This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KR2Dw_S4d899CEy1MMSp42_PetA.cer
File:                     KR2Dw_S4d899CEy1MMSp42_PetA.cer (raw, json)
Hash identifier:          0TecwhcclPCbaD8i5QGNuqQvKCdy3Hy9/5WM6Jkls/U=
Subject key identifier:   29:1D:83:C3:F4:B8:77:CF:7D:08:4C:B5:30:C4:A9:E3:6F:CF:7A:D0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7BA37404ED87BC4D2A2A94D9B7FD9CC8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 22:17:48 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 91.213.3.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:74:04:ed:87:bc:4d:2a:2a:94:d9:b7:fd:9c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=291d83c3f4b877cf7d084cb530c4a9e36fcf7ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:c0:81:a9:c3:7c:d1:fe:7d:0e:8e:35:e7:3b:
                    cd:b7:ef:ec:3d:0d:cf:71:2b:36:96:cb:e3:73:1a:
                    0a:19:73:27:ba:3c:8d:c6:1c:a8:f6:e3:fa:97:50:
                    0c:16:e7:23:16:04:fb:1c:0a:fd:9a:30:df:15:68:
                    c3:b8:84:9e:66:6e:1c:7e:93:f7:f3:8b:b1:77:b7:
                    dd:8d:8c:69:66:bc:92:f2:e4:eb:ff:c8:75:82:8d:
                    ad:86:df:67:98:c0:b8:8b:66:f8:71:ef:e4:5b:95:
                    f5:28:eb:d2:b2:8a:ad:2d:99:dc:61:2b:87:14:9b:
                    c7:87:73:74:d8:38:e2:f0:7a:82:42:b7:89:30:f6:
                    e6:75:9c:9c:31:af:dd:51:20:f9:a9:e5:76:fa:eb:
                    f4:80:70:4e:97:8e:e2:17:fd:29:30:f1:4a:e6:49:
                    07:bb:b7:cd:b2:44:d0:3f:b0:3c:11:72:78:1b:4f:
                    18:52:b4:67:54:03:1b:b9:b6:3b:1f:6b:2b:c6:81:
                    c4:40:44:dd:e2:74:39:b3:79:a9:95:c6:33:10:5a:
                    3e:e2:2b:59:a1:db:6b:ed:24:fe:e6:cb:eb:0e:61:
                    49:68:4c:b1:4f:37:b0:54:ee:77:44:86:19:22:18:
                    ff:f1:3f:21:44:0e:4a:ab:55:c5:0f:f9:c3:a0:58:
                    fd:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:1D:83:C3:F4:B8:77:CF:7D:08:4C:B5:30:C4:A9:E3:6F:CF:7A:D0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:4c:b0:9f:98:c1:60:c0:48:fe:c7:23:08:14:fc:74:67:10:
         b0:96:81:a8:53:98:d2:42:1e:08:d2:31:01:40:37:82:24:96:
         9a:22:69:2a:37:36:5e:3d:2b:67:16:d1:52:b7:91:df:f7:70:
         1d:e3:3b:70:bf:9c:4d:dc:73:cb:b1:ac:be:55:13:29:34:b3:
         57:e2:e5:35:83:fa:24:84:64:c8:4b:08:76:0a:11:f1:04:4f:
         67:ce:39:b3:36:c5:fc:ea:64:79:8e:a4:ae:9a:8a:00:93:9e:
         dd:95:e9:99:a8:64:d6:bf:48:e2:46:e9:0c:bc:ac:c5:61:2b:
         75:bf:f7:ee:6e:91:a0:95:ca:b5:c8:59:c5:e7:bf:f7:5c:13:
         80:06:cb:d0:6f:6b:ad:db:26:ef:2a:e5:ee:28:42:69:cd:50:
         8f:6a:42:8e:0f:ff:65:cd:ae:95:57:30:bd:18:de:bc:ee:f2:
         a6:9a:6f:7b:cb:3f:36:e4:40:36:72:5b:c1:9d:73:aa:20:a1:
         73:17:61:06:cc:a4:12:ab:99:eb:c2:71:c7:c0:72:84:60:d8:
         02:57:95:70:80:2b:eb:a3:1f:3a:a5:40:f9:a8:4e:ad:c0:44:
         a6:1f:b4:19:9f:9c:96:c8:e9:2d:8b:fa:3f:0a:e0:dc:4c:14:
         d8:1e:04:52
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt7o3QE7Ye8TSoqlNm3/ZzIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMjIxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTFkODNjM2Y0Yjg3N2NmN2QwODRjYjUzMGM0YTllMzZmY2Y3YWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysCBqcN80f59Do415zvNt+/sPQ3P
cSs2lsvjcxoKGXMnujyNxhyo9uP6l1AMFucjFgT7HAr9mjDfFWjDuISeZm4cfpP3
84uxd7fdjYxpZryS8uTr/8h1go2tht9nmMC4i2b4ce/kW5X1KOvSsoqtLZncYSuH
FJvHh3N02Dji8HqCQreJMPbmdZycMa/dUSD5qeV2+uv0gHBOl47iF/0pMPFK5kkH
u7fNskTQP7A8EXJ4G08YUrRnVAMbubY7H2srxoHEQETd4nQ5s3mplcYzEFo+4itZ
odtr7ST+5svrDmFJaEyxTzewVO53RIYZIhj/8T8hRA5Kq1XFD/nDoFj9ewIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFCkdg8P0uHfPfQhMtTDEqeNvz3rQMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzllLzU5NDU2
OS02ZjE4LTQ2MGEtYTE5Ni1mZmNkNDc3MzQ5ZmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUvNTk0NTY5
LTZmMTgtNDYwYS1hMTk2LWZmY2Q0NzczNDlmYy8xL0tSMkR3X1M0ZDg5OUNFeTFN
TVNwNDJfUGV0QS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9UDMA0GCSqGSIb3DQEBCwUAA4IBAQANTLCf
mMFgwEj+xyMIFPx0ZxCwloGoU5jSQh4I0jEBQDeCJJaaImkqNzZePStnFtFSt5Hf
93Ad4ztwv5xN3HPLsay+VRMpNLNX4uU1g/okhGTISwh2ChHxBE9nzjmzNsX86mR5
jqSumooAk57dlemZqGTWv0jiRukMvKzFYSt1v/fubpGglcq1yFnF57/3XBOABsvQ
b2ut2ybvKuXuKEJpzVCPakKOD/9lza6VVzC9GN687vKmmm97yz825EA2clvBnXOq
IKFzF2EGzKQSq5nrwnHHwHKEYNgCV5VwgCvrox86pUD5qE6twESmH7QZn5yWyOkt
i/o/CuDcTBTYHgRS
-----END CERTIFICATE-----