This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zgQm-dLl8wq4eoJ2f9iW7rpLHFc.cer
File:                     zgQm-dLl8wq4eoJ2f9iW7rpLHFc.cer (raw, json)
Hash identifier:          YOnyMChz/JJAS+KS7fnAeo59XG/UyWg4KWFxQ8K0uc8=
Subject key identifier:   CE:04:26:F9:D2:E5:F3:0A:B8:7A:82:76:7F:D8:96:EE:BA:4B:1C:57
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7E385C304029B70D59E45BF9C075734E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/zgQm-dLl8wq4eoJ2f9iW7rpLHFc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 10:19:41 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 91.213.1.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Feb 2026 15:10:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:5c:30:40:29:b7:0d:59:e4:5b:f9:c0:75:73:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:19:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce0426f9d2e5f30ab87a82767fd896eeba4b1c57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:70:aa:c3:7f:59:fe:75:77:74:32:fe:c6:08:
                    66:8c:e1:a6:af:3e:41:9d:c2:ad:a2:c3:48:a0:0f:
                    37:e0:62:8e:a4:ad:b5:1f:cf:37:43:8d:8c:8d:45:
                    e8:d4:f8:5b:96:21:e3:36:27:12:bc:59:c0:6e:78:
                    7e:84:25:c9:a2:79:22:fb:56:49:d9:de:bf:46:1d:
                    b5:d2:a8:e1:85:07:cf:d3:86:ac:8f:de:26:f2:5e:
                    f4:6e:cd:90:cf:51:84:1a:19:cb:01:39:e7:a7:51:
                    b2:fe:a7:f9:fc:c7:b3:dc:13:bc:e9:e6:cb:a9:cb:
                    8a:92:57:ce:2f:0a:15:f8:60:26:7a:54:af:c0:60:
                    21:7b:56:d1:8c:e5:6f:6b:66:50:81:64:7c:e2:64:
                    64:50:4e:13:c7:b4:cf:6b:aa:a9:f4:d4:b2:db:51:
                    d4:e4:15:cb:39:d7:d6:99:e1:fa:e7:85:f5:43:12:
                    cb:b1:ea:05:8d:57:22:37:61:84:4b:ab:2b:ac:f4:
                    11:37:76:25:d2:22:8e:1a:fe:4d:6b:c9:1c:63:b4:
                    76:5a:f0:38:24:e9:49:d3:58:08:6d:52:a2:99:02:
                    dc:c2:75:60:b4:64:b5:2d:22:73:1d:d2:22:c4:42:
                    88:29:86:3a:6e:d4:26:2b:48:38:aa:74:75:22:c9:
                    4d:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:04:26:F9:D2:E5:F3:0A:B8:7A:82:76:7F:D8:96:EE:BA:4B:1C:57
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/394dc0-75aa-40a8-8222-ee4a4618524c/1/zgQm-dLl8wq4eoJ2f9iW7rpLHFc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:8f:6b:2f:63:a4:7d:d9:22:84:cf:11:f8:30:25:8a:6e:a7:
         fe:a7:3f:99:9a:9f:db:ae:87:31:e2:5f:37:d9:17:08:dc:2a:
         a3:0e:2d:68:e9:cd:df:40:36:40:6d:4d:f7:5d:74:b8:13:41:
         84:df:ae:a6:b3:dd:19:3e:b2:e3:0b:76:95:77:bd:aa:57:0e:
         85:38:7d:56:66:d6:d6:87:87:6a:5c:11:b4:1e:e8:a1:68:65:
         6e:31:ae:4b:57:a9:1e:c8:f9:71:32:21:a5:ce:c4:80:35:63:
         ed:a8:8d:ee:ab:36:dd:6e:ef:9c:01:65:1f:8d:ba:10:12:f2:
         8a:22:31:71:59:fe:1c:a5:ab:e8:b5:bc:2a:35:56:49:6a:a1:
         0b:fa:9c:02:17:e5:d5:a0:c0:a0:63:d7:aa:b7:76:5c:5f:8e:
         01:89:c6:17:1d:a5:73:d6:1d:7a:13:52:06:07:7e:58:58:98:
         0f:30:c0:d1:23:29:18:2f:4f:cf:99:39:2e:27:26:a2:c0:79:
         e4:bc:70:70:4d:19:e7:4e:2b:70:e2:d9:5c:e1:8f:03:4a:c2:
         a5:02:22:4e:4c:e7:c9:a1:ea:41:10:99:ca:88:a1:09:98:d9:
         00:62:01:4a:c9:f8:17:42:2b:e5:45:86:2a:dd:db:81:79:6e:
         5c:b7:11:de
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt+OFwwQCm3DVnkW/nAdXNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTAxOTQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTA0MjZmOWQyZTVmMzBhYjg3YTgyNzY3ZmQ4OTZlZWJhNGIxYzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHCqw39Z/nV3dDL+xghmjOGmrz5B
ncKtosNIoA834GKOpK21H883Q42MjUXo1PhbliHjNicSvFnAbnh+hCXJonki+1ZJ
2d6/Rh210qjhhQfP04asj94m8l70bs2Qz1GEGhnLATnnp1Gy/qf5/Mez3BO86ebL
qcuKklfOLwoV+GAmelSvwGAhe1bRjOVva2ZQgWR84mRkUE4Tx7TPa6qp9NSy21HU
5BXLOdfWmeH654X1QxLLseoFjVciN2GES6srrPQRN3Yl0iKOGv5Na8kcY7R2WvA4
JOlJ01gIbVKimQLcwnVgtGS1LSJzHdIixEKIKYY6btQmK0g4qnR1IslNVwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFM4EJvnS5fMKuHqCdn/Ylu66SxxXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UyLzM5NGRj
MC03NWFhLTQwYTgtODIyMi1lZTRhNDYxODUyNGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTIvMzk0ZGMw
LTc1YWEtNDBhOC04MjIyLWVlNGE0NjE4NTI0Yy8xL3pnUW0tZExsOHdxNGVvSjJm
OWlXN3JwTEhGYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW9UBMA0GCSqGSIb3DQEBCwUAA4IBAQCcj2sv
Y6R92SKEzxH4MCWKbqf+pz+Zmp/brocx4l832RcI3CqjDi1o6c3fQDZAbU33XXS4
E0GE366ms90ZPrLjC3aVd72qVw6FOH1WZtbWh4dqXBG0HuihaGVuMa5LV6keyPlx
MiGlzsSANWPtqI3uqzbdbu+cAWUfjboQEvKKIjFxWf4cpavotbwqNVZJaqEL+pwC
F+XVoMCgY9eqt3ZcX44BicYXHaVz1h16E1IGB35YWJgPMMDRIykYL0/PmTkuJyai
wHnkvHBwTRnnTitw4tlc4Y8DSsKlAiJOTOfJoepBEJnKiKEJmNkAYgFKyfgXQivl
RYYq3duBeW5ctxHe
-----END CERTIFICATE-----