This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.cer
File:                     ZK7IAkyqEDqEEmlsfnL3eAPNhpU.cer (raw, json)
Hash identifier:          iTasDNr2FlCIpaUb70KAUGKXey6P7BeRRzOmgIz0fag=
Subject key identifier:   64:AE:C8:02:4C:AA:10:3A:84:12:69:6C:7E:72:F7:78:03:CD:86:95
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B77C677D291008B0FD378B045BEA4563A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 04:17:34 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 193.43.40.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:77:d2:91:00:8b:0f:d3:78:b0:45:be:a4:56:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=64aec8024caa103a8412696c7e72f77803cd8695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:39:0f:ad:82:3b:8e:2f:f1:ea:7f:bf:a8:1f:
                    35:d5:bd:eb:39:31:60:e5:9f:d7:f7:a6:be:85:e9:
                    be:91:90:31:47:12:35:8c:6d:25:5c:97:73:d0:a2:
                    c6:79:93:88:ea:7e:f1:33:db:ee:fd:e4:0c:64:b1:
                    99:c3:11:43:20:18:58:81:80:b3:43:a5:b0:78:78:
                    ef:6d:30:6c:68:d7:6d:a3:7d:bd:a6:aa:3b:c8:38:
                    8f:05:b8:64:42:a3:17:2f:6e:1f:bd:4d:db:40:ab:
                    3f:6a:5b:1e:57:0a:05:85:54:5f:c7:a2:6a:45:e1:
                    67:6f:12:b7:74:13:5e:a0:55:30:02:f2:05:2e:d9:
                    45:90:54:43:b2:7b:4b:38:52:86:f1:ef:e2:5b:0f:
                    09:ae:ed:3e:38:a2:b6:95:0a:9c:c7:ed:35:9b:c5:
                    43:6a:9a:63:ce:5e:e1:6a:eb:90:e2:32:cb:2a:93:
                    85:69:2b:73:1f:55:d4:4e:37:49:43:16:7f:2b:03:
                    6f:e0:6e:ec:72:82:f0:b9:eb:9e:12:96:1f:9f:43:
                    fe:37:c5:17:93:da:a9:8c:40:6a:e8:28:46:a6:0e:
                    13:bd:34:dc:8c:40:86:b2:e4:a1:e4:4e:f2:d3:1b:
                    fc:b8:e0:e9:04:cf:2f:09:6c:74:7f:cb:0d:a9:c6:
                    6f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:AE:C8:02:4C:AA:10:3A:84:12:69:6C:7E:72:F7:78:03:CD:86:95
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/0f24dd-ef4a-4dbf-b20d-b039c24b99ca/1/ZK7IAkyqEDqEEmlsfnL3eAPNhpU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:42:df:9e:dc:88:5b:59:31:9b:a9:8c:f4:cb:96:64:0f:1c:
         a8:ab:90:7b:04:9e:7b:e9:65:5b:0f:52:ba:43:80:bc:14:5d:
         5c:b0:71:29:d9:c1:45:51:98:a3:5f:66:47:d2:fb:06:6b:0f:
         4e:52:6c:70:5a:17:7c:68:63:cf:fa:f7:d8:a3:c9:ed:78:2f:
         42:ee:31:b0:ff:e3:0f:d4:01:11:37:bf:14:8b:63:7c:97:97:
         82:8d:d7:ad:87:6c:39:22:54:58:a5:2e:07:78:5f:0d:a3:f1:
         da:20:98:b8:7b:b2:1d:51:9a:55:b6:7b:cb:60:7b:7a:45:23:
         25:a5:e9:2a:d0:97:c6:76:8f:13:54:c1:02:40:fa:5a:63:a7:
         97:48:d3:93:4f:70:5d:ec:45:eb:59:2b:93:7e:eb:eb:4f:c8:
         48:30:76:ac:8a:b0:64:e7:1a:be:22:3a:09:ef:8f:54:ee:74:
         c1:83:12:44:86:71:85:4f:f7:e3:c7:7e:89:3e:1e:f9:57:09:
         a2:89:5b:b4:e7:9b:ac:a5:50:78:a3:20:61:b0:5b:59:74:e1:
         03:27:af:09:09:27:b2:e9:5e:d5:d5:2c:7d:d5:2c:cd:c4:a7:
         67:b3:13:4a:e0:61:0e:b9:5a:9e:1f:0f:c2:83:d6:78:e1:0a:
         75:2e:0f:db
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt3xnfSkQCLD9N4sEW+pFY6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDQxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGFlYzgwMjRjYWExMDNhODQxMjY5NmM3ZTcyZjc3ODAzY2Q4Njk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTkPrYI7ji/x6n+/qB811b3rOTFg
5Z/X96a+hem+kZAxRxI1jG0lXJdz0KLGeZOI6n7xM9vu/eQMZLGZwxFDIBhYgYCz
Q6WweHjvbTBsaNdto329pqo7yDiPBbhkQqMXL24fvU3bQKs/alseVwoFhVRfx6Jq
ReFnbxK3dBNeoFUwAvIFLtlFkFRDsntLOFKG8e/iWw8Jru0+OKK2lQqcx+01m8VD
appjzl7hauuQ4jLLKpOFaStzH1XUTjdJQxZ/KwNv4G7scoLwueueEpYfn0P+N8UX
k9qpjEBq6ChGpg4TvTTcjECGsuSh5E7y0xv8uODpBM8vCWx0f8sNqcZvPwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGSuyAJMqhA6hBJpbH5y93gDzYaVMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzExLzBmMjRk
ZC1lZjRhLTRkYmYtYjIwZC1iMDM5YzI0Yjk5Y2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTEvMGYyNGRk
LWVmNGEtNGRiZi1iMjBkLWIwMzljMjRiOTljYS8xL1pLN0lBa3lxRURxRUVtbHNm
bkwzZUFQTmhwVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwSsoMA0GCSqGSIb3DQEBCwUAA4IBAQAoQt+e
3IhbWTGbqYz0y5ZkDxyoq5B7BJ576WVbD1K6Q4C8FF1csHEp2cFFUZijX2ZH0vsG
aw9OUmxwWhd8aGPP+vfYo8nteC9C7jGw/+MP1AERN78Ui2N8l5eCjdeth2w5IlRY
pS4HeF8No/HaIJi4e7IdUZpVtnvLYHt6RSMlpekq0JfGdo8TVMECQPpaY6eXSNOT
T3Bd7EXrWSuTfuvrT8hIMHasirBk5xq+IjoJ749U7nTBgxJEhnGFT/fjx36JPh75
VwmiiVu055uspVB4oyBhsFtZdOEDJ68JCSey6V7V1Sx91SzNxKdnsxNK4GEOuVqe
Hw/Cg9Z44Qp1Lg/b
-----END CERTIFICATE-----