This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/D_4AEevk8hbFjTq0KBK5hAK-Cyw.cer
File:                     D_4AEevk8hbFjTq0KBK5hAK-Cyw.cer (raw, json)
Hash identifier:          si7E1srpoWZYZOKsHPhGrv7xNgbmN3tRj2Ugh/4IyNM=
Subject key identifier:   0F:FE:00:11:EB:E4:F2:16:C5:8D:3A:B4:28:12:B9:84:02:BE:0B:2C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B78352E6BAB3780500C31F4DCD4EA43FC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/D_4AEevk8hbFjTq0KBK5hAK-Cyw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 06:18:29 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 91.216.179.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:2e:6b:ab:37:80:50:0c:31:f4:dc:d4:ea:43:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:18:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ffe0011ebe4f216c58d3ab42812b98402be0b2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3d:1f:13:37:98:5b:4f:62:bf:b8:2b:79:f2:
                    13:1a:d1:56:9d:72:27:92:55:b7:ce:cc:b5:d3:62:
                    28:8f:9d:cd:de:f0:93:d1:2f:b5:88:70:26:93:9a:
                    e0:9e:dc:86:c7:b7:3b:ac:2d:4b:ab:3f:42:64:e0:
                    e8:51:1e:18:e5:78:9a:bb:cf:50:7c:22:6d:86:fd:
                    0d:5d:19:ae:3f:a7:17:df:cb:13:4b:49:f5:b4:c9:
                    30:4d:f1:9b:8b:c0:3e:39:22:0a:cc:2a:b2:51:a5:
                    3e:4d:22:e2:29:2d:82:b2:d2:0d:17:d1:e0:dd:2b:
                    42:f2:d4:fd:b4:78:86:e9:8f:0f:2c:91:d0:f3:5b:
                    fa:81:ca:6a:0d:97:3e:44:73:74:59:5b:3e:53:96:
                    50:40:3a:a1:28:9d:78:4d:03:00:17:19:66:fc:58:
                    36:ee:b7:78:cb:ce:4c:3e:58:07:79:8b:38:98:c5:
                    2b:45:0f:9e:6d:b7:4d:b6:b6:0a:86:95:e3:df:d1:
                    0a:dd:4e:75:18:f4:f8:3c:fa:31:a6:d8:ae:25:25:
                    cd:c6:c8:56:f9:32:ef:2f:9c:d9:9a:f5:1b:cc:b3:
                    bb:32:1f:93:5e:0a:dd:12:53:bc:42:e9:78:75:ee:
                    ee:34:a7:2b:ac:cf:28:c5:32:79:8c:e6:f8:d6:80:
                    2e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:FE:00:11:EB:E4:F2:16:C5:8D:3A:B4:28:12:B9:84:02:BE:0B:2C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/96184d-5981-4702-9d32-6cc0daf341c4/1/D_4AEevk8hbFjTq0KBK5hAK-Cyw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:d1:f4:98:22:a1:41:4b:6f:87:c7:a2:d5:6c:b3:f0:b7:c1:
         47:c7:9f:41:ae:9e:04:9f:60:0d:fa:f5:e9:4c:1b:43:d3:5c:
         7c:9b:75:0d:b6:67:22:a2:83:76:88:8a:08:e5:98:9a:79:3d:
         eb:14:31:01:ce:ba:ea:aa:76:1e:3c:e1:cf:5a:16:02:b4:94:
         c9:cc:b4:04:72:71:82:4e:82:1a:ca:77:9b:d5:97:aa:05:87:
         6f:3c:39:1b:af:7a:8c:71:77:ed:d3:8d:2b:36:a2:1c:5d:9a:
         a7:94:b0:95:ef:ff:49:a7:d5:93:33:aa:79:66:5a:d6:4a:45:
         8b:87:0f:6c:a9:66:5f:de:67:d6:93:a5:15:27:aa:e6:21:b9:
         4e:39:01:04:d8:5f:2f:33:1f:60:ee:24:12:ca:d9:6b:41:6a:
         d5:c7:ca:15:bd:e1:58:f9:8e:0e:02:92:2c:d8:17:4d:b1:cd:
         db:62:8a:e1:d8:ba:ab:ab:3c:42:3c:85:b1:81:55:d5:c8:ba:
         4f:fe:ea:93:8f:4e:fa:d4:8f:09:12:2e:d7:3e:81:57:99:1e:
         ed:d3:67:3a:f1:97:7d:3c:27:b2:8a:90:07:ee:74:8e:a0:79:
         9e:06:73:27:b7:82:cb:79:2e:c9:38:e0:37:ee:5d:9d:f9:82:
         65:9a:55:05
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt4NS5rqzeAUAwx9NzU6kP8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDYxODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmZlMDAxMWViZTRmMjE2YzU4ZDNhYjQyODEyYjk4NDAyYmUwYjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuz0fEzeYW09iv7grefITGtFWnXIn
klW3zsy102Ioj53N3vCT0S+1iHAmk5rgntyGx7c7rC1Lqz9CZODoUR4Y5Xiau89Q
fCJthv0NXRmuP6cX38sTS0n1tMkwTfGbi8A+OSIKzCqyUaU+TSLiKS2CstINF9Hg
3StC8tT9tHiG6Y8PLJHQ81v6gcpqDZc+RHN0WVs+U5ZQQDqhKJ14TQMAFxlm/Fg2
7rd4y85MPlgHeYs4mMUrRQ+ebbdNtrYKhpXj39EK3U51GPT4PPoxptiuJSXNxshW
+TLvL5zZmvUbzLO7Mh+TXgrdElO8Qul4de7uNKcrrM8oxTJ5jOb41oAuDwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFA/+ABHr5PIWxY06tCgSuYQCvgssMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzlhLzk2MTg0
ZC01OTgxLTQ3MDItOWQzMi02Y2MwZGFmMzQxYzQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWEvOTYxODRk
LTU5ODEtNDcwMi05ZDMyLTZjYzBkYWYzNDFjNC8xL0RfNEFFZXZrOGhiRmpUcTBL
Qks1aEFLLUN5dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9izMA0GCSqGSIb3DQEBCwUAA4IBAQBW0fSY
IqFBS2+Hx6LVbLPwt8FHx59Brp4En2AN+vXpTBtD01x8m3UNtmciooN2iIoI5Zia
eT3rFDEBzrrqqnYePOHPWhYCtJTJzLQEcnGCToIayneb1ZeqBYdvPDkbr3qMcXft
040rNqIcXZqnlLCV7/9Jp9WTM6p5ZlrWSkWLhw9sqWZf3mfWk6UVJ6rmIblOOQEE
2F8vMx9g7iQSytlrQWrVx8oVveFY+Y4OApIs2BdNsc3bYorh2LqrqzxCPIWxgVXV
yLpP/uqTj0761I8JEi7XPoFXmR7t02c68Zd9PCeyipAH7nSOoHmeBnMnt4LLeS7J
OOA37l2d+YJlmlUF
-----END CERTIFICATE-----