This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/y5ocuA-2NzLlMAR6HsVSn4yLGgY.cer
File:                     y5ocuA-2NzLlMAR6HsVSn4yLGgY.cer (raw, json)
Hash identifier:          FsYlZORWd95D0/fHDeS8bE+jv0nJ/ZR7LCKqJeiXg+0=
Subject key identifier:   CB:9A:1C:B8:0F:B6:37:32:E5:30:04:7A:1E:C5:52:9F:8C:8B:1A:06
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B79ED3DACF563A89F05B429A7FB6E9F01
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a1/05bb43-4ae8-4b6d-b46c-113ede3aff79/1/y5ocuA-2NzLlMAR6HsVSn4yLGgY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a1/05bb43-4ae8-4b6d-b46c-113ede3aff79/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 14:19:09 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 201645
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 06:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ed:3d:ac:f5:63:a8:9f:05:b4:29:a7:fb:6e:9f:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb9a1cb80fb63732e530047a1ec5529f8c8b1a06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ab:49:06:5b:69:0d:19:b4:db:db:3c:64:93:
                    20:31:f0:ab:e0:8b:bf:f6:93:b5:52:5c:f6:82:9f:
                    5b:d0:db:c9:b5:21:06:47:5d:6c:be:db:0a:16:67:
                    33:a5:90:9a:bf:da:b6:9d:2f:47:73:d8:d6:94:42:
                    98:e1:b8:f0:b4:c0:34:b0:9f:7b:5f:c1:2c:5d:02:
                    9b:2a:27:ad:0c:83:f4:6c:56:1b:70:75:55:5b:4b:
                    8c:08:85:a1:6b:b9:30:11:fa:ed:14:76:21:d8:35:
                    b4:a9:c3:15:46:23:1b:19:4d:51:ea:ac:54:41:dc:
                    c8:63:0a:db:39:67:da:78:63:24:99:1f:b3:86:77:
                    34:2b:ca:88:7f:6e:45:b7:0b:fb:c6:f8:65:45:bb:
                    36:2a:b8:c6:68:0b:a1:72:87:c4:80:6c:e4:65:a9:
                    18:28:de:fd:4b:05:1e:5f:89:bf:90:20:7d:65:48:
                    80:44:86:19:46:a4:bd:7f:58:d3:bd:61:78:07:3b:
                    6b:d3:ef:ee:e2:ab:de:52:d9:a0:fd:5d:01:a9:37:
                    96:4d:1f:6b:84:71:de:e8:2a:26:8e:6a:82:ab:6a:
                    ce:e3:49:13:96:d0:cf:52:7f:aa:ef:f2:4a:6a:af:
                    b6:6e:a8:8a:11:25:00:4d:1c:ae:a9:fb:ca:31:cc:
                    79:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:9A:1C:B8:0F:B6:37:32:E5:30:04:7A:1E:C5:52:9F:8C:8B:1A:06
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/05bb43-4ae8-4b6d-b46c-113ede3aff79/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/05bb43-4ae8-4b6d-b46c-113ede3aff79/1/y5ocuA-2NzLlMAR6HsVSn4yLGgY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  201645

    Signature Algorithm: sha256WithRSAEncryption
         a9:8b:25:47:41:0a:67:e9:21:fa:fe:b3:dc:cd:e9:d8:1a:4a:
         f4:f4:d6:31:4a:47:60:64:4e:42:1a:02:48:4e:f4:06:1f:5d:
         8d:12:e3:b7:32:c5:a6:6e:6b:8a:cf:fc:9b:d7:dc:c8:fe:b0:
         5d:b9:32:a7:e4:3a:a7:22:70:b1:33:e0:9b:b3:7a:92:90:8a:
         72:51:0b:03:cd:8a:75:f9:28:cc:ef:4b:75:37:b8:8d:5c:e6:
         70:28:82:ab:96:af:4b:4e:9e:9c:05:f4:1d:93:f0:f0:35:8a:
         0d:e8:8a:fe:b6:c0:e3:8b:8a:3b:5c:9c:5c:ab:c7:8e:04:1e:
         5d:f4:49:55:a7:c5:db:f6:2d:78:d3:72:36:1c:c0:0d:a9:44:
         b9:5c:ea:4e:e7:cc:d6:67:ce:5a:48:cb:3f:1b:92:35:85:cb:
         4a:bc:59:d4:f9:71:f6:c0:e2:73:82:59:61:4e:a8:71:a4:26:
         dc:c5:e4:0a:1f:b9:cf:95:76:36:87:8d:06:e6:34:c4:a3:a5:
         ed:bc:12:9b:dd:6f:fc:f6:1f:c7:f0:d7:b6:a2:a8:a7:07:6e:
         22:37:91:a7:83:b6:b3:61:fc:12:d6:24:96:2d:15:04:0c:39:
         20:2d:60:1f:ca:40:bc:b2:dc:29:7e:14:04:19:ad:ff:20:ab:
         70:a2:b0:06
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt57T2s9WOonwW0Kaf7bp8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMTQxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjlhMWNiODBmYjYzNzMyZTUzMDA0N2ExZWM1NTI5ZjhjOGIxYTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKtJBltpDRm029s8ZJMgMfCr4Iu/
9pO1Ulz2gp9b0NvJtSEGR11svtsKFmczpZCav9q2nS9Hc9jWlEKY4bjwtMA0sJ97
X8EsXQKbKietDIP0bFYbcHVVW0uMCIWha7kwEfrtFHYh2DW0qcMVRiMbGU1R6qxU
QdzIYwrbOWfaeGMkmR+zhnc0K8qIf25Ftwv7xvhlRbs2KrjGaAuhcofEgGzkZakY
KN79SwUeX4m/kCB9ZUiARIYZRqS9f1jTvWF4Bztr0+/u4qveUtmg/V0BqTeWTR9r
hHHe6ComjmqCq2rO40kTltDPUn+q7/JKaq+2bqiKESUATRyuqfvKMcx5PQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFMuaHLgPtjcy5TAEeh7FUp+MixoGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ExLzA1YmI0
My00YWU4LTRiNmQtYjQ2Yy0xMTNlZGUzYWZmNzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTEvMDViYjQz
LTRhZTgtNGI2ZC1iNDZjLTExM2VkZTNhZmY3OS8xL3k1b2N1QS0yTnpMbE1BUjZI
c1ZTbjR5TEdnWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMTrTANBgkqhkiG9w0BAQsFAAOCAQEAqYslR0EKZ+kh
+v6z3M3p2BpK9PTWMUpHYGROQhoCSE70Bh9djRLjtzLFpm5ris/8m9fcyP6wXbky
p+Q6pyJwsTPgm7N6kpCKclELA82KdfkozO9LdTe4jVzmcCiCq5avS06enAX0HZPw
8DWKDeiK/rbA44uKO1ycXKvHjgQeXfRJVafF2/YteNNyNhzADalEuVzqTufM1mfO
WkjLPxuSNYXLSrxZ1Plx9sDic4JZYU6ocaQm3MXkCh+5z5V2NoeNBuY0xKOl7bwS
m91v/PYfx/DXtqKopwduIjeRp4O2s2H8EtYkli0VBAw5IC1gH8pAvLLcKX4UBBmt
/yCrcKKwBg==
-----END CERTIFICATE-----