This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5oClYQES3yA5h_MvDl4VrTXnENI.cer
File:                     5oClYQES3yA5h_MvDl4VrTXnENI.cer (raw, json)
Hash identifier:          QO+2ZRJPPu6XPrA85jZlwLKtX5ZjFwHK9kNlp4WXhaA=
Subject key identifier:   E6:80:A5:61:01:12:DF:20:39:87:F3:2F:0E:5E:15:AD:35:E7:10:D2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B797E4FFE513C69A3BFD7B0E2DED37F7A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/5oClYQES3yA5h_MvDl4VrTXnENI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 12:17:59 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 213.134.2.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:4f:fe:51:3c:69:a3:bf:d7:b0:e2:de:d3:7f:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e680a5610112df203987f32f0e5e15ad35e710d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:aa:33:04:dd:ef:3a:f5:08:d7:4e:8b:2d:93:
                    f3:5a:0b:cf:1a:19:bd:59:84:a7:93:44:c0:f6:60:
                    3f:29:03:e7:66:6c:70:5a:41:09:a8:36:a2:da:29:
                    60:0c:6c:c7:a5:90:0b:c4:b2:bb:8c:ad:7d:d9:9c:
                    cb:64:1f:75:f2:8c:36:8e:0e:bd:e0:55:7c:33:71:
                    ae:ae:d6:89:6a:9e:1c:3b:9b:fa:3d:c5:9e:0e:bf:
                    1b:83:c7:26:9c:0e:55:dd:c8:85:04:44:ce:9e:de:
                    93:9e:70:0d:72:4d:a0:fa:3c:d8:24:3c:77:c5:b7:
                    98:6f:38:bd:7a:91:7c:b9:9a:1a:33:97:d0:f2:78:
                    eb:12:ee:66:95:fa:05:68:d1:c9:6f:73:61:d5:f6:
                    08:55:69:f1:ae:64:de:9e:87:0e:03:2e:a8:b2:8a:
                    cc:48:fd:b1:f0:6a:17:ea:d1:ca:c9:e8:44:26:5b:
                    00:8d:d6:53:3c:e1:3d:45:48:c5:85:20:9a:27:8b:
                    a4:76:1e:e4:08:68:8c:7a:96:24:69:27:bd:33:ad:
                    c9:af:e6:18:f1:9e:9a:c1:ad:4e:9f:55:76:a3:57:
                    55:97:f4:a5:fe:d8:30:ec:34:1e:1a:b1:88:8d:ac:
                    7c:a8:d1:61:47:e9:8b:9a:d5:3b:0c:71:7d:69:39:
                    94:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:80:A5:61:01:12:DF:20:39:87:F3:2F:0E:5E:15:AD:35:E7:10:D2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/b40d25-f444-4f60-b162-d1502f7cf234/1/5oClYQES3yA5h_MvDl4VrTXnENI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.134.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:19:f5:3c:4d:38:57:92:b3:54:f3:e4:f7:aa:f8:68:c1:ef:
         93:77:25:7a:75:7c:f3:02:07:68:33:7e:d7:42:b0:a8:66:9b:
         ea:41:ad:36:76:d5:b3:94:46:8a:e0:c4:99:fd:0f:da:67:ac:
         c3:9a:90:ae:7a:22:54:fd:a6:44:1e:62:93:2f:9f:18:02:48:
         20:bc:94:c9:00:b2:67:9b:4f:60:e8:3b:02:f9:10:11:39:20:
         cd:85:8a:8e:ce:b4:a0:f3:91:e1:23:17:fe:a5:07:48:c6:a4:
         0f:9b:67:c8:00:96:4a:0a:9e:2b:b9:2c:c5:04:14:26:33:45:
         78:05:9a:ca:33:24:7b:4c:dc:39:4f:37:4c:d7:e3:76:2a:de:
         a5:4a:2f:7b:99:49:27:d6:bc:dd:ec:e0:9b:87:cc:42:c9:f8:
         37:0c:38:fb:04:6e:0c:13:68:13:a1:05:ee:a2:11:c3:82:76:
         1e:6c:54:cf:c2:eb:01:22:cf:c0:f6:3b:6d:ff:94:8f:26:ee:
         31:ca:36:e0:7a:a8:3b:f0:da:59:a6:de:92:c5:2c:25:8b:f3:
         78:ba:88:38:03:79:b2:a2:2c:c0:16:6d:c0:98:fa:d4:84:86:
         10:79:20:1a:a2:bc:00:6d:e5:d8:df:f3:6f:fa:7d:54:78:14:
         ae:01:10:2c
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt5fk/+UTxpo7/XsOLe0396MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMTIxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjgwYTU2MTAxMTJkZjIwMzk4N2YzMmYwZTVlMTVhZDM1ZTcxMGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwaozBN3vOvUI106LLZPzWgvPGhm9
WYSnk0TA9mA/KQPnZmxwWkEJqDai2ilgDGzHpZALxLK7jK192ZzLZB918ow2jg69
4FV8M3GurtaJap4cO5v6PcWeDr8bg8cmnA5V3ciFBETOnt6TnnANck2g+jzYJDx3
xbeYbzi9epF8uZoaM5fQ8njrEu5mlfoFaNHJb3Nh1fYIVWnxrmTenocOAy6osorM
SP2x8GoX6tHKyehEJlsAjdZTPOE9RUjFhSCaJ4ukdh7kCGiMepYkaSe9M63Jr+YY
8Z6awa1On1V2o1dVl/Sl/tgw7DQeGrGIjax8qNFhR+mLmtU7DHF9aTmU7wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFOaApWEBEt8gOYfzLw5eFa015xDSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I5L2I0MGQy
NS1mNDQ0LTRmNjAtYjE2Mi1kMTUwMmY3Y2YyMzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjkvYjQwZDI1
LWY0NDQtNGY2MC1iMTYyLWQxNTAyZjdjZjIzNC8xLzVvQ2xZUUVTM3lBNWhfTXZE
bDRWclRYbkVOSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQA1YYCMA0GCSqGSIb3DQEBCwUAA4IBAQB+GfU8
TThXkrNU8+T3qvhowe+TdyV6dXzzAgdoM37XQrCoZpvqQa02dtWzlEaK4MSZ/Q/a
Z6zDmpCueiJU/aZEHmKTL58YAkggvJTJALJnm09g6DsC+RAROSDNhYqOzrSg85Hh
Ixf+pQdIxqQPm2fIAJZKCp4ruSzFBBQmM0V4BZrKMyR7TNw5TzdM1+N2Kt6lSi97
mUkn1rzd7OCbh8xCyfg3DDj7BG4ME2gToQXuohHDgnYebFTPwusBIs/A9jtt/5SP
Ju4xyjbgeqg78NpZpt6SxSwli/N4uog4A3myoizAFm3AmPrUhIYQeSAaorwAbeXY
3/Nv+n1UeBSuARAs
-----END CERTIFICATE-----