This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/mNtTOItvp7HlovTGhjq3Hxz7VRI.cer
File:                     mNtTOItvp7HlovTGhjq3Hxz7VRI.cer (raw, json)
Hash identifier:          0OzqW/TfBn+bugMCacmcX4l4QSX62n7LX9Y1D21+y2Y=
Subject key identifier:   98:DB:53:38:8B:6F:A7:B1:E5:A2:F4:C6:86:3A:B7:1F:1C:FB:55:12
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B77C6C262A5B702A5D548959B3E56E2D1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/18/996da3-9f8c-475b-8bf6-c7467da2db60/1/mNtTOItvp7HlovTGhjq3Hxz7VRI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/18/996da3-9f8c-475b-8bf6-c7467da2db60/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 04:17:53 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 41793
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:c2:62:a5:b7:02:a5:d5:48:95:9b:3e:56:e2:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:17:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98db53388b6fa7b1e5a2f4c6863ab71f1cfb5512
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:12:7f:93:c1:96:81:41:b8:51:1e:a2:b4:91:
                    72:ec:43:37:c5:8e:17:b5:33:84:01:de:07:49:84:
                    9d:6f:67:37:c0:41:c9:f3:1e:ed:3c:81:3a:9f:cf:
                    c5:ec:a8:8b:50:1f:0a:e5:c5:e7:41:3d:6d:8e:36:
                    36:43:53:14:1a:b1:33:85:e4:bd:6b:e9:90:01:a3:
                    cc:c6:f7:81:e1:43:aa:e7:e8:e8:d9:56:f5:a9:b0:
                    da:da:55:fd:b0:01:ae:32:75:15:da:87:5c:c3:5e:
                    c4:8c:58:33:09:6b:eb:7e:b2:bc:28:00:fc:b5:e9:
                    35:5c:7c:31:00:11:8a:ea:49:4f:e8:c0:4a:3f:ec:
                    9a:b8:10:28:43:95:2f:35:db:52:b7:94:b0:98:b5:
                    92:31:f3:8e:ba:f4:83:56:0f:58:af:be:52:57:08:
                    26:61:72:2a:dc:83:55:6a:48:a5:92:57:cb:8d:73:
                    d8:e7:7f:c0:7c:6c:cf:b5:02:ec:fd:ac:8d:fe:2e:
                    89:f7:c9:35:3b:74:1a:e2:64:6b:48:d0:49:25:7e:
                    77:6e:00:46:8a:4c:7e:9c:b1:fd:e3:14:e7:9a:04:
                    2a:c1:46:1f:99:15:72:e9:41:50:39:0e:c5:ec:46:
                    86:41:00:bd:96:7c:dd:03:88:ec:20:27:9a:fb:2f:
                    56:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:DB:53:38:8B:6F:A7:B1:E5:A2:F4:C6:86:3A:B7:1F:1C:FB:55:12
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/996da3-9f8c-475b-8bf6-c7467da2db60/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/996da3-9f8c-475b-8bf6-c7467da2db60/1/mNtTOItvp7HlovTGhjq3Hxz7VRI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41793

    Signature Algorithm: sha256WithRSAEncryption
         ac:4f:55:8e:a8:b0:58:d7:d1:9f:e5:c4:f3:2f:50:f2:bc:dc:
         db:a8:9f:8e:9b:e5:6f:5f:af:3c:20:a7:0f:a0:bd:10:b6:c5:
         b9:ff:36:9c:77:39:4d:a0:2e:86:81:39:a6:da:ff:b6:54:06:
         c7:e4:94:8e:16:c2:1c:c0:20:ab:fa:02:d2:85:07:ec:4c:d4:
         6a:a0:9e:da:19:e6:e1:ae:ff:71:35:29:2f:26:f3:74:2b:56:
         19:ef:34:49:1d:ae:75:54:bf:d6:44:6a:69:3d:09:9d:19:7a:
         49:02:49:92:9a:49:c2:c4:2b:b4:6a:97:32:31:43:d9:80:51:
         54:68:a8:6a:20:43:7a:f2:b2:c7:1b:51:9c:b5:ec:ab:45:f5:
         f9:b9:ee:3c:ea:87:c5:e3:47:71:e3:9e:c9:0b:c1:c8:df:47:
         fc:7d:26:ee:e6:56:3d:ab:07:90:65:ad:f7:ab:0d:93:22:19:
         78:a8:32:c6:f5:c4:7d:8a:77:ee:49:91:0b:be:19:91:8d:b3:
         5d:1d:5e:ac:a7:48:c3:2d:e4:d3:e2:5b:82:d7:15:21:d2:d8:
         40:f8:85:58:c4:02:86:3e:9e:12:eb:c9:b4:f2:fa:5f:11:20:
         4b:25:89:29:b8:ab:76:23:28:a1:b3:2a:b6:6a:97:eb:9f:aa:
         31:f0:e6:3e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt3xsJipbcCpdVIlZs+VuLRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDQxNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGRiNTMzODhiNmZhN2IxZTVhMmY0YzY4NjNhYjcxZjFjZmI1NTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjRJ/k8GWgUG4UR6itJFy7EM3xY4X
tTOEAd4HSYSdb2c3wEHJ8x7tPIE6n8/F7KiLUB8K5cXnQT1tjjY2Q1MUGrEzheS9
a+mQAaPMxveB4UOq5+jo2Vb1qbDa2lX9sAGuMnUV2odcw17EjFgzCWvrfrK8KAD8
tek1XHwxABGK6klP6MBKP+yauBAoQ5UvNdtSt5SwmLWSMfOOuvSDVg9Yr75SVwgm
YXIq3INVakilklfLjXPY53/AfGzPtQLs/ayN/i6J98k1O3Qa4mRrSNBJJX53bgBG
ikx+nLH94xTnmgQqwUYfmRVy6UFQOQ7F7EaGQQC9lnzdA4jsICea+y9WOQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFJjbUziLb6ex5aL0xoY6tx8c+1USMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzE4Lzk5NmRh
My05ZjhjLTQ3NWItOGJmNi1jNzQ2N2RhMmRiNjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgvOTk2ZGEz
LTlmOGMtNDc1Yi04YmY2LWM3NDY3ZGEyZGI2MC8xL21OdFRPSXR2cDdIbG92VEdo
anEzSHh6N1ZSSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwCjQTANBgkqhkiG9w0BAQsFAAOCAQEArE9VjqiwWNfR
n+XE8y9Q8rzc26ifjpvlb1+vPCCnD6C9ELbFuf82nHc5TaAuhoE5ptr/tlQGx+SU
jhbCHMAgq/oC0oUH7EzUaqCe2hnm4a7/cTUpLybzdCtWGe80SR2udVS/1kRqaT0J
nRl6SQJJkppJwsQrtGqXMjFD2YBRVGioaiBDevKyxxtRnLXsq0X1+bnuPOqHxeNH
ceOeyQvByN9H/H0m7uZWPasHkGWt96sNkyIZeKgyxvXEfYp37kmRC74ZkY2zXR1e
rKdIwy3k0+JbgtcVIdLYQPiFWMQChj6eEuvJtPL6XxEgSyWJKbirdiMoobMqtmqX
65+qMfDmPg==
-----END CERTIFICATE-----