This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/WKhqbHH7c0xwW15m50rBxWu5YF4.cer
File:                     WKhqbHH7c0xwW15m50rBxWu5YF4.cer (raw, json)
Hash identifier:          feX5V4uWpO14KGBFMNwdDVaBsQaRoq6Nr8PcUUIwtJI=
Subject key identifier:   58:A8:6A:6C:71:FB:73:4C:70:5B:5E:66:E7:4A:C1:C5:6B:B9:60:5E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7F800C1F73C77858C2598B75E9B8E2D9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/WKhqbHH7c0xwW15m50rBxWu5YF4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 16:17:36 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 193.35.28.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 15:35:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:80:0c:1f:73:c7:78:58:c2:59:8b:75:e9:b8:e2:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 16:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58a86a6c71fb734c705b5e66e74ac1c56bb9605e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:59:59:6e:79:20:84:07:19:d2:d2:be:4c:28:
                    47:0c:81:41:df:e9:f0:9f:90:51:ff:a8:4b:f1:f2:
                    e9:06:67:d7:cd:ba:c5:9a:ec:a2:89:e6:8b:1e:08:
                    2a:9e:d9:67:77:71:79:fe:a0:eb:41:72:c4:45:ca:
                    06:d9:e4:c7:da:4c:74:8a:06:6c:a1:cd:d9:50:d7:
                    5e:25:03:42:78:d4:54:12:f7:b2:be:80:04:d5:00:
                    55:6a:1d:37:d0:27:24:63:46:91:25:8f:86:50:51:
                    3e:79:b7:d3:f1:00:fd:3f:30:7f:c0:c3:ed:9d:6b:
                    4b:c7:ad:11:c9:ad:0d:5d:e1:09:e6:cb:15:94:91:
                    09:36:9f:e5:8a:79:34:ec:99:60:d0:4a:f1:33:22:
                    53:8b:11:c8:bb:6c:c5:da:a7:c4:cf:2d:a2:a3:82:
                    e4:7d:91:91:ad:51:6c:bd:54:74:ec:0b:69:aa:af:
                    e2:e9:e7:78:e1:3d:4a:3b:ef:4a:bc:f2:b8:d5:2e:
                    36:02:82:c8:59:73:a5:a1:e0:a4:e6:1e:32:80:ab:
                    91:d1:71:59:56:f5:42:cd:f7:6a:c7:f8:d4:e7:78:
                    3d:82:cc:af:dd:09:f3:0b:a2:16:83:e1:1b:a6:81:
                    9d:c1:ff:07:94:f0:61:01:74:bb:47:7b:d9:27:5d:
                    9b:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:A8:6A:6C:71:FB:73:4C:70:5B:5E:66:E7:4A:C1:C5:6B:B9:60:5E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c4365-a98f-43fe-9950-a9b13c2800af/1/WKhqbHH7c0xwW15m50rBxWu5YF4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.35.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:14:61:ca:8e:15:82:51:c5:ed:16:55:96:cc:d6:df:d8:52:
         8d:d1:3e:1f:e1:bd:54:f7:4f:7e:34:32:82:7a:9c:96:71:3e:
         ce:b6:78:4f:a1:aa:54:73:a8:4b:fc:4e:35:c2:30:bc:4a:c2:
         e0:c8:d0:1b:4e:cc:ad:8d:d6:9d:48:b0:a6:64:e6:24:99:be:
         d4:d6:fd:c3:c6:f6:af:71:7f:8d:7d:2f:37:88:5b:78:4c:de:
         7b:08:ee:83:36:86:5e:fa:db:a3:71:62:17:c3:19:02:9d:eb:
         b1:e2:6e:92:59:94:80:f4:ca:90:2b:03:45:f2:ec:d1:7c:0b:
         19:39:c5:64:6e:df:b9:a1:f0:50:9c:e2:c5:f2:63:f0:68:ed:
         92:a4:a1:ce:ad:9e:ef:a6:e6:06:30:f2:1d:54:8d:1f:a3:e3:
         24:07:80:92:7b:2b:80:ca:89:b9:61:c5:29:81:44:40:a5:0a:
         e6:ad:78:cf:1b:e5:d0:4c:fa:4a:0a:aa:62:22:6a:0e:10:56:
         ab:23:9c:42:93:35:19:b6:70:55:12:db:7a:66:31:23:01:46:
         32:2b:4f:97:0c:6f:18:82:5c:80:e5:f8:73:75:f1:35:ec:fe:
         06:8f:0c:96:a6:40:48:b4:db:a4:a3:7c:fd:5a:1e:71:37:c0:
         7a:41:ff:d4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt/gAwfc8d4WMJZi3XpuOLZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTYxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGE4NmE2YzcxZmI3MzRjNzA1YjVlNjZlNzRhYzFjNTZiYjk2MDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3VlZbnkghAcZ0tK+TChHDIFB3+nw
n5BR/6hL8fLpBmfXzbrFmuyiieaLHggqntlnd3F5/qDrQXLERcoG2eTH2kx0igZs
oc3ZUNdeJQNCeNRUEveyvoAE1QBVah030CckY0aRJY+GUFE+ebfT8QD9PzB/wMPt
nWtLx60Rya0NXeEJ5ssVlJEJNp/link07Jlg0ErxMyJTixHIu2zF2qfEzy2io4Lk
fZGRrVFsvVR07Atpqq/i6ed44T1KO+9KvPK41S42AoLIWXOloeCk5h4ygKuR0XFZ
VvVCzfdqx/jU53g9gsyv3QnzC6IWg+EbpoGdwf8HlPBhAXS7R3vZJ12bxQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFFioamxx+3NMcFteZudKwcVruWBeMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IxLzljNDM2
NS1hOThmLTQzZmUtOTk1MC1hOWIxM2MyODAwYWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEvOWM0MzY1
LWE5OGYtNDNmZS05OTUwLWE5YjEzYzI4MDBhZi8xL1dLaHFiSEg3YzB4d1cxNW01
MHJCeFd1NVlGNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwSMcMA0GCSqGSIb3DQEBCwUAA4IBAQBZFGHK
jhWCUcXtFlWWzNbf2FKN0T4f4b1U909+NDKCepyWcT7OtnhPoapUc6hL/E41wjC8
SsLgyNAbTsytjdadSLCmZOYkmb7U1v3DxvavcX+NfS83iFt4TN57CO6DNoZe+tuj
cWIXwxkCneux4m6SWZSA9MqQKwNF8uzRfAsZOcVkbt+5ofBQnOLF8mPwaO2SpKHO
rZ7vpuYGMPIdVI0fo+MkB4CSeyuAyom5YcUpgURApQrmrXjPG+XQTPpKCqpiImoO
EFarI5xCkzUZtnBVEtt6ZjEjAUYyK0+XDG8YglyA5fhzdfE17P4GjwyWpkBItNuk
o3z9Wh5xN8B6Qf/U
-----END CERTIFICATE-----