This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kDYQzypUZDoKG2sVH6ZuMlAEy0o.cer
File:                     kDYQzypUZDoKG2sVH6ZuMlAEy0o.cer (raw, json)
Hash identifier:          5H+6iKEEUV4sa9PSrcSlRPz9Si/nlZGe2y4y7vLJ8h4=
Subject key identifier:   90:36:10:CF:2A:54:64:3A:0A:1B:6B:15:1F:A6:6E:32:50:04:CB:4A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7EA505A8D336430FE3F0187322927270
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/63/b4e1bb-346a-44b3-a0af-bc53f388fafa/1/kDYQzypUZDoKG2sVH6ZuMlAEy0o.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/63/b4e1bb-346a-44b3-a0af-bc53f388fafa/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 12:18:22 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 213253
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:05:a8:d3:36:43:0f:e3:f0:18:73:22:92:72:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=903610cf2a54643a0a1b6b151fa66e325004cb4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:46:c5:54:96:ba:f0:20:58:48:7c:9b:e7:21:
                    86:ea:24:fa:bc:05:a1:20:42:8e:59:07:ee:1f:a3:
                    13:29:3e:42:bd:ce:90:a6:55:73:12:27:1e:75:e8:
                    9b:2f:5c:61:db:1b:64:6e:a5:62:21:b2:58:82:6c:
                    09:1c:fa:e6:35:c2:81:eb:5a:4d:cf:ac:f3:67:16:
                    ef:d3:04:b2:b0:99:d8:d1:d2:d9:ed:94:6f:3e:45:
                    d4:98:7f:81:3c:94:91:12:10:7c:d8:af:80:02:17:
                    c9:ff:e9:33:dd:04:63:f4:38:29:30:eb:5b:ce:46:
                    16:00:c8:dc:e1:b3:63:c4:58:72:a9:2d:c5:d6:60:
                    8f:4c:92:c1:6b:1e:c3:35:7b:4e:5d:e8:e0:8c:44:
                    dd:79:eb:fc:01:20:79:54:a6:54:f2:99:8a:37:47:
                    ac:bb:4f:e5:28:a0:29:35:c3:f6:5b:b9:2c:ed:8e:
                    05:7d:fb:ac:af:a0:46:09:3e:ee:2e:16:bc:da:ab:
                    1f:d1:18:9b:cb:2b:32:63:ae:af:fc:2a:5f:d0:d4:
                    c4:6f:82:5d:0c:49:6f:ea:20:a9:03:1f:45:51:6c:
                    81:61:3d:80:d9:3f:4a:76:ae:12:b2:01:df:a6:0f:
                    a8:9b:d3:29:59:57:31:4b:ea:27:16:96:ea:60:c0:
                    4f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:36:10:CF:2A:54:64:3A:0A:1B:6B:15:1F:A6:6E:32:50:04:CB:4A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/b4e1bb-346a-44b3-a0af-bc53f388fafa/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/b4e1bb-346a-44b3-a0af-bc53f388fafa/1/kDYQzypUZDoKG2sVH6ZuMlAEy0o.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213253

    Signature Algorithm: sha256WithRSAEncryption
         90:e4:7e:91:c2:e3:24:6f:15:b8:5b:8e:3c:58:ff:8e:02:a4:
         2c:7c:0f:fe:73:ba:3a:f1:e4:92:d0:08:11:8d:10:dc:08:6e:
         31:c9:ee:41:8d:da:8c:92:66:e3:9d:42:57:bd:66:ae:22:72:
         34:19:05:0b:bf:62:56:be:f0:96:bd:c3:41:0f:0e:41:81:39:
         b1:1c:86:e4:c0:ec:07:30:fc:80:e7:a1:24:a8:3e:27:80:f5:
         4f:67:49:dd:dc:c1:7b:c1:4d:66:48:bf:d1:8e:f8:a3:d2:15:
         67:63:7f:5e:c4:a8:1a:92:d8:34:63:22:0d:fe:fc:40:07:00:
         50:b8:25:6d:1c:74:c1:d3:ba:62:36:47:a8:09:4c:62:f9:91:
         94:d5:43:d1:a3:2d:72:4a:73:2f:9e:35:92:cd:a6:5a:71:68:
         7c:b7:58:6b:56:b7:ad:0a:17:36:ab:6b:9c:e3:67:f0:b9:34:
         f1:28:79:76:4b:49:ff:33:63:fc:72:79:99:0d:09:ee:47:0a:
         59:e3:8b:d9:d9:49:9b:d9:e8:ba:12:d1:a8:8a:20:78:26:d9:
         79:95:21:38:3b:b0:03:40:bf:f7:34:94:b7:ff:fc:f7:04:a8:
         b6:d8:5f:c7:8a:b7:39:be:38:23:d7:47:b9:1f:6a:e0:e7:4c:
         b5:75:76:77
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt+pQWo0zZDD+PwGHMiknJwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTIxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDM2MTBjZjJhNTQ2NDNhMGExYjZiMTUxZmE2NmUzMjUwMDRjYjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kbFVJa68CBYSHyb5yGG6iT6vAWh
IEKOWQfuH6MTKT5Cvc6QplVzEicedeibL1xh2xtkbqViIbJYgmwJHPrmNcKB61pN
z6zzZxbv0wSysJnY0dLZ7ZRvPkXUmH+BPJSREhB82K+AAhfJ/+kz3QRj9DgpMOtb
zkYWAMjc4bNjxFhyqS3F1mCPTJLBax7DNXtOXejgjETdeev8ASB5VKZU8pmKN0es
u0/lKKApNcP2W7ks7Y4Fffusr6BGCT7uLha82qsf0RibyysyY66v/Cpf0NTEb4Jd
DElv6iCpAx9FUWyBYT2A2T9Kdq4SsgHfpg+om9MpWVcxS+onFpbqYMBPKQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFJA2EM8qVGQ6ChtrFR+mbjJQBMtKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYzL2I0ZTFi
Yi0zNDZhLTQ0YjMtYTBhZi1iYzUzZjM4OGZhZmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjMvYjRlMWJi
LTM0NmEtNDRiMy1hMGFmLWJjNTNmMzg4ZmFmYS8xL2tEWVF6eXBVWkRvS0cyc1ZI
Nlp1TWxBRXkwby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNBBTANBgkqhkiG9w0BAQsFAAOCAQEAkOR+kcLjJG8V
uFuOPFj/jgKkLHwP/nO6OvHkktAIEY0Q3AhuMcnuQY3ajJJm451CV71mriJyNBkF
C79iVr7wlr3DQQ8OQYE5sRyG5MDsBzD8gOehJKg+J4D1T2dJ3dzBe8FNZki/0Y74
o9IVZ2N/XsSoGpLYNGMiDf78QAcAULglbRx0wdO6YjZHqAlMYvmRlNVD0aMtckpz
L541ks2mWnFofLdYa1a3rQoXNqtrnONn8Lk08Sh5dktJ/zNj/HJ5mQ0J7kcKWeOL
2dlJm9nouhLRqIogeCbZeZUhODuwA0C/9zSUt//89wSotthfx4q3Ob44I9dHuR9q
4OdMtXV2dw==
-----END CERTIFICATE-----