This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/crJdhZ_wa-HryXrdXewF02_Nyi0.cer
File:                     crJdhZ_wa-HryXrdXewF02_Nyi0.cer (raw, json)
Hash identifier:          OIq10Wzojm++QfF6F10DxjHdQ2cAE/6+2nEbh8S7PIA=
Subject key identifier:   72:B2:5D:85:9F:F0:6B:E1:EB:C9:7A:DD:5D:EC:05:D3:6F:CD:CA:2D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5C44425B2E4DC42EE619763A046C8F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/crJdhZ_wa-HryXrdXewF02_Nyi0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:19:17 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 2001:678:980::/48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:44:42:5b:2e:4d:c4:2e:e6:19:76:3a:04:6c:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:19:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72b25d859ff06be1ebc97add5dec05d36fcdca2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:df:00:e0:f8:6e:57:0f:4e:b1:25:7c:55:b2:
                    e3:eb:b8:8d:ab:6a:7c:49:31:96:23:3b:5e:f5:39:
                    e3:3d:bb:cc:d2:fe:c2:27:e8:8f:18:5a:67:38:95:
                    87:11:7a:b7:c7:97:ff:ef:e7:73:22:74:d0:e0:b7:
                    40:7a:13:8e:fb:b0:2e:ed:90:a3:09:46:f6:75:1b:
                    ac:f3:10:37:56:6f:b6:a1:02:ee:2f:ba:8e:3d:cd:
                    0e:e4:0f:15:ec:c8:cb:c0:82:a5:e7:c7:bf:70:4b:
                    82:05:5f:5f:4a:dc:40:68:3a:94:9a:11:5a:f8:31:
                    86:c1:0d:95:c8:bb:c3:a6:d7:e2:df:6a:c0:06:54:
                    11:f5:a4:40:c5:ce:78:90:f2:b4:67:49:ba:a0:79:
                    32:ce:4f:74:e8:d8:64:5b:f8:99:54:35:c3:ba:d0:
                    bf:43:47:e0:ca:1e:1d:bc:25:79:6f:bc:b6:22:62:
                    41:39:c3:47:88:a9:37:95:c2:f6:9d:82:a2:1e:53:
                    df:d7:ab:e0:e2:6e:79:12:78:34:c3:67:cc:08:9e:
                    85:39:c3:de:08:b0:d6:1d:91:5a:a9:b5:b4:f3:c0:
                    ba:0e:72:94:f3:ad:7d:0c:3f:ae:c1:38:f4:48:5b:
                    04:56:6a:a4:fe:2f:6b:99:a4:d6:30:6c:0e:a2:a0:
                    e0:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:B2:5D:85:9F:F0:6B:E1:EB:C9:7A:DD:5D:EC:05:D3:6F:CD:CA:2D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/2f833f-a7e8-4f9d-a383-123fa2ab9408/1/crJdhZ_wa-HryXrdXewF02_Nyi0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:980::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:22:a8:b5:4b:94:10:8d:a8:a7:87:79:c2:ce:3b:7b:30:9e:
         0d:4e:fb:72:73:92:57:97:dd:21:27:50:5e:a1:24:28:32:13:
         9e:1e:3b:d5:fe:01:c8:79:e6:1a:27:48:ec:6d:dd:e6:fd:09:
         b9:fd:1f:72:cd:df:fe:dc:2f:89:30:76:00:45:2a:0e:41:f1:
         3f:ae:81:9f:cc:c7:a6:f9:7e:fb:e8:9d:b3:39:34:ee:61:09:
         a6:c3:8b:73:e3:db:03:0b:28:3c:6e:9a:9a:ab:86:20:42:33:
         df:3c:7e:c4:a2:1b:f6:e1:92:78:a8:85:11:df:85:00:a4:01:
         89:e5:2a:b1:90:ae:07:a6:2d:67:d3:85:b7:3c:a1:29:d6:72:
         3b:d6:3d:bb:f9:2b:25:59:1a:cf:33:3d:1b:d2:90:e0:20:23:
         ae:8f:f5:48:41:f1:ea:8b:a8:4e:df:38:72:70:a5:0b:b6:ce:
         39:18:46:91:91:21:e9:3d:a0:fb:05:d7:90:b6:d5:08:39:06:
         0f:26:4d:41:70:9a:4a:10:fe:6a:74:87:e4:6a:a4:1b:e4:23:
         e7:7a:80:24:6b:31:12:c2:b1:54:6e:4e:99:a7:e5:26:6f:39:
         46:7a:78:ab:8a:0a:57:a8:92:c4:7b:8f:4d:82:03:24:a4:d0:
         05:cb:2c:79
-----BEGIN CERTIFICATE-----
MIIFezCCBGOgAwIBAgISAZt9XERCWy5NxC7mGXY6BGyPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYxOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmIyNWQ4NTlmZjA2YmUxZWJjOTdhZGQ1ZGVjMDVkMzZmY2RjYTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst8A4PhuVw9OsSV8VbLj67iNq2p8
STGWIzte9TnjPbvM0v7CJ+iPGFpnOJWHEXq3x5f/7+dzInTQ4LdAehOO+7Au7ZCj
CUb2dRus8xA3Vm+2oQLuL7qOPc0O5A8V7MjLwIKl58e/cEuCBV9fStxAaDqUmhFa
+DGGwQ2VyLvDptfi32rABlQR9aRAxc54kPK0Z0m6oHkyzk906NhkW/iZVDXDutC/
Q0fgyh4dvCV5b7y2ImJBOcNHiKk3lcL2nYKiHlPf16vg4m55Eng0w2fMCJ6FOcPe
CLDWHZFaqbW088C6DnKU8619DD+uwTj0SFsEVmqk/i9rmaTWMGwOoqDgFQIDAQAB
o4IChzCCAoMwHQYDVR0OBBYEFHKyXYWf8Gvh68l63V3sBdNvzcotMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E2LzJmODMz
Zi1hN2U4LTRmOWQtYTM4My0xMjNmYTJhYjk0MDgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTYvMmY4MzNm
LWE3ZTgtNGY5ZC1hMzgzLTEyM2ZhMmFiOTQwOC8xL2NySmRoWl93YS1IcnlYcmRY
ZXdGMDJfTnlpMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAmAMA0GCSqGSIb3DQEBCwUAA4IBAQBK
Iqi1S5QQjainh3nCzjt7MJ4NTvtyc5JXl90hJ1BeoSQoMhOeHjvV/gHIeeYaJ0js
bd3m/Qm5/R9yzd/+3C+JMHYARSoOQfE/roGfzMem+X776J2zOTTuYQmmw4tz49sD
Cyg8bpqaq4YgQjPfPH7Eohv24ZJ4qIUR34UApAGJ5SqxkK4Hpi1n04W3PKEp1nI7
1j27+SslWRrPMz0b0pDgICOuj/VIQfHqi6hO3zhycKULts45GEaRkSHpPaD7BdeQ
ttUIOQYPJk1BcJpKEP5qdIfkaqQb5CPneoAkazESwrFUbk6Zp+UmbzlGenirigpX
qJLEe49NggMkpNAFyyx5
-----END CERTIFICATE-----