This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4XoaYiSN-HkTPAc61WKtA6K5L9w.cer
File:                     4XoaYiSN-HkTPAc61WKtA6K5L9w.cer (raw, json)
Hash identifier:          0Kq2NKhFGotMfMRzzFN9QGnoTHR4YlLH8OjKqNu1wLE=
Subject key identifier:   E1:7A:1A:62:24:8D:F8:79:13:3C:07:3A:D5:62:AD:03:A2:B9:2F:DC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5D1467822DEEED7EEE46338D27E74B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/4XoaYiSN-HkTPAc61WKtA6K5L9w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:20:10 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 2001:67c:1770::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5d:14:67:82:2d:ee:ed:7e:ee:46:33:8d:27:e7:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:20:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e17a1a62248df879133c073ad562ad03a2b92fdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b0:03:7b:06:c0:a7:4f:5b:3e:e8:37:10:81:
                    9d:1a:ff:6c:0c:be:1a:aa:f5:39:b3:12:50:f0:15:
                    e6:29:15:87:b7:14:34:56:6b:9d:1e:7e:fc:38:43:
                    c7:f3:49:94:fe:d0:86:a7:15:66:96:d1:4c:74:2e:
                    04:14:3d:09:a3:0b:c2:3b:4b:dc:41:37:27:ea:1b:
                    e0:f0:61:cd:b1:9f:ef:68:3f:05:c5:a2:5a:4d:8f:
                    90:ee:55:4b:3f:5e:39:fb:88:13:dd:b6:10:04:50:
                    5d:e9:51:d4:3f:a3:5f:ce:c8:b5:86:0f:6c:88:73:
                    6e:1d:f6:b8:ad:ad:34:98:44:ae:3e:a7:f1:6c:5d:
                    2f:3f:f0:13:20:2d:ee:af:54:13:30:e5:5d:b7:01:
                    9d:c0:0d:45:a4:76:45:29:0f:ea:d6:a1:58:b8:5b:
                    3f:5a:b1:a5:1b:1d:2c:5c:d2:2b:8a:0d:05:fc:2e:
                    f0:6e:e9:63:48:d5:88:fb:ed:dc:fe:bf:03:ac:ad:
                    c0:ed:ff:67:96:16:5e:f9:53:28:dc:47:71:8a:a1:
                    f6:71:e0:a7:d8:73:60:24:7c:14:52:fc:88:ff:6e:
                    34:c8:e1:c1:b7:5b:22:ff:85:43:54:20:80:f1:7c:
                    32:54:97:8d:f2:fd:85:b3:06:39:16:79:fe:c3:7d:
                    b5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:7A:1A:62:24:8D:F8:79:13:3C:07:3A:D5:62:AD:03:A2:B9:2F:DC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/130fff-97e3-4ac0-bdcd-5fdc87e6d2a0/1/4XoaYiSN-HkTPAc61WKtA6K5L9w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1770::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:54:03:3c:27:3d:a8:1e:57:86:43:42:39:c0:0f:dc:f2:83:
         ee:bc:b2:56:1d:74:92:69:1c:27:b5:e5:f0:cf:b3:86:d9:97:
         21:bf:d9:c5:ed:0d:64:6b:a9:a5:be:f3:6a:d3:c1:22:31:cc:
         b1:3c:2c:f3:0c:1b:bb:df:84:36:6c:68:1e:6d:25:5d:92:f6:
         43:62:d0:b8:ff:09:db:3f:11:23:b6:56:c0:7d:d9:73:ae:d2:
         36:9b:b7:f1:f3:7c:48:95:71:1d:3c:42:b4:e2:b1:39:c4:f2:
         a9:9e:51:bc:f6:35:9b:c3:16:e5:aa:32:cf:dd:8f:eb:9d:24:
         0e:cd:82:3b:01:22:94:ce:98:25:a5:db:a4:5f:25:16:9b:1e:
         d0:cf:7b:c8:14:1f:80:9b:b8:c0:aa:5c:4a:3f:14:b3:6d:56:
         8f:80:b5:64:59:0f:17:68:1c:33:63:c3:de:e6:bf:65:18:75:
         c3:ad:a3:46:67:ae:97:2a:b2:16:fc:de:c7:00:7b:72:a8:49:
         23:70:23:6a:eb:4f:07:a8:23:ed:d6:e7:e3:06:4f:88:4a:37:
         96:b5:47:9a:06:fd:82:5e:18:a2:b4:71:30:1c:44:cf:3d:8a:
         58:42:89:b3:26:f2:71:60:cc:ac:f7:38:2d:7b:56:f5:a1:23:
         b9:af:72:3c
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAZt9XRRngi3u7X7uRjONJ+dLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYyMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTdhMWE2MjI0OGRmODc5MTMzYzA3M2FkNTYyYWQwM2EyYjkyZmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLADewbAp09bPug3EIGdGv9sDL4a
qvU5sxJQ8BXmKRWHtxQ0VmudHn78OEPH80mU/tCGpxVmltFMdC4EFD0JowvCO0vc
QTcn6hvg8GHNsZ/vaD8FxaJaTY+Q7lVLP145+4gT3bYQBFBd6VHUP6Nfzsi1hg9s
iHNuHfa4ra00mESuPqfxbF0vP/ATIC3ur1QTMOVdtwGdwA1FpHZFKQ/q1qFYuFs/
WrGlGx0sXNIrig0F/C7wbuljSNWI++3c/r8DrK3A7f9nlhZe+VMo3EdxiqH2ceCn
2HNgJHwUUvyI/240yOHBt1si/4VDVCCA8XwyVJeN8v2FswY5Fnn+w321ZQIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFOF6GmIkjfh5EzwHOtVirQOiuS/cMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FiLzEzMGZm
Zi05N2UzLTRhYzAtYmRjZC01ZmRjODdlNmQyYTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWIvMTMwZmZm
LTk3ZTMtNGFjMC1iZGNkLTVmZGM4N2U2ZDJhMC8xLzRYb2FZaVNOLUhrVFBBYzYx
V0t0QTZLNUw5dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBdwMA0GCSqGSIb3DQEBCwUAA4IBAQCb
VAM8Jz2oHleGQ0I5wA/c8oPuvLJWHXSSaRwnteXwz7OG2Zchv9nF7Q1ka6mlvvNq
08EiMcyxPCzzDBu734Q2bGgebSVdkvZDYtC4/wnbPxEjtlbAfdlzrtI2m7fx83xI
lXEdPEK04rE5xPKpnlG89jWbwxblqjLP3Y/rnSQOzYI7ASKUzpglpdukXyUWmx7Q
z3vIFB+Am7jAqlxKPxSzbVaPgLVkWQ8XaBwzY8Pe5r9lGHXDraNGZ66XKrIW/N7H
AHtyqEkjcCNq608HqCPt1ufjBk+ISjeWtUeaBv2CXhiitHEwHETPPYpYQomzJvJx
YMys9zgte1b1oSO5r3I8
-----END CERTIFICATE-----