This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Iaw4_oEF-1mizSV_UZ-FhZWEAwE.cer
File:                     Iaw4_oEF-1mizSV_UZ-FhZWEAwE.cer (raw, json)
Hash identifier:          iwyxjpbl1qTe0weUbntkb2/AHTPty30PxkMS9zhM2qY=
Subject key identifier:   21:AC:38:FE:81:05:FB:59:A2:CD:25:7F:51:9F:85:85:95:84:03:01
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B77595323E80CE406628D24521A7E3831
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c8/345c62-2e0a-4ce1-befb-0cf54cfa8da1/1/Iaw4_oEF-1mizSV_UZ-FhZWEAwE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c8/345c62-2e0a-4ce1-befb-0cf54cfa8da1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 02:18:21 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 215601
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:53:23:e8:0c:e4:06:62:8d:24:52:1a:7e:38:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21ac38fe8105fb59a2cd257f519f858595840301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f7:1b:f9:52:da:9f:b8:e6:c8:92:ec:f0:1f:
                    3f:98:7c:e3:5e:f2:2a:fc:90:f7:e2:cb:28:31:aa:
                    2b:3b:63:ec:27:59:90:85:39:be:4a:5c:88:82:71:
                    6a:29:7c:57:76:e5:f9:bc:5a:49:e2:52:76:ff:43:
                    81:24:0c:14:02:f3:d1:bb:3c:ac:01:dc:0b:3f:77:
                    17:11:c5:df:7d:af:d9:3b:10:47:21:58:44:8f:ce:
                    ff:8c:c4:a5:fe:f4:6f:a4:03:8f:08:4c:b3:cd:e3:
                    f9:31:e1:f0:e2:e9:93:2d:66:44:a4:29:6b:7a:c5:
                    65:e1:69:14:3c:a7:90:94:68:2d:f2:88:d2:f3:87:
                    b3:83:a3:2a:34:fb:9e:05:80:fa:81:8f:31:cf:b6:
                    50:61:02:17:f6:86:9a:be:1e:51:66:c2:f8:23:40:
                    ea:54:57:68:d5:78:29:dc:98:66:cf:f3:19:81:1b:
                    e5:86:cf:f8:96:db:81:9a:e8:2c:9f:d5:98:87:f3:
                    bf:d3:88:6f:17:d4:df:b0:c8:f1:b8:98:07:98:53:
                    05:f5:84:0b:c1:bb:db:0d:d5:f2:c3:13:ad:27:71:
                    5b:b1:79:4a:0d:79:3e:29:a3:00:44:ea:9a:ec:cd:
                    f2:a9:25:97:2c:84:55:29:af:80:5f:64:85:4c:b9:
                    61:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:AC:38:FE:81:05:FB:59:A2:CD:25:7F:51:9F:85:85:95:84:03:01
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/345c62-2e0a-4ce1-befb-0cf54cfa8da1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/345c62-2e0a-4ce1-befb-0cf54cfa8da1/1/Iaw4_oEF-1mizSV_UZ-FhZWEAwE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215601

    Signature Algorithm: sha256WithRSAEncryption
         3d:fa:19:84:a9:01:29:9d:79:4c:34:5d:6b:14:cb:84:b0:4e:
         51:e6:6f:5d:d2:62:4d:96:28:2b:68:a7:a5:3e:3c:8b:47:19:
         87:67:81:31:f3:ee:b8:30:d6:02:78:26:c0:3e:87:c8:3d:8d:
         e8:35:01:0b:9d:32:91:ad:1f:f0:d2:fc:a9:bd:8a:e7:aa:29:
         57:a3:40:36:37:54:fd:3b:2f:c4:b4:be:6b:1e:ab:75:5e:76:
         2c:69:26:e5:62:2a:47:2d:bd:e5:43:bc:69:73:bd:ee:c0:9f:
         bc:6c:ed:b5:95:fd:4d:76:71:03:88:8c:18:d5:54:2e:02:46:
         70:59:6c:42:7e:b2:d6:8b:f8:21:7b:ee:f8:db:3b:d2:db:49:
         0c:ec:4b:7e:d6:07:11:88:85:8e:fc:2a:db:7a:b4:e4:21:bb:
         7d:b7:ec:dd:2a:c3:f3:6f:f3:1f:b1:d9:de:3a:a7:68:85:4d:
         e9:64:5f:17:04:12:04:0c:40:fb:fe:44:2f:11:21:3c:3a:98:
         a0:cc:23:2e:80:64:d8:f4:18:0a:39:b0:ad:61:bd:7d:61:24:
         9d:88:4d:ce:1f:4c:3a:e4:85:6d:22:60:28:6b:a3:3b:a0:3a:
         a0:75:2c:a8:30:3d:f9:a9:73:ec:d7:17:cc:5c:99:2e:3e:19:
         40:7e:2d:95
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt3WVMj6AzkBmKNJFIafjgxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDIxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFjMzhmZTgxMDVmYjU5YTJjZDI1N2Y1MTlmODU4NTk1ODQwMzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvcb+VLan7jmyJLs8B8/mHzjXvIq
/JD34ssoMaorO2PsJ1mQhTm+SlyIgnFqKXxXduX5vFpJ4lJ2/0OBJAwUAvPRuzys
AdwLP3cXEcXffa/ZOxBHIVhEj87/jMSl/vRvpAOPCEyzzeP5MeHw4umTLWZEpClr
esVl4WkUPKeQlGgt8ojS84ezg6MqNPueBYD6gY8xz7ZQYQIX9oaavh5RZsL4I0Dq
VFdo1Xgp3Jhmz/MZgRvlhs/4ltuBmugsn9WYh/O/04hvF9TfsMjxuJgHmFMF9YQL
wbvbDdXywxOtJ3FbsXlKDXk+KaMAROqa7M3yqSWXLIRVKa+AX2SFTLlh3QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCGsOP6BBftZos0lf1GfhYWVhAMBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M4LzM0NWM2
Mi0yZTBhLTRjZTEtYmVmYi0wY2Y1NGNmYThkYTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgvMzQ1YzYy
LTJlMGEtNGNlMS1iZWZiLTBjZjU0Y2ZhOGRhMS8xL0lhdzRfb0VGLTFtaXpTVl9V
Wi1GaFpXRUF3RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNKMTANBgkqhkiG9w0BAQsFAAOCAQEAPfoZhKkBKZ15
TDRdaxTLhLBOUeZvXdJiTZYoK2inpT48i0cZh2eBMfPuuDDWAngmwD6HyD2N6DUB
C50yka0f8NL8qb2K56opV6NANjdU/TsvxLS+ax6rdV52LGkm5WIqRy295UO8aXO9
7sCfvGzttZX9TXZxA4iMGNVULgJGcFlsQn6y1ov4IXvu+Ns70ttJDOxLftYHEYiF
jvwq23q05CG7fbfs3SrD82/zH7HZ3jqnaIVN6WRfFwQSBAxA+/5ELxEhPDqYoMwj
LoBk2PQYCjmwrWG9fWEknYhNzh9MOuSFbSJgKGujO6A6oHUsqDA9+alz7NcXzFyZ
Lj4ZQH4tlQ==
-----END CERTIFICATE-----