This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NO2iVBz8z2guKd2uYx7cjR57b2A.cer
File:                     NO2iVBz8z2guKd2uYx7cjR57b2A.cer (raw, json)
Hash identifier:          t1h3tECcK8tGBmZF4g5LtkiiUSWXBH1mufb8P62h9xg=
Subject key identifier:   34:ED:A2:54:1C:FC:CF:68:2E:29:DD:AE:63:1E:DC:8D:1E:7B:6F:60
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5AE0361915E0145FE74C7474FB71A2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b7/c7244e-b103-43b1-912f-aa632ddb7615/1/NO2iVBz8z2guKd2uYx7cjR57b2A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b7/c7244e-b103-43b1-912f-aa632ddb7615/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:17:46 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 216101
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5a:e0:36:19:15:e0:14:5f:e7:4c:74:74:fb:71:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:17:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=34eda2541cfccf682e29ddae631edc8d1e7b6f60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:3f:84:ae:f9:30:85:c5:dc:81:0c:d6:c2:3a:
                    f0:5c:4e:27:98:d8:a0:8e:7f:d4:31:37:53:6e:3a:
                    b3:94:0a:3e:0c:15:4a:b8:e2:63:91:59:7e:de:03:
                    3b:30:e9:3a:e2:90:3d:cc:e6:15:4d:b8:91:01:9a:
                    d6:00:06:c7:4f:8a:7f:e9:01:df:ab:82:2a:ae:b2:
                    0e:91:20:c4:c9:54:90:27:c4:04:32:ac:4e:e7:8a:
                    fa:fa:7e:44:62:42:e6:5f:43:23:d1:5d:1a:e2:95:
                    eb:56:c1:e1:74:b5:d6:dc:16:af:a0:56:68:9a:fa:
                    4f:73:4f:12:b0:a1:be:67:86:a3:65:e2:e5:d4:eb:
                    8c:ff:4a:35:c0:a4:41:7b:97:07:84:62:3e:e6:1f:
                    d1:33:55:9b:ee:9e:ce:70:ac:fc:e7:9e:9c:5f:0d:
                    da:54:c5:e6:37:d5:ba:f6:c1:2c:35:0b:f8:6c:bd:
                    9d:91:4e:5a:f5:03:f4:de:46:db:61:e4:ee:df:32:
                    5c:cc:66:20:3b:63:d1:5e:dd:70:52:43:9f:13:97:
                    72:e0:f2:3c:5d:f7:4e:bd:9f:d6:5d:1b:e7:96:1c:
                    a3:4d:fe:a0:ec:94:71:f5:ac:a5:20:18:a5:ba:5e:
                    b1:b3:df:e2:2f:f7:05:ae:7f:1a:bd:e3:e8:74:a5:
                    57:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:ED:A2:54:1C:FC:CF:68:2E:29:DD:AE:63:1E:DC:8D:1E:7B:6F:60
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/c7244e-b103-43b1-912f-aa632ddb7615/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/c7244e-b103-43b1-912f-aa632ddb7615/1/NO2iVBz8z2guKd2uYx7cjR57b2A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  216101

    Signature Algorithm: sha256WithRSAEncryption
         14:51:b4:cf:ba:c8:87:b3:3f:41:96:f7:64:fd:48:4b:0c:9f:
         b9:04:d4:30:77:8b:2d:80:eb:61:f0:23:40:c4:6f:a1:ac:2a:
         88:a2:e0:83:61:b5:e9:66:18:26:39:f2:d6:9e:a6:5f:19:d4:
         f4:4e:74:c2:2c:c5:1c:ea:82:fe:98:b5:2c:13:4b:02:b4:c3:
         be:28:6b:04:6a:ac:2a:24:22:f9:9a:bd:10:2f:09:65:e6:08:
         c0:9f:fb:f5:59:5e:76:6b:28:f2:47:d8:d5:a2:77:d0:19:6e:
         42:5d:22:eb:fd:07:33:64:dd:86:ed:73:d3:a1:fd:ce:69:b6:
         38:68:2d:c9:78:44:45:15:1d:c0:21:59:5a:5f:eb:e6:48:45:
         ac:db:3c:12:08:b8:9c:c2:77:21:99:01:63:a6:ee:0e:79:2d:
         53:0f:19:26:6a:b9:82:d0:7e:80:ea:05:d6:5b:9e:d0:78:56:
         56:08:cb:da:f1:4f:a7:e6:3e:1d:47:62:9c:48:52:f6:c7:79:
         1f:59:22:b8:f9:d0:de:89:18:ec:00:5c:9f:d8:ee:f3:98:c4:
         ce:2d:82:94:8a:10:41:bc:b9:06:5a:32:52:f0:0c:74:b2:cc:
         81:87:01:29:1b:7e:d8:d8:5f:cb:28:99:29:c8:72:73:cf:f3:
         19:b4:43:a3
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt9WuA2GRXgFF/nTHR0+3GiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYxNzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGVkYTI1NDFjZmNjZjY4MmUyOWRkYWU2MzFlZGM4ZDFlN2I2ZjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5D+ErvkwhcXcgQzWwjrwXE4nmNig
jn/UMTdTbjqzlAo+DBVKuOJjkVl+3gM7MOk64pA9zOYVTbiRAZrWAAbHT4p/6QHf
q4IqrrIOkSDEyVSQJ8QEMqxO54r6+n5EYkLmX0Mj0V0a4pXrVsHhdLXW3BavoFZo
mvpPc08SsKG+Z4ajZeLl1OuM/0o1wKRBe5cHhGI+5h/RM1Wb7p7OcKz8556cXw3a
VMXmN9W69sEsNQv4bL2dkU5a9QP03kbbYeTu3zJczGYgO2PRXt1wUkOfE5dy4PI8
XfdOvZ/WXRvnlhyjTf6g7JRx9aylIBilul6xs9/iL/cFrn8avePodKVXDwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDTtolQc/M9oLindrmMe3I0ee29gMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I3L2M3MjQ0
ZS1iMTAzLTQzYjEtOTEyZi1hYTYzMmRkYjc2MTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjcvYzcyNDRl
LWIxMDMtNDNiMS05MTJmLWFhNjMyZGRiNzYxNS8xL05PMmlWQno4ejJndUtkMnVZ
eDdjalI1N2IyQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNMJTANBgkqhkiG9w0BAQsFAAOCAQEAFFG0z7rIh7M/
QZb3ZP1ISwyfuQTUMHeLLYDrYfAjQMRvoawqiKLgg2G16WYYJjny1p6mXxnU9E50
wizFHOqC/pi1LBNLArTDvihrBGqsKiQi+Zq9EC8JZeYIwJ/79Vledmso8kfY1aJ3
0BluQl0i6/0HM2Tdhu1z06H9zmm2OGgtyXhERRUdwCFZWl/r5khFrNs8Egi4nMJ3
IZkBY6buDnktUw8ZJmq5gtB+gOoF1lue0HhWVgjL2vFPp+Y+HUdinEhS9sd5H1ki
uPnQ3okY7ABcn9ju85jEzi2ClIoQQby5BloyUvAMdLLMgYcBKRt+2NhfyyiZKchy
c8/zGbRDow==
-----END CERTIFICATE-----