This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5tM83lfaCcfZM3ce6hQllAdvmiM.cer
File:                     5tM83lfaCcfZM3ce6hQllAdvmiM.cer (raw, json)
Hash identifier:          xMkXIXV1IhW2IOQ+zVhdDcTgIq5MtMQjX3W+VSs0ri4=
Subject key identifier:   E6:D3:3C:DE:57:DA:09:C7:D9:33:77:1E:EA:14:25:94:07:6F:9A:23
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B78A337AB9BF6C6D52EFC4B0480C5F0F6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ed/4f9d4c-1946-4af9-8c22-419753d3f88d/1/5tM83lfaCcfZM3ce6hQllAdvmiM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ed/4f9d4c-1946-4af9-8c22-419753d3f88d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 08:18:41 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 185.245.220.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:37:ab:9b:f6:c6:d5:2e:fc:4b:04:80:c5:f0:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6d33cde57da09c7d933771eea142594076f9a23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a0:95:46:5a:76:1c:d3:5a:7c:29:35:5c:20:
                    f4:54:9d:9a:77:ad:14:db:e4:ff:2e:76:a4:dd:3c:
                    f7:d9:a1:ed:3f:1a:02:24:77:7a:db:bf:0a:81:85:
                    ac:d7:48:e6:ee:2b:0f:8e:d6:0f:b1:26:d3:42:3a:
                    88:80:af:60:f5:00:a9:8d:a0:00:f6:e7:80:1a:d2:
                    d6:8d:fa:bb:69:18:df:db:25:eb:e0:6d:6f:2b:72:
                    b7:fd:37:34:4c:67:2e:2c:a5:e0:84:7a:f8:a9:aa:
                    32:dd:87:3b:5e:6f:98:c1:b2:12:e8:75:98:74:48:
                    58:a5:fb:8f:29:74:7b:a2:b1:2d:fb:9b:13:5f:ea:
                    5e:82:30:36:68:1a:66:d5:93:2c:b4:54:62:ba:2e:
                    81:c2:36:94:44:2f:d1:7d:4d:a9:1b:06:8a:1b:21:
                    8b:e2:55:9f:c4:2e:d5:5b:0f:2a:11:f0:f5:6c:a8:
                    07:b5:4c:e0:4c:ff:53:5a:93:84:5f:df:05:4a:96:
                    93:8d:da:65:2f:f7:cb:af:96:60:64:6f:43:34:4c:
                    85:01:1c:f0:c0:b6:1f:24:f2:5a:d3:ea:c6:15:71:
                    71:51:84:b5:2d:1e:ee:96:21:ed:a3:12:0f:36:f5:
                    30:7c:da:7c:8f:87:4b:04:f6:b4:89:32:75:ee:48:
                    45:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:D3:3C:DE:57:DA:09:C7:D9:33:77:1E:EA:14:25:94:07:6F:9A:23
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4f9d4c-1946-4af9-8c22-419753d3f88d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4f9d4c-1946-4af9-8c22-419753d3f88d/1/5tM83lfaCcfZM3ce6hQllAdvmiM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.245.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1b:04:a6:15:a3:ad:3c:97:1f:c4:a8:42:f1:68:54:70:c9:e3:
         c3:55:28:3e:88:a6:4a:7e:f8:18:3a:87:20:de:37:8c:b2:9e:
         31:40:82:cd:63:ec:f0:8f:d0:2d:bf:36:6e:63:e3:ae:fc:f3:
         ba:70:33:e0:4a:5c:33:6c:9c:a2:35:22:90:e6:6c:56:7f:f5:
         84:a9:c9:09:9b:90:dd:62:c9:e1:bc:f4:b7:81:ee:54:07:cc:
         36:62:d4:78:78:53:30:b7:a7:e3:58:0d:fa:d4:1b:d8:76:8f:
         78:ef:d6:5d:93:5f:c6:da:b3:ab:e7:34:12:02:87:b9:89:74:
         70:ac:2f:65:c4:f8:1c:98:7c:35:8d:3f:61:12:32:06:86:8c:
         da:7f:02:80:28:e9:7a:cd:fa:96:0c:87:17:a0:d0:23:00:2a:
         3a:3d:ef:b5:c7:e0:af:9d:fa:71:20:7a:80:fa:41:76:37:fc:
         bc:6a:a8:0d:0b:82:1c:5d:04:49:82:a3:ef:86:10:9f:05:66:
         09:f9:47:47:a3:26:62:00:4e:ae:a5:40:ef:66:3f:45:d9:39:
         0c:25:32:ce:13:36:12:12:88:72:29:d2:a3:2a:4b:67:4b:ad:
         9e:1e:23:d8:1d:b6:0b:4d:d5:6c:76:17:94:04:0d:32:fa:c1:
         e0:6c:f0:0d
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt4ozerm/bG1S78SwSAxfD2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDgxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmQzM2NkZTU3ZGEwOWM3ZDkzMzc3MWVlYTE0MjU5NDA3NmY5YTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6CVRlp2HNNafCk1XCD0VJ2ad60U
2+T/Lnak3Tz32aHtPxoCJHd6278KgYWs10jm7isPjtYPsSbTQjqIgK9g9QCpjaAA
9ueAGtLWjfq7aRjf2yXr4G1vK3K3/Tc0TGcuLKXghHr4qaoy3Yc7Xm+YwbIS6HWY
dEhYpfuPKXR7orEt+5sTX+pegjA2aBpm1ZMstFRiui6BwjaURC/RfU2pGwaKGyGL
4lWfxC7VWw8qEfD1bKgHtUzgTP9TWpOEX98FSpaTjdplL/fLr5ZgZG9DNEyFARzw
wLYfJPJa0+rGFXFxUYS1LR7uliHtoxIPNvUwfNp8j4dLBPa0iTJ17khFWQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFObTPN5X2gnH2TN3HuoUJZQHb5ojMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VkLzRmOWQ0
Yy0xOTQ2LTRhZjktOGMyMi00MTk3NTNkM2Y4OGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvNGY5ZDRj
LTE5NDYtNGFmOS04YzIyLTQxOTc1M2QzZjg4ZC8xLzV0TTgzbGZhQ2NmWk0zY2U2
aFFsbEFkdm1pTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCufXcMA0GCSqGSIb3DQEBCwUAA4IBAQAbBKYV
o608lx/EqELxaFRwyePDVSg+iKZKfvgYOocg3jeMsp4xQILNY+zwj9AtvzZuY+Ou
/PO6cDPgSlwzbJyiNSKQ5mxWf/WEqckJm5DdYsnhvPS3ge5UB8w2YtR4eFMwt6fj
WA361BvYdo9479Zdk1/G2rOr5zQSAoe5iXRwrC9lxPgcmHw1jT9hEjIGhozafwKA
KOl6zfqWDIcXoNAjACo6Pe+1x+CvnfpxIHqA+kF2N/y8aqgNC4IcXQRJgqPvhhCf
BWYJ+UdHoyZiAE6upUDvZj9F2TkMJTLOEzYSEohyKdKjKktnS62eHiPYHbYLTdVs
dheUBA0y+sHgbPAN
-----END CERTIFICATE-----