This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DRDop2O_i6vpa-erR_nbWdnZUjI.cer
File:                     DRDop2O_i6vpa-erR_nbWdnZUjI.cer (raw, json)
Hash identifier:          OU/t3ZxuI2WVi980bJruh9L8a8Ufs+Ob64HOOEc+p8o=
Subject key identifier:   0D:10:E8:A7:63:BF:8B:AB:E9:6B:E7:AB:47:F9:DB:59:D9:D9:52:32
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7834A5783A70A998179AB09C16420FA6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/0/0D10E8A763BF8BABE96BE7AB47F9DB59D9D95232.mft
caRepository:             rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/0/
Notify URL:               https://repo.kagl.me/rpki/notification.xml
Certificate not before:   Thu 01 Jan 2026 06:17:54 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 50555
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:a5:78:3a:70:a9:98:17:9a:b0:9c:16:42:0f:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d10e8a763bf8babe96be7ab47f9db59d9d95232
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d4:47:9f:7e:0a:3d:36:90:f1:b8:6c:f2:b1:
                    d3:a2:1f:c1:15:85:bd:cf:6e:1a:91:65:88:f0:a7:
                    51:b8:7a:8d:02:ec:9d:36:0b:d8:62:de:3e:06:e9:
                    11:dc:47:81:fc:59:39:0e:79:df:38:0e:a8:e6:79:
                    bd:c5:57:9a:93:d1:3c:6b:97:12:ac:59:b3:30:26:
                    96:1e:a0:f9:f1:f5:9e:01:78:cd:27:2b:4a:84:98:
                    89:61:bf:50:7a:5b:32:f6:a9:43:86:16:80:d9:34:
                    9b:94:1b:9a:6f:2b:77:b1:49:a0:73:86:6a:1f:e5:
                    e1:16:37:34:e7:03:6a:53:d7:ba:dd:8d:cc:e7:31:
                    ac:6e:1a:fe:cb:0a:6e:8c:99:9c:d9:f4:85:94:9d:
                    e3:5b:de:dd:d9:04:3c:09:b3:0f:02:73:27:66:fa:
                    09:1e:b5:2f:9d:94:ec:35:83:1c:09:43:30:50:b7:
                    31:00:cb:22:3e:2e:53:67:d9:9d:4c:a8:e9:6f:39:
                    f3:62:0f:44:63:22:09:0d:20:58:33:7b:0d:81:48:
                    97:86:8f:cb:90:cb:32:97:c2:62:64:e6:94:c0:78:
                    bb:97:8a:37:82:45:58:ec:7c:fb:d2:f6:8e:a1:53:
                    77:23:3b:f6:52:20:07:67:7f:63:5c:42:99:7a:d8:
                    68:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:10:E8:A7:63:BF:8B:AB:E9:6B:E7:AB:47:F9:DB:59:D9:D9:52:32
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/0/
                RPKI Manifest - URI:rsync://repo.kagl.me/rpki/KeatonAGLair-TEST/0/0D10E8A763BF8BABE96BE7AB47F9DB59D9D95232.mft
                RPKI Notify - URI:https://repo.kagl.me/rpki/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50555

    Signature Algorithm: sha256WithRSAEncryption
         81:0f:c8:c2:72:1c:e3:65:d3:29:13:3a:a7:d4:f3:53:1f:dc:
         b2:3a:25:c6:df:26:ea:66:44:08:a0:cf:b9:55:96:ed:3f:49:
         08:9a:ff:f0:8f:d2:23:65:9d:cf:81:8c:b6:60:d9:6b:20:ed:
         3d:2e:33:fa:c9:c9:44:2a:7d:4d:77:93:b7:f6:ba:94:81:4b:
         a4:c0:28:63:21:a5:15:68:35:20:de:3f:b6:94:ce:02:07:57:
         d6:a8:0b:4d:00:17:c7:d0:4b:d2:80:3b:1e:8c:63:a8:40:9e:
         c0:ef:22:b1:60:f0:fe:64:e5:47:59:74:d3:4e:e4:6c:3d:22:
         58:66:b9:4d:51:aa:a4:2f:87:55:ef:68:db:77:d1:c1:59:c2:
         62:38:12:cc:bf:3e:a0:4a:50:c2:bf:67:5b:6e:f3:b5:87:06:
         26:da:65:e2:86:80:49:ad:7a:11:64:8d:bb:62:ac:58:76:28:
         3e:c2:21:73:31:26:67:31:31:8a:b1:01:d2:85:d8:76:34:52:
         28:03:81:96:e5:90:0d:66:6b:6f:4b:15:e8:bb:ed:cc:f4:f4:
         c2:86:89:f3:e2:07:1a:4f:bc:08:df:ce:27:d5:99:2a:b8:5c:
         13:6b:2c:58:5d:67:04:43:7d:06:a7:88:2b:66:ef:23:31:6f:
         9a:94:f0:b3
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAZt4NKV4OnCpmBeasJwWQg+mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDYxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDEwZThhNzYzYmY4YmFiZTk2YmU3YWI0N2Y5ZGI1OWQ5ZDk1MjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdRHn34KPTaQ8bhs8rHToh/BFYW9
z24akWWI8KdRuHqNAuydNgvYYt4+BukR3EeB/Fk5DnnfOA6o5nm9xVeak9E8a5cS
rFmzMCaWHqD58fWeAXjNJytKhJiJYb9Qelsy9qlDhhaA2TSblBuabyt3sUmgc4Zq
H+XhFjc05wNqU9e63Y3M5zGsbhr+ywpujJmc2fSFlJ3jW97d2QQ8CbMPAnMnZvoJ
HrUvnZTsNYMcCUMwULcxAMsiPi5TZ9mdTKjpbznzYg9EYyIJDSBYM3sNgUiXho/L
kMsyl8JiZOaUwHi7l4o3gkVY7Hz70vaOoVN3Izv2UiAHZ39jXEKZethotQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFA0Q6Kdjv4ur6Wvnq0f521nZ2VIyMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwgewGCCsGAQUFBwELBIHfMIHcMDoGCCsGAQUFBzAFhi5yc3lu
YzovL3JlcG8ua2FnbC5tZS9ycGtpL0tlYXRvbkFHTGFpci1URVNULzAvMGYGCCsG
AQUFBzAKhlpyc3luYzovL3JlcG8ua2FnbC5tZS9ycGtpL0tlYXRvbkFHTGFpci1U
RVNULzAvMEQxMEU4QTc2M0JGOEJBQkU5NkJFN0FCNDdGOURCNTlEOUQ5NTIzMi5t
ZnQwNgYIKwYBBQUHMA2GKmh0dHBzOi8vcmVwby5rYWdsLm1lL3Jwa2kvbm90aWZp
Y2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVt
ay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQL
MAmgBzAFAgMAxXswDQYJKoZIhvcNAQELBQADggEBAIEPyMJyHONl0ykTOqfU81Mf
3LI6JcbfJupmRAigz7lVlu0/SQia//CP0iNlnc+BjLZg2Wsg7T0uM/rJyUQqfU13
k7f2upSBS6TAKGMhpRVoNSDeP7aUzgIHV9aoC00AF8fQS9KAOx6MY6hAnsDvIrFg
8P5k5UdZdNNO5Gw9IlhmuU1RqqQvh1XvaNt30cFZwmI4Esy/PqBKUMK/Z1tu87WH
BibaZeKGgEmtehFkjbtirFh2KD7CIXMxJmcxMYqxAdKF2HY0UigDgZblkA1ma29L
Fei77cz09MKGifPiBxpPvAjfzifVmSq4XBNrLFhdZwRDfQaniCtm7yMxb5qU8LM=
-----END CERTIFICATE-----