This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zdfOlLxNAZntKu9owrsx-gIpXLQ.cer
File:                     zdfOlLxNAZntKu9owrsx-gIpXLQ.cer (raw, json)
Hash identifier:          ALBKvsDPee6HUfnquxZrpbOAtwZep+3RAbywxLFvyEM=
Subject key identifier:   CD:D7:CE:94:BC:4D:01:99:ED:2A:EF:68:C2:BB:31:FA:02:29:5C:B4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B77591F0FC70B4CD40375C01F93F7D124
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/26/446566-cbd6-4784-9659-ed76b1bab44a/1/zdfOlLxNAZntKu9owrsx-gIpXLQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/26/446566-cbd6-4784-9659-ed76b1bab44a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 02:18:08 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 144.63.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 14:10:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:59:1f:0f:c7:0b:4c:d4:03:75:c0:1f:93:f7:d1:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:18:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cdd7ce94bc4d0199ed2aef68c2bb31fa02295cb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:34:ed:2d:4f:88:38:1e:c4:48:51:42:c8:47:
                    1b:ea:3e:4f:e2:c9:c0:ce:c3:12:ea:6e:93:ac:d7:
                    d9:3e:bc:73:c7:cc:b9:d5:2e:06:48:43:9e:e2:58:
                    13:bd:3c:d2:9c:26:d7:cb:4c:92:e6:78:24:72:3f:
                    9d:0a:ca:7c:0f:ec:20:b1:31:a8:f0:32:90:74:19:
                    0f:06:00:e2:67:79:2d:b0:d7:81:42:90:fd:9d:22:
                    8c:6e:52:8a:5b:5a:19:1a:47:06:3d:d4:81:76:57:
                    de:95:cc:3b:2d:b8:87:31:b4:0b:fb:06:2a:41:8c:
                    df:60:df:61:80:d9:3e:64:d2:7b:dc:92:d7:fa:a0:
                    28:cb:e7:09:27:74:96:11:ae:6c:98:28:eb:de:ae:
                    c7:ac:c0:00:05:99:0a:a7:18:22:90:ae:57:3a:78:
                    cf:74:ee:dd:b2:1f:81:b1:68:20:2f:30:e6:9a:13:
                    1a:f8:9e:05:19:d8:b6:b0:7c:1b:2a:71:93:16:96:
                    ec:cf:3e:d0:ab:1c:35:65:4b:fd:6f:65:81:db:a6:
                    83:62:00:c2:e1:93:ae:f9:10:6c:82:73:8a:50:df:
                    6b:32:71:71:86:ca:a9:20:ee:17:bb:26:b4:52:4b:
                    43:90:80:b7:89:42:9d:cd:90:85:89:b7:23:6b:54:
                    ac:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:D7:CE:94:BC:4D:01:99:ED:2A:EF:68:C2:BB:31:FA:02:29:5C:B4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/446566-cbd6-4784-9659-ed76b1bab44a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/446566-cbd6-4784-9659-ed76b1bab44a/1/zdfOlLxNAZntKu9owrsx-gIpXLQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  144.63.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1b:b4:c8:d3:99:3a:3c:40:2e:5f:cd:aa:2c:d1:af:4a:75:4c:
         f3:f3:2d:06:eb:b6:dd:16:94:ae:57:ef:99:ca:12:d3:ed:61:
         b2:56:b6:19:54:2f:e5:24:15:ef:2d:c2:59:21:4c:7a:e2:11:
         db:dc:56:12:c4:b1:93:73:a6:be:c1:de:99:44:0f:11:63:b6:
         cd:f7:f3:a9:0d:23:f7:4a:46:6a:31:44:9b:d8:dd:5f:c6:81:
         6c:9e:93:6c:51:99:a6:2a:91:4f:11:32:5e:08:95:d0:c0:33:
         96:11:3e:96:78:f2:cd:cd:93:9f:d1:f1:2b:4e:66:32:11:9f:
         87:42:1a:fd:06:a5:0a:3a:75:bf:cd:60:8c:9c:95:02:9a:51:
         2d:0e:b4:c3:fc:5d:60:cd:01:e9:30:c3:f1:f2:86:de:88:19:
         92:ec:84:db:d4:f0:19:37:c4:f9:c8:1d:4b:b0:b1:89:e0:11:
         ef:59:1d:68:62:3a:f2:cf:19:c9:3a:b3:77:af:15:07:19:88:
         dc:e4:8c:08:77:84:9b:cb:f3:2a:b3:26:0b:34:56:c2:74:e1:
         99:30:18:f1:8d:c8:db:fc:be:6b:d0:10:74:a0:43:08:86:86:
         ba:d4:9e:b0:81:84:82:be:ac:67:f6:fa:23:ec:54:cc:32:bf:
         9f:fc:36:94
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZt3WR8PxwtM1AN1wB+T99EkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDIxODA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGQ3Y2U5NGJjNGQwMTk5ZWQyYWVmNjhjMmJiMzFmYTAyMjk1Y2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzTtLU+IOB7ESFFCyEcb6j5P4snA
zsMS6m6TrNfZPrxzx8y51S4GSEOe4lgTvTzSnCbXy0yS5ngkcj+dCsp8D+wgsTGo
8DKQdBkPBgDiZ3ktsNeBQpD9nSKMblKKW1oZGkcGPdSBdlfelcw7LbiHMbQL+wYq
QYzfYN9hgNk+ZNJ73JLX+qAoy+cJJ3SWEa5smCjr3q7HrMAABZkKpxgikK5XOnjP
dO7dsh+BsWggLzDmmhMa+J4FGdi2sHwbKnGTFpbszz7Qqxw1ZUv9b2WB26aDYgDC
4ZOu+RBsgnOKUN9rMnFxhsqpIO4Xuya0UktDkIC3iUKdzZCFibcja1SsawIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFM3XzpS8TQGZ7SrvaMK7MfoCKVy0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI2LzQ0NjU2
Ni1jYmQ2LTQ3ODQtOTY1OS1lZDc2YjFiYWI0NGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjYvNDQ2NTY2
LWNiZDYtNDc4NC05NjU5LWVkNzZiMWJhYjQ0YS8xL3pkZk9sTHhOQVpudEt1OW93
cnN4LWdJcFhMUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAkD8wDQYJKoZIhvcNAQELBQADggEBABu0yNOZ
OjxALl/NqizRr0p1TPPzLQbrtt0WlK5X75nKEtPtYbJWthlUL+UkFe8twlkhTHri
EdvcVhLEsZNzpr7B3plEDxFjts3386kNI/dKRmoxRJvY3V/GgWyek2xRmaYqkU8R
Ml4IldDAM5YRPpZ48s3Nk5/R8StOZjIRn4dCGv0GpQo6db/NYIyclQKaUS0OtMP8
XWDNAekww/Hyht6IGZLshNvU8Bk3xPnIHUuwsYngEe9ZHWhiOvLPGck6s3evFQcZ
iNzkjAh3hJvL8yqzJgs0VsJ04ZkwGPGNyNv8vmvQEHSgQwiGhrrUnrCBhIK+rGf2
+iPsVMwyv5/8NpQ=
-----END CERTIFICATE-----