This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jTIMX_DNvi1RsIuPYB5PCkRVDzI.cer
File:                     jTIMX_DNvi1RsIuPYB5PCkRVDzI.cer (raw, json)
Hash identifier:          smtcI/TBtCh3R3P/D6Zg0WeWXQ5GbpAZfBpZOou6GIQ=
Subject key identifier:   8D:32:0C:5F:F0:CD:BE:2D:51:B0:8B:8F:60:1E:4F:0A:44:55:0F:32
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7F843317937BFF42F4CC4C9EE32EDA28
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e9/49c2e9-49df-41c7-bdd4-1b513ebd4330/1/jTIMX_DNvi1RsIuPYB5PCkRVDzI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e9/49c2e9-49df-41c7-bdd4-1b513ebd4330/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 16:22:08 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 195.66.99.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:33:17:93:7b:ff:42:f4:cc:4c:9e:e3:2e:da:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 16:22:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d320c5ff0cdbe2d51b08b8f601e4f0a44550f32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:50:a1:4a:2a:66:ca:bc:5b:a3:07:c3:82:32:
                    dc:a3:51:db:ff:7d:fb:2a:c9:84:59:04:54:78:ad:
                    ac:08:f0:95:bb:91:1e:67:07:dc:94:00:f5:82:54:
                    95:5b:a4:52:40:f2:11:65:13:16:b0:29:02:99:61:
                    ce:f7:14:e1:42:17:96:f4:86:fc:54:f5:b7:58:ec:
                    b0:e7:4b:0a:bc:9a:18:94:a9:5e:12:f8:ba:a7:e6:
                    57:f3:7a:86:a0:8b:ab:07:e6:47:fb:0a:bf:39:22:
                    be:fe:e8:96:4c:9a:cb:37:be:f5:0d:2a:36:64:3a:
                    60:32:4a:ed:e4:d3:7d:49:b7:cf:29:81:ac:f2:71:
                    60:78:90:db:eb:0f:54:12:59:42:43:67:bb:86:36:
                    3b:2d:04:60:f3:c2:6b:ff:c8:4b:2b:cc:bd:80:b1:
                    0c:bf:1b:26:d1:3e:93:f1:21:7b:b1:16:de:36:13:
                    6c:1e:d8:8c:d3:51:74:32:08:ed:b8:a9:c4:8e:b1:
                    fa:7f:52:e1:b5:34:e2:b2:ab:5d:76:ab:db:ab:b3:
                    68:e9:01:a1:5d:c7:f2:9e:08:5c:db:2f:e1:5a:b1:
                    03:38:10:99:8b:09:14:02:14:bc:87:41:fb:7d:5d:
                    af:84:fe:a9:46:16:e0:37:5f:0b:52:ca:96:64:0a:
                    c3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:32:0C:5F:F0:CD:BE:2D:51:B0:8B:8F:60:1E:4F:0A:44:55:0F:32
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/49c2e9-49df-41c7-bdd4-1b513ebd4330/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/49c2e9-49df-41c7-bdd4-1b513ebd4330/1/jTIMX_DNvi1RsIuPYB5PCkRVDzI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.66.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:c7:01:30:0c:55:75:84:db:72:e1:eb:91:57:9b:cc:9e:65:
         6e:ff:9d:b3:ad:52:c5:15:db:29:c5:30:36:d1:c0:70:35:46:
         ea:d7:d0:46:9f:61:9d:c1:40:2b:f0:6b:2b:86:24:6f:f9:5b:
         24:d0:66:03:ba:d8:23:6f:93:8f:b0:30:b0:9c:6b:6d:70:e9:
         d9:51:f4:4b:26:07:0a:ad:a9:d9:98:20:47:07:65:01:8a:08:
         f5:ac:33:e4:d9:4a:54:97:b6:2d:6d:76:68:98:8e:d1:34:96:
         81:71:96:56:64:8f:c9:59:bc:74:76:9c:c3:6e:86:48:96:79:
         af:9f:a3:ef:35:a8:4c:71:9b:1d:d8:ae:02:54:55:2e:49:c7:
         7e:71:42:f3:ba:38:c3:6e:d2:03:dc:dc:9e:a8:f6:e6:6b:03:
         eb:7c:ca:3a:79:ca:1e:33:8c:2a:13:4e:0b:14:50:96:9c:9d:
         05:3b:c0:46:71:72:75:e8:40:43:61:44:25:72:42:b7:22:30:
         9d:ad:d2:7c:2b:4c:b1:c8:cf:6d:62:d0:d6:c3:f5:f3:f8:7c:
         5c:86:c1:07:96:0a:cd:ca:56:9d:54:a1:db:15:6b:89:1b:ba:
         9b:d3:42:6f:0c:20:d6:af:84:95:df:70:04:07:f5:6d:ee:74:
         7d:d0:db:be
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt/hDMXk3v/QvTMTJ7jLtooMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTYyMjA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDMyMGM1ZmYwY2RiZTJkNTFiMDhiOGY2MDFlNGYwYTQ0NTUwZjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyVChSipmyrxbowfDgjLco1Hb/337
KsmEWQRUeK2sCPCVu5EeZwfclAD1glSVW6RSQPIRZRMWsCkCmWHO9xThQheW9Ib8
VPW3WOyw50sKvJoYlKleEvi6p+ZX83qGoIurB+ZH+wq/OSK+/uiWTJrLN771DSo2
ZDpgMkrt5NN9SbfPKYGs8nFgeJDb6w9UEllCQ2e7hjY7LQRg88Jr/8hLK8y9gLEM
vxsm0T6T8SF7sRbeNhNsHtiM01F0MgjtuKnEjrH6f1LhtTTisqtddqvbq7No6QGh
Xcfynghc2y/hWrEDOBCZiwkUAhS8h0H7fV2vhP6pRhbgN18LUsqWZArDSQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFI0yDF/wzb4tUbCLj2AeTwpEVQ8yMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U5LzQ5YzJl
OS00OWRmLTQxYzctYmRkNC0xYjUxM2ViZDQzMzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTkvNDljMmU5
LTQ5ZGYtNDFjNy1iZGQ0LTFiNTEzZWJkNDMzMC8xL2pUSU1YX0ROdmkxUnNJdVBZ
QjVQQ2tSVkR6SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw0JjMA0GCSqGSIb3DQEBCwUAA4IBAQB4xwEw
DFV1hNty4euRV5vMnmVu/52zrVLFFdspxTA20cBwNUbq19BGn2GdwUAr8GsrhiRv
+Vsk0GYDutgjb5OPsDCwnGttcOnZUfRLJgcKranZmCBHB2UBigj1rDPk2UpUl7Yt
bXZomI7RNJaBcZZWZI/JWbx0dpzDboZIlnmvn6PvNahMcZsd2K4CVFUuScd+cULz
ujjDbtID3NyeqPbmawPrfMo6ecoeM4wqE04LFFCWnJ0FO8BGcXJ16EBDYUQlckK3
IjCdrdJ8K0yxyM9tYtDWw/Xz+HxchsEHlgrNyladVKHbFWuJG7qb00JvDCDWr4SV
33AEB/Vt7nR90Nu+
-----END CERTIFICATE-----