This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer File: YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.cer (raw, json) Hash identifier: MgHn5CGEDMwG5Q3Zz6DxEmSQdRAnT1f1qYCZF7vl1BU= Subject key identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669 Certificate serial: 019B7EA736E98520EB3E70021BEA42B1EC53 Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Manifest: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft caRepository: rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/ Notify URL: https://rrdp.ripe.net/notification.xml Certificate not before: Fri 02 Jan 2026 12:20:46 +0000 Certificate not after: Thu 01 Jul 2027 00:00:00 +0000 Subordinate resources: AS: 197706 IP: 31.171.152.0/22 IP: 45.66.252.0/22 IP: 45.142.24.0/22 IP: 62.101.160.0/21 IP: 82.198.32.0/22 IP: 91.217.6.0/23 IP: 91.217.72.0/23 IP: 103.69.32.0/22 IP: 103.93.40.0/22 IP: 103.111.0.0/22 IP: 103.124.164.0/22 IP: 103.204.120.0/22 IP: 103.254.240.0/22 IP: 109.74.28.0/22 IP: 109.104.132.0 -- 109.104.134.255 IP: 109.104.140.0/22 IP: 109.104.156.0/22 IP: 144.48.52.0/22 IP: 185.53.100.0/22 IP: 185.153.124.0/22 IP: 185.233.124.0/22 IP: 194.113.80.0/23 IP: 194.113.94.0/23 IP: 199.168.120.0/22 IP: 209.23.32.0/20 IP: 2a04:27c0::/29 IP: 2a09:6e40::/29 IP: 2a09:6ec0::/29 IP: 2a0d:27c0::/29 IP: 2a0d:42c0::/29 IP: 2a0d:4a40::/29 IP: 2a0e:3f00::/29 IP: 2a0e:4f00::/29 IP: 2a0e:d4c0::/29 IP: 2a0f:42c0::/29 IP: 2a0f:a880::/29 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Tue 27 Jan 2026 10:00:30 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:7e:a7:36:e9:85:20:eb:3e:70:02:1b:ea:42:b1:ec:53 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669 Validity Not Before: Jan 2 12:20:46 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=624ad4535ac88dd534199f2a726095af71afe44e Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:a2:37:c3:71:57:ab:c9:bc:32:ae:cc:0a:69:5c: 4c:52:80:78:9a:de:be:c1:58:19:f5:71:35:91:0d: 16:00:76:77:b0:b3:44:2d:30:9d:d5:a8:6a:6c:4f: 0e:99:2a:37:4b:bc:ac:91:15:8f:06:2d:e9:54:a0: bd:c4:28:a9:26:3d:f4:8b:1e:1b:82:48:c0:32:4d: a3:88:f3:b6:89:0e:f4:32:c4:83:67:fa:65:dc:e1: 24:be:6b:f5:c6:cc:a2:06:17:cc:9e:e3:ab:1b:0a: 94:58:c9:dc:99:99:51:0c:ec:2c:0e:83:f5:fe:93: e0:f8:b8:53:b6:68:ed:f6:cb:52:b4:ae:44:3b:84: d3:10:cd:47:0d:e2:e2:ec:cb:c8:4e:c8:3b:27:f2: 63:31:e0:7b:04:a7:c1:58:4d:30:d8:3e:4c:46:c7: 80:4f:63:93:ba:5a:98:6a:70:67:20:d2:ac:40:0b: df:b1:11:29:3b:55:e4:32:88:98:1a:fe:b1:70:cd: 48:b1:44:1d:14:fa:28:ff:7c:91:33:c7:85:48:db: 64:a7:ca:b3:09:db:c4:5a:1c:f2:30:6e:3b:26:1d: 7f:6f:62:e9:aa:06:68:b4:15:9c:cc:2e:ff:a2:ae: 50:5d:89:54:09:4f:0d:ef:50:1d:4d:10:4d:89:a7: 0d:cf Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 62:4A:D4:53:5A:C8:8D:D5:34:19:9F:2A:72:60:95:AF:71:AF:E4:4E X509v3 Authority Key Identifier: keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Subject Information Access: CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/ RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/aa1019-564f-4c46-a217-fb5949808ddc/1/YkrUU1rIjdU0GZ8qcmCVr3Gv5E4.mft RPKI Notify - URI:https://rrdp.ripe.net/notification.xml X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 31.171.152.0/22 45.66.252.0/22 45.142.24.0/22 62.101.160.0/21 82.198.32.0/22 91.217.6.0/23 91.217.72.0/23 103.69.32.0/22 103.93.40.0/22 103.111.0.0/22 103.124.164.0/22 103.204.120.0/22 103.254.240.0/22 109.74.28.0/22 109.104.132.0-109.104.134.255 109.104.140.0/22 109.104.156.0/22 144.48.52.0/22 185.53.100.0/22 185.153.124.0/22 185.233.124.0/22 194.113.80.0/23 194.113.94.0/23 199.168.120.0/22 209.23.32.0/20 IPv6: 2a04:27c0::/29 2a09:6e40::/29 2a09:6ec0::/29 2a0d:27c0::/29 2a0d:42c0::/29 2a0d:4a40::/29 2a0e:3f00::/29 2a0e:4f00::/29 2a0e:d4c0::/29 2a0f:42c0::/29 2a0f:a880::/29 sbgp-autonomousSysNum: critical Autonomous System Numbers: 197706 Signature Algorithm: sha256WithRSAEncryption 01:6c:9c:b5:79:b6:4a:b3:93:3c:fb:f0:ca:ef:54:66:ef:6f: 15:74:59:4f:1f:da:69:6e:1e:64:4e:4a:b2:90:fa:46:c4:77: 95:63:4b:d8:66:6b:7d:b7:20:ca:da:06:0e:29:6b:e1:0a:f2: de:bf:35:7e:f7:b8:5d:3e:8a:e1:57:b4:1b:b9:4e:44:5d:8f: 11:82:0f:f9:40:72:56:fe:3e:33:0b:cb:2c:6b:9d:23:26:10: bb:b4:e5:c0:bf:cf:0a:31:f5:26:0f:6d:8f:31:98:56:a7:c6: 54:21:d6:09:d1:ae:00:0b:d6:99:9e:78:ab:2a:aa:5c:8e:d9: 2e:08:28:91:dc:3b:65:da:5f:92:58:e3:8e:9b:96:97:e8:f0: 17:76:e3:13:56:da:23:42:35:86:7d:9f:00:4b:d8:f3:97:86: e8:00:f0:34:cf:f2:f1:d3:4d:64:01:13:21:48:6f:e8:51:fe: 67:f7:fc:b6:6b:5f:54:85:22:93:1c:d5:8e:41:4d:e9:48:3b: ae:e0:64:ec:1c:77:e4:ac:83:46:d6:12:d3:e6:43:06:d3:bd: 94:ee:b4:91:ec:a0:08:d4:b1:af:0e:26:27:3c:38:da:16:df: 07:45:39:9d:e1:86:a0:ff:45:af:5f:19:99:d0:c9:44:de:07: 2c:64:72:93 -----BEGIN CERTIFICATE----- MIIGiDCCBXCgAwIBAgISAZt+pzbphSDrPnACG+pCsexTMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk ZGU2NjkwHhcNMjYwMTAyMTIyMDQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD Eyg2MjRhZDQ1MzVhYzg4ZGQ1MzQxOTlmMmE3MjYwOTVhZjcxYWZlNDRlMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojfDcVerybwyrswKaVxMUoB4mt6+ wVgZ9XE1kQ0WAHZ3sLNELTCd1ahqbE8OmSo3S7yskRWPBi3pVKC9xCipJj30ix4b gkjAMk2jiPO2iQ70MsSDZ/pl3OEkvmv1xsyiBhfMnuOrGwqUWMncmZlRDOwsDoP1 /pPg+LhTtmjt9stStK5EO4TTEM1HDeLi7MvITsg7J/JjMeB7BKfBWE0w2D5MRseA T2OTulqYanBnINKsQAvfsREpO1XkMoiYGv6xcM1IsUQdFPoo/3yRM8eFSNtkp8qz CdvEWhzyMG47Jh1/b2LpqgZotBWczC7/oq5QXYlUCU8N71AdTRBNiacNzwIDAQAB o4IDlDCCA5AwHQYDVR0OBBYEFGJK1FNayI3VNBmfKnJgla9xr+ROMB8GA1UdIwQY MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAwL2FhMTAx OS01NjRmLTRjNDYtYTIxNy1mYjU5NDk4MDhkZGMvMS8wfAYIKwYBBQUHMAqGcHJz eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDAvYWExMDE5 LTU2NGYtNGM0Ni1hMjE3LWZiNTk0OTgwOGRkYy8xL1lrclVVMXJJamRVMEdaOHFj bUNWcjNHdjVFNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIBEQYIKwYB BQUHAQcBAf8EggEAMIH9MIGlBAIAATCBngMEAh+rmAMEAi1C/AMEAi2OGAMEAz5l oAMEAlLGIAMEAVvZBgMEAVvZSAMEAmdFIAMEAmddKAMEAmdvAAMEAmd8pAMEAmfM eAMEAmf+8AMEAm1KHDAMAwQCbWiEAwQAbWiGAwQCbWiMAwQCbWicAwQCkDA0AwQC uTVkAwQCuZl8AwQCuel8AwQBwnFQAwQBwnFeAwQCx6h4AwQE0RcgMFMEAgACME0D BQMqBCfAAwUDKgluQAMFAyoJbsADBQMqDSfAAwUDKg1CwAMFAyoNSkADBQMqDj8A AwUDKg5PAAMFAyoO1MADBQMqD0LAAwUDKg+ogDAaBggrBgEFBQcBCAEB/wQLMAmg BzAFAgMDBEowDQYJKoZIhvcNAQELBQADggEBAAFsnLV5tkqzkzz78MrvVGbvbxV0 WU8f2mluHmROSrKQ+kbEd5VjS9hma323IMraBg4pa+EK8t6/NX73uF0+iuFXtBu5 TkRdjxGCD/lAclb+PjMLyyxrnSMmELu05cC/zwox9SYPbY8xmFanxlQh1gnRrgAL 1pmeeKsqqlyO2S4IKJHcO2XaX5JY446blpfo8Bd24xNW2iNCNYZ9nwBL2POXhugA 8DTP8vHTTWQBEyFIb+hR/mf3/LZrX1SFIpMc1Y5BTelIO67gZOwcd+Ssg0bWEtPm QwbTvZTutJHsoAjUsa8OJic8ONoW3wdFOZ3hhqD/Ra9fGZnQyUTeByxkcpM= -----END CERTIFICATE-----Generated at Mon Jan 26 15:38:13 2026 by rpki-client