This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vlU5r-kl24C0Fe-xTGMbLYLIzt0.cer
File:                     vlU5r-kl24C0Fe-xTGMbLYLIzt0.cer (raw, json)
Hash identifier:          sDxFsJINIpeA3Y9TIR6TC+YfkX6uHh3G/6oC49arlog=
Subject key identifier:   BE:55:39:AF:E9:25:DB:80:B4:15:EF:B1:4C:63:1B:2D:82:C8:CE:DD
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7B36D39FA97526232E899EC642144112
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7f/733dae-0021-44e5-92e5-2500f4efab69/1/vlU5r-kl24C0Fe-xTGMbLYLIzt0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7f/733dae-0021-44e5-92e5-2500f4efab69/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 20:19:09 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 213694
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:d3:9f:a9:75:26:23:2e:89:9e:c6:42:14:41:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be5539afe925db80b415efb14c631b2d82c8cedd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:0a:b7:22:9d:bf:8a:60:bf:5b:77:bb:e9:2d:
                    9e:7e:e7:29:72:4c:23:1e:3f:1b:01:6a:80:b7:64:
                    92:4c:88:b1:53:d1:c4:22:0e:21:08:96:69:45:58:
                    8a:c6:45:99:e2:5c:7b:d1:c9:19:4b:bf:a3:a9:71:
                    05:7a:21:8a:c6:ab:5f:26:31:d2:c2:1b:d9:73:dd:
                    23:c0:44:ce:3f:1b:3e:97:99:b1:a4:9a:fc:8c:15:
                    4e:16:ff:6f:f5:8c:c0:d6:68:83:c6:91:b5:78:0b:
                    0a:83:94:50:69:07:6e:19:15:a5:e6:6d:69:e6:03:
                    b5:08:b5:a2:b9:94:65:f1:d6:37:de:01:83:5c:e9:
                    e3:26:05:86:8d:a8:43:06:b8:d2:5f:85:1f:a2:22:
                    cb:e2:a4:97:9e:c4:c6:20:b6:1e:bf:e7:7c:da:93:
                    f3:58:bd:4e:91:19:8b:22:f4:be:91:b3:3a:d0:af:
                    47:49:9c:c4:69:df:b8:4e:ff:3d:45:d7:55:0d:a7:
                    23:98:e6:a7:ff:db:f4:96:77:03:1b:b1:d5:86:aa:
                    69:22:a2:27:11:8d:77:e0:bd:89:15:53:35:c6:f0:
                    97:e1:40:19:6e:58:6d:dd:d2:55:7c:c5:f5:b7:cb:
                    1b:c4:d0:dd:eb:17:bc:d4:ce:41:b7:33:8b:02:6f:
                    ad:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:55:39:AF:E9:25:DB:80:B4:15:EF:B1:4C:63:1B:2D:82:C8:CE:DD
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/733dae-0021-44e5-92e5-2500f4efab69/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/733dae-0021-44e5-92e5-2500f4efab69/1/vlU5r-kl24C0Fe-xTGMbLYLIzt0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213694

    Signature Algorithm: sha256WithRSAEncryption
         33:2b:00:c5:d2:64:95:68:99:6f:e7:32:b5:5d:c6:f8:c8:82:
         4d:55:51:b2:f6:b2:e6:e4:d3:b2:02:dc:8c:b2:8f:1a:17:52:
         3e:a8:6c:d1:53:65:14:79:bc:ee:c4:42:e7:bc:7c:14:1a:f5:
         a6:c4:6b:f7:02:27:68:1c:5e:eb:10:2a:dd:68:aa:58:96:00:
         c0:c4:69:fb:1b:8c:1a:74:f8:0d:ae:bc:c0:03:94:04:e7:81:
         11:00:38:36:74:7d:25:54:25:7f:92:ee:5b:04:c6:7c:71:00:
         a6:c7:54:1f:f7:d3:72:68:16:b9:e8:12:7e:6a:a8:20:98:92:
         27:a4:f6:24:c8:c7:5c:a0:0e:6d:67:43:51:45:e6:4f:1a:2c:
         42:38:d9:6b:1b:c5:8f:49:ab:5c:81:c3:8d:3d:58:10:40:c4:
         22:fa:14:fb:12:38:4f:49:ff:7c:34:15:33:0c:91:c0:a5:b8:
         c6:a2:e6:19:16:37:e7:41:1b:0f:c5:9e:78:b8:27:9b:f7:1c:
         e4:64:6f:6c:23:c9:3b:89:ae:f7:ae:67:d8:47:7f:ad:fe:7f:
         6f:27:94:82:1a:22:04:4a:e6:1c:1d:5d:0c:9e:e8:6e:d1:62:
         5f:87:e7:ad:41:d2:86:dc:88:37:0a:44:ba:a5:72:4e:b3:ab:
         a0:a7:e2:6e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt7NtOfqXUmIy6JnsZCFEESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMjAxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTU1MzlhZmU5MjVkYjgwYjQxNWVmYjE0YzYzMWIyZDgyYzhjZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQq3Ip2/imC/W3e76S2efucpckwj
Hj8bAWqAt2SSTIixU9HEIg4hCJZpRViKxkWZ4lx70ckZS7+jqXEFeiGKxqtfJjHS
whvZc90jwETOPxs+l5mxpJr8jBVOFv9v9YzA1miDxpG1eAsKg5RQaQduGRWl5m1p
5gO1CLWiuZRl8dY33gGDXOnjJgWGjahDBrjSX4UfoiLL4qSXnsTGILYev+d82pPz
WL1OkRmLIvS+kbM60K9HSZzEad+4Tv89RddVDacjmOan/9v0lncDG7HVhqppIqIn
EY134L2JFVM1xvCX4UAZblht3dJVfMX1t8sbxNDd6xe81M5BtzOLAm+tAQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFL5VOa/pJduAtBXvsUxjGy2CyM7dMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdmLzczM2Rh
ZS0wMDIxLTQ0ZTUtOTJlNS0yNTAwZjRlZmFiNjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2YvNzMzZGFl
LTAwMjEtNDRlNS05MmU1LTI1MDBmNGVmYWI2OS8xL3ZsVTVyLWtsMjRDMEZlLXhU
R01iTFlMSXp0MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNCvjANBgkqhkiG9w0BAQsFAAOCAQEAMysAxdJklWiZ
b+cytV3G+MiCTVVRsvay5uTTsgLcjLKPGhdSPqhs0VNlFHm87sRC57x8FBr1psRr
9wInaBxe6xAq3WiqWJYAwMRp+xuMGnT4Da68wAOUBOeBEQA4NnR9JVQlf5LuWwTG
fHEApsdUH/fTcmgWuegSfmqoIJiSJ6T2JMjHXKAObWdDUUXmTxosQjjZaxvFj0mr
XIHDjT1YEEDEIvoU+xI4T0n/fDQVMwyRwKW4xqLmGRY350EbD8WeeLgnm/cc5GRv
bCPJO4mu965n2Ed/rf5/byeUghoiBErmHB1dDJ7obtFiX4fnrUHShtyINwpEuqVy
TrOroKfibg==
-----END CERTIFICATE-----