This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer File: NJy71cLPQZXMbsfyH2B1gaAiTao.cer (raw, json) Hash identifier: caT/jNkGT9GL+3DaVgX0NCCNxl/mrR1141QOJ5gSODQ= Subject key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669 Certificate serial: 019B7E37963BEA060E964B2094964C1F4CF5 Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Manifest: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft caRepository: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/ Notify URL: https://rrdp.ripe.net/notification.xml Certificate not before: Fri 02 Jan 2026 10:18:50 +0000 Certificate not after: Thu 01 Jul 2027 00:00:00 +0000 Subordinate resources: AS: 34744 AS: 57217 IP: 31.131.8.0/21 IP: 31.132.192.0/21 IP: 31.133.24.0/21 IP: 31.133.192.0/21 IP: 31.135.0.0/21 IP: 37.97.112.0 -- 37.97.123.255 IP: 46.151.32.0/21 IP: 46.173.240.0/20 IP: 46.174.200.0/21 IP: 64.43.64.0/18 IP: 77.36.0.0/17 IP: 77.232.192.0/19 IP: 81.161.0.0/20 IP: 81.161.48.0/21 IP: 85.204.196.0/23 IP: 86.104.132.0/23 IP: 89.34.74.0/23 IP: 89.42.232.0/23 IP: 89.44.100.0/23 IP: 89.45.92.0/23 IP: 89.46.112.0/23 IP: 91.193.28.0/22 IP: 91.200.132.0/22 IP: 91.218.252.0/22 IP: 91.223.117.0/24 IP: 91.223.158.0/24 IP: 91.224.40.0/23 IP: 91.224.212.0/23 IP: 91.225.34.0/23 IP: 91.226.52.0/22 IP: 91.228.119.0/24 IP: 91.229.6.0/24 IP: 91.229.16.0/22 IP: 91.229.30.0/23 IP: 91.229.147.0/24 IP: 91.229.156.0/22 IP: 91.231.223.0 -- 91.231.227.255 IP: 91.232.16.0 -- 91.232.20.255 IP: 91.232.55.0 -- 91.232.57.255 IP: 91.232.226.0/23 IP: 91.232.254.0/24 IP: 91.233.0.0/22 IP: 91.233.200.0/22 IP: 91.234.120.0/22 IP: 91.234.150.0/23 IP: 91.234.156.0/22 IP: 91.234.220.0/22 IP: 91.235.166.0/23 IP: 91.236.76.0/23 IP: 91.236.237.0/24 IP: 91.237.44.0 -- 91.237.49.255 IP: 91.237.91.0 -- 91.237.93.255 IP: 91.237.193.0 -- 91.237.195.255 IP: 91.238.38.0 -- 91.238.43.255 IP: 91.239.0.0/22 IP: 91.239.178.0/23 IP: 91.239.220.0 -- 91.239.226.255 IP: 91.240.154.0/24 IP: 91.240.156.0/22 IP: 91.245.88.0/21 IP: 91.245.176.0/20 IP: 91.246.172.0 -- 91.246.201.255 IP: 91.246.203.0 -- 91.246.207.255 IP: 91.246.216.0/23 IP: 93.120.0.0/17 IP: 94.232.96.0/21 IP: 109.197.232.0/21 IP: 109.207.128.0/20 IP: 130.195.58.0/23 IP: 130.195.214.0/23 IP: 171.25.223.0/24 IP: 176.96.48.0/20 IP: 176.96.88.0/21 IP: 176.96.176.0/21 IP: 176.97.144.0/21 IP: 176.98.56.0/21 IP: 176.102.120.0/21 IP: 176.103.120.0/21 IP: 176.103.240.0/21 IP: 176.107.64.0/20 IP: 176.110.106.0/23 IP: 176.110.112.0/22 IP: 176.110.216.0/21 IP: 176.111.0.0/21 IP: 176.111.160.0/22 IP: 176.112.80.0/21 IP: 176.113.176.0/20 IP: 176.115.232.0/21 IP: 176.116.32.0/20 IP: 176.116.224.0/20 IP: 176.118.88.0/21 IP: 176.118.200.0/21 IP: 176.121.32.0/20 IP: 176.121.96.0/20 IP: 176.124.172.0 -- 176.124.183.255 IP: 178.159.144.0/20 IP: 178.212.184.0/21 IP: 178.213.176.0/21 IP: 185.9.236.0 -- 185.9.243.255 IP: 185.55.4.0/22 IP: 185.55.140.0/22 IP: 185.104.196.0/22 IP: 188.191.248.0/21 IP: 188.213.233.0/24 IP: 192.162.184.0/22 IP: 193.0.190.0/24 IP: 193.36.192.0/19 IP: 193.221.82.0/23 IP: 194.33.64.0/22 IP: 194.33.100.0/22 IP: 195.80.142.0/23 IP: 2a01:7d8::/32 IP: 2a05:84c0::/29 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Tue 20 Jan 2026 09:01:26 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:7e:37:96:3b:ea:06:0e:96:4b:20:94:96:4c:1f:4c:f5 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669 Validity Not Before: Jan 2 10:18:50 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a7:ad:01:76:b4:fe:93:58:b2:b7:ea:a8:f9:d4: a3:3a:d7:fc:73:6d:19:76:dd:75:7c:eb:7d:ce:ab: 67:18:7b:95:46:c0:72:ca:b9:60:46:97:cf:c6:54: e5:e4:6f:1b:27:4f:28:2b:7e:47:bc:78:b1:4b:92: c6:e5:e8:04:c5:a2:ee:dc:81:3e:f9:81:4b:57:f5: 25:c8:2d:09:2d:1c:60:a7:4f:55:45:c7:91:27:8f: 56:2e:45:a1:1f:97:1d:de:1a:de:8d:21:46:c3:49: a4:c2:f3:88:74:fe:06:68:ec:96:47:01:53:bc:ac: de:9b:bc:4f:34:23:00:78:33:d6:64:c4:82:d3:c2: 0a:59:76:c5:60:72:d7:29:61:33:8f:d9:7c:1a:e6: 55:d5:96:e3:1f:d3:77:de:0c:d2:86:94:b8:83:15: 5a:d3:25:5b:30:2f:d6:e6:8c:a6:f0:38:25:ac:3f: 6f:81:4c:99:1d:74:74:69:94:89:39:3d:a0:32:ce: 5b:d4:6d:6c:15:ee:7b:89:4a:a1:38:70:b3:e0:a6: 63:96:b5:06:66:f1:b3:47:eb:56:c9:02:63:a5:2c: f3:3a:5c:93:f0:c5:af:d3:55:d7:da:39:b8:0c:70: 4a:76:6a:d9:2a:e3:19:2f:67:8d:d1:9a:ea:35:6f: 26:37 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA X509v3 Authority Key Identifier: keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Subject Information Access: CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/ RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft RPKI Notify - URI:https://rrdp.ripe.net/notification.xml X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 31.131.8.0/21 31.132.192.0/21 31.133.24.0/21 31.133.192.0/21 31.135.0.0/21 37.97.112.0-37.97.123.255 46.151.32.0/21 46.173.240.0/20 46.174.200.0/21 64.43.64.0/18 77.36.0.0/17 77.232.192.0/19 81.161.0.0/20 81.161.48.0/21 85.204.196.0/23 86.104.132.0/23 89.34.74.0/23 89.42.232.0/23 89.44.100.0/23 89.45.92.0/23 89.46.112.0/23 91.193.28.0/22 91.200.132.0/22 91.218.252.0/22 91.223.117.0/24 91.223.158.0/24 91.224.40.0/23 91.224.212.0/23 91.225.34.0/23 91.226.52.0/22 91.228.119.0/24 91.229.6.0/24 91.229.16.0/22 91.229.30.0/23 91.229.147.0/24 91.229.156.0/22 91.231.223.0-91.231.227.255 91.232.16.0-91.232.20.255 91.232.55.0-91.232.57.255 91.232.226.0/23 91.232.254.0/24 91.233.0.0/22 91.233.200.0/22 91.234.120.0/22 91.234.150.0/23 91.234.156.0/22 91.234.220.0/22 91.235.166.0/23 91.236.76.0/23 91.236.237.0/24 91.237.44.0-91.237.49.255 91.237.91.0-91.237.93.255 91.237.193.0-91.237.195.255 91.238.38.0-91.238.43.255 91.239.0.0/22 91.239.178.0/23 91.239.220.0-91.239.226.255 91.240.154.0/24 91.240.156.0/22 91.245.88.0/21 91.245.176.0/20 91.246.172.0-91.246.201.255 91.246.203.0-91.246.207.255 91.246.216.0/23 93.120.0.0/17 94.232.96.0/21 109.197.232.0/21 109.207.128.0/20 130.195.58.0/23 130.195.214.0/23 171.25.223.0/24 176.96.48.0/20 176.96.88.0/21 176.96.176.0/21 176.97.144.0/21 176.98.56.0/21 176.102.120.0/21 176.103.120.0/21 176.103.240.0/21 176.107.64.0/20 176.110.106.0/23 176.110.112.0/22 176.110.216.0/21 176.111.0.0/21 176.111.160.0/22 176.112.80.0/21 176.113.176.0/20 176.115.232.0/21 176.116.32.0/20 176.116.224.0/20 176.118.88.0/21 176.118.200.0/21 176.121.32.0/20 176.121.96.0/20 176.124.172.0-176.124.183.255 178.159.144.0/20 178.212.184.0/21 178.213.176.0/21 185.9.236.0-185.9.243.255 185.55.4.0/22 185.55.140.0/22 185.104.196.0/22 188.191.248.0/21 188.213.233.0/24 192.162.184.0/22 193.0.190.0/24 193.36.192.0/19 193.221.82.0/23 194.33.64.0/22 194.33.100.0/22 195.80.142.0/23 IPv6: 2a01:7d8::/32 2a05:84c0::/29 sbgp-autonomousSysNum: critical Autonomous System Numbers: 34744 57217 Signature Algorithm: sha256WithRSAEncryption 1f:97:5f:18:ea:b5:a2:da:08:f0:71:c8:bb:3c:04:73:a3:0a: 20:1b:c2:09:72:05:e2:40:5b:e3:81:02:5c:7f:62:00:a3:fc: 60:00:79:7b:a7:19:27:1a:0b:95:c0:52:72:55:ff:73:3d:69: dc:ba:ca:ba:1b:7a:ef:a1:ca:c4:21:d8:53:fa:0f:8b:67:ab: 75:0c:d0:52:d8:f0:bf:50:bb:48:3a:c7:f3:a7:e0:1d:cf:50: c4:70:2d:0b:ac:17:17:c1:f4:1e:20:71:52:f1:a9:1e:ae:e2: 07:b2:d2:7f:29:02:5a:80:d1:cb:e1:35:2c:48:c2:d1:f3:d7: 1c:58:53:31:58:86:1b:54:c8:60:09:37:8d:03:79:48:40:58: 2b:ce:ca:1e:7e:2a:19:ab:e7:a0:80:fb:9f:02:24:3a:5d:47: 08:14:62:8f:47:9d:35:a3:6b:ef:87:99:f5:fb:77:0e:b9:52: 61:fd:ca:36:0b:b5:f9:11:a8:bd:b8:2c:cb:57:87:9f:6d:72: 75:2c:28:bb:e6:3c:95:52:10:53:13:a0:07:2d:34:83:f1:f8: 08:6a:bd:6e:b4:d0:c1:c9:c2:bb:83:11:b5:50:71:a1:53:84: 90:10:2a:ee:d0:3c:d5:fe:85:17:e5:e7:52:ec:58:27:f3:81: 82:9d:b5:af -----BEGIN CERTIFICATE----- MIIItTCCB52gAwIBAgISAZt+N5Y76gYOlksglJZMH0z1MA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk ZGU2NjkwHhcNMjYwMTAyMTAxODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD EygzNDljYmJkNWMyY2Y0MTk1Y2M2ZWM3ZjIxZjYwNzU4MWEwMjI0ZGFhMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp60BdrT+k1iyt+qo+dSjOtf8c20Z dt11fOt9zqtnGHuVRsByyrlgRpfPxlTl5G8bJ08oK35HvHixS5LG5egExaLu3IE+ +YFLV/UlyC0JLRxgp09VRceRJ49WLkWhH5cd3hrejSFGw0mkwvOIdP4GaOyWRwFT vKzem7xPNCMAeDPWZMSC08IKWXbFYHLXKWEzj9l8GuZV1ZbjH9N33gzShpS4gxVa 0yVbMC/W5oym8DglrD9vgUyZHXR0aZSJOT2gMs5b1G1sFe57iUqhOHCz4KZjlrUG ZvGzR+tWyQJjpSzzOlyT8MWv01XX2jm4DHBKdmrZKuMZL2eN0ZrqNW8mNwIDAQAB o4IFwTCCBb0wHQYDVR0OBBYEFDScu9XCz0GVzG7H8h9gdYGgIk2qMB8GA1UdIwQY MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJkL2NkZjVm Ni0yZjE4LTQyYzctOTMwZS1kYzA2ZGQ4MDU5NjAvMS8wfAYIKwYBBQUHMAqGcHJz eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvY2RmNWY2 LTJmMTgtNDJjNy05MzBlLWRjMDZkZDgwNTk2MC8xL05KeTcxY0xQUVpYTWJzZnlI MkIxZ2FBaVRhby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIDOQYIKwYB BQUHAQcBAf8EggMoMIIDJDCCAwoEAgABMIIDAgMEAx+DCAMEAx+EwAMEAx+FGAME Ax+FwAMEAx+HADAMAwQEJWFwAwQCJWF4AwQDLpcgAwQELq3wAwQDLq7IAwQGQCtA AwQHTSQAAwQFTejAAwQEUaEAAwQDUaEwAwQBVczEAwQBVmiEAwQBWSJKAwQBWSro AwQBWSxkAwQBWS1cAwQBWS5wAwQCW8EcAwQCW8iEAwQCW9r8AwQAW991AwQAW9+e AwQBW+AoAwQBW+DUAwQBW+EiAwQCW+I0AwQAW+R3AwQAW+UGAwQCW+UQAwQBW+Ue AwQAW+WTAwQCW+WcMAwDBABb598DBAJb5+AwDAMEBFvoEAMEAFvoFDAMAwQAW+g3 AwQBW+g4AwQBW+jiAwQAW+j+AwQCW+kAAwQCW+nIAwQCW+p4AwQBW+qWAwQCW+qc AwQCW+rcAwQBW+umAwQBW+xMAwQAW+ztMAwDBAJb7SwDBAFb7TAwDAMEAFvtWwME AVvtXDAMAwQAW+3BAwQCW+3AMAwDBAFb7iYDBAJb7igDBAJb7wADBAFb77IwDAME Alvv3AMEAFvv4gMEAFvwmgMEAlvwnAMEA1v1WAMEBFv1sDAMAwQCW/asAwQBW/bI MAwDBABb9ssDBARb9sADBAFb9tgDBAddeAADBANe6GADBANtxegDBARtz4ADBAGC wzoDBAGCw9YDBACrGd8DBASwYDADBAOwYFgDBAOwYLADBAOwYZADBAOwYjgDBAOw ZngDBAOwZ3gDBAOwZ/ADBASwa0ADBAGwbmoDBAKwbnADBAOwbtgDBAOwbwADBAKw b6ADBAOwcFADBASwcbADBAOwc+gDBASwdCADBASwdOADBAOwdlgDBAOwdsgDBASw eSADBASweWAwDAMEArB8rAMEA7B8sAMEBLKfkAMEA7LUuAMEA7LVsDAMAwQCuQns AwQCuQnwAwQCuTcEAwQCuTeMAwQCuWjEAwQDvL/4AwQAvNXpAwQCwKK4AwQAwQC+ AwQFwSTAAwQBwd1SAwQCwiFAAwQCwiFkAwQBw1COMBQEAgACMA4DBQAqAQfYAwUD KgWEwDAfBggrBgEFBQcBCAEB/wQQMA6gDDAKAgMAh7gCAwDfgTANBgkqhkiG9w0B AQsFAAOCAQEAH5dfGOq1otoI8HHIuzwEc6MKIBvCCXIF4kBb44ECXH9iAKP8YAB5 e6cZJxoLlcBSclX/cz1p3LrKuht676HKxCHYU/oPi2erdQzQUtjwv1C7SDrH86fg Hc9QxHAtC6wXF8H0HiBxUvGpHq7iB7LSfykCWoDRy+E1LEjC0fPXHFhTMViGG1TI YAk3jQN5SEBYK87KHn4qGavnoID7nwIkOl1HCBRij0edNaNr74eZ9ft3DrlSYf3K Ngu1+RGovbgsy1eHn21ydSwou+Y8lVIQUxOgBy00g/H4CGq9brTQwcnCu4MRtVBx oVOEkBAq7tA81f6FF+XnUuxYJ/OBgp21rw== -----END CERTIFICATE-----Generated at Mon Jan 19 18:23:31 2026 by rpki-client