This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NQa7fsBmYCLwPAvZ9V94wKfq2p8.cer
File:                     NQa7fsBmYCLwPAvZ9V94wKfq2p8.cer (raw, json)
Hash identifier:          yd04hKo+Shu36O+2B8Eii3gImb9q4fVWOH22ZgyAQOk=
Subject key identifier:   35:06:BB:7E:C0:66:60:22:F0:3C:0B:D9:F5:5F:78:C0:A7:EA:DA:9F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7B366AA6A6D1424BD45B3DE78CCDD4A5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6d/ae8e47-14b4-4914-826f-413a5958a7f3/1/NQa7fsBmYCLwPAvZ9V94wKfq2p8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6d/ae8e47-14b4-4914-826f-413a5958a7f3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 20:18:42 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 203639
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:6a:a6:a6:d1:42:4b:d4:5b:3d:e7:8c:cd:d4:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:18:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3506bb7ec0666022f03c0bd9f55f78c0a7eada9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:5e:ce:38:ba:cf:d9:79:eb:83:d8:52:0e:e2:
                    be:d6:ad:d3:2c:c2:63:81:df:e1:cf:4d:f1:f9:c5:
                    f6:b8:9d:65:5e:c6:bb:85:99:e9:ba:f5:62:9a:0d:
                    77:53:4e:3e:a7:9b:eb:c2:f8:b6:af:e2:11:b9:6d:
                    8f:42:04:2f:e4:2b:31:31:4d:20:fe:62:2c:f9:f0:
                    50:a9:5b:d7:4e:bf:46:14:2f:dd:7c:bc:4d:0e:38:
                    ab:1f:a5:d7:4d:40:e5:96:6d:85:23:5b:8c:c5:98:
                    61:e1:fc:34:c9:c8:b2:0e:95:14:df:7d:84:d6:fb:
                    88:30:dd:6c:d8:f8:f0:65:95:8f:8f:02:d5:d0:d2:
                    a0:0f:c3:0f:cc:86:9d:7d:d7:f7:52:1b:bd:08:8f:
                    d2:a6:a2:11:d6:a6:fc:55:dc:26:3d:c6:d2:9d:2b:
                    86:4d:e0:2b:b2:24:cb:99:00:51:2d:f8:c1:45:c8:
                    7e:2f:fd:5f:be:01:d7:c8:3a:f8:ee:ea:2a:87:8a:
                    b1:eb:08:a0:8d:64:8c:2f:8e:d1:e0:17:eb:b0:06:
                    85:45:cc:0e:55:f9:4d:f3:8d:4d:1f:08:e3:d1:4d:
                    3b:08:5a:cb:56:05:89:a7:31:79:d0:30:bc:2f:86:
                    6c:f9:88:ef:7b:8d:7a:07:7e:10:55:5a:0d:9b:c1:
                    22:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:06:BB:7E:C0:66:60:22:F0:3C:0B:D9:F5:5F:78:C0:A7:EA:DA:9F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/ae8e47-14b4-4914-826f-413a5958a7f3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/ae8e47-14b4-4914-826f-413a5958a7f3/1/NQa7fsBmYCLwPAvZ9V94wKfq2p8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203639

    Signature Algorithm: sha256WithRSAEncryption
         89:46:19:58:c9:c4:cb:b9:ec:0c:91:2c:89:3c:9f:e1:51:26:
         36:ed:13:ce:2e:59:d1:cb:46:48:0f:11:6c:ca:7c:2e:ef:7b:
         b6:82:9f:a2:e4:bb:21:7f:05:4f:b6:1c:60:3f:29:1f:d7:f0:
         06:41:ba:2e:56:d8:62:7d:c8:70:f7:6d:45:4f:e4:40:9a:ba:
         6f:39:fb:b6:d4:0b:87:20:c7:2c:90:43:68:2f:c6:e4:58:82:
         36:69:72:5b:14:09:2a:7b:85:de:77:9d:7c:ac:f0:29:f1:e5:
         91:35:aa:79:d0:37:0f:27:f7:3b:ab:66:ff:f2:ec:f2:0c:d8:
         30:54:25:9e:5d:a2:1a:cd:ce:cb:ec:7f:7b:42:01:c7:ae:8c:
         51:57:97:0d:07:1e:27:2e:bd:13:71:c8:69:5d:e7:cf:56:a6:
         45:b9:c4:d9:5a:2e:a9:fb:b9:e3:37:e8:59:7b:ac:c9:30:e0:
         8b:ce:28:fa:0f:96:8a:38:e7:f3:53:33:8c:b0:2e:5d:e3:fa:
         2c:56:71:df:e6:98:e5:fc:f5:62:01:30:6f:fa:0d:4f:53:39:
         e6:dc:bd:b3:a0:ba:66:75:56:9d:73:79:4d:2b:1a:68:ec:2c:
         21:13:2b:96:9f:ee:70:b4:b2:c4:3d:c5:bf:2e:53:2f:68:e7:
         7c:c4:6e:47
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt7NmqmptFCS9RbPeeMzdSlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMjAxODQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTA2YmI3ZWMwNjY2MDIyZjAzYzBiZDlmNTVmNzhjMGE3ZWFkYTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlV7OOLrP2Xnrg9hSDuK+1q3TLMJj
gd/hz03x+cX2uJ1lXsa7hZnpuvVimg13U04+p5vrwvi2r+IRuW2PQgQv5CsxMU0g
/mIs+fBQqVvXTr9GFC/dfLxNDjirH6XXTUDllm2FI1uMxZhh4fw0yciyDpUU332E
1vuIMN1s2PjwZZWPjwLV0NKgD8MPzIadfdf3Uhu9CI/SpqIR1qb8VdwmPcbSnSuG
TeArsiTLmQBRLfjBRch+L/1fvgHXyDr47uoqh4qx6wigjWSML47R4BfrsAaFRcwO
VflN841NHwjj0U07CFrLVgWJpzF50DC8L4Zs+Yjve416B34QVVoNm8Ei5QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFDUGu37AZmAi8DwL2fVfeMCn6tqfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZkL2FlOGU0
Ny0xNGI0LTQ5MTQtODI2Zi00MTNhNTk1OGE3ZjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmQvYWU4ZTQ3
LTE0YjQtNDkxNC04MjZmLTQxM2E1OTU4YTdmMy8xL05RYTdmc0JtWUNMd1BBdlo5
Vjk0d0tmcTJwOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMbdzANBgkqhkiG9w0BAQsFAAOCAQEAiUYZWMnEy7ns
DJEsiTyf4VEmNu0Tzi5Z0ctGSA8RbMp8Lu97toKfouS7IX8FT7YcYD8pH9fwBkG6
LlbYYn3IcPdtRU/kQJq6bzn7ttQLhyDHLJBDaC/G5FiCNmlyWxQJKnuF3nedfKzw
KfHlkTWqedA3Dyf3O6tm//Ls8gzYMFQlnl2iGs3Oy+x/e0IBx66MUVeXDQceJy69
E3HIaV3nz1amRbnE2Vouqfu54zfoWXusyTDgi84o+g+Wijjn81MzjLAuXeP6LFZx
3+aY5fz1YgEwb/oNT1M55ty9s6C6ZnVWnXN5TSsaaOwsIRMrlp/ucLSyxD3Fvy5T
L2jnfMRuRw==
-----END CERTIFICATE-----