This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sFf1RPU_NdjS5zyylltPTX0CKVk.cer
File:                     sFf1RPU_NdjS5zyylltPTX0CKVk.cer (raw, json)
Hash identifier:          QUo2ZF2KdY4QC1Ult0hqXZNhObL1TBV5JiGB4q1s+jk=
Subject key identifier:   B0:57:F5:44:F5:3F:35:D8:D2:E7:3C:B2:96:5B:4F:4D:7D:02:29:59
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7834B7DAE44CC8513C09AFC020F2E595
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/sFf1RPU_NdjS5zyylltPTX0CKVk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 06:17:59 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 149.222.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:10:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:b7:da:e4:4c:c8:51:3c:09:af:c0:20:f2:e5:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:17:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b057f544f53f35d8d2e73cb2965b4f4d7d022959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:2b:67:b0:05:33:bf:9a:c9:ae:3d:61:35:f3:
                    d7:b8:76:4e:21:2b:8c:d5:62:40:be:31:4e:92:e6:
                    e9:0d:a7:4b:2c:ac:1f:c4:25:4d:38:ef:87:36:24:
                    5c:53:c8:c6:4a:a9:cc:0f:34:cd:51:ae:7d:4f:25:
                    21:c6:9b:00:a4:3b:0d:72:18:ee:7a:2b:99:e6:45:
                    f8:95:db:8d:91:d2:4a:ef:ef:d9:de:b4:3b:a7:2c:
                    c8:45:8e:67:6e:51:68:cf:d2:3e:75:8e:e2:f2:fc:
                    ce:d8:7d:a0:c6:03:c9:29:e1:46:a7:b9:09:c5:81:
                    a3:96:5c:02:f5:e7:a2:2e:87:98:a2:76:5f:28:d8:
                    03:fd:cf:d5:ea:ba:8a:a0:07:2b:88:99:7e:cd:c0:
                    ea:4c:02:d5:61:61:88:af:63:c1:65:a7:2d:a3:4f:
                    35:61:39:d1:d2:1c:ca:04:20:ba:f9:25:a2:58:91:
                    73:c7:4a:9d:ed:fa:9b:f6:73:68:2c:98:a6:7f:77:
                    50:71:7e:18:78:f6:10:bc:a9:41:89:52:67:52:82:
                    2e:78:92:28:e0:58:2b:5a:72:02:5e:a2:ff:8f:76:
                    da:7b:88:78:a8:09:d3:72:3b:58:3f:5e:ce:51:4d:
                    aa:b9:0d:0a:dc:15:6d:05:45:e6:be:7b:cf:ea:b3:
                    fd:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:57:F5:44:F5:3F:35:D8:D2:E7:3C:B2:96:5B:4F:4D:7D:02:29:59
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/efe0e0-34f7-429e-9f38-4ea7a1ae98de/1/sFf1RPU_NdjS5zyylltPTX0CKVk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.222.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         98:48:24:cf:2c:a6:92:7c:85:93:e2:97:ec:bc:8d:e7:80:5f:
         84:92:94:71:09:ac:60:1e:07:98:b9:39:5a:88:83:51:4c:51:
         ee:8c:fb:34:fd:9a:5d:4f:e4:7b:af:d2:37:88:69:82:0c:12:
         53:49:2d:f3:8d:b1:f1:7a:ff:19:19:54:ee:89:02:93:ef:3c:
         7d:a6:af:7a:ea:29:25:3c:7e:b5:93:95:47:0a:27:d8:cb:e7:
         f0:8d:a1:b1:85:50:27:10:f7:35:18:6a:b3:93:f7:11:84:15:
         9e:23:b7:af:a8:92:96:19:29:9b:6c:e3:9b:d8:ac:ba:a3:15:
         51:49:97:25:d7:2f:b6:51:10:36:34:78:db:e6:de:26:bf:74:
         f6:f8:84:4a:da:ae:0d:c7:49:bc:26:d6:e6:d8:f7:cd:67:8d:
         a4:1f:35:f5:fa:58:fe:67:5b:d0:b8:c2:58:d9:66:18:76:b7:
         d3:36:6e:61:19:67:44:8e:d9:97:84:9f:df:11:b1:bc:51:7b:
         4d:75:ae:7c:55:b2:fc:b7:2c:be:1f:f6:f1:cd:23:4c:ed:f5:
         00:68:9e:85:30:df:c6:15:26:78:3a:d9:36:1b:33:5e:a9:da:
         80:ec:bf:91:68:00:c6:ff:b2:b5:91:99:71:79:e6:ad:a5:fd:
         92:6b:aa:1e
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZt4NLfa5EzIUTwJr8Ag8uWVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDYxNzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDU3ZjU0NGY1M2YzNWQ4ZDJlNzNjYjI5NjViNGY0ZDdkMDIyOTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjitnsAUzv5rJrj1hNfPXuHZOISuM
1WJAvjFOkubpDadLLKwfxCVNOO+HNiRcU8jGSqnMDzTNUa59TyUhxpsApDsNchju
eiuZ5kX4lduNkdJK7+/Z3rQ7pyzIRY5nblFoz9I+dY7i8vzO2H2gxgPJKeFGp7kJ
xYGjllwC9eeiLoeYonZfKNgD/c/V6rqKoAcriJl+zcDqTALVYWGIr2PBZacto081
YTnR0hzKBCC6+SWiWJFzx0qd7fqb9nNoLJimf3dQcX4YePYQvKlBiVJnUoIueJIo
4FgrWnICXqL/j3bae4h4qAnTcjtYP17OUU2quQ0K3BVtBUXmvnvP6rP9WQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFLBX9UT1PzXY0uc8spZbT019AilZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RiL2VmZTBl
MC0zNGY3LTQyOWUtOWYzOC00ZWE3YTFhZTk4ZGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGIvZWZlMGUw
LTM0ZjctNDI5ZS05ZjM4LTRlYTdhMWFlOThkZS8xL3NGZjFSUFVfTmRqUzV6eXls
bHRQVFgwQ0tWay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAld4wDQYJKoZIhvcNAQELBQADggEBAJhIJM8s
ppJ8hZPil+y8jeeAX4SSlHEJrGAeB5i5OVqIg1FMUe6M+zT9ml1P5Huv0jeIaYIM
ElNJLfONsfF6/xkZVO6JApPvPH2mr3rqKSU8frWTlUcKJ9jL5/CNobGFUCcQ9zUY
arOT9xGEFZ4jt6+okpYZKZts45vYrLqjFVFJlyXXL7ZREDY0eNvm3ia/dPb4hEra
rg3HSbwm1ubY981njaQfNfX6WP5nW9C4wljZZhh2t9M2bmEZZ0SO2ZeEn98RsbxR
e011rnxVsvy3LL4f9vHNI0zt9QBonoUw38YVJng62TYbM16p2oDsv5FoAMb/srWR
mXF55q2l/ZJrqh4=
-----END CERTIFICATE-----