This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3sTrmin0tz2fTIT5dcheB1S1a3E.cer
File:                     3sTrmin0tz2fTIT5dcheB1S1a3E.cer (raw, json)
Hash identifier:          uwi+ZM8vfBOc6lBnm5xNoMklUWX+XtJ+6wtq15tLkdY=
Subject key identifier:   DE:C4:EB:9A:29:F4:B7:3D:9F:4C:84:F9:75:C8:5E:07:54:B5:6B:71
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B94A9DB8AF1F68D67863CD8F9C5708182
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4a/1c90d7-f12b-4283-8a93-e61741b9f249/1/3sTrmin0tz2fTIT5dcheB1S1a3E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4a/1c90d7-f12b-4283-8a93-e61741b9f249/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 06 Jan 2026 18:55:18 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 213673
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:94:a9:db:8a:f1:f6:8d:67:86:3c:d8:f9:c5:70:81:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  6 18:55:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dec4eb9a29f4b73d9f4c84f975c85e0754b56b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:00:a0:84:2b:ff:8a:66:38:8c:d7:11:b7:18:
                    2e:37:7f:aa:9a:c7:96:9c:52:f9:49:93:59:94:f4:
                    65:d4:a5:b4:e3:3d:03:84:be:b3:61:f9:0b:a8:f3:
                    c2:61:23:42:94:35:4a:40:09:34:fe:de:8f:eb:3c:
                    88:b4:33:06:27:1b:aa:a6:f4:53:4c:6e:72:a7:cb:
                    b8:58:2a:36:8a:85:c8:3e:85:45:3e:e6:f7:73:35:
                    34:d8:9b:95:a5:fe:18:9b:b7:b6:e5:ce:4c:fd:d9:
                    d9:b5:91:e2:07:b8:50:25:75:da:c1:4d:f3:5e:30:
                    95:7f:20:67:ac:33:6e:06:51:cb:ed:35:45:02:60:
                    9e:93:37:72:f9:48:36:a8:e9:77:bd:24:11:3e:69:
                    46:5f:eb:e4:77:08:db:64:01:1e:dc:93:94:44:ef:
                    1b:6e:79:57:06:4e:46:ae:e2:af:d3:52:49:5b:72:
                    0c:17:de:5e:45:37:35:b9:ea:c9:12:af:77:f1:f3:
                    0f:ca:e9:f9:1d:7f:47:82:d7:e6:cf:10:ce:26:33:
                    4c:72:a8:82:c7:ba:a0:fd:4d:75:a4:db:3f:d2:34:
                    1e:c0:d4:89:4d:2e:ce:3b:36:b9:28:65:14:cb:fa:
                    ee:05:35:52:1d:8b:97:45:33:af:2b:63:3e:a0:5f:
                    56:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:C4:EB:9A:29:F4:B7:3D:9F:4C:84:F9:75:C8:5E:07:54:B5:6B:71
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/1c90d7-f12b-4283-8a93-e61741b9f249/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/1c90d7-f12b-4283-8a93-e61741b9f249/1/3sTrmin0tz2fTIT5dcheB1S1a3E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213673

    Signature Algorithm: sha256WithRSAEncryption
         8c:69:16:49:d6:1f:57:75:5e:d0:68:cd:73:d8:6a:68:81:06:
         e8:69:f9:93:9c:ff:c7:67:fd:b0:b7:b3:c8:98:a0:78:25:22:
         84:12:46:0a:22:0a:3c:46:5c:9f:3f:f7:61:b1:aa:5b:8c:5a:
         1b:f2:2a:6d:08:39:79:05:0a:65:93:4d:45:71:b3:5e:81:fd:
         16:29:69:a8:cb:f5:10:92:44:d2:3d:18:7d:f7:e6:71:fd:52:
         f1:67:4c:03:84:7c:30:ce:01:33:0b:90:e0:ef:4c:1f:a0:1f:
         ab:05:8d:08:0d:48:37:0e:55:03:d7:13:d3:65:24:a6:8d:b0:
         0b:70:f4:37:98:7e:9a:3b:d2:41:3f:ed:f9:ef:23:75:1b:c5:
         7f:e1:f0:73:e0:9d:59:00:a0:31:51:44:cc:5e:bd:2e:b6:bd:
         53:a6:a2:12:47:a6:5c:28:83:97:6e:59:88:d2:45:a1:fc:4e:
         64:c8:b3:66:6b:30:19:0f:0a:0d:0a:1e:b4:fb:e6:66:61:3f:
         95:3a:57:10:68:64:dc:12:5e:4c:fa:64:5e:9b:be:9e:a0:34:
         c3:39:48:82:07:94:cd:e6:0a:ae:e3:9d:a6:84:5c:c0:56:df:
         72:c9:87:e5:c8:16:93:71:56:c5:4f:20:d5:89:9b:ff:fb:a1:
         9a:07:f1:f5
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZuUqduK8faNZ4Y82PnFcIGCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTA2MTg1NTE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWM0ZWI5YTI5ZjRiNzNkOWY0Yzg0Zjk3NWM4NWUwNzU0YjU2YjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wCghCv/imY4jNcRtxguN3+qmseW
nFL5SZNZlPRl1KW04z0DhL6zYfkLqPPCYSNClDVKQAk0/t6P6zyItDMGJxuqpvRT
TG5yp8u4WCo2ioXIPoVFPub3czU02JuVpf4Ym7e25c5M/dnZtZHiB7hQJXXawU3z
XjCVfyBnrDNuBlHL7TVFAmCekzdy+Ug2qOl3vSQRPmlGX+vkdwjbZAEe3JOURO8b
bnlXBk5GruKv01JJW3IMF95eRTc1uerJEq938fMPyun5HX9HgtfmzxDOJjNMcqiC
x7qg/U11pNs/0jQewNSJTS7OOza5KGUUy/ruBTVSHYuXRTOvK2M+oF9WQwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFN7E65op9Lc9n0yE+XXIXgdUtWtxMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRhLzFjOTBk
Ny1mMTJiLTQyODMtOGE5My1lNjE3NDFiOWYyNDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEvMWM5MGQ3
LWYxMmItNDI4My04YTkzLWU2MTc0MWI5ZjI0OS8xLzNzVHJtaW4wdHoyZlRJVDVk
Y2hlQjFTMWEzRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNCqTANBgkqhkiG9w0BAQsFAAOCAQEAjGkWSdYfV3Ve
0GjNc9hqaIEG6Gn5k5z/x2f9sLezyJigeCUihBJGCiIKPEZcnz/3YbGqW4xaG/Iq
bQg5eQUKZZNNRXGzXoH9FilpqMv1EJJE0j0Yfffmcf1S8WdMA4R8MM4BMwuQ4O9M
H6AfqwWNCA1INw5VA9cT02Ukpo2wC3D0N5h+mjvSQT/t+e8jdRvFf+Hwc+CdWQCg
MVFEzF69Lra9U6aiEkemXCiDl25ZiNJFofxOZMizZmswGQ8KDQoetPvmZmE/lTpX
EGhk3BJeTPpkXpu+nqA0wzlIggeUzeYKruOdpoRcwFbfcsmH5cgWk3FWxU8g1Ymb
//uhmgfx9Q==
-----END CERTIFICATE-----