This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OLoLnQ8fZ0sTl8_Opt1GgMg1Gvk.cer
File:                     OLoLnQ8fZ0sTl8_Opt1GgMg1Gvk.cer (raw, json)
Hash identifier:          CjXK1nlANtYk3E/7USGGwFPDTYVWMBwp7FlIjpsGTFQ=
Subject key identifier:   38:BA:0B:9D:0F:1F:67:4B:13:97:CF:CE:A6:DD:46:80:C8:35:1A:F9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7C7F387702E58CD3CAA64A0C90B8009B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/71/959dad-90c8-40b6-8740-2eedae0fa788/1/OLoLnQ8fZ0sTl8_Opt1GgMg1Gvk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/71/959dad-90c8-40b6-8740-2eedae0fa788/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 02:17:50 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 176.103.113.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7f:38:77:02:e5:8c:d3:ca:a6:4a:0c:90:b8:00:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:17:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=38ba0b9d0f1f674b1397cfcea6dd4680c8351af9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:84:6c:5b:98:f3:03:a1:34:ce:ac:2b:cc:23:
                    f6:37:d0:4a:85:74:61:1d:64:53:11:c1:b6:bf:48:
                    9f:52:38:d2:66:39:49:9a:25:25:15:c3:03:11:f9:
                    e7:b6:3f:cd:c1:36:c1:d3:c1:90:92:50:a7:f6:c9:
                    5c:0d:30:02:2d:fa:7e:57:af:3f:4d:60:03:14:75:
                    b3:9c:c1:63:2f:5a:b4:6a:bd:63:19:24:84:14:cc:
                    08:c8:e8:e2:13:e0:5a:76:93:b9:ef:32:f7:41:3d:
                    2e:32:45:04:6d:72:ce:4c:a8:77:0e:7b:c7:6b:00:
                    1d:68:3f:79:5c:b9:35:04:56:56:01:d2:7e:2e:f7:
                    7f:c1:05:b2:7b:0a:0c:35:e7:75:a1:75:86:86:fb:
                    1d:f8:fd:9c:c4:ae:2a:d1:dc:dc:3f:6b:f3:14:8e:
                    ca:67:46:7e:2a:15:9c:32:c3:30:f2:87:46:a4:04:
                    1d:bc:8b:ca:47:96:ab:52:64:9d:ed:c0:bf:f1:18:
                    ba:12:48:1a:bd:bc:0a:87:cb:b9:c2:5c:83:a5:8f:
                    65:f9:2f:18:75:67:eb:90:57:f7:2a:00:5c:d3:0b:
                    99:65:bf:a4:42:60:bf:15:8e:84:f2:3e:79:43:42:
                    10:d8:73:d1:d6:e9:5d:63:a7:b4:4a:b8:bd:a4:eb:
                    0d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:BA:0B:9D:0F:1F:67:4B:13:97:CF:CE:A6:DD:46:80:C8:35:1A:F9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/959dad-90c8-40b6-8740-2eedae0fa788/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/959dad-90c8-40b6-8740-2eedae0fa788/1/OLoLnQ8fZ0sTl8_Opt1GgMg1Gvk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:5c:ec:81:8b:30:c8:57:96:08:46:b1:d9:cc:37:27:0f:d0:
         e7:62:be:2b:9a:7d:14:44:3f:ab:e3:da:ee:14:bc:51:08:e0:
         c2:9d:c9:cf:2e:96:81:3f:6f:ca:8b:e0:64:cf:58:f4:a7:c8:
         89:b9:5e:33:cf:37:de:9e:d5:ca:c5:16:0c:13:77:af:a0:c1:
         db:b4:30:81:47:ac:9f:b6:6f:c8:54:91:e5:fb:b0:0d:23:09:
         5e:67:4e:bc:f6:1a:06:a0:35:0c:62:c6:d8:ab:b6:97:f8:7d:
         6b:0b:e2:8c:31:1c:af:3d:b9:b5:6f:ed:74:09:35:b5:2f:a3:
         2b:cf:06:fd:14:94:ed:7a:d2:87:06:f7:37:06:2f:3d:23:e2:
         4c:cc:83:cf:25:2b:f2:73:20:2c:2f:1d:94:21:ba:34:fc:26:
         52:af:6c:03:78:e0:fb:68:25:fd:17:b7:65:92:a5:a5:6e:20:
         db:0d:c4:25:69:43:83:aa:27:4a:59:ab:51:44:40:d8:59:f6:
         ac:34:09:78:59:42:36:63:07:0c:71:07:6e:a3:d2:5c:ea:e3:
         6a:31:23:b8:db:2e:1f:0b:aa:1e:88:0d:89:e2:c1:f7:0a:1a:
         5e:ff:1c:8b:1b:05:19:ec:4e:bc:da:1b:f5:5a:fe:4a:26:b1:
         26:a7:ea:a8
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt8fzh3AuWM08qmSgyQuACbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDIxNzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGJhMGI5ZDBmMWY2NzRiMTM5N2NmY2VhNmRkNDY4MGM4MzUxYWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsoRsW5jzA6E0zqwrzCP2N9BKhXRh
HWRTEcG2v0ifUjjSZjlJmiUlFcMDEfnntj/NwTbB08GQklCn9slcDTACLfp+V68/
TWADFHWznMFjL1q0ar1jGSSEFMwIyOjiE+BadpO57zL3QT0uMkUEbXLOTKh3DnvH
awAdaD95XLk1BFZWAdJ+Lvd/wQWyewoMNed1oXWGhvsd+P2cxK4q0dzcP2vzFI7K
Z0Z+KhWcMsMw8odGpAQdvIvKR5arUmSd7cC/8Ri6EkgavbwKh8u5wlyDpY9l+S8Y
dWfrkFf3KgBc0wuZZb+kQmC/FY6E8j55Q0IQ2HPR1uldY6e0Sri9pOsNLQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFDi6C50PH2dLE5fPzqbdRoDINRr5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcxLzk1OWRh
ZC05MGM4LTQwYjYtODc0MC0yZWVkYWUwZmE3ODgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzEvOTU5ZGFk
LTkwYzgtNDBiNi04NzQwLTJlZWRhZTBmYTc4OC8xL09Mb0xuUThmWjBzVGw4X09w
dDFHZ01nMUd2ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAsGdxMA0GCSqGSIb3DQEBCwUAA4IBAQCBXOyB
izDIV5YIRrHZzDcnD9DnYr4rmn0URD+r49ruFLxRCODCncnPLpaBP2/Ki+Bkz1j0
p8iJuV4zzzfentXKxRYME3evoMHbtDCBR6yftm/IVJHl+7ANIwleZ0689hoGoDUM
YsbYq7aX+H1rC+KMMRyvPbm1b+10CTW1L6Mrzwb9FJTtetKHBvc3Bi89I+JMzIPP
JSvycyAsLx2UIbo0/CZSr2wDeOD7aCX9F7dlkqWlbiDbDcQlaUODqidKWatRREDY
WfasNAl4WUI2YwcMcQduo9Jc6uNqMSO42y4fC6oeiA2J4sH3Chpe/xyLGwUZ7E68
2hv1Wv5KJrEmp+qo
-----END CERTIFICATE-----