This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/k4EH0RRkaaEaY-X10tfbj28717M.cer
File:                     k4EH0RRkaaEaY-X10tfbj28717M.cer (raw, json)
Hash identifier:          doryiQe5n+BYEo/7YmSuDwrE6cUxFY5GCL9N51mDlUY=
Subject key identifier:   93:81:07:D1:14:64:69:A1:1A:63:E5:F5:D2:D7:DB:8F:6F:3B:D7:B3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7D5B079CE7F0197DA23D81CBA37DF5D9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/71/aff4a9-3c5e-4a71-b524-cbc6ccc08932/1/k4EH0RRkaaEaY-X10tfbj28717M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/71/aff4a9-3c5e-4a71-b524-cbc6ccc08932/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 06:17:56 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 212099
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:10:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:07:9c:e7:f0:19:7d:a2:3d:81:cb:a3:7d:f5:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:17:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=938107d1146469a11a63e5f5d2d7db8f6f3bd7b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:e9:9f:b5:4c:c7:cd:05:66:85:69:59:92:87:
                    94:9b:a3:f8:80:fe:ed:3d:c9:20:7b:34:96:b8:3f:
                    17:5d:e4:30:1d:d8:1d:7a:2f:84:23:c4:da:06:e2:
                    6c:e2:c8:28:b5:83:5b:8d:da:38:70:d6:b1:51:51:
                    78:86:70:0e:64:e7:a2:00:9e:2c:cb:d7:93:f5:06:
                    b9:4b:a0:57:95:20:ba:60:80:b1:b0:42:5d:cd:b1:
                    eb:1f:46:21:5f:99:94:81:26:eb:8d:6b:29:cd:b2:
                    32:db:49:03:b0:17:14:d7:ec:bb:66:f1:cc:c3:cc:
                    81:21:c2:9c:59:b2:d9:4c:17:a0:ea:8f:c6:1e:e5:
                    65:4f:dd:11:81:30:11:8b:ca:4c:48:82:f1:1e:1d:
                    68:07:16:fb:4a:12:6a:96:0d:f2:b0:b1:4a:1d:4c:
                    32:6d:66:f6:a8:02:35:29:71:84:e4:5e:9a:0e:49:
                    33:5a:11:96:bf:7c:e6:18:62:85:f1:6a:54:c0:79:
                    4b:00:06:4e:ad:27:3b:3a:25:8b:25:f4:2a:b2:2a:
                    f6:d2:86:ee:ca:f0:6c:5f:a9:5c:04:8e:79:8b:e4:
                    82:0f:9a:07:17:53:a5:16:2f:19:c3:1c:c6:54:61:
                    8f:a3:ec:e6:94:d8:ee:50:99:90:55:31:fa:20:db:
                    ad:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:81:07:D1:14:64:69:A1:1A:63:E5:F5:D2:D7:DB:8F:6F:3B:D7:B3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/aff4a9-3c5e-4a71-b524-cbc6ccc08932/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/aff4a9-3c5e-4a71-b524-cbc6ccc08932/1/k4EH0RRkaaEaY-X10tfbj28717M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212099

    Signature Algorithm: sha256WithRSAEncryption
         7d:c6:37:0f:07:e2:a2:3e:75:80:07:ca:54:17:a2:f1:b2:b9:
         bd:75:b9:b6:5f:26:a4:25:7e:c5:bf:ad:d3:35:3b:e2:d9:f8:
         4d:ce:41:b6:a6:43:54:f4:e8:14:06:66:58:1f:c1:55:a2:f7:
         57:77:54:b7:45:f0:26:ba:f5:bb:a2:04:f7:9e:b5:31:2f:f4:
         93:9f:ee:48:d9:57:d2:e9:01:d5:32:5d:9b:1b:6d:de:92:f2:
         40:66:bd:8f:e3:ac:0a:cc:9d:1f:6c:1c:4e:a7:e6:ff:91:1c:
         38:1c:4f:e0:b3:60:2e:b7:a9:e4:88:6f:11:05:3f:84:e7:95:
         91:69:5a:bc:f5:6a:2e:c9:d4:5e:ca:9b:60:d2:a4:ca:46:3f:
         27:c8:1e:c5:58:e5:df:8a:95:f0:9a:de:57:3b:03:dd:d8:da:
         a5:d4:db:f4:d4:63:45:50:72:83:53:c2:2a:83:8b:00:a2:5f:
         d7:ce:31:a4:37:21:55:1e:e1:e9:b6:93:eb:63:50:39:c8:46:
         1e:0a:09:5f:ab:6d:c0:be:46:f7:33:60:d8:49:eb:ee:7f:3e:
         d1:5e:d6:1b:2f:79:fd:0a:f8:0d:75:60:b1:16:6d:39:59:ba:
         78:a8:f6:f0:18:9a:a7:0c:39:75:fb:0f:9d:52:16:7a:13:31:
         3f:e2:a1:a6
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt9Wwec5/AZfaI9gcujffXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYxNzU2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzgxMDdkMTE0NjQ2OWExMWE2M2U1ZjVkMmQ3ZGI4ZjZmM2JkN2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzemftUzHzQVmhWlZkoeUm6P4gP7t
PckgezSWuD8XXeQwHdgdei+EI8TaBuJs4sgotYNbjdo4cNaxUVF4hnAOZOeiAJ4s
y9eT9Qa5S6BXlSC6YICxsEJdzbHrH0YhX5mUgSbrjWspzbIy20kDsBcU1+y7ZvHM
w8yBIcKcWbLZTBeg6o/GHuVlT90RgTARi8pMSILxHh1oBxb7ShJqlg3ysLFKHUwy
bWb2qAI1KXGE5F6aDkkzWhGWv3zmGGKF8WpUwHlLAAZOrSc7OiWLJfQqsir20obu
yvBsX6lcBI55i+SCD5oHF1OlFi8ZwxzGVGGPo+zmlNjuUJmQVTH6INutXQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFJOBB9EUZGmhGmPl9dLX249vO9ezMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzcxL2FmZjRh
OS0zYzVlLTRhNzEtYjUyNC1jYmM2Y2NjMDg5MzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzEvYWZmNGE5
LTNjNWUtNGE3MS1iNTI0LWNiYzZjY2MwODkzMi8xL2s0RUgwUlJrYWFFYVktWDEw
dGZiajI4NzE3TS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM8gzANBgkqhkiG9w0BAQsFAAOCAQEAfcY3Dwfioj51
gAfKVBei8bK5vXW5tl8mpCV+xb+t0zU74tn4Tc5BtqZDVPToFAZmWB/BVaL3V3dU
t0XwJrr1u6IE9561MS/0k5/uSNlX0ukB1TJdmxtt3pLyQGa9j+OsCsydH2wcTqfm
/5EcOBxP4LNgLrep5IhvEQU/hOeVkWlavPVqLsnUXsqbYNKkykY/J8gexVjl34qV
8JreVzsD3djapdTb9NRjRVByg1PCKoOLAKJf184xpDchVR7h6baT62NQOchGHgoJ
X6ttwL5G9zNg2Enr7n8+0V7WGy95/Qr4DXVgsRZtOVm6eKj28Biapww5dfsPnVIW
ehMxP+Khpg==
-----END CERTIFICATE-----