This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cMuWVD9-GVcj5tEiwpR4v92gPsw.cer
File:                     cMuWVD9-GVcj5tEiwpR4v92gPsw.cer (raw, json)
Hash identifier:          m4rHzgfRMzIy5GnmXowVIOnlhMBYoxxvJg0AMTPRLbg=
Subject key identifier:   70:CB:96:54:3F:7E:19:57:23:E6:D1:22:C2:94:78:BF:DD:A0:3E:CC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7C808B87EA804420300D37044F2FD597
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/dc/b7e4ac-8508-4d6b-a2bc-274cd6caa3f3/1/cMuWVD9-GVcj5tEiwpR4v92gPsw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/dc/b7e4ac-8508-4d6b-a2bc-274cd6caa3f3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 02:19:17 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 91.239.186.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 21:05:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:8b:87:ea:80:44:20:30:0d:37:04:4f:2f:d5:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=70cb96543f7e195723e6d122c29478bfdda03ecc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:d5:4a:e6:99:b1:a9:b5:0b:a2:0b:48:f6:e2:
                    b5:09:a0:66:ce:4c:51:da:95:4f:2f:d5:1d:07:7d:
                    3e:a8:2b:05:b0:de:85:96:b7:60:1b:53:f2:04:e8:
                    db:8c:48:5a:6d:c8:37:6c:13:4e:08:70:51:11:52:
                    4d:75:ce:10:43:a9:81:b8:91:7d:87:95:13:8b:85:
                    2c:a8:5c:be:29:10:22:46:11:ce:19:29:36:12:76:
                    f4:3f:51:c8:4d:e0:f6:9a:bc:1c:d2:94:ae:a8:78:
                    fc:4f:2d:48:a6:c6:7b:b9:23:7c:de:5d:4c:c8:04:
                    a8:84:b0:ae:ec:d7:08:ae:83:a7:69:45:3d:c0:81:
                    c1:50:e7:29:26:7c:85:f0:a4:e9:31:f6:ca:e7:9a:
                    8a:ea:4b:27:a7:d8:b7:6b:31:81:36:68:1a:4b:ce:
                    7e:f3:44:a3:17:2b:41:8f:29:3f:46:52:b1:ed:e6:
                    a7:38:0a:bd:39:94:84:a6:3a:fa:78:c3:71:5a:e8:
                    93:f5:55:58:50:b2:c4:92:3c:b6:47:f6:fe:81:90:
                    40:57:34:c2:3b:97:c5:cc:b5:37:41:13:77:ca:c6:
                    1f:b5:6f:ad:87:95:6e:55:0e:1b:e8:5b:0f:61:fc:
                    ff:e7:a3:a9:55:e3:6f:41:43:fc:3a:e6:04:1e:21:
                    89:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:CB:96:54:3F:7E:19:57:23:E6:D1:22:C2:94:78:BF:DD:A0:3E:CC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b7e4ac-8508-4d6b-a2bc-274cd6caa3f3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/b7e4ac-8508-4d6b-a2bc-274cd6caa3f3/1/cMuWVD9-GVcj5tEiwpR4v92gPsw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:6d:81:47:cc:fc:31:f5:b8:ec:ca:50:fc:85:d5:99:6e:bc:
         e5:c4:31:80:51:48:22:1a:99:57:60:78:ac:e4:10:cf:b9:dc:
         6e:de:97:f7:2a:e6:c4:3d:f8:2b:0f:08:25:4f:c0:35:89:67:
         f8:27:70:ba:fc:50:9b:d1:ef:4f:a2:26:b3:08:c1:b2:f3:e5:
         d8:3d:44:78:db:58:d3:06:fb:88:f8:fb:ca:84:1f:6d:62:28:
         b7:9b:c3:7f:71:d9:63:a9:48:01:5a:89:f6:bb:91:46:f2:70:
         9c:6c:2f:73:a9:07:7e:1a:bd:8f:5d:a7:c5:15:a6:8e:e6:a0:
         0d:2d:95:2b:0f:42:7a:88:a9:9c:b2:f7:be:ca:09:bf:14:ea:
         64:dc:4e:e1:22:b9:03:e3:f5:20:5d:98:0b:85:9f:d0:4d:d2:
         6b:c2:9c:97:85:66:4e:c2:de:a7:9d:2a:c0:23:d6:06:e1:eb:
         46:2b:1e:1f:60:9f:c1:75:1e:86:4c:0e:6f:a8:50:6a:98:ef:
         da:a2:9f:b8:46:aa:54:b7:62:6e:f2:95:d8:6d:70:8a:85:ba:
         52:f2:26:66:9e:9d:4e:e7:02:fd:01:33:fc:28:25:12:11:c5:
         8e:8c:6c:f3:d2:04:c0:a2:75:fa:38:f0:f7:d6:35:7d:2b:e1:
         2f:b2:b7:3c
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt8gIuH6oBEIDANNwRPL9WXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDIxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGNiOTY1NDNmN2UxOTU3MjNlNmQxMjJjMjk0NzhiZmRkYTAzZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlNVK5pmxqbULogtI9uK1CaBmzkxR
2pVPL9UdB30+qCsFsN6FlrdgG1PyBOjbjEhabcg3bBNOCHBREVJNdc4QQ6mBuJF9
h5UTi4UsqFy+KRAiRhHOGSk2Enb0P1HITeD2mrwc0pSuqHj8Ty1IpsZ7uSN83l1M
yASohLCu7NcIroOnaUU9wIHBUOcpJnyF8KTpMfbK55qK6ksnp9i3azGBNmgaS85+
80SjFytBjyk/RlKx7eanOAq9OZSEpjr6eMNxWuiT9VVYULLEkjy2R/b+gZBAVzTC
O5fFzLU3QRN3ysYftW+th5VuVQ4b6FsPYfz/56OpVeNvQUP8OuYEHiGJRQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFHDLllQ/fhlXI+bRIsKUeL/doD7MMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RjL2I3ZTRh
Yy04NTA4LTRkNmItYTJiYy0yNzRjZDZjYWEzZjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMvYjdlNGFj
LTg1MDgtNGQ2Yi1hMmJjLTI3NGNkNmNhYTNmMy8xL2NNdVdWRDktR1ZjajV0RWl3
cFI0djkyZ1Bzdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW++6MA0GCSqGSIb3DQEBCwUAA4IBAQA1bYFH
zPwx9bjsylD8hdWZbrzlxDGAUUgiGplXYHis5BDPudxu3pf3KubEPfgrDwglT8A1
iWf4J3C6/FCb0e9PoiazCMGy8+XYPUR421jTBvuI+PvKhB9tYii3m8N/cdljqUgB
Won2u5FG8nCcbC9zqQd+Gr2PXafFFaaO5qANLZUrD0J6iKmcsve+ygm/FOpk3E7h
IrkD4/UgXZgLhZ/QTdJrwpyXhWZOwt6nnSrAI9YG4etGKx4fYJ/BdR6GTA5vqFBq
mO/aop+4RqpUt2Ju8pXYbXCKhbpS8iZmnp1O5wL9ATP8KCUSEcWOjGzz0gTAonX6
OPD31jV9K+Evsrc8
-----END CERTIFICATE-----