:6d:3d:d5:84:bd:0c:eb:77:f6:01:2e:04:dc:50:
                    57:a6:23:dd:57:74:82:b2:0c:29:98:2e:b1:95:e9:
                    e0:95:af:31:2a:5e:ad:ed:ac:15:e7:01:fd:6f:f2:
                    56:a0:df:38:38:00:85:11:fb:29:ac:ea:16:f0:e4:
                    26:c5:a8:44:c3:d8:dd:52:1b:ff:3c:26:12:a8:89:
                    36:02:dc:61:65:ac:6f:4e:ee:56:f6:5d:ad:11:1e:
                    9d:35:dc:95:6c:8f:66:a2:e6:7a:78:2e:70:88:d5:
                    ec:dd:3b:35:1b:83:6e:cf:bf:50:f6:e9:ec:bb:54:
                    b1:2b:45:de:73:23:4f:fe:5d:e0:24:3b:fb:79:97:
                    a5:ef:0e:9d:81:c1:10:e3:03:11:a3:c4:76:f7:12:
                    6b:0b:93:b5:63:0d:d0:e3:88:50:24:e6:d1:bd:51:
                    9e:50:7a:dc:6c:77:24:50:25:be:c5:13:34:b7:f2:
                    1a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:38:73:30:3D:2D:6E:23:8A:5B:D8:5E:D5:86:7B:64:31:58:FC:14
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/5e28da-32e1-40b9-bb30-d3db277ecdfa/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/5e28da-32e1-40b9-bb30-d3db277ecdfa/1/3ThzMD0tbiOKW9he1YZ7ZDFY_BQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205211

    Signature Algorithm: sha256WithRSAEncryption
         83:39:65:5e:db:aa:10:a5:0b:59:ac:dd:dd:39:d0:e5:49:06:
         ea:29:97:35:89:90:66:82:df:68:24:50:88:9d:85:27:0e:25:
         14:42:9c:a9:ed:2e:25:07:41:79:ad:fa:4a:58:ae:a0:8e:f2:
         7b:86:ba:a9:e4:b0:7c:b7:b8:05:d8:de:cd:59:93:4e:9d:77:
         a1:31:fb:e4:0b:7a:be:78:9b:de:4a:2a:e7:54:7f:c8:d5:bc:
         e0:8f:71:af:41:d8:29:36:96:bd:04:76:aa:d6:d8:db:19:37:
         e2:6d:71:08:09:ac:75:b5:2e:db:36:fb:5d:24:2f:d0:01:d1:
         7a:f3:43:a8:ae:9b:19:d3:f6:69:e5:56:94:cb:c6:ce:0e:f3:
         01:2e:20:46:70:74:08:23:48:80:87:d1:ba:c4:20:c7:d2:6a:
         9e:c0:28:25:53:31:c5:13:0b:81:bb:c3:15:33:a0:c7:51:4b:
         c1:18:37:ab:7b:b5:9f:19:06:e7:2a:df:5d:3d:6a:1b:77:d2:
         e7:cf:a0:ad:6d:70:2d:9f:b7:e0:37:51:b3:53:01:1c:2a:69:
         48:4c:e5:47:4c:43:66:bd:f2:23:c1:66:c0:eb:a7:16:ef:54:
         54:62:52:0e:ff:ae:57:46:a9:1f:cb:85:11:37:fe:18:21:cc:
         ea:c4:eb:4d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt7o5PJbsjdAHk357pzJWETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMjIxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDM4NzMzMDNkMmQ2ZTIzOGE1YmQ4NWVkNTg2N2I2NDMxNThmYzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjSbJ8gHdocXVbeuPintLpOyWTd7
bqLvmFIMSahxsHUyLQG2cBe1whHOuCCyclToVdpxNO4JdotWrEJhLwRuzvzA+u9A
7r+QZ286bT3VhL0M63f2AS4E3FBXpiPdV3SCsgwpmC6xlengla8xKl6t7awV5wH9
b/JWoN84OACFEfsprOoW8OQmxahEw9jdUhv/PCYSqIk2AtxhZaxvTu5W9l2tER6d
NdyVbI9mouZ6eC5wiNXs3Ts1G4Nuz79Q9unsu1SxK0XecyNP/l3gJDv7eZel7w6d
gcEQ4wMRo8R29xJrC5O1Yw3Q44hQJObRvVGeUHrcbHckUCW+xRM0t/IavwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFN04czA9LW4jilvYXtWGe2QxWPwUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc4LzVlMjhk
YS0zMmUxLTQwYjktYmIzMC1kM2RiMjc3ZWNkZmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvNWUyOGRh
LTMyZTEtNDBiOS1iYjMwLWQzZGIyNzdlY2RmYS8xLzNUaHpNRDB0YmlPS1c5aGUx
WVo3WkRGWV9CUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMhmzANBgkqhkiG9w0BAQsFAAOCAQEAgzllXtuqEKUL
Wazd3TnQ5UkG6imXNYmQZoLfaCRQiJ2FJw4lFEKcqe0uJQdBea36SliuoI7ye4a6
qeSwfLe4BdjezVmTTp13oTH75At6vnib3koq51R/yNW84I9xr0HYKTaWvQR2qtbY
2xk34m1xCAmsdbUu2zb7XSQv0AHRevNDqK6bGdP2aeVWlMvGzg7zAS4gRnB0CCNI
gIfRusQgx9JqnsAoJVMxxRMLgbvDFTOgx1FLwRg3q3u1nxkG5yrfXT1qG3fS58+g
rW1wLZ+34DdRs1MBHCppSEzlR0xDZr3yI8FmwOunFu9UVGJSDv+uV0apH8uFETf+
GCHM6sTrTQ==
-----END CERTIFICATE-----