This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3xgOBUPUcdzw2Dhg1r5jlcK4iIg.cer
File:                     3xgOBUPUcdzw2Dhg1r5jlcK4iIg.cer (raw, json)
Hash identifier:          rZAvHS+t+OKK0hpV2K3xVcSMdLoZrOIeuVtvCBkF9A4=
Subject key identifier:   DF:18:0E:05:43:D4:71:DC:F0:D8:38:60:D6:BE:63:95:C2:B8:88:88
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B76EB26937B341D1E404A3B1BA19706EB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/91/30f410-82bb-411a-b2bc-c4b1446c0d8b/1/3xgOBUPUcdzw2Dhg1r5jlcK4iIg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/91/30f410-82bb-411a-b2bc-c4b1446c0d8b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 00:18:00 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 199887
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:26:93:7b:34:1d:1e:40:4a:3b:1b:a1:97:06:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:18:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df180e0543d471dcf0d83860d6be6395c2b88888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ae:74:13:50:5b:c8:e2:d4:c9:bb:85:8f:5e:
                    89:6e:90:0d:b7:0c:f8:a5:85:43:2a:56:99:fd:64:
                    9c:9b:39:c3:ad:1f:b3:9a:4e:72:5c:88:ea:13:1e:
                    48:6b:56:8f:71:ba:f8:45:b1:e6:79:b2:86:87:8a:
                    51:57:ab:22:c8:47:33:a0:4c:89:09:ab:40:e5:b1:
                    60:fb:22:bd:e8:c5:ae:b1:72:63:f7:8b:8b:d4:79:
                    e1:14:6a:f8:92:bc:d8:1f:48:15:70:e4:c2:f1:ac:
                    13:70:40:d1:2d:00:7d:1d:28:d7:d6:53:f3:76:40:
                    05:55:dc:d9:2f:a4:f0:af:02:ba:73:b6:a9:fa:46:
                    d1:e1:94:bc:dd:90:d0:82:f8:f0:c0:99:8c:a8:2e:
                    f7:ec:e2:46:e2:7f:03:35:8a:30:af:be:15:2f:10:
                    2c:97:22:a0:84:a0:d6:78:52:10:a8:99:99:f0:af:
                    f1:e6:6d:a0:b1:9c:30:81:47:41:3e:61:8a:ee:b0:
                    00:20:76:05:d2:5d:0f:0e:89:83:d5:26:36:4f:bf:
                    e0:0e:18:6b:4a:6a:38:85:23:74:a8:87:47:05:22:
                    4d:09:53:4b:24:69:18:a5:2f:a9:3b:b4:76:8f:4b:
                    49:94:56:de:60:a8:7a:5b:5f:30:47:6b:b2:e4:5a:
                    40:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:18:0E:05:43:D4:71:DC:F0:D8:38:60:D6:BE:63:95:C2:B8:88:88
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/30f410-82bb-411a-b2bc-c4b1446c0d8b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/30f410-82bb-411a-b2bc-c4b1446c0d8b/1/3xgOBUPUcdzw2Dhg1r5jlcK4iIg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199887

    Signature Algorithm: sha256WithRSAEncryption
         0a:de:b8:dc:01:ac:3f:21:14:23:02:15:b4:16:82:64:0e:e9:
         88:1c:df:0d:fb:e4:81:bc:50:7e:1a:fa:40:ad:5e:f2:f4:a4:
         46:dd:d7:ce:38:62:dd:54:9f:2b:bd:e1:eb:05:f8:54:38:eb:
         76:45:57:e1:b1:9f:fc:c1:c1:2f:cf:28:47:c8:f8:d3:7b:40:
         66:f8:8a:c0:73:99:1d:56:05:20:b2:bf:2a:80:99:8b:01:9c:
         ae:9c:93:19:51:a9:ad:3c:1c:13:a4:4f:6e:fb:41:db:15:74:
         d4:3f:c9:6a:41:eb:22:0c:80:51:cc:80:ed:28:20:c6:44:29:
         c1:cd:2c:15:9a:84:d3:ca:c6:72:8b:08:eb:39:7b:31:dc:09:
         76:08:01:24:14:71:6f:f0:63:60:01:60:be:4a:32:44:6e:bc:
         0d:d1:8a:bf:d7:fe:c1:63:ba:a6:1b:c9:fe:fb:d0:b4:28:8a:
         69:19:4a:3d:6b:f8:ae:88:a6:94:05:86:28:df:f0:d3:3d:83:
         23:04:b7:8a:65:77:a2:57:05:45:fe:79:35:a0:e2:f2:2a:ad:
         9b:c9:c9:6b:e7:d9:ff:57:e5:d0:08:57:35:7e:dc:49:f1:d8:
         03:62:f5:a8:85:c2:af:d1:96:cf:d8:7c:d0:40:26:90:75:75:
         60:ea:2c:70
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt26yaTezQdHkBKOxuhlwbrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDAxODAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjE4MGUwNTQzZDQ3MWRjZjBkODM4NjBkNmJlNjM5NWMyYjg4ODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK50E1BbyOLUybuFj16JbpANtwz4
pYVDKlaZ/WScmznDrR+zmk5yXIjqEx5Ia1aPcbr4RbHmebKGh4pRV6siyEczoEyJ
CatA5bFg+yK96MWusXJj94uL1HnhFGr4krzYH0gVcOTC8awTcEDRLQB9HSjX1lPz
dkAFVdzZL6TwrwK6c7ap+kbR4ZS83ZDQgvjwwJmMqC737OJG4n8DNYowr74VLxAs
lyKghKDWeFIQqJmZ8K/x5m2gsZwwgUdBPmGK7rAAIHYF0l0PDomD1SY2T7/gDhhr
Smo4hSN0qIdHBSJNCVNLJGkYpS+pO7R2j0tJlFbeYKh6W18wR2uy5FpA1QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFN8YDgVD1HHc8Ng4YNa+Y5XCuIiIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkxLzMwZjQx
MC04MmJiLTQxMWEtYjJiYy1jNGIxNDQ2YzBkOGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTEvMzBmNDEw
LTgyYmItNDExYS1iMmJjLWM0YjE0NDZjMGQ4Yi8xLzN4Z09CVVBVY2R6dzJEaGcx
cjVqbGNLNGlJZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMMzzANBgkqhkiG9w0BAQsFAAOCAQEACt643AGsPyEU
IwIVtBaCZA7piBzfDfvkgbxQfhr6QK1e8vSkRt3Xzjhi3VSfK73h6wX4VDjrdkVX
4bGf/MHBL88oR8j403tAZviKwHOZHVYFILK/KoCZiwGcrpyTGVGprTwcE6RPbvtB
2xV01D/JakHrIgyAUcyA7SggxkQpwc0sFZqE08rGcosI6zl7MdwJdggBJBRxb/Bj
YAFgvkoyRG68DdGKv9f+wWO6phvJ/vvQtCiKaRlKPWv4roimlAWGKN/w0z2DIwS3
imV3olcFRf55NaDi8iqtm8nJa+fZ/1fl0AhXNX7cSfHYA2L1qIXCr9GWz9h80EAm
kHV1YOoscA==
-----END CERTIFICATE-----