This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/oIwpap_lpgUVguWt5HVJhfbxGzE.cer
File:                     oIwpap_lpgUVguWt5HVJhfbxGzE.cer (raw, json)
Hash identifier:          nebllLqpk7my52qqQHCvx/grmbzDPMFNadseroIPIuY=
Subject key identifier:   A0:8C:29:6A:9F:E5:A6:05:15:82:E5:AD:E4:75:49:85:F6:F1:1B:31
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019BD72E994F3FAA40991A34D8E801DF87C5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f4/600789-d71d-4968-8ba9-afb7e8e730cc/1/oIwpap_lpgUVguWt5HVJhfbxGzE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f4/600789-d71d-4968-8ba9-afb7e8e730cc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 19 Jan 2026 16:55:13 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 91.198.203.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:d7:2e:99:4f:3f:aa:40:99:1a:34:d8:e8:01:df:87:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 19 16:55:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a08c296a9fe5a6051582e5ade4754985f6f11b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9c:4b:ce:41:7a:b0:ee:c5:ee:ef:5c:f9:ab:
                    bf:bb:d7:db:bb:0f:ee:15:89:3e:cd:d4:7d:ab:ff:
                    87:87:75:9b:6c:8f:a9:ee:e9:11:20:8b:24:40:bf:
                    2e:90:1e:64:97:68:34:8f:24:77:3b:2f:f4:75:38:
                    1a:09:8f:17:7f:64:2d:48:4c:7f:f0:36:ef:d7:6c:
                    9c:99:1c:44:6d:cd:db:74:a0:1c:42:40:fa:f8:f4:
                    78:f1:56:92:f8:32:b0:a3:c7:ba:07:cc:c2:11:9c:
                    67:ae:87:92:90:9b:a2:d3:fc:34:4f:9e:29:1b:b3:
                    9b:4b:dd:53:48:f1:96:23:cc:83:c8:5c:15:5d:61:
                    d4:90:52:63:50:49:57:b0:b7:70:aa:1c:40:d4:18:
                    a1:ba:5d:f5:22:65:eb:69:45:90:e5:6d:b1:67:59:
                    ed:fd:03:1a:7c:f4:7b:a1:a3:37:5d:22:24:c2:10:
                    63:6e:72:af:68:73:d9:e3:ac:a1:13:27:1a:24:44:
                    1b:54:8b:53:42:e6:9f:9e:6f:cb:ad:74:c5:97:3b:
                    28:3e:66:93:7e:a4:64:8f:05:4f:1e:32:94:5a:cb:
                    af:f3:72:a9:d9:b4:04:d2:a8:51:1c:06:c6:6c:e0:
                    65:3d:3f:e5:96:65:9b:23:0a:8f:97:e6:2e:78:98:
                    ae:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:8C:29:6A:9F:E5:A6:05:15:82:E5:AD:E4:75:49:85:F6:F1:1B:31
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/600789-d71d-4968-8ba9-afb7e8e730cc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/600789-d71d-4968-8ba9-afb7e8e730cc/1/oIwpap_lpgUVguWt5HVJhfbxGzE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:d6:15:44:5f:40:10:d7:8b:d6:4a:8d:37:5c:0e:4e:8f:e4:
         e2:0f:e4:56:76:95:3f:e7:24:8d:c0:c7:d3:ad:38:69:d1:fa:
         ae:07:1f:46:56:63:4b:38:1f:1c:b5:4b:a4:e7:24:2b:e6:bf:
         16:45:80:d8:f7:21:1e:aa:dd:ba:a8:63:fb:cd:7c:28:52:16:
         92:9d:1b:d3:3d:27:76:c0:f0:ca:1c:d0:c1:78:f2:e7:a2:11:
         30:94:62:1c:66:1f:85:b2:14:be:a1:3b:39:f7:29:0b:61:03:
         81:1e:d2:f6:19:22:c0:71:a4:7b:e9:8c:f3:c5:0f:7b:c3:25:
         b7:85:92:37:a5:b6:78:62:72:54:86:95:75:58:51:7a:8d:82:
         33:d6:5a:8f:2d:06:58:a7:00:ff:57:5a:b2:bb:4b:a1:33:90:
         d1:54:e4:e3:e7:1a:97:e9:3e:53:86:ee:b5:67:85:cd:b5:96:
         d8:39:3c:0a:43:b6:3e:29:a5:6d:04:3f:cf:c4:e2:fb:4d:94:
         fe:09:f2:8e:06:7f:5b:91:6a:96:7a:7a:c1:0f:e9:44:3e:5e:
         d2:f1:47:18:1b:2d:fd:6b:3a:c1:ab:12:ac:e8:95:89:ed:ed:
         8e:0d:d5:7d:b0:e4:ab:8c:c4:7a:07:40:83:55:76:be:3b:b0:
         0b:7c:18:52
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZvXLplPP6pAmRo02OgB34fFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTE5MTY1NTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDhjMjk2YTlmZTVhNjA1MTU4MmU1YWRlNDc1NDk4NWY2ZjExYjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZxLzkF6sO7F7u9c+au/u9fbuw/u
FYk+zdR9q/+Hh3WbbI+p7ukRIIskQL8ukB5kl2g0jyR3Oy/0dTgaCY8Xf2QtSEx/
8Dbv12ycmRxEbc3bdKAcQkD6+PR48VaS+DKwo8e6B8zCEZxnroeSkJui0/w0T54p
G7ObS91TSPGWI8yDyFwVXWHUkFJjUElXsLdwqhxA1Bihul31ImXraUWQ5W2xZ1nt
/QMafPR7oaM3XSIkwhBjbnKvaHPZ46yhEycaJEQbVItTQuafnm/LrXTFlzsoPmaT
fqRkjwVPHjKUWsuv83Kp2bQE0qhRHAbGbOBlPT/llmWbIwqPl+YueJiuQwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFKCMKWqf5aYFFYLlreR1SYX28RsxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y0LzYwMDc4
OS1kNzFkLTQ5NjgtOGJhOS1hZmI3ZThlNzMwY2MvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjQvNjAwNzg5
LWQ3MWQtNDk2OC04YmE5LWFmYjdlOGU3MzBjYy8xL29Jd3BhcF9scGdVVmd1V3Q1
SFZKaGZieEd6RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8bLMA0GCSqGSIb3DQEBCwUAA4IBAQCQ1hVE
X0AQ14vWSo03XA5Oj+TiD+RWdpU/5ySNwMfTrThp0fquBx9GVmNLOB8ctUuk5yQr
5r8WRYDY9yEeqt26qGP7zXwoUhaSnRvTPSd2wPDKHNDBePLnohEwlGIcZh+FshS+
oTs59ykLYQOBHtL2GSLAcaR76YzzxQ97wyW3hZI3pbZ4YnJUhpV1WFF6jYIz1lqP
LQZYpwD/V1qyu0uhM5DRVOTj5xqX6T5Thu61Z4XNtZbYOTwKQ7Y+KaVtBD/PxOL7
TZT+CfKOBn9bkWqWenrBD+lEPl7S8UcYGy39azrBqxKs6JWJ7e2ODdV9sOSrjMR6
B0CDVXa+O7ALfBhS
-----END CERTIFICATE-----