This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71j4Vyvdd9mBQRGA4u-aioAsdqw.cer
File:                     71j4Vyvdd9mBQRGA4u-aioAsdqw.cer (raw, json)
Hash identifier:          RCTXuMJM/wQNkwDaYgDl4L7I8PbrtOtmmBtLT1Oez08=
Subject key identifier:   EF:58:F8:57:2B:DD:77:D9:81:41:11:80:E2:EF:9A:8A:80:2C:76:AC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7A5B8BD4DF90E2455E858CFDFE51B0F4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/56/9b7108-e12f-4f8a-a5e0-38e805ff4c73/1/71j4Vyvdd9mBQRGA4u-aioAsdqw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/56/9b7108-e12f-4f8a-a5e0-38e805ff4c73/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 16:19:38 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 211851
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:10:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:8b:d4:df:90:e2:45:5e:85:8c:fd:fe:51:b0:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:19:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef58f8572bdd77d981411180e2ef9a8a802c76ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:74:57:d0:7e:51:fa:4a:cf:82:3d:81:e9:b5:
                    19:cf:42:91:31:5a:0e:e4:23:2d:41:30:8c:c1:a0:
                    2b:bf:61:e4:34:4c:28:f7:c9:75:b4:e6:0f:d4:84:
                    9f:63:a1:a0:ce:e6:40:2a:8e:19:d6:35:be:1f:63:
                    00:3f:17:dd:a3:c3:de:4e:cb:30:7f:5a:fa:fc:ab:
                    39:9d:1c:98:51:73:57:46:6d:40:45:a7:02:73:ad:
                    91:e9:8f:12:47:5e:13:3d:a2:df:14:23:b0:1a:8e:
                    37:54:1e:39:c2:df:ff:a4:80:3b:e5:f0:16:a5:2d:
                    52:b5:14:9e:a5:69:c0:58:e6:e6:78:0a:9c:dd:76:
                    42:4c:bb:b1:94:e0:ef:ea:6f:09:2c:1b:b2:0e:e9:
                    c1:35:60:41:80:b1:2c:aa:69:7d:a2:5e:b6:61:a0:
                    90:c1:a3:22:e9:8b:c9:c3:38:74:e9:e1:8e:8a:07:
                    d6:8c:bc:5f:c3:dd:f6:e4:e1:a5:c0:79:b7:2b:23:
                    e9:5d:84:a0:e3:80:ea:a0:08:0a:36:5b:4a:bb:06:
                    8d:6d:63:7a:a2:fc:3b:85:9f:bb:0f:3c:1d:0c:0b:
                    79:7a:2d:de:1e:de:a5:63:fa:98:55:86:1f:2d:8b:
                    3b:37:d9:c4:e7:76:5b:0f:28:ae:d8:17:ea:0f:6f:
                    58:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:58:F8:57:2B:DD:77:D9:81:41:11:80:E2:EF:9A:8A:80:2C:76:AC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/9b7108-e12f-4f8a-a5e0-38e805ff4c73/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/9b7108-e12f-4f8a-a5e0-38e805ff4c73/1/71j4Vyvdd9mBQRGA4u-aioAsdqw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  211851

    Signature Algorithm: sha256WithRSAEncryption
         15:85:04:67:c1:36:47:3a:08:de:bc:a4:fe:d8:8e:55:95:03:
         ae:dd:16:b9:63:3a:de:d9:2d:a0:d3:47:1d:25:74:81:e0:ee:
         ec:69:94:0d:14:1f:53:51:81:06:57:94:3f:39:67:54:6f:6f:
         09:3e:d8:c7:73:8e:a9:e5:74:2b:84:5e:95:f0:18:91:1d:fd:
         3e:b3:fb:3a:03:74:94:c6:2d:eb:cf:03:e4:45:ef:e9:9a:c0:
         89:f9:17:41:a2:fc:ac:d3:b3:72:5e:c1:61:66:99:40:cf:31:
         23:ef:02:38:74:e3:d9:0a:46:88:0a:fc:2f:92:76:bb:95:81:
         84:cf:fd:9f:24:91:95:42:72:d3:82:67:77:34:3c:96:6b:da:
         f4:92:b4:23:6e:9a:38:aa:ed:1c:be:9e:cf:9e:09:8a:73:52:
         f2:9c:47:b9:fa:24:ca:06:91:c2:0a:8c:9f:f1:b7:26:e1:f5:
         b2:a6:5b:9c:eb:80:26:d1:d2:9c:93:2b:8a:18:d6:83:4b:cf:
         dd:23:13:68:4d:95:20:04:81:d9:11:df:98:ce:b1:69:ac:bd:
         d8:2e:9a:5e:a1:b7:db:4d:85:e1:7a:de:9f:70:0e:6d:86:48:
         05:67:ee:76:6c:61:be:73:53:b3:c7:79:04:df:79:3e:02:48:
         d2:e0:06:0e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt6W4vU35DiRV6FjP3+UbD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMTYxOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjU4Zjg1NzJiZGQ3N2Q5ODE0MTExODBlMmVmOWE4YTgwMmM3NmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi3RX0H5R+krPgj2B6bUZz0KRMVoO
5CMtQTCMwaArv2HkNEwo98l1tOYP1ISfY6GgzuZAKo4Z1jW+H2MAPxfdo8PeTssw
f1r6/Ks5nRyYUXNXRm1ARacCc62R6Y8SR14TPaLfFCOwGo43VB45wt//pIA75fAW
pS1StRSepWnAWObmeAqc3XZCTLuxlODv6m8JLBuyDunBNWBBgLEsqml9ol62YaCQ
waMi6YvJwzh06eGOigfWjLxfw9325OGlwHm3KyPpXYSg44DqoAgKNltKuwaNbWN6
ovw7hZ+7DzwdDAt5ei3eHt6lY/qYVYYfLYs7N9nE53ZbDyiu2BfqD29YEQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFO9Y+Fcr3XfZgUERgOLvmoqALHasMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU2LzliNzEw
OC1lMTJmLTRmOGEtYTVlMC0zOGU4MDVmZjRjNzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTYvOWI3MTA4
LWUxMmYtNGY4YS1hNWUwLTM4ZTgwNWZmNGM3My8xLzcxajRWeXZkZDltQlFSR0E0
dS1haW9Bc2Rxdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM7izANBgkqhkiG9w0BAQsFAAOCAQEAFYUEZ8E2RzoI
3ryk/tiOVZUDrt0WuWM63tktoNNHHSV0geDu7GmUDRQfU1GBBleUPzlnVG9vCT7Y
x3OOqeV0K4RelfAYkR39PrP7OgN0lMYt688D5EXv6ZrAifkXQaL8rNOzcl7BYWaZ
QM8xI+8COHTj2QpGiAr8L5J2u5WBhM/9nySRlUJy04JndzQ8lmva9JK0I26aOKrt
HL6ez54JinNS8pxHufokygaRwgqMn/G3JuH1sqZbnOuAJtHSnJMrihjWg0vP3SMT
aE2VIASB2RHfmM6xaay92C6aXqG3202F4Xren3AObYZIBWfudmxhvnNTs8d5BN95
PgJI0uAGDg==
-----END CERTIFICATE-----