This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZUFaF2P-AFsBObAUxuV11fmypQQ.cer
File:                     ZUFaF2P-AFsBObAUxuV11fmypQQ.cer (raw, json)
Hash identifier:          s3wdidaDlU5d/H4m9iUD9CKqurCnuizhS4fdwcbAaoI=
Subject key identifier:   65:41:5A:17:63:FE:00:5B:01:39:B0:14:C6:E5:75:D5:F9:B2:A5:04
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5B698828A90EB2912FEB5573DEDA80
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:18:21 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 176.120.120.0/21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 20:39:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:69:88:28:a9:0e:b2:91:2f:eb:55:73:de:da:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:18:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=65415a1763fe005b0139b014c6e575d5f9b2a504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:07:98:72:18:e1:4c:6b:4d:02:09:c3:14:a1:
                    81:13:65:4d:60:c1:50:ab:65:bb:18:27:40:dd:c2:
                    ff:f5:df:b2:b6:a1:3e:1f:a4:08:d1:66:6b:91:a5:
                    01:62:b2:de:80:05:b1:0e:ae:6d:f2:29:f8:5d:e1:
                    99:85:16:38:3a:2c:aa:b7:67:f7:92:bb:c9:11:2c:
                    37:c3:84:42:51:8f:f3:10:c7:0c:88:13:22:83:2c:
                    5b:10:da:18:ed:44:c4:ad:81:0e:9f:78:6d:26:c5:
                    80:9c:9b:02:34:69:f0:1c:0d:7b:e3:96:dc:a3:2f:
                    2f:c9:44:a1:05:a6:62:c0:41:dc:b4:63:3f:c3:d3:
                    4f:af:73:8d:76:46:da:2a:b7:e7:a9:a8:47:fa:fa:
                    f7:4a:5f:8d:bb:e2:87:b4:2f:66:11:c9:62:3b:ae:
                    1c:fe:b8:ff:0a:0c:ec:66:66:ae:8f:00:32:65:4d:
                    a1:a5:28:1a:cf:0b:ef:f9:e4:c8:93:4a:50:9b:77:
                    64:a8:85:e0:06:58:fb:53:e3:e5:10:90:ec:9d:9c:
                    d7:90:ff:bb:1d:ef:ad:8f:44:e6:4c:a0:f6:c7:63:
                    4d:53:6e:0d:1d:5a:99:79:a8:1e:04:63:21:d9:43:
                    e8:33:3d:ab:8d:f7:28:6f:93:cd:e7:04:27:05:21:
                    87:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:41:5A:17:63:FE:00:5B:01:39:B0:14:C6:E5:75:D5:F9:B2:A5:04
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/3aec71-ca17-4ec5-87a7-ee7a20569b83/1/ZUFaF2P-AFsBObAUxuV11fmypQQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.120.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         88:85:bd:72:98:46:2c:2b:b2:f5:61:b9:69:11:c2:58:1c:9a:
         75:fd:42:13:97:77:78:8b:d1:cf:a4:1a:9a:0b:b1:c4:b7:bd:
         58:3b:5e:08:02:22:0a:1d:78:13:bd:6a:cc:6f:86:51:83:4c:
         d6:55:1f:1d:1f:a1:8c:f0:02:f7:ba:11:8d:47:e6:23:5a:20:
         c9:db:1b:b7:39:50:fe:04:20:f9:89:8e:e7:49:02:54:1f:75:
         60:2e:51:20:07:7b:fc:bb:68:07:5d:61:ad:16:55:84:66:3c:
         2b:47:0d:d0:21:71:dc:1e:25:e5:e5:00:fb:8a:66:6f:88:67:
         d8:03:04:6c:c8:35:01:ac:2c:75:13:2f:32:07:ac:24:db:ee:
         e3:79:06:8f:3b:30:09:aa:49:63:f1:3a:c0:e5:c2:c3:2d:d6:
         20:2e:31:26:c3:60:62:29:e0:7f:b9:62:e1:ce:82:52:06:c6:
         5a:67:2d:ee:ee:68:5c:25:6c:a4:bc:fe:81:4d:cb:32:31:2d:
         ce:eb:13:a8:17:cc:cf:65:12:e4:b3:6c:37:dd:8e:f7:9a:41:
         05:eb:74:02:ca:3a:cd:c3:a2:34:81:09:5e:d6:68:23:53:e8:
         65:45:65:75:c2:54:53:7d:47:9e:99:8d:9a:fd:7c:7b:57:9a:
         33:1b:c2:77
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt9W2mIKKkOspEv61Vz3tqAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYxODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTQxNWExNzYzZmUwMDViMDEzOWIwMTRjNmU1NzVkNWY5YjJhNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwweYchjhTGtNAgnDFKGBE2VNYMFQ
q2W7GCdA3cL/9d+ytqE+H6QI0WZrkaUBYrLegAWxDq5t8in4XeGZhRY4Oiyqt2f3
krvJESw3w4RCUY/zEMcMiBMigyxbENoY7UTErYEOn3htJsWAnJsCNGnwHA1745bc
oy8vyUShBaZiwEHctGM/w9NPr3ONdkbaKrfnqahH+vr3Sl+Nu+KHtC9mEcliO64c
/rj/CgzsZmaujwAyZU2hpSgazwvv+eTIk0pQm3dkqIXgBlj7U+PlEJDsnZzXkP+7
He+tj0TmTKD2x2NNU24NHVqZeageBGMh2UPoMz2rjfcob5PN5wQnBSGHQwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGVBWhdj/gBbATmwFMblddX5sqUEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdiLzNhZWM3
MS1jYTE3LTRlYzUtODdhNy1lZTdhMjA1NjliODMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2IvM2FlYzcx
LWNhMTctNGVjNS04N2E3LWVlN2EyMDU2OWI4My8xL1pVRmFGMlAtQUZzQk9iQVV4
dVYxMWZteXBRUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDsHh4MA0GCSqGSIb3DQEBCwUAA4IBAQCIhb1y
mEYsK7L1YblpEcJYHJp1/UITl3d4i9HPpBqaC7HEt71YO14IAiIKHXgTvWrMb4ZR
g0zWVR8dH6GM8AL3uhGNR+YjWiDJ2xu3OVD+BCD5iY7nSQJUH3VgLlEgB3v8u2gH
XWGtFlWEZjwrRw3QIXHcHiXl5QD7imZviGfYAwRsyDUBrCx1Ey8yB6wk2+7jeQaP
OzAJqklj8TrA5cLDLdYgLjEmw2BiKeB/uWLhzoJSBsZaZy3u7mhcJWykvP6BTcsy
MS3O6xOoF8zPZRLks2w33Y73mkEF63QCyjrNw6I0gQle1mgjU+hlRWV1wlRTfUee
mY2a/Xx7V5ozG8J3
-----END CERTIFICATE-----