This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mCpUHVrI_3uwQIx0NKwQEu_3PLU.cer
File:                     mCpUHVrI_3uwQIx0NKwQEu_3PLU.cer (raw, json)
Hash identifier:          YttNkm12JPLZXK3TJl8oDyY5lIBBq/evtT4CEgcz2+c=
Subject key identifier:   98:2A:54:1D:5A:C8:FF:7B:B0:40:8C:74:34:AC:10:12:EF:F7:3C:B5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7E3877D31C22D7965C995E8207474979
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/mCpUHVrI_3uwQIx0NKwQEu_3PLU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 10:19:48 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 134.28.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:77:d3:1c:22:d7:96:5c:99:5e:82:07:47:49:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:19:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=982a541d5ac8ff7bb0408c7434ac1012eff73cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:71:a5:80:64:5f:e1:60:ea:47:38:f9:72:fa:
                    48:52:44:c7:82:74:aa:08:4c:b6:c0:12:7e:61:b7:
                    c0:95:39:e3:0d:0e:7b:29:e2:60:eb:b7:7f:4b:3b:
                    fb:6b:99:9b:96:b6:01:2f:03:8d:c3:cc:96:d3:ae:
                    db:ab:a7:b2:a3:13:78:8e:b4:02:32:80:e2:e1:20:
                    fc:26:75:32:2f:e8:d9:07:ff:79:a9:52:63:4a:3e:
                    5b:35:98:63:29:96:71:7f:f8:f7:61:1b:c7:01:88:
                    42:62:4e:7e:b1:3d:58:36:f2:47:84:8e:35:f0:54:
                    fe:e9:56:3b:bc:fb:1c:df:14:8d:b5:cc:46:1e:b5:
                    d2:9b:96:5d:81:7b:04:69:09:49:10:8b:c9:c4:0e:
                    75:39:2c:6e:78:34:26:75:e0:d7:78:4c:cc:6c:51:
                    a9:a4:04:36:e4:a0:b2:04:a7:dc:9a:9a:01:58:6e:
                    af:6d:10:84:c1:e9:1d:91:fe:43:6b:9d:7c:12:ee:
                    94:2b:e5:75:c0:90:2b:92:b1:d8:a8:cd:de:fa:d2:
                    94:f9:7a:43:dd:10:32:db:9d:09:a5:b8:13:63:39:
                    55:3f:04:c2:6a:71:4e:de:21:1a:15:94:87:61:79:
                    f7:3e:32:03:04:44:a7:e8:b5:35:05:aa:ca:a7:12:
                    da:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:2A:54:1D:5A:C8:FF:7B:B0:40:8C:74:34:AC:10:12:EF:F7:3C:B5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/b9cf3b-9572-4992-b247-01208d86ddcc/1/mCpUHVrI_3uwQIx0NKwQEu_3PLU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.28.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         63:4b:64:81:ca:c2:0d:74:e3:c7:3f:3e:4e:89:a8:19:96:38:
         00:61:98:84:f2:49:9c:24:e5:93:2f:a6:db:5a:45:65:39:87:
         7c:18:75:49:f4:d4:1e:3b:db:ae:02:90:fe:d8:45:b9:17:52:
         f8:19:f0:3f:36:05:7a:43:4b:fb:5e:a9:58:0f:9e:51:e8:a8:
         17:ed:4f:b9:38:44:d4:fc:a5:f9:ce:ce:f6:56:c6:9f:b7:07:
         3c:f4:44:8f:a0:c2:2e:e5:3a:38:83:d0:73:52:e0:ed:cd:4d:
         0f:ea:39:dc:4a:53:f6:75:ae:19:ad:16:27:0b:80:48:4c:32:
         25:1b:12:0a:0d:95:b1:53:52:2b:86:d9:d1:a0:46:2e:d4:99:
         f8:f6:ba:09:8c:f5:92:68:5c:90:e5:e1:7d:99:11:2c:aa:8f:
         6f:65:24:82:cf:94:dd:4d:bd:12:8c:c8:20:ca:f8:06:5c:14:
         a3:b7:29:86:c3:48:a6:fa:cc:34:e5:ac:2e:16:5d:9e:17:db:
         d1:b7:8b:6f:80:65:39:6d:63:61:9d:0c:1e:8a:a2:b3:5f:9e:
         e7:97:09:2a:bd:eb:a6:c2:09:db:d5:9f:7a:c5:81:64:e9:13:
         94:4e:df:b3:38:0a:3b:41:31:2e:1c:fb:72:f0:1c:83:78:14:
         fd:b8:78:ba
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZt+OHfTHCLXllyZXoIHR0l5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTAxOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODJhNTQxZDVhYzhmZjdiYjA0MDhjNzQzNGFjMTAxMmVmZjczY2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHGlgGRf4WDqRzj5cvpIUkTHgnSq
CEy2wBJ+YbfAlTnjDQ57KeJg67d/Szv7a5mblrYBLwONw8yW067bq6eyoxN4jrQC
MoDi4SD8JnUyL+jZB/95qVJjSj5bNZhjKZZxf/j3YRvHAYhCYk5+sT1YNvJHhI41
8FT+6VY7vPsc3xSNtcxGHrXSm5ZdgXsEaQlJEIvJxA51OSxueDQmdeDXeEzMbFGp
pAQ25KCyBKfcmpoBWG6vbRCEwekdkf5Da518Eu6UK+V1wJArkrHYqM3e+tKU+XpD
3RAy250JpbgTYzlVPwTCanFO3iEaFZSHYXn3PjIDBESn6LU1BarKpxLaxwIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFJgqVB1ayP97sECMdDSsEBLv9zy1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA4L2I5Y2Yz
Yi05NTcyLTQ5OTItYjI0Ny0wMTIwOGQ4NmRkY2MvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDgvYjljZjNi
LTk1NzItNDk5Mi1iMjQ3LTAxMjA4ZDg2ZGRjYy8xL21DcFVIVnJJXzN1d1FJeDBO
S3dRRXVfM1BMVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAhhwwDQYJKoZIhvcNAQELBQADggEBAGNLZIHK
wg1048c/Pk6JqBmWOABhmITySZwk5ZMvpttaRWU5h3wYdUn01B47264CkP7YRbkX
UvgZ8D82BXpDS/teqVgPnlHoqBftT7k4RNT8pfnOzvZWxp+3Bzz0RI+gwi7lOjiD
0HNS4O3NTQ/qOdxKU/Z1rhmtFicLgEhMMiUbEgoNlbFTUiuG2dGgRi7Umfj2ugmM
9ZJoXJDl4X2ZESyqj29lJILPlN1NvRKMyCDK+AZcFKO3KYbDSKb6zDTlrC4WXZ4X
29G3i2+AZTltY2GdDB6KorNfnueXCSq966bCCdvVn3rFgWTpE5RO37M4CjtBMS4c
+3LwHIN4FP24eLo=
-----END CERTIFICATE-----