This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/nj8Vea4XZmLWY6ODTA_vgkzuAzw.cer
File:                     nj8Vea4XZmLWY6ODTA_vgkzuAzw.cer (raw, json)
Hash identifier:          MFFENq3/5rf53JBIeqZjWSnvoyn069ew3F5YuaIRDy0=
Subject key identifier:   9E:3F:15:79:AE:17:66:62:D6:63:A3:83:4C:0F:EF:82:4C:EE:03:3C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7BA4E41856993EDB3C73305913D70901
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/39/962840-5169-4ff3-89f9-480734e38da8/1/nj8Vea4XZmLWY6ODTA_vgkzuAzw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/39/962840-5169-4ff3-89f9-480734e38da8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 22:19:22 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 214154
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:e4:18:56:99:3e:db:3c:73:30:59:13:d7:09:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:19:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e3f1579ae176662d663a3834c0fef824cee033c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:bd:7b:1d:51:c2:96:b1:30:d5:27:20:27:aa:
                    16:f8:d6:1f:58:fb:1d:b9:55:dd:a0:21:a6:2c:60:
                    a1:b1:7e:ec:26:c9:94:ae:6b:a5:47:da:a6:b1:f6:
                    c5:53:0e:ad:c6:86:76:db:c6:13:2a:f4:c6:d8:c9:
                    c9:6d:53:ed:4d:6b:08:35:92:0b:5a:4c:e3:31:88:
                    e6:07:67:67:c7:4c:84:79:e7:70:e3:23:7f:e6:15:
                    4e:6c:28:25:5b:dd:06:4e:09:8b:29:89:67:2b:a7:
                    88:61:5f:99:61:92:a8:34:5f:b3:7d:74:56:d3:e5:
                    b6:92:9a:66:53:91:f3:43:01:e7:80:ea:76:37:46:
                    be:52:97:09:39:70:42:c7:9a:a0:d2:10:5f:c4:cc:
                    10:15:e5:7c:fb:9e:e1:85:23:a9:00:86:79:51:6c:
                    1f:11:98:35:99:66:01:8f:e1:be:a5:df:f2:9a:aa:
                    7b:fb:58:a2:00:dc:7d:e9:50:f1:d4:a0:5a:c7:6f:
                    4c:72:6a:f7:d9:d1:3c:8f:00:4f:78:77:93:66:ed:
                    7a:f2:ff:0f:23:a6:68:3b:0a:24:08:e7:f6:ef:b4:
                    4d:08:dc:02:5f:13:78:80:13:b3:fc:ec:45:06:f3:
                    35:0d:43:78:ae:7e:b9:be:cb:4e:8e:aa:a4:73:1d:
                    72:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:3F:15:79:AE:17:66:62:D6:63:A3:83:4C:0F:EF:82:4C:EE:03:3C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/962840-5169-4ff3-89f9-480734e38da8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/962840-5169-4ff3-89f9-480734e38da8/1/nj8Vea4XZmLWY6ODTA_vgkzuAzw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214154

    Signature Algorithm: sha256WithRSAEncryption
         4a:11:7f:31:d5:eb:fa:f9:30:aa:51:c1:d0:6e:a7:5a:e9:6f:
         f4:57:e8:67:ac:77:5f:3e:83:3a:b4:b5:e0:c1:62:87:c3:38:
         0f:30:c2:5c:fe:6e:df:1a:f1:e0:d4:76:8c:bd:f9:cd:a8:af:
         12:37:a4:ba:e1:07:bf:5b:08:0a:2a:80:c5:75:61:55:26:43:
         6e:bc:bd:b4:25:d3:05:24:b4:5a:79:56:f0:d4:9c:f0:52:39:
         06:bf:dc:f8:1c:bf:8b:6f:b7:90:41:0a:e8:24:e0:5c:f7:c1:
         94:22:24:1f:fe:b0:2a:0e:5a:7b:51:00:e2:82:a2:5a:76:cb:
         3c:62:c1:be:97:77:fb:51:60:f0:72:ac:0b:7b:0f:ed:e0:08:
         1c:54:c6:13:a1:52:8d:a1:d1:5a:78:07:5c:f6:4c:2c:1f:2d:
         74:e2:7a:91:08:f5:6b:82:ca:c7:dd:28:f9:64:06:0c:e1:94:
         ff:40:a2:1b:0f:1b:31:54:30:bc:c0:c4:04:25:c7:ec:73:c3:
         31:49:bf:c4:df:32:bf:f2:2b:06:2b:54:6e:9f:59:3b:d6:3c:
         1c:36:7d:ee:2d:56:5d:7a:04:d5:2e:60:69:4e:41:8f:e1:0b:
         d7:9f:df:f6:d5:b8:02:47:14:d7:44:ee:e5:ec:55:d0:35:bd:
         b6:7b:fa:e1
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt7pOQYVpk+2zxzMFkT1wkBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMjIxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTNmMTU3OWFlMTc2NjYyZDY2M2EzODM0YzBmZWY4MjRjZWUwMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmb17HVHClrEw1ScgJ6oW+NYfWPsd
uVXdoCGmLGChsX7sJsmUrmulR9qmsfbFUw6txoZ228YTKvTG2MnJbVPtTWsINZIL
WkzjMYjmB2dnx0yEeedw4yN/5hVObCglW90GTgmLKYlnK6eIYV+ZYZKoNF+zfXRW
0+W2kppmU5HzQwHngOp2N0a+UpcJOXBCx5qg0hBfxMwQFeV8+57hhSOpAIZ5UWwf
EZg1mWYBj+G+pd/ymqp7+1iiANx96VDx1KBax29Mcmr32dE8jwBPeHeTZu168v8P
I6ZoOwokCOf277RNCNwCXxN4gBOz/OxFBvM1DUN4rn65vstOjqqkcx1yCQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFJ4/FXmuF2Zi1mOjg0wP74JM7gM8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM5Lzk2Mjg0
MC01MTY5LTRmZjMtODlmOS00ODA3MzRlMzhkYTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzkvOTYyODQw
LTUxNjktNGZmMy04OWY5LTQ4MDczNGUzOGRhOC8xL25qOFZlYTRYWm1MV1k2T0RU
QV92Z2t6dUF6dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNEijANBgkqhkiG9w0BAQsFAAOCAQEAShF/MdXr+vkw
qlHB0G6nWulv9FfoZ6x3Xz6DOrS14MFih8M4DzDCXP5u3xrx4NR2jL35zaivEjek
uuEHv1sICiqAxXVhVSZDbry9tCXTBSS0WnlW8NSc8FI5Br/c+By/i2+3kEEK6CTg
XPfBlCIkH/6wKg5ae1EA4oKiWnbLPGLBvpd3+1Fg8HKsC3sP7eAIHFTGE6FSjaHR
WngHXPZMLB8tdOJ6kQj1a4LKx90o+WQGDOGU/0CiGw8bMVQwvMDEBCXH7HPDMUm/
xN8yv/IrBitUbp9ZO9Y8HDZ97i1WXXoE1S5gaU5Bj+EL15/f9tW4AkcU10Tu5exV
0DW9tnv64Q==
-----END CERTIFICATE-----