This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tHRnMbQxArluui3l04w9zShLj-Y.cer
File:                     tHRnMbQxArluui3l04w9zShLj-Y.cer (raw, json)
Hash identifier:          qARS8R4gQ2qTiL2FZdNd+w5vlUaH/Y21xalKCMYlr8w=
Subject key identifier:   B4:74:67:31:B4:31:02:B9:6E:BA:2D:E5:D3:8C:3D:CD:28:4B:8F:E6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019BF9FC54C1BE7597B6D13AFACDE191E2FE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5c/c4f437-def7-49c7-bf0b-ba06429f42f5/1/tHRnMbQxArluui3l04w9zShLj-Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5c/c4f437-def7-49c7-bf0b-ba06429f42f5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 26 Jan 2026 11:07:02 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 194.115.26.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:f9:fc:54:c1:be:75:97:b6:d1:3a:fa:cd:e1:91:e2:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 26 11:07:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4746731b43102b96eba2de5d38c3dcd284b8fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:69:ac:59:25:c2:e4:f0:11:e0:12:b3:5d:e9:
                    06:d6:6e:e9:54:79:eb:e9:12:2f:bc:f2:6d:a3:20:
                    1f:22:ab:d6:16:57:bd:48:0c:95:6e:bd:f3:39:59:
                    9f:1e:ec:8e:d9:6d:ef:a3:0b:45:05:42:cb:37:4b:
                    e4:a8:b1:3d:5a:13:ab:be:63:f2:7b:e9:5a:dc:c9:
                    d1:f0:13:af:31:b8:d2:ba:05:11:d9:55:7d:22:ba:
                    b5:dc:ca:c3:ab:b4:14:20:99:6f:e9:ff:a0:bc:85:
                    10:79:01:a5:2c:9e:27:a9:83:70:30:58:04:c6:1c:
                    4d:83:dd:b3:5c:93:c4:c2:e6:c6:f6:81:98:71:b3:
                    c6:fe:b3:6b:9a:e6:a7:27:6e:e5:ca:b9:8a:17:42:
                    ee:4c:1a:f8:f1:73:4d:a0:60:36:6f:07:9c:49:c6:
                    ae:31:e4:2f:b7:d8:e0:21:e4:83:73:79:c8:ce:1e:
                    d6:2c:00:3b:46:03:b0:8a:eb:cb:d4:83:37:6b:b5:
                    d0:b1:2e:7d:58:b6:bf:80:de:49:e1:01:7a:22:4c:
                    ef:75:04:c4:ce:47:db:32:23:d5:c3:08:7f:7c:5d:
                    73:44:ff:af:9d:3b:d2:e4:4e:1b:63:e5:5c:06:00:
                    47:df:d6:b9:2c:28:3d:63:23:ab:b0:7c:2c:bf:67:
                    b7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:74:67:31:B4:31:02:B9:6E:BA:2D:E5:D3:8C:3D:CD:28:4B:8F:E6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c4f437-def7-49c7-bf0b-ba06429f42f5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/c4f437-def7-49c7-bf0b-ba06429f42f5/1/tHRnMbQxArluui3l04w9zShLj-Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.115.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:6f:0b:30:80:26:6b:eb:d3:d3:ab:67:57:6d:34:af:97:93:
         e6:05:70:92:fa:8e:ba:fc:b7:99:bc:da:09:de:05:e7:b7:ae:
         92:27:64:ed:f1:91:90:82:3a:19:f3:62:85:9b:9c:51:b8:41:
         d2:53:e3:14:52:c7:f1:29:83:30:1b:5b:6d:22:f8:e9:00:c9:
         b4:24:31:43:82:33:e2:0b:b4:12:d0:29:cc:36:16:e0:c1:f3:
         f0:85:26:63:73:d1:f2:aa:41:6a:d9:cd:57:1d:85:6f:4f:14:
         33:4a:f4:cd:ff:43:c2:dd:fd:0f:c8:7e:26:93:db:99:40:17:
         cd:cc:06:29:cb:09:c6:df:a8:8d:51:d7:ad:fd:50:6b:39:b3:
         6c:53:90:73:d6:81:c6:4f:9d:27:3f:84:85:a3:5b:8e:d2:cb:
         67:9b:d6:3e:bb:ce:a2:cd:87:ba:ce:26:cb:52:93:f9:f6:8d:
         0a:38:4d:a7:de:da:15:34:22:e1:95:77:bc:41:d1:48:d4:8e:
         22:14:9e:71:70:d0:84:36:04:83:b3:27:6b:3f:46:b3:2a:f9:
         09:c3:0c:c4:a1:3d:e6:e0:bf:14:07:a4:a1:50:18:7c:9b:ed:
         de:5a:08:b1:a1:77:57:8e:85:85:29:9e:b8:be:72:7c:6c:e2:
         52:d6:25:06
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZv5/FTBvnWXttE6+s3hkeL+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTI2MTEwNzAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDc0NjczMWI0MzEwMmI5NmViYTJkZTVkMzhjM2RjZDI4NGI4ZmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWmsWSXC5PAR4BKzXekG1m7pVHnr
6RIvvPJtoyAfIqvWFle9SAyVbr3zOVmfHuyO2W3vowtFBULLN0vkqLE9WhOrvmPy
e+la3MnR8BOvMbjSugUR2VV9Irq13MrDq7QUIJlv6f+gvIUQeQGlLJ4nqYNwMFgE
xhxNg92zXJPEwubG9oGYcbPG/rNrmuanJ27lyrmKF0LuTBr48XNNoGA2bwecScau
MeQvt9jgIeSDc3nIzh7WLAA7RgOwiuvL1IM3a7XQsS59WLa/gN5J4QF6IkzvdQTE
zkfbMiPVwwh/fF1zRP+vnTvS5E4bY+VcBgBH39a5LCg9YyOrsHwsv2e3lwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFLR0ZzG0MQK5brot5dOMPc0oS4/mMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVjL2M0ZjQz
Ny1kZWY3LTQ5YzctYmYwYi1iYTA2NDI5ZjQyZjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWMvYzRmNDM3
LWRlZjctNDljNy1iZjBiLWJhMDY0MjlmNDJmNS8xL3RIUm5NYlF4QXJsdXVpM2ww
NHc5elNoTGotWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwnMaMA0GCSqGSIb3DQEBCwUAA4IBAQCgbwsw
gCZr69PTq2dXbTSvl5PmBXCS+o66/LeZvNoJ3gXnt66SJ2Tt8ZGQgjoZ82KFm5xR
uEHSU+MUUsfxKYMwG1ttIvjpAMm0JDFDgjPiC7QS0CnMNhbgwfPwhSZjc9HyqkFq
2c1XHYVvTxQzSvTN/0PC3f0PyH4mk9uZQBfNzAYpywnG36iNUdet/VBrObNsU5Bz
1oHGT50nP4SFo1uO0stnm9Y+u86izYe6zibLUpP59o0KOE2n3toVNCLhlXe8QdFI
1I4iFJ5xcNCENgSDsydrP0azKvkJwwzEoT3m4L8UB6ShUBh8m+3eWgixoXdXjoWF
KZ64vnJ8bOJS1iUG
-----END CERTIFICATE-----