This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CWnLIVY-Ju22r7INHZLok6jduB0.cer
File:                     CWnLIVY-Ju22r7INHZLok6jduB0.cer (raw, json)
Hash identifier:          W0zmuvTE4/zkVA8K5eAxo346mt7CifVir6BBtmSat28=
Subject key identifier:   09:69:CB:21:56:3E:26:ED:B6:AF:B2:0D:1D:92:E8:93:A8:DD:B8:1D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7DC9F94E19E7819905CC27F7A3EEE5B5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c3/7fe823-6ed7-4786-97b4-3600d02a6f0e/1/CWnLIVY-Ju22r7INHZLok6jduB0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c3/7fe823-6ed7-4786-97b4-3600d02a6f0e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 08:19:07 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 91.234.237.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 28 Jan 2026 00:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:f9:4e:19:e7:81:99:05:cc:27:f7:a3:ee:e5:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0969cb21563e26edb6afb20d1d92e893a8ddb81d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f5:c8:42:18:e6:68:96:c1:c0:41:c7:10:bb:
                    fd:21:a9:90:cc:8e:97:c9:6e:a5:77:05:63:bf:9d:
                    c7:dd:4c:15:b6:37:86:a0:e1:d1:8a:ae:33:5c:26:
                    8c:d6:13:5f:22:60:5c:bc:de:0d:3e:73:79:ed:0f:
                    75:f9:97:67:75:dc:a1:42:92:3c:bf:22:02:82:07:
                    e5:76:02:3e:a9:dd:9a:cf:c1:97:2b:eb:da:2f:52:
                    c4:82:63:72:f9:a9:26:e2:92:c7:75:70:3b:b9:a4:
                    b4:17:ce:4e:fa:27:49:99:c8:ee:ce:f3:b6:76:21:
                    47:2d:eb:02:c3:85:65:d3:a3:9a:cd:6f:32:9b:2b:
                    98:f7:a9:ef:45:c1:af:99:69:e4:aa:68:3c:32:13:
                    34:60:0e:cf:82:bd:54:63:cb:55:11:74:6a:5d:05:
                    a9:92:5b:90:bf:c9:dd:8b:d8:e7:25:9f:38:5b:36:
                    f2:04:ff:b8:db:2c:49:0d:8d:ea:c8:d9:7b:5d:65:
                    a6:07:74:52:d2:7b:65:b3:da:86:be:b6:9a:30:c7:
                    75:b9:d3:7f:73:a4:41:0e:26:6b:9e:df:49:30:7c:
                    0b:8f:2d:6e:21:ad:82:ca:b9:b8:4f:3b:49:aa:0c:
                    c5:9a:20:9d:1a:e6:3f:bd:d6:07:7a:b9:40:7a:33:
                    ce:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:69:CB:21:56:3E:26:ED:B6:AF:B2:0D:1D:92:E8:93:A8:DD:B8:1D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/7fe823-6ed7-4786-97b4-3600d02a6f0e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/7fe823-6ed7-4786-97b4-3600d02a6f0e/1/CWnLIVY-Ju22r7INHZLok6jduB0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:d8:e6:f6:3b:50:db:e3:12:6b:ff:4e:51:5a:de:65:34:71:
         88:35:49:68:4c:ea:df:bb:07:b1:b3:cb:fb:d4:1d:db:ce:02:
         f1:7a:30:e2:54:e7:48:8b:d0:c1:40:81:20:f8:86:33:55:4e:
         15:fa:85:74:4d:92:1e:ef:e2:b0:c1:a4:10:29:a9:ef:b7:40:
         b0:ac:32:34:06:13:e6:49:b3:7f:8f:ff:6d:17:8d:eb:bf:7e:
         a1:fa:d7:6a:77:71:32:d9:73:f7:d0:55:aa:15:af:47:43:79:
         55:0d:1f:89:cc:5e:64:df:d2:b4:5b:1a:29:07:99:c3:d9:97:
         bc:52:96:c7:6c:b4:11:72:27:d5:b8:82:a6:2b:64:be:ef:df:
         c8:62:fa:a9:d5:73:94:fa:2b:6f:70:06:62:6d:0d:e7:02:c6:
         a7:c8:ff:fc:fd:8f:d0:d1:29:4c:fc:f4:83:14:18:eb:ae:f6:
         70:4d:3d:14:c6:ad:fd:48:55:c5:3e:15:a0:b3:25:e3:c3:96:
         b5:16:42:12:47:4f:e6:77:7b:f8:3a:bc:c8:d6:b9:87:ef:da:
         84:ce:72:51:ee:74:03:cf:c6:35:86:2d:19:c6:9b:64:69:17:
         fd:c4:19:3e:b5:5a:bc:71:7f:fb:82:de:be:b5:8a:37:d8:6c:
         72:9c:78:17
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt9yflOGeeBmQXMJ/ej7uW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDgxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTY5Y2IyMTU2M2UyNmVkYjZhZmIyMGQxZDkyZTg5M2E4ZGRiODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/XIQhjmaJbBwEHHELv9IamQzI6X
yW6ldwVjv53H3UwVtjeGoOHRiq4zXCaM1hNfImBcvN4NPnN57Q91+ZdnddyhQpI8
vyICggfldgI+qd2az8GXK+vaL1LEgmNy+akm4pLHdXA7uaS0F85O+idJmcjuzvO2
diFHLesCw4Vl06OazW8ymyuY96nvRcGvmWnkqmg8MhM0YA7Pgr1UY8tVEXRqXQWp
kluQv8ndi9jnJZ84WzbyBP+42yxJDY3qyNl7XWWmB3RS0ntls9qGvraaMMd1udN/
c6RBDiZrnt9JMHwLjy1uIa2Cyrm4TztJqgzFmiCdGuY/vdYHerlAejPO0wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFAlpyyFWPibttq+yDR2S6JOo3bgdMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MzLzdmZTgy
My02ZWQ3LTQ3ODYtOTdiNC0zNjAwZDAyYTZmMGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvN2ZlODIz
LTZlZDctNDc4Ni05N2I0LTM2MDBkMDJhNmYwZS8xL0NXbkxJVlktSnUyMnI3SU5I
WkxvazZqZHVCMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+rtMA0GCSqGSIb3DQEBCwUAA4IBAQCI2Ob2
O1Db4xJr/05RWt5lNHGINUloTOrfuwexs8v71B3bzgLxejDiVOdIi9DBQIEg+IYz
VU4V+oV0TZIe7+KwwaQQKanvt0CwrDI0BhPmSbN/j/9tF43rv36h+tdqd3Ey2XP3
0FWqFa9HQ3lVDR+JzF5k39K0WxopB5nD2Ze8UpbHbLQRcifVuIKmK2S+79/IYvqp
1XOU+itvcAZibQ3nAsanyP/8/Y/Q0SlM/PSDFBjrrvZwTT0Uxq39SFXFPhWgsyXj
w5a1FkISR0/md3v4OrzI1rmH79qEznJR7nQDz8Y1hi0ZxptkaRf9xBk+tVq8cX/7
gt6+tYo32GxynHgX
-----END CERTIFICATE-----