This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/X017eQ8_STQyjhKaLd5N10qj4T4.cer
File:                     X017eQ8_STQyjhKaLd5N10qj4T4.cer (raw, json)
Hash identifier:          KY17ZWSKAf7MUWtO38MJVINQ6T4Iv8rROn1aX73lgq4=
Subject key identifier:   5F:4D:7B:79:0F:3F:49:34:32:8E:12:9A:2D:DE:4D:D7:4A:A3:E1:3E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7A5ADEE1546C30CC7A8F9DD2F85B5CE6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/86/9b6016-1424-4188-ae62-7d54927445f6/1/X017eQ8_STQyjhKaLd5N10qj4T4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/86/9b6016-1424-4188-ae62-7d54927445f6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 16:18:54 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 131.173.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:de:e1:54:6c:30:cc:7a:8f:9d:d2:f8:5b:5c:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:18:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5f4d7b790f3f4934328e129a2dde4dd74aa3e13e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:54:fb:85:57:e3:bb:b6:bc:11:47:a1:a7:f1:
                    fe:4b:78:64:49:83:bc:d2:98:b5:9c:d1:77:f9:43:
                    ce:0f:e6:b3:4f:db:6b:4d:a8:18:3d:72:ce:e6:2a:
                    9b:7a:21:bc:39:19:75:5c:c2:1c:f7:c9:0a:10:90:
                    59:ed:af:b0:9f:f7:05:52:f8:9d:d1:63:5b:f9:18:
                    16:48:4c:23:ec:16:c9:38:05:42:1a:9f:7b:b9:e0:
                    ac:33:0b:12:4c:70:9e:84:3c:2c:ed:c3:d4:fd:7f:
                    89:ef:b8:23:3d:ae:25:70:57:f0:1a:0b:4c:4d:6b:
                    62:98:82:6a:82:c6:a3:e8:06:d4:ed:a1:d6:4d:2e:
                    46:b5:eb:53:58:cf:7e:59:df:21:82:2b:09:a3:46:
                    8e:ac:e7:65:4c:c3:c3:6f:f2:10:a3:68:57:ac:e0:
                    a3:09:21:09:75:dc:e2:71:2a:7a:6a:e4:2d:34:fe:
                    9e:5d:5e:4e:14:e7:2a:4b:70:34:7e:ec:89:b0:bd:
                    7c:a1:ec:a8:a0:75:b6:1c:1b:f0:4b:bf:d9:95:ae:
                    ee:f7:eb:29:27:3c:57:cc:26:dd:ec:5e:e5:ab:59:
                    78:c6:56:f5:c3:70:e6:94:fe:42:43:2d:91:47:b0:
                    f2:c0:84:4f:8b:13:d9:c5:55:6c:00:4a:76:e2:b4:
                    97:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:4D:7B:79:0F:3F:49:34:32:8E:12:9A:2D:DE:4D:D7:4A:A3:E1:3E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9b6016-1424-4188-ae62-7d54927445f6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9b6016-1424-4188-ae62-7d54927445f6/1/X017eQ8_STQyjhKaLd5N10qj4T4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  131.173.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         30:93:c0:95:e5:f5:08:d6:9c:71:38:b3:a2:d8:d9:a5:ee:bd:
         7f:43:11:4e:c5:04:b4:19:1f:74:48:67:84:b0:5f:d1:c1:69:
         61:56:32:0c:bd:dd:ed:f8:64:82:98:98:b5:a2:8a:e9:2c:55:
         87:84:77:b5:b3:d8:be:9a:ef:59:2d:1c:8c:40:23:cb:82:0a:
         bf:c6:f6:83:86:92:7a:3e:13:8c:3c:55:62:38:ef:18:e7:59:
         4b:32:54:12:7c:a2:8a:aa:0a:cb:7c:e6:51:3b:26:28:ae:19:
         50:1e:a7:5b:8c:c6:ad:9e:8c:e5:1a:35:70:55:3a:ec:27:12:
         c9:50:30:cb:00:6b:2e:79:3b:bc:c7:75:15:4c:d5:86:2d:5c:
         e1:6c:8f:af:05:62:f3:5b:a6:66:c0:e3:2c:ce:48:8b:93:e3:
         4c:d5:22:1a:88:7a:33:b6:79:e5:37:7f:5a:54:68:3f:d8:a4:
         12:5f:0f:50:84:21:c8:98:80:55:9c:34:df:64:7a:b1:47:a7:
         a4:b5:cf:9c:b8:ab:42:d5:53:0f:ce:0f:35:7c:e8:e1:dc:70:
         53:5b:33:c9:35:85:49:ea:c7:17:cd:24:0a:db:18:73:6c:69:
         3c:3b:25:19:12:4f:ce:b4:6f:88:1e:98:4d:51:6c:48:85:25:
         1e:2e:44:be
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZt6Wt7hVGwwzHqPndL4W1zmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMTYxODU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjRkN2I3OTBmM2Y0OTM0MzI4ZTEyOWEyZGRlNGRkNzRhYTNlMTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFT7hVfju7a8EUehp/H+S3hkSYO8
0pi1nNF3+UPOD+azT9trTagYPXLO5iqbeiG8ORl1XMIc98kKEJBZ7a+wn/cFUvid
0WNb+RgWSEwj7BbJOAVCGp97ueCsMwsSTHCehDws7cPU/X+J77gjPa4lcFfwGgtM
TWtimIJqgsaj6AbU7aHWTS5GtetTWM9+Wd8hgisJo0aOrOdlTMPDb/IQo2hXrOCj
CSEJddzicSp6auQtNP6eXV5OFOcqS3A0fuyJsL18oeyooHW2HBvwS7/Zla7u9+sp
JzxXzCbd7F7lq1l4xlb1w3DmlP5CQy2RR7DywIRPixPZxVVsAEp24rSXuQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFF9Ne3kPP0k0Mo4Smi3eTddKo+E+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg2LzliNjAx
Ni0xNDI0LTQxODgtYWU2Mi03ZDU0OTI3NDQ1ZjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODYvOWI2MDE2
LTE0MjQtNDE4OC1hZTYyLTdkNTQ5Mjc0NDVmNi8xL1gwMTdlUThfU1RReWpoS2FM
ZDVOMTBxajRUNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAg60wDQYJKoZIhvcNAQELBQADggEBADCTwJXl
9QjWnHE4s6LY2aXuvX9DEU7FBLQZH3RIZ4SwX9HBaWFWMgy93e34ZIKYmLWiiuks
VYeEd7Wz2L6a71ktHIxAI8uCCr/G9oOGkno+E4w8VWI47xjnWUsyVBJ8ooqqCst8
5lE7JiiuGVAep1uMxq2ejOUaNXBVOuwnEslQMMsAay55O7zHdRVM1YYtXOFsj68F
YvNbpmbA4yzOSIuT40zVIhqIejO2eeU3f1pUaD/YpBJfD1CEIciYgFWcNN9kerFH
p6S1z5y4q0LVUw/ODzV86OHccFNbM8k1hUnqxxfNJArbGHNsaTw7JRkST860b4ge
mE1RbEiFJR4uRL4=
-----END CERTIFICATE-----