This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XRW9qM6YfX5Kqxw1UXjcoz47jqQ.cer
File:                     XRW9qM6YfX5Kqxw1UXjcoz47jqQ.cer (raw, json)
Hash identifier:          O5GUxYf9exQ3IylhnGCThvG3NphZZpOT7/Ou5DXrj48=
Subject key identifier:   5D:15:BD:A8:CE:98:7D:7E:4A:AB:1C:35:51:78:DC:A3:3E:3B:8E:A4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7DCAF1ACE293F640DCF23BA376625F7B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/df/123926-104f-46d1-b33f-bba3c8cb0f7a/1/XRW9qM6YfX5Kqxw1UXjcoz47jqQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/df/123926-104f-46d1-b33f-bba3c8cb0f7a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 08:20:10 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 215386
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Feb 2026 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:f1:ac:e2:93:f6:40:dc:f2:3b:a3:76:62:5f:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:20:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d15bda8ce987d7e4aab1c355178dca33e3b8ea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fd:04:21:e7:31:5c:b1:69:ff:70:cd:6d:c2:
                    62:4e:8d:6a:8d:61:76:b2:59:23:fa:68:c4:ca:e2:
                    96:04:c4:6c:bd:d8:88:c0:8c:23:2a:f3:fa:be:51:
                    23:92:42:99:cd:55:71:9a:2f:99:3e:66:a2:b0:98:
                    58:8d:ef:dd:16:33:3b:a6:43:2d:b4:fb:c5:33:01:
                    d1:dd:99:6f:72:32:39:ae:a0:2e:64:cf:88:01:70:
                    d8:b5:88:dd:77:bc:86:10:8d:06:70:db:96:67:3e:
                    d2:be:5d:c2:5b:1c:8c:c4:b5:02:2f:9e:02:c1:d8:
                    a7:33:bc:25:fd:a8:4d:cc:17:f6:66:65:fc:7a:1a:
                    52:07:06:c2:e2:39:76:0b:94:a1:87:67:d6:c0:13:
                    8c:36:5e:f1:c4:ce:a5:a4:29:54:b5:6c:31:32:7c:
                    f1:4e:47:37:73:1d:a2:cb:44:5b:6f:85:de:30:70:
                    94:c4:e8:ee:2e:99:5e:99:26:29:16:3d:c7:05:39:
                    e5:e3:4a:d6:f9:5e:c2:3e:9a:70:68:fd:02:98:42:
                    03:5b:0b:bc:62:f0:65:f3:1e:bb:aa:3e:9a:01:fc:
                    43:cb:d4:e4:04:13:8d:d8:f0:8a:8a:60:00:26:dc:
                    10:91:46:ed:c4:42:49:5f:61:9b:1f:62:ff:44:c2:
                    79:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:15:BD:A8:CE:98:7D:7E:4A:AB:1C:35:51:78:DC:A3:3E:3B:8E:A4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/123926-104f-46d1-b33f-bba3c8cb0f7a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/123926-104f-46d1-b33f-bba3c8cb0f7a/1/XRW9qM6YfX5Kqxw1UXjcoz47jqQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215386

    Signature Algorithm: sha256WithRSAEncryption
         12:87:bf:1c:3e:22:79:aa:10:9b:43:df:e9:e3:0a:9f:54:e2:
         d5:71:79:0b:4e:b3:73:f2:22:1e:72:5e:ad:86:75:a9:1c:76:
         28:07:48:19:b1:2a:1c:11:f7:72:57:80:f7:fd:36:9f:ec:49:
         61:9e:71:ce:77:07:ab:30:ea:fc:65:b6:dd:a9:a9:26:fb:9e:
         3d:8a:55:c7:ec:91:3d:94:84:11:d8:ff:11:19:4c:19:86:97:
         43:62:03:d3:43:12:f3:c4:ed:61:7f:81:d1:42:76:e8:4c:e0:
         47:68:84:d8:f7:c1:13:3b:4a:4c:ab:8a:19:39:12:41:7b:fa:
         df:0e:8f:6c:ee:c3:ea:fc:9d:8a:e9:b1:c6:e7:39:8b:0d:55:
         82:2b:03:7e:9f:ee:da:41:cd:ac:39:d0:24:48:39:20:6e:e0:
         ac:62:94:c4:ed:94:ce:eb:4e:ed:7d:bc:4f:b4:30:e6:51:92:
         59:7c:93:e1:c2:6a:9a:6f:7b:a0:c9:f8:67:54:6d:8d:ff:60:
         4c:d8:09:3f:2e:e7:61:d2:a4:67:14:7d:d3:28:f1:b8:21:2c:
         8d:51:b0:d7:08:21:80:2a:3f:3c:ef:e9:11:e8:fe:ab:38:ee:
         6a:19:33:c1:d6:d2:7e:39:07:64:06:ce:db:7a:b2:2a:9d:15:
         25:10:c8:47
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt9yvGs4pP2QNzyO6N2Yl97MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDgyMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDE1YmRhOGNlOTg3ZDdlNGFhYjFjMzU1MTc4ZGNhMzNlM2I4ZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP0EIecxXLFp/3DNbcJiTo1qjWF2
slkj+mjEyuKWBMRsvdiIwIwjKvP6vlEjkkKZzVVxmi+ZPmaisJhYje/dFjM7pkMt
tPvFMwHR3ZlvcjI5rqAuZM+IAXDYtYjdd7yGEI0GcNuWZz7Svl3CWxyMxLUCL54C
wdinM7wl/ahNzBf2ZmX8ehpSBwbC4jl2C5Shh2fWwBOMNl7xxM6lpClUtWwxMnzx
Tkc3cx2iy0Rbb4XeMHCUxOjuLplemSYpFj3HBTnl40rW+V7CPppwaP0CmEIDWwu8
YvBl8x67qj6aAfxDy9TkBBON2PCKimAAJtwQkUbtxEJJX2GbH2L/RMJ5kQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFF0VvajOmH1+SqscNVF43KM+O46kMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RmLzEyMzky
Ni0xMDRmLTQ2ZDEtYjMzZi1iYmEzYzhjYjBmN2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYvMTIzOTI2
LTEwNGYtNDZkMS1iMzNmLWJiYTNjOGNiMGY3YS8xL1hSVzlxTTZZZlg1S3F4dzFV
WGpjb3o0N2pxUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNJWjANBgkqhkiG9w0BAQsFAAOCAQEAEoe/HD4ieaoQ
m0Pf6eMKn1Ti1XF5C06zc/IiHnJerYZ1qRx2KAdIGbEqHBH3cleA9/02n+xJYZ5x
zncHqzDq/GW23ampJvuePYpVx+yRPZSEEdj/ERlMGYaXQ2ID00MS88TtYX+B0UJ2
6EzgR2iE2PfBEztKTKuKGTkSQXv63w6PbO7D6vydiumxxuc5iw1VgisDfp/u2kHN
rDnQJEg5IG7grGKUxO2UzutO7X28T7Qw5lGSWXyT4cJqmm97oMn4Z1Rtjf9gTNgJ
Py7nYdKkZxR90yjxuCEsjVGw1wghgCo/PO/pEej+qzjuahkzwdbSfjkHZAbO23qy
Kp0VJRDIRw==
-----END CERTIFICATE-----