This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vfSGpExRBdeBNXKUVhzMPROk1nE.cer
File:                     vfSGpExRBdeBNXKUVhzMPROk1nE.cer (raw, json)
Hash identifier:          CYGOLdoYb/RGhYJNcv8Mkf5a3kU7jL7xHi00DjMi+3o=
Subject key identifier:   BD:F4:86:A4:4C:51:05:D7:81:35:72:94:56:1C:CC:3D:13:A4:D6:71
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B77C6D511C960873597F911141E6D371B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 04:17:58 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 198552
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:d5:11:c9:60:87:35:97:f9:11:14:1e:6d:37:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:17:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bdf486a44c5105d781357294561ccc3d13a4d671
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:5d:19:36:8f:ac:cf:74:62:7d:88:02:a3:c3:
                    d5:e7:e3:0d:fd:47:e1:7c:76:6c:ec:8b:8b:c6:19:
                    33:88:fc:56:2a:67:b1:b5:59:4a:dc:10:0d:9b:95:
                    ce:a0:e6:dd:00:1e:7b:ab:55:36:f5:31:52:7a:f0:
                    54:fe:6e:b1:63:0f:1b:03:11:ff:18:c5:61:62:27:
                    0c:dc:25:11:f5:c1:f2:cd:0b:14:78:c0:23:de:49:
                    92:3c:0f:50:33:34:40:35:12:fe:92:53:ab:60:c9:
                    90:d8:11:6e:16:38:ef:2c:93:1a:6d:63:07:86:21:
                    20:15:28:77:97:3e:69:5b:24:87:9e:71:f4:87:e8:
                    af:e9:26:31:c2:de:f9:15:b1:ec:8a:cd:8e:6d:47:
                    11:ea:ae:02:24:6b:e0:34:2f:9c:8b:c8:6e:8b:6f:
                    4f:4f:ba:f3:76:d3:76:a3:4c:f9:d6:da:b0:3b:49:
                    ce:e9:31:25:06:77:81:45:9b:29:fc:47:6a:1c:55:
                    73:f3:b4:ee:8a:94:ae:47:8a:2d:73:d7:a2:fe:6b:
                    90:1f:5d:e9:27:59:68:68:eb:6c:b5:2a:78:ce:2e:
                    6f:91:df:7b:a3:85:4a:6b:d0:c0:70:ef:60:e6:ed:
                    20:2a:32:ee:54:41:58:95:da:0f:1f:c0:eb:69:07:
                    78:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F4:86:A4:4C:51:05:D7:81:35:72:94:56:1C:CC:3D:13:A4:D6:71
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b8b278-f9bd-40e1-803a-f691f64758ac/1/vfSGpExRBdeBNXKUVhzMPROk1nE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198552

    Signature Algorithm: sha256WithRSAEncryption
         61:2f:aa:32:64:6a:26:1c:da:8a:4c:03:c7:e4:0c:34:9c:21:
         01:a3:cd:25:a3:25:ad:be:96:c4:3d:1e:e2:48:f6:b8:0b:05:
         53:5d:ab:0c:6a:f0:00:6f:f7:42:4d:8f:cb:ae:ea:b1:7d:c9:
         ad:6e:47:8d:0b:ed:ae:3c:b2:77:d4:c7:32:76:35:9a:6a:c8:
         a7:8d:ba:82:52:20:47:83:2b:f0:da:0a:dd:64:e7:50:14:54:
         71:b1:f4:25:2e:5d:93:b1:af:45:b4:0d:4d:99:be:4b:a3:11:
         d2:a9:22:e0:8f:33:54:da:c6:87:7e:ad:df:e2:64:f0:71:8a:
         ff:a9:09:60:92:76:6f:75:f8:fe:d5:2c:3e:ea:7e:84:2d:83:
         34:d1:bc:82:58:53:a1:cc:b6:2a:bd:fc:44:b1:97:e5:3b:df:
         2e:d6:a4:14:40:f3:f4:7e:6d:e5:c9:9c:e4:5c:b4:60:43:ae:
         80:dd:1f:2d:58:55:96:74:b6:e5:98:48:eb:fe:3c:1f:6d:f1:
         04:92:aa:24:4d:aa:c5:98:b5:03:44:77:dc:b9:b4:4c:39:1b:
         ad:b8:c4:cf:bd:71:ed:81:94:a3:b0:a5:d9:82:18:f4:23:cc:
         b8:b8:39:a5:7e:97:78:6c:ea:f8:00:e1:a8:7a:a1:f6:60:6a:
         e2:5b:f8:5c
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt3xtURyWCHNZf5ERQebTcbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDQxNzU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGY0ODZhNDRjNTEwNWQ3ODEzNTcyOTQ1NjFjY2MzZDEzYTRkNjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvF0ZNo+sz3RifYgCo8PV5+MN/Ufh
fHZs7IuLxhkziPxWKmextVlK3BANm5XOoObdAB57q1U29TFSevBU/m6xYw8bAxH/
GMVhYicM3CUR9cHyzQsUeMAj3kmSPA9QMzRANRL+klOrYMmQ2BFuFjjvLJMabWMH
hiEgFSh3lz5pWySHnnH0h+iv6SYxwt75FbHsis2ObUcR6q4CJGvgNC+ci8hui29P
T7rzdtN2o0z51tqwO0nO6TElBneBRZsp/EdqHFVz87TuipSuR4otc9ei/muQH13p
J1loaOtstSp4zi5vkd97o4VKa9DAcO9g5u0gKjLuVEFYldoPH8DraQd4IwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFL30hqRMUQXXgTVylFYczD0TpNZxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzliL2I4YjI3
OC1mOWJkLTQwZTEtODAzYS1mNjkxZjY0NzU4YWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIvYjhiMjc4
LWY5YmQtNDBlMS04MDNhLWY2OTFmNjQ3NThhYy8xL3ZmU0dwRXhSQmRlQk5YS1VW
aHpNUFJPazFuRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMHmDANBgkqhkiG9w0BAQsFAAOCAQEAYS+qMmRqJhza
ikwDx+QMNJwhAaPNJaMlrb6WxD0e4kj2uAsFU12rDGrwAG/3Qk2Py67qsX3JrW5H
jQvtrjyyd9THMnY1mmrIp426glIgR4Mr8NoK3WTnUBRUcbH0JS5dk7GvRbQNTZm+
S6MR0qki4I8zVNrGh36t3+Jk8HGK/6kJYJJ2b3X4/tUsPup+hC2DNNG8glhTocy2
Kr38RLGX5TvfLtakFEDz9H5t5cmc5Fy0YEOugN0fLVhVlnS25ZhI6/48H23xBJKq
JE2qxZi1A0R33Lm0TDkbrbjEz71x7YGUo7Cl2YIY9CPMuLg5pX6XeGzq+ADhqHqh
9mBq4lv4XA==
-----END CERTIFICATE-----