This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cl3CBR5_PY1hf1UYng7m8xdNkto.cer
File:                     cl3CBR5_PY1hf1UYng7m8xdNkto.cer (raw, json)
Hash identifier:          yOtu94Lyl/D0TxALDqEUnyhgzep3QPt/OZez1ZZk8ZQ=
Subject key identifier:   72:5D:C2:05:1E:7F:3D:8D:61:7F:55:18:9E:0E:E6:F3:17:4D:92:DA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B790FF9CB3544F450683D77F43878118F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 10:17:28 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 214138
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:0f:f9:cb:35:44:f4:50:68:3d:77:f4:38:78:11:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:17:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=725dc2051e7f3d8d617f55189e0ee6f3174d92da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e7:e3:45:83:3f:7a:61:45:3b:c6:b6:6f:55:
                    2d:8a:73:ec:94:85:19:d6:95:67:c8:e7:da:63:23:
                    a7:84:6a:40:95:6d:8a:cb:db:db:b6:de:f0:36:75:
                    1b:f8:fe:3f:99:de:2d:e8:b2:08:68:d8:d8:31:04:
                    9d:25:af:1e:67:0f:b9:04:91:85:fe:9d:5b:57:81:
                    06:d1:a6:0f:0c:f0:3e:b3:ee:3a:12:12:11:fe:56:
                    8e:8a:1a:28:91:2d:cd:d5:d3:93:20:9e:ea:14:d4:
                    96:00:b5:7a:56:99:86:14:53:77:b0:d4:5f:9e:98:
                    79:d5:55:e3:b9:bf:5b:f4:eb:8e:01:63:89:e0:29:
                    b7:dc:cb:ea:24:e1:73:70:3e:e5:73:7f:d1:dc:ac:
                    dc:39:87:fd:9e:98:0a:c8:43:d1:c2:a1:f7:86:d3:
                    9c:7b:c1:89:30:68:4e:ba:26:49:6d:24:50:cd:ef:
                    73:af:66:0e:7e:c5:77:36:92:d7:6c:f8:b9:e2:d2:
                    4e:1a:b4:c5:d8:d5:a3:3e:19:c0:8a:a2:52:27:e4:
                    b7:9d:bb:d6:61:3b:a7:7b:2f:da:15:2f:f7:2e:17:
                    dc:0b:19:9f:db:dd:aa:2a:2f:19:0e:84:47:8c:49:
                    65:3d:a0:c9:b9:20:52:74:be:f4:9c:54:5d:76:0f:
                    72:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:5D:C2:05:1E:7F:3D:8D:61:7F:55:18:9E:0E:E6:F3:17:4D:92:DA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/984111-6f7c-4e69-94c9-ff0f52633527/1/cl3CBR5_PY1hf1UYng7m8xdNkto.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214138

    Signature Algorithm: sha256WithRSAEncryption
         8c:31:24:c2:30:46:7d:04:02:da:f2:bd:7a:79:14:b3:dc:5f:
         89:d2:79:e3:13:37:8c:ec:ef:0f:c8:d0:14:1b:77:5b:45:7e:
         83:37:bd:bd:ab:14:65:cf:b6:95:66:d5:52:9d:1f:6a:c5:cd:
         cd:59:bd:ea:23:3a:c9:cb:7c:79:4b:e5:a3:53:11:45:7b:b4:
         c0:ab:c7:a3:cd:89:e3:aa:8c:48:57:1d:01:94:38:c4:15:ed:
         3c:b6:e3:27:24:3f:94:03:f0:46:17:8d:29:91:62:18:04:99:
         7e:6c:8a:f5:ae:7f:f3:1d:24:c8:20:82:32:23:34:4e:4a:e1:
         b3:24:8e:59:06:4e:42:e0:52:2e:47:65:b9:2e:78:83:15:c4:
         46:e3:03:64:ba:ba:8a:da:9c:25:15:fe:42:68:5b:94:ef:72:
         62:c5:90:8a:dd:74:8c:a0:ca:80:fa:cd:19:bb:86:07:d9:83:
         ae:20:a5:fd:b3:ab:a8:f6:18:91:78:ec:0f:3e:a1:26:4e:51:
         cf:4f:de:32:a8:c1:4f:69:af:ce:b1:80:3a:2f:3d:d7:1f:05:
         ae:d0:85:81:22:c3:d9:cf:85:8e:24:0e:1c:7c:d4:13:2c:66:
         8a:fa:62:28:7f:d9:37:89:ee:ab:40:dd:21:35:ad:d2:49:f9:
         15:68:19:5f
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt5D/nLNUT0UGg9d/Q4eBGPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMTAxNzI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjVkYzIwNTFlN2YzZDhkNjE3ZjU1MTg5ZTBlZTZmMzE3NGQ5MmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqefjRYM/emFFO8a2b1UtinPslIUZ
1pVnyOfaYyOnhGpAlW2Ky9vbtt7wNnUb+P4/md4t6LIIaNjYMQSdJa8eZw+5BJGF
/p1bV4EG0aYPDPA+s+46EhIR/laOihookS3N1dOTIJ7qFNSWALV6VpmGFFN3sNRf
nph51VXjub9b9OuOAWOJ4Cm33MvqJOFzcD7lc3/R3KzcOYf9npgKyEPRwqH3htOc
e8GJMGhOuiZJbSRQze9zr2YOfsV3NpLXbPi54tJOGrTF2NWjPhnAiqJSJ+S3nbvW
YTuney/aFS/3LhfcCxmf292qKi8ZDoRHjEllPaDJuSBSdL70nFRddg9yWwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFHJdwgUefz2NYX9VGJ4O5vMXTZLaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E4Lzk4NDEx
MS02ZjdjLTRlNjktOTRjOS1mZjBmNTI2MzM1MjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTgvOTg0MTEx
LTZmN2MtNGU2OS05NGM5LWZmMGY1MjYzMzUyNy8xL2NsM0NCUjVfUFkxaGYxVVlu
ZzdtOHhkTmt0by5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNEejANBgkqhkiG9w0BAQsFAAOCAQEAjDEkwjBGfQQC
2vK9enkUs9xfidJ54xM3jOzvD8jQFBt3W0V+gze9vasUZc+2lWbVUp0fasXNzVm9
6iM6yct8eUvlo1MRRXu0wKvHo82J46qMSFcdAZQ4xBXtPLbjJyQ/lAPwRheNKZFi
GASZfmyK9a5/8x0kyCCCMiM0TkrhsySOWQZOQuBSLkdluS54gxXERuMDZLq6itqc
JRX+QmhblO9yYsWQit10jKDKgPrNGbuGB9mDriCl/bOrqPYYkXjsDz6hJk5Rz0/e
MqjBT2mvzrGAOi891x8FrtCFgSLD2c+FjiQOHHzUEyxmivpiKH/ZN4nuq0DdITWt
0kn5FWgZXw==
-----END CERTIFICATE-----