This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/tNkMTfZ2phH1alrtWAmwV-msV5E.cer
File:                     tNkMTfZ2phH1alrtWAmwV-msV5E.cer (raw, json)
Hash identifier:          ush2zvWoyGBCR9i5TMRQ4UOl5yFXJ3AvRbt+STLtzps=
Subject key identifier:   B4:D9:0C:4D:F6:76:A6:11:F5:6A:5A:ED:58:09:B0:57:E9:AC:57:91
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7AC857C2CDCDF99D37CF4D77CD0B5B02
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/tNkMTfZ2phH1alrtWAmwV-msV5E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 18:18:28 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 199964
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:57:c2:cd:cd:f9:9d:37:cf:4d:77:cd:0b:5b:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4d90c4df676a611f56a5aed5809b057e9ac5791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:12:67:e1:b4:ce:ee:cd:23:0f:19:56:a3:2f:
                    95:e2:8f:42:28:9f:b1:fe:4d:79:cd:18:a6:aa:95:
                    33:17:9f:fb:cc:81:7c:4b:a3:da:f4:ea:70:a8:aa:
                    d7:b4:ab:b6:3a:34:3e:1c:f7:d4:fd:b0:48:fa:ee:
                    71:7a:96:44:56:1a:22:c8:4f:0a:78:3a:50:bb:17:
                    2c:52:ff:57:0c:2f:6c:ce:00:62:9e:4c:91:59:c5:
                    60:4c:a8:af:02:e4:3f:5e:06:5c:48:b8:97:ab:dc:
                    70:6e:20:a2:c5:53:4b:bb:25:b6:c3:c3:b2:96:2d:
                    1f:43:1f:39:96:30:cb:60:53:7a:af:0a:10:e5:77:
                    98:54:aa:78:cb:da:31:8a:14:bc:35:b1:cf:e7:2c:
                    b6:7a:37:21:5e:16:d6:f0:6f:18:ba:14:71:8b:1a:
                    b7:48:df:2e:57:b5:a6:c9:b9:00:e4:c0:f0:c5:bd:
                    ac:12:a7:07:41:59:84:c1:a0:a6:b8:68:19:51:49:
                    06:d9:7d:a9:94:86:52:ba:e3:69:5c:5a:ef:a8:68:
                    48:80:b6:56:48:6a:c6:4d:01:20:08:d2:a9:50:23:
                    07:c9:1a:49:72:d2:1a:2c:68:47:bd:58:44:56:be:
                    98:85:d3:2f:ed:cb:7e:7e:f0:56:f5:36:f9:0a:40:
                    ce:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D9:0C:4D:F6:76:A6:11:F5:6A:5A:ED:58:09:B0:57:E9:AC:57:91
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2aaf4a-e03f-4d61-b652-435e57fccdc9/1/tNkMTfZ2phH1alrtWAmwV-msV5E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199964

    Signature Algorithm: sha256WithRSAEncryption
         36:22:cf:1a:af:4a:67:ef:dc:97:a6:a2:11:aa:29:79:20:65:
         34:1d:d3:7f:d1:2f:5c:73:fb:ce:0d:97:07:42:bc:f6:91:55:
         64:cf:6c:13:85:dd:b5:58:6b:36:47:a6:ca:96:9a:58:ec:c3:
         06:47:42:53:9a:b6:70:9a:11:3a:72:b7:7c:cc:36:01:1f:f2:
         e2:f9:48:fb:06:6f:12:03:17:0a:11:39:67:cb:53:7c:85:99:
         c2:ce:f5:d1:dc:c4:24:2c:2c:e0:70:98:62:18:35:92:af:87:
         b7:d1:fb:fa:70:95:41:01:df:61:fc:2f:23:15:94:85:27:7f:
         d9:ae:3c:d1:20:66:12:b5:0a:db:24:47:b5:3d:1a:d7:bd:30:
         71:e8:76:3e:e2:2d:ce:23:34:79:29:2c:f5:ac:01:81:04:44:
         0b:98:35:52:01:df:bb:83:3f:0c:a9:80:12:f2:2d:86:92:3d:
         4c:db:e4:c7:01:f8:30:9f:56:0e:4a:f5:06:fc:0e:49:a3:df:
         21:80:31:9d:68:8f:37:9b:d7:40:50:8d:12:ef:3c:10:56:06:
         19:04:61:af:fd:7d:f3:ff:2d:46:40:94:01:08:c0:1c:2f:89:
         a6:52:15:2c:ac:63:e2:f2:ed:e3:22:5b:71:e2:3b:3e:73:e7:
         60:bf:83:aa
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt6yFfCzc35nTfPTXfNC1sCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMTgxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQ5MGM0ZGY2NzZhNjExZjU2YTVhZWQ1ODA5YjA1N2U5YWM1NzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBJn4bTO7s0jDxlWoy+V4o9CKJ+x
/k15zRimqpUzF5/7zIF8S6Pa9OpwqKrXtKu2OjQ+HPfU/bBI+u5xepZEVhoiyE8K
eDpQuxcsUv9XDC9szgBinkyRWcVgTKivAuQ/XgZcSLiXq9xwbiCixVNLuyW2w8Oy
li0fQx85ljDLYFN6rwoQ5XeYVKp4y9oxihS8NbHP5yy2ejchXhbW8G8YuhRxixq3
SN8uV7WmybkA5MDwxb2sEqcHQVmEwaCmuGgZUUkG2X2plIZSuuNpXFrvqGhIgLZW
SGrGTQEgCNKpUCMHyRpJctIaLGhHvVhEVr6YhdMv7ct+fvBW9Tb5CkDOXwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFLTZDE32dqYR9Wpa7VgJsFfprFeRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYwLzJhYWY0
YS1lMDNmLTRkNjEtYjY1Mi00MzVlNTdmY2NkYzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjAvMmFhZjRh
LWUwM2YtNGQ2MS1iNjUyLTQzNWU1N2ZjY2RjOS8xL3ROa01UZloycGhIMWFscnRX
QW13Vi1tc1Y1RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMNHDANBgkqhkiG9w0BAQsFAAOCAQEANiLPGq9KZ+/c
l6aiEaopeSBlNB3Tf9EvXHP7zg2XB0K89pFVZM9sE4XdtVhrNkemypaaWOzDBkdC
U5q2cJoROnK3fMw2AR/y4vlI+wZvEgMXChE5Z8tTfIWZws710dzEJCws4HCYYhg1
kq+Ht9H7+nCVQQHfYfwvIxWUhSd/2a480SBmErUK2yRHtT0a170wceh2PuItziM0
eSks9awBgQREC5g1UgHfu4M/DKmAEvIthpI9TNvkxwH4MJ9WDkr1BvwOSaPfIYAx
nWiPN5vXQFCNEu88EFYGGQRhr/198/8tRkCUAQjAHC+JplIVLKxj4vLt4yJbceI7
PnPnYL+Dqg==
-----END CERTIFICATE-----