This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zfy95jLRBvqtmMLBiVqHfKYBUho.cer
File:                     zfy95jLRBvqtmMLBiVqHfKYBUho.cer (raw, json)
Hash identifier:          WBMuCKEBoQWsqxc23BIJ+mmwTpiqgeMxM25tY3tsyNQ=
Subject key identifier:   CD:FC:BD:E6:32:D1:06:FA:AD:98:C2:C1:89:5A:87:7C:A6:01:52:1A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7910B30FAB941721C84AA7C2E31674A9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/zfy95jLRBvqtmMLBiVqHfKYBUho.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 10:18:16 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 137.120.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Feb 2026 21:21:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:b3:0f:ab:94:17:21:c8:4a:a7:c2:e3:16:74:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:18:16 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cdfcbde632d106faad98c2c1895a877ca601521a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e9:1e:76:bd:83:23:ca:65:b5:62:10:e9:40:
                    6b:7b:ef:1a:6d:56:f3:f0:e1:4d:fb:f7:f2:14:ac:
                    d9:20:43:bf:15:75:9f:1f:d2:c1:fc:c8:51:f3:85:
                    b8:4a:46:43:77:ad:4e:95:00:36:d5:e1:18:11:ca:
                    e5:53:7f:9e:df:f7:c8:70:bd:ce:b0:c9:21:19:17:
                    1e:7d:fb:66:61:99:ea:27:76:90:ed:21:54:66:fe:
                    fc:f2:dc:55:f4:5c:82:bb:9d:68:45:a3:a5:df:6b:
                    73:c1:e5:6c:39:8a:86:3f:3f:cb:47:c6:e5:a1:d6:
                    bf:49:96:f0:0e:8e:29:7a:f2:41:5d:ae:17:2d:bd:
                    85:ea:1c:0e:fa:69:2d:db:0e:71:59:a8:8a:f5:4b:
                    da:77:c6:8e:58:34:5e:75:ab:42:5d:8f:51:c4:b1:
                    df:84:e8:78:4a:6d:12:a4:50:e3:f8:41:64:08:f9:
                    fe:b5:1e:7f:eb:af:55:c2:94:12:a4:38:9f:00:a3:
                    40:c9:ca:92:de:76:23:7c:6f:3d:7f:6e:d1:84:82:
                    72:09:36:3f:66:83:bc:b3:5e:dd:53:4d:42:07:85:
                    9f:85:51:d0:a9:2a:f1:9a:78:57:7b:19:82:16:ed:
                    6c:d0:f9:b2:23:cb:dc:07:d6:e3:41:d6:94:a3:68:
                    f9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:FC:BD:E6:32:D1:06:FA:AD:98:C2:C1:89:5A:87:7C:A6:01:52:1A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/fe45cf-4ad2-41d9-bbca-203cfa238696/1/zfy95jLRBvqtmMLBiVqHfKYBUho.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.120.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         4b:02:dd:65:38:c7:29:6f:1c:55:2d:8d:5a:5e:89:97:9f:8e:
         57:cc:45:f8:38:89:1d:87:1a:4c:e2:86:70:b5:cd:8e:d1:be:
         23:ee:cf:72:4c:13:fe:e3:61:c9:49:86:ac:8c:7b:18:e4:28:
         c7:1f:26:44:e2:45:bf:34:1b:71:fb:8c:78:f6:ed:04:fb:a4:
         3b:40:c5:b7:fb:06:0d:d9:14:b9:6e:e4:0a:47:8d:0f:61:4f:
         52:04:67:23:2b:79:6b:fb:60:4d:4f:c6:00:c1:1d:10:50:3e:
         35:ad:43:d0:a7:8b:29:4f:8a:d4:e5:37:ff:f1:9a:22:f3:d1:
         9f:bf:90:24:98:0d:21:20:5e:3a:2a:9e:12:11:50:b5:08:da:
         a0:d8:80:d5:14:e1:3d:9f:6f:f8:0e:5a:f3:6d:f2:8a:9e:91:
         d4:de:dc:b9:5e:fe:d5:b3:36:09:8c:cc:8e:ec:5c:39:9b:c1:
         e9:dd:10:94:ef:9b:f5:ba:d4:2d:8a:99:91:5e:bb:8e:04:71:
         70:5a:e1:e7:87:ee:a1:e4:95:55:9a:51:94:92:7b:b3:91:6e:
         d5:2e:56:ab:67:e1:53:1f:1e:b3:cd:f5:ea:31:8f:d9:df:83:
         93:e0:4a:dd:2d:4f:96:18:b2:5c:79:8f:bf:ab:3f:fc:b8:64:
         36:9d:5f:d4
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZt5ELMPq5QXIchKp8LjFnSpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMTAxODE2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGZjYmRlNjMyZDEwNmZhYWQ5OGMyYzE4OTVhODc3Y2E2MDE1MjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArukedr2DI8pltWIQ6UBre+8abVbz
8OFN+/fyFKzZIEO/FXWfH9LB/MhR84W4SkZDd61OlQA21eEYEcrlU3+e3/fIcL3O
sMkhGRcefftmYZnqJ3aQ7SFUZv788txV9FyCu51oRaOl32tzweVsOYqGPz/LR8bl
oda/SZbwDo4pevJBXa4XLb2F6hwO+mkt2w5xWaiK9Uvad8aOWDRedatCXY9RxLHf
hOh4Sm0SpFDj+EFkCPn+tR5/669VwpQSpDifAKNAycqS3nYjfG89f27RhIJyCTY/
ZoO8s17dU01CB4WfhVHQqSrxmnhXexmCFu1s0PmyI8vcB9bjQdaUo2j5+wIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFM38veYy0Qb6rZjCwYlah3ymAVIaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc1L2ZlNDVj
Zi00YWQyLTQxZDktYmJjYS0yMDNjZmEyMzg2OTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzUvZmU0NWNm
LTRhZDItNDFkOS1iYmNhLTIwM2NmYTIzODY5Ni8xL3pmeTk1akxSQnZxdG1NTEJp
VnFIZktZQlVoby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAiXgwDQYJKoZIhvcNAQELBQADggEBAEsC3WU4
xylvHFUtjVpeiZefjlfMRfg4iR2HGkzihnC1zY7RviPuz3JME/7jYclJhqyMexjk
KMcfJkTiRb80G3H7jHj27QT7pDtAxbf7Bg3ZFLlu5ApHjQ9hT1IEZyMreWv7YE1P
xgDBHRBQPjWtQ9CniylPitTlN//xmiLz0Z+/kCSYDSEgXjoqnhIRULUI2qDYgNUU
4T2fb/gOWvNt8oqekdTe3Lle/tWzNgmMzI7sXDmbwendEJTvm/W61C2KmZFeu44E
cXBa4eeH7qHklVWaUZSSe7ORbtUuVqtn4VMfHrPN9eoxj9nfg5PgSt0tT5YYslx5
j7+rP/y4ZDadX9Q=
-----END CERTIFICATE-----