This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bOP7hnhh2q_XgSeYl_4lqOs3FGg.cer
File:                     bOP7hnhh2q_XgSeYl_4lqOs3FGg.cer (raw, json)
Hash identifier:          OwbVYZQ9rgRd6C1vl6fIHMFt4AGa4HyJyv2XeeqEyeo=
Subject key identifier:   6C:E3:FB:86:78:61:DA:AF:D7:81:27:98:97:FE:25:A8:EB:37:14:68
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7FF224E4A46F9154752B5EBA888C8A96
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/40/c3f995-86ef-4a67-acac-e4391fbcaf14/1/bOP7hnhh2q_XgSeYl_4lqOs3FGg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/40/c3f995-86ef-4a67-acac-e4391fbcaf14/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 18:22:14 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 185.28.116.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 29 Jan 2026 09:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:f2:24:e4:a4:6f:91:54:75:2b:5e:ba:88:8c:8a:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 18:22:14 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6ce3fb867861daafd781279897fe25a8eb371468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:5e:96:56:90:d7:d6:0a:4a:5d:03:25:19:e4:
                    38:a7:b4:0f:16:70:ae:86:b5:55:46:b0:47:6e:f7:
                    2c:53:94:da:7c:e8:9d:cc:20:69:a1:99:49:0c:0e:
                    4f:10:0f:d9:68:ef:19:1e:d3:49:ab:36:8a:2b:56:
                    e6:85:2f:17:ee:7f:1e:14:05:80:d1:95:61:16:c7:
                    ee:0c:97:19:18:bd:5f:30:50:6c:4b:0a:20:ca:9a:
                    70:3a:0f:a8:94:02:0a:a1:93:99:9e:a4:71:8e:63:
                    28:e7:7e:9f:53:be:06:47:49:a2:48:17:f3:ff:3d:
                    f5:da:f9:17:51:13:c7:b9:f1:e2:e7:be:be:d7:8e:
                    14:5f:26:9a:6d:23:b1:6c:37:d5:97:40:83:43:15:
                    a7:88:2b:a1:cb:8a:19:3d:75:3b:14:33:32:70:ae:
                    fd:45:70:6a:bc:58:81:0f:21:2e:82:e4:bd:43:f1:
                    77:fe:fe:51:ca:bc:70:d1:ab:a3:d5:8b:69:8f:3f:
                    fc:73:eb:5e:f8:66:d6:3b:26:c8:2d:d3:79:34:42:
                    19:2b:c6:9e:b9:fa:93:5f:bb:b3:24:39:07:1d:12:
                    e5:73:1e:45:4b:3a:21:b2:20:db:ac:69:1a:ee:c2:
                    ff:95:5c:b8:ff:32:ba:86:0d:e5:16:9e:7d:e2:21:
                    79:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E3:FB:86:78:61:DA:AF:D7:81:27:98:97:FE:25:A8:EB:37:14:68
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/c3f995-86ef-4a67-acac-e4391fbcaf14/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/c3f995-86ef-4a67-acac-e4391fbcaf14/1/bOP7hnhh2q_XgSeYl_4lqOs3FGg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.28.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:3c:4e:9d:fe:83:44:3d:d8:3b:a8:1d:8f:dd:fa:49:13:25:
         fa:29:4e:48:18:0d:46:09:9a:20:3b:a7:c7:09:2c:07:0b:56:
         35:e5:b7:29:ca:86:a3:dc:05:de:6d:17:36:64:9f:49:03:f9:
         e2:25:2e:48:a4:b6:b5:ff:3b:d8:f6:b5:75:1b:17:09:e8:25:
         13:a4:43:22:d9:b3:d3:e5:b5:50:92:ff:90:60:8d:c4:8e:89:
         60:d0:af:c8:2f:39:f0:a7:e7:1d:4c:9c:01:9a:c2:14:db:b0:
         5e:3a:4f:77:52:71:5b:8d:df:af:b8:38:40:04:4d:f5:a1:b7:
         38:29:cb:57:ca:96:5d:2e:28:cb:0b:a7:03:48:d3:d7:86:23:
         14:f7:7a:7a:b7:1a:c4:65:9d:21:de:da:4e:df:39:0d:5b:84:
         e6:b5:d0:8d:34:5b:03:6e:c8:07:9a:8b:b8:a6:cb:ef:ae:05:
         f4:84:15:a8:37:a1:1e:c7:be:21:32:41:75:c9:dc:49:c4:12:
         81:5c:be:91:8c:4f:53:f7:04:47:01:d0:93:70:eb:4c:05:67:
         54:a7:f4:d5:e2:41:76:64:8b:5e:f5:ac:44:3a:38:0c:ca:fd:
         ed:c8:27:f3:82:24:34:82:5d:2f:e3:b6:38:86:b3:88:a5:ba:
         be:2b:d0:0f
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt/8iTkpG+RVHUrXrqIjIqWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTgyMjE0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2UzZmI4Njc4NjFkYWFmZDc4MTI3OTg5N2ZlMjVhOGViMzcxNDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuV6WVpDX1gpKXQMlGeQ4p7QPFnCu
hrVVRrBHbvcsU5TafOidzCBpoZlJDA5PEA/ZaO8ZHtNJqzaKK1bmhS8X7n8eFAWA
0ZVhFsfuDJcZGL1fMFBsSwogyppwOg+olAIKoZOZnqRxjmMo536fU74GR0miSBfz
/z312vkXURPHufHi576+144UXyaabSOxbDfVl0CDQxWniCuhy4oZPXU7FDMycK79
RXBqvFiBDyEuguS9Q/F3/v5Ryrxw0auj1Ytpjz/8c+te+GbWOybILdN5NEIZK8ae
ufqTX7uzJDkHHRLlcx5FSzohsiDbrGka7sL/lVy4/zK6hg3lFp594iF5fwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGzj+4Z4Ydqv14EnmJf+JajrNxRoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQwL2MzZjk5
NS04NmVmLTRhNjctYWNhYy1lNDM5MWZiY2FmMTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAvYzNmOTk1
LTg2ZWYtNGE2Ny1hY2FjLWU0MzkxZmJjYWYxNC8xL2JPUDdobmhoMnFfWGdTZVls
XzRscU9zM0ZHZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuRx0MA0GCSqGSIb3DQEBCwUAA4IBAQCjPE6d
/oNEPdg7qB2P3fpJEyX6KU5IGA1GCZogO6fHCSwHC1Y15bcpyoaj3AXebRc2ZJ9J
A/niJS5IpLa1/zvY9rV1GxcJ6CUTpEMi2bPT5bVQkv+QYI3Ejolg0K/ILznwp+cd
TJwBmsIU27BeOk93UnFbjd+vuDhABE31obc4KctXypZdLijLC6cDSNPXhiMU93p6
txrEZZ0h3tpO3zkNW4TmtdCNNFsDbsgHmou4psvvrgX0hBWoN6Eex74hMkF1ydxJ
xBKBXL6RjE9T9wRHAdCTcOtMBWdUp/TV4kF2ZIte9axEOjgMyv3tyCfzgiQ0gl0v
47Y4hrOIpbq+K9AP
-----END CERTIFICATE-----