This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/LxXXiyVtKEWbhptybyMpSrP_Fz8.cer
File:                     LxXXiyVtKEWbhptybyMpSrP_Fz8.cer (raw, json)
Hash identifier:          /r2O7tLjXMqhA5ZSWHO80sCNe56SEckd4tVVMqkSuIk=
Subject key identifier:   2F:15:D7:8B:25:6D:28:45:9B:86:9B:72:6F:23:29:4A:B3:FF:17:3F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7F85177693D2287F32865D68B25452B8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/LxXXiyVtKEWbhptybyMpSrP_Fz8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 16:23:07 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 194.13.66.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:85:17:76:93:d2:28:7f:32:86:5d:68:b2:54:52:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 16:23:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f15d78b256d28459b869b726f23294ab3ff173f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:4d:04:02:c1:a8:08:62:0b:fa:7e:d2:9c:cc:
                    b0:41:5e:65:af:d3:a0:7e:73:a6:e6:e3:ea:56:24:
                    71:15:b7:69:95:5a:94:b6:94:d6:b2:00:18:86:79:
                    93:06:d5:f4:b0:ba:4f:6c:14:73:40:51:86:1c:95:
                    a7:c1:de:56:14:2d:4c:75:6f:a4:20:8a:63:05:0d:
                    1c:ee:af:a5:f2:a6:31:44:0e:28:65:84:6a:1c:db:
                    86:3f:07:c6:da:e0:4e:e6:48:a3:65:61:ee:0d:f7:
                    6f:fd:0a:a2:e3:82:58:b7:45:28:63:fb:c9:0c:02:
                    c2:7d:5d:1e:fa:6d:cd:1a:8e:be:aa:32:c3:32:b7:
                    f6:7c:10:dc:02:21:a6:67:50:b0:5d:11:a6:72:b1:
                    85:4d:bd:db:1b:9d:db:50:52:7b:9f:83:53:34:10:
                    c4:5a:e5:5e:f1:56:40:37:b6:c4:3f:2e:d1:39:02:
                    a9:56:f5:38:40:d3:f4:ba:c0:21:2f:59:44:d7:fa:
                    a2:94:bd:69:d3:3f:a7:41:ac:a5:44:30:4a:c9:da:
                    83:74:5b:77:3d:84:ba:de:20:ec:ac:f7:f5:2a:b5:
                    0f:33:e6:88:d5:68:3f:61:d3:4d:54:28:5d:36:7f:
                    4d:43:3f:e8:f3:6c:b9:5e:d5:30:b9:5a:35:db:b0:
                    6f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:15:D7:8B:25:6D:28:45:9B:86:9B:72:6F:23:29:4A:B3:FF:17:3F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/LxXXiyVtKEWbhptybyMpSrP_Fz8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:1c:9c:2f:89:3d:a2:be:43:11:d8:cb:9e:6d:ea:7a:89:c1:
         97:57:98:36:ab:f4:53:8c:9e:93:5b:ee:ad:bb:5f:05:ae:64:
         9b:de:4b:5b:99:d0:a1:26:1b:cc:64:15:60:d2:0c:07:35:cb:
         0e:9d:d6:90:26:25:44:dd:0f:11:d7:5e:08:d0:ca:04:e7:99:
         d4:93:a0:bf:14:6b:60:e5:e3:30:28:cd:4e:5c:3a:dd:cb:05:
         1d:87:e4:91:d9:e5:04:61:a6:98:f4:4e:6f:96:6b:32:e3:07:
         09:6d:49:d7:54:07:04:1f:48:bd:89:bc:30:d8:dc:6b:7d:b7:
         ac:93:b3:18:bd:39:f5:d3:d0:3c:da:0a:94:df:59:ef:29:3a:
         fc:14:1d:51:1d:fd:d0:39:b8:2f:19:5d:c9:bb:58:47:62:7a:
         37:5b:69:d6:9c:89:30:cf:86:82:11:08:6e:cb:69:cb:7d:b7:
         55:1f:4b:e3:48:40:83:3f:6e:bf:03:ec:04:13:7c:7f:ba:a7:
         e8:0e:c5:99:1e:f2:8b:81:b3:92:77:64:20:93:1d:07:cc:4d:
         b1:d9:9b:6b:e7:a6:29:71:89:41:82:97:c4:15:67:ab:ed:e2:
         15:fe:7b:bf:e0:0d:1a:28:23:7a:3a:46:b6:7a:66:8c:9a:86:
         48:fe:26:40
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt/hRd2k9IofzKGXWiyVFK4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTYyMzA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjE1ZDc4YjI1NmQyODQ1OWI4NjliNzI2ZjIzMjk0YWIzZmYxNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiE0EAsGoCGIL+n7SnMywQV5lr9Og
fnOm5uPqViRxFbdplVqUtpTWsgAYhnmTBtX0sLpPbBRzQFGGHJWnwd5WFC1MdW+k
IIpjBQ0c7q+l8qYxRA4oZYRqHNuGPwfG2uBO5kijZWHuDfdv/Qqi44JYt0UoY/vJ
DALCfV0e+m3NGo6+qjLDMrf2fBDcAiGmZ1CwXRGmcrGFTb3bG53bUFJ7n4NTNBDE
WuVe8VZAN7bEPy7ROQKpVvU4QNP0usAhL1lE1/qilL1p0z+nQaylRDBKydqDdFt3
PYS63iDsrPf1KrUPM+aI1Wg/YdNNVChdNn9NQz/o82y5XtUwuVo127BvowIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFC8V14slbShFm4abcm8jKUqz/xc/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M5LzZiZGY2
Yy1hMTgxLTQyZmMtYjliZi04M2JjN2NjNDYzZGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzkvNmJkZjZj
LWExODEtNDJmYy1iOWJmLTgzYmM3Y2M0NjNkZS8xL0x4WFhpeVZ0S0VXYmhwdHli
eU1wU3JQX0Z6OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwg1CMA0GCSqGSIb3DQEBCwUAA4IBAQCAHJwv
iT2ivkMR2Muebep6icGXV5g2q/RTjJ6TW+6tu18FrmSb3ktbmdChJhvMZBVg0gwH
NcsOndaQJiVE3Q8R114I0MoE55nUk6C/FGtg5eMwKM1OXDrdywUdh+SR2eUEYaaY
9E5vlmsy4wcJbUnXVAcEH0i9ibww2Nxrfbesk7MYvTn109A82gqU31nvKTr8FB1R
Hf3QObgvGV3Ju1hHYno3W2nWnIkwz4aCEQhuy2nLfbdVH0vjSECDP26/A+wEE3x/
uqfoDsWZHvKLgbOSd2Qgkx0HzE2x2Ztr56YpcYlBgpfEFWer7eIV/nu/4A0aKCN6
Oka2emaMmoZI/iZA
-----END CERTIFICATE-----