This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iZOf8Sk7fiJ3n8VbTIPxPlLpRCg.cer
File:                     iZOf8Sk7fiJ3n8VbTIPxPlLpRCg.cer (raw, json)
Hash identifier:          MjN40wDIhYxqgtajp/wt7fIQj1Uoh5O5zIikNbUlMkU=
Subject key identifier:   89:93:9F:F1:29:3B:7E:22:77:9F:C5:5B:4C:83:F1:3E:52:E9:44:28
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B78345FB33FB6A18E4034BD366BF7271E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/55/a10ddf-bb6e-4bb0-beff-0e68000b3537/1/iZOf8Sk7fiJ3n8VbTIPxPlLpRCg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/55/a10ddf-bb6e-4bb0-beff-0e68000b3537/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 06:17:36 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 91.216.119.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 10:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:5f:b3:3f:b6:a1:8e:40:34:bd:36:6b:f7:27:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89939ff1293b7e22779fc55b4c83f13e52e94428
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9c:1f:3d:5e:66:36:f8:0d:6e:55:02:f8:87:
                    1b:6d:48:c8:8c:43:60:96:29:7e:0b:95:7b:ff:f5:
                    e1:97:ec:90:55:a6:75:d3:bc:f3:ac:30:28:e6:de:
                    14:12:8a:c5:2e:05:af:82:e1:55:63:a3:41:dc:ff:
                    4a:e5:8a:6d:6b:58:3e:07:74:22:d9:7c:78:6e:56:
                    5f:97:1c:5d:8d:a9:fe:90:d0:36:7b:ed:29:70:c9:
                    42:62:b3:3c:8e:e7:fc:f8:f6:a5:25:cf:5d:88:76:
                    be:2a:b2:e4:55:34:82:9c:a1:4d:7c:fb:49:15:9f:
                    5a:bf:1f:76:a4:be:49:a4:5c:99:bc:13:c0:47:54:
                    53:dd:60:4f:98:3a:84:73:04:09:b5:29:71:18:1c:
                    08:f0:e8:bb:2b:e4:22:53:b4:40:43:ff:0b:65:81:
                    bc:a9:71:9e:cc:ce:f9:5b:cd:d1:24:08:b1:15:81:
                    f0:2c:99:77:3d:6e:6c:c7:ef:09:a1:29:af:f7:fe:
                    cf:70:f5:03:3e:44:20:b7:31:9a:8b:5a:57:3f:45:
                    29:57:59:63:48:0a:08:52:69:64:9e:2d:c6:e0:0a:
                    18:c2:2a:54:d0:02:6c:62:3a:7f:e0:d4:7b:67:82:
                    88:69:61:68:53:48:83:4c:50:c3:f1:71:a1:94:e7:
                    2f:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:93:9F:F1:29:3B:7E:22:77:9F:C5:5B:4C:83:F1:3E:52:E9:44:28
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a10ddf-bb6e-4bb0-beff-0e68000b3537/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a10ddf-bb6e-4bb0-beff-0e68000b3537/1/iZOf8Sk7fiJ3n8VbTIPxPlLpRCg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:98:b8:7f:7a:17:61:86:61:4a:ab:de:6b:a7:d5:a0:6c:aa:
         48:5b:db:0e:9c:ba:37:23:3f:8c:7d:84:35:cd:9d:76:18:03:
         0d:f9:9a:eb:e7:0d:88:89:04:59:5a:ee:f8:a9:91:6c:a7:41:
         61:cc:ca:48:03:b8:ef:95:66:d3:92:7e:67:35:4a:2c:e3:3f:
         1c:b9:db:8c:67:75:0f:6c:e1:38:4b:68:54:b6:ca:d3:b2:a0:
         36:42:1a:3e:c7:fc:20:d2:af:92:45:00:d0:86:09:49:d0:7f:
         5b:99:b4:9d:d4:f6:49:b9:cc:f9:d1:22:9f:1b:3b:a9:bf:58:
         ec:0e:3a:87:af:fe:a2:5c:c6:d2:76:8d:1f:dc:83:57:02:4f:
         c0:d5:e4:d9:23:79:44:3a:eb:75:8e:42:6c:08:17:24:63:8c:
         6d:54:cf:ed:06:19:6f:07:0a:ff:8d:82:ff:01:fc:ed:9c:c1:
         72:d4:57:97:65:e3:9f:fd:f2:d5:59:a0:e8:ba:33:7b:85:26:
         b6:d8:5c:c3:e0:71:01:98:06:7c:1c:33:ac:6b:8e:75:38:8c:
         0d:16:f2:ee:fa:1b:82:5c:e6:32:ca:90:18:15:8d:2c:69:f2:
         b8:ae:98:35:5c:93:f3:a7:3e:47:70:59:b4:db:b3:2c:41:56:
         bd:4a:9d:7b
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt4NF+zP7ahjkA0vTZr9yceMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDYxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTkzOWZmMTI5M2I3ZTIyNzc5ZmM1NWI0YzgzZjEzZTUyZTk0NDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipwfPV5mNvgNblUC+IcbbUjIjENg
lil+C5V7//Xhl+yQVaZ107zzrDAo5t4UEorFLgWvguFVY6NB3P9K5Ypta1g+B3Qi
2Xx4blZflxxdjan+kNA2e+0pcMlCYrM8juf8+PalJc9diHa+KrLkVTSCnKFNfPtJ
FZ9avx92pL5JpFyZvBPAR1RT3WBPmDqEcwQJtSlxGBwI8Oi7K+QiU7RAQ/8LZYG8
qXGezM75W83RJAixFYHwLJl3PW5sx+8JoSmv9/7PcPUDPkQgtzGai1pXP0UpV1lj
SAoIUmlkni3G4AoYwipU0AJsYjp/4NR7Z4KIaWFoU0iDTFDD8XGhlOcvlQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFImTn/EpO34id5/FW0yD8T5S6UQoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU1L2ExMGRk
Zi1iYjZlLTRiYjAtYmVmZi0wZTY4MDAwYjM1MzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTUvYTEwZGRm
LWJiNmUtNGJiMC1iZWZmLTBlNjgwMDBiMzUzNy8xL2laT2Y4U2s3ZmlKM244VmJU
SVB4UGxMcFJDZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9h3MA0GCSqGSIb3DQEBCwUAA4IBAQAdmLh/
ehdhhmFKq95rp9WgbKpIW9sOnLo3Iz+MfYQ1zZ12GAMN+Zrr5w2IiQRZWu74qZFs
p0FhzMpIA7jvlWbTkn5nNUos4z8cuduMZ3UPbOE4S2hUtsrTsqA2Qho+x/wg0q+S
RQDQhglJ0H9bmbSd1PZJucz50SKfGzupv1jsDjqHr/6iXMbSdo0f3INXAk/A1eTZ
I3lEOut1jkJsCBckY4xtVM/tBhlvBwr/jYL/AfztnMFy1FeXZeOf/fLVWaDoujN7
hSa22FzD4HEBmAZ8HDOsa451OIwNFvLu+huCXOYyypAYFY0safK4rpg1XJPzpz5H
cFm027MsQVa9Sp17
-----END CERTIFICATE-----