This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3wBu2HGlzgDSu_lovAlA7lhqPOs.cer
File:                     3wBu2HGlzgDSu_lovAlA7lhqPOs.cer (raw, json)
Hash identifier:          1CBptQ70a2U234GaVbRJf7+673+b+mQNf7nZAvwm95k=
Subject key identifier:   DF:00:6E:D8:71:A5:CE:00:D2:BB:F9:68:BC:09:40:EE:58:6A:3C:EB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7F81ED770F77D7A2E261E3CC058411D1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5d/c8f6e1-46c8-4e12-8ce6-95b9e362f077/1/3wBu2HGlzgDSu_lovAlA7lhqPOs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5d/c8f6e1-46c8-4e12-8ce6-95b9e362f077/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 16:19:40 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 147.220.0.0/16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:81:ed:77:0f:77:d7:a2:e2:61:e3:cc:05:84:11:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 16:19:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df006ed871a5ce00d2bbf968bc0940ee586a3ceb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:77:af:0c:d1:93:bd:d4:28:5c:dd:a4:05:85:
                    53:41:b0:a6:54:ed:2e:bc:86:87:53:ee:ba:38:5c:
                    e4:99:15:ec:38:6e:ab:dd:87:00:95:e6:51:7e:65:
                    d9:f3:6d:08:66:8d:a3:1b:0a:d3:30:69:9e:c5:da:
                    bf:8d:19:0d:f7:92:cc:fe:95:a8:55:10:21:c4:3e:
                    0c:5f:56:61:78:9e:7c:b7:3b:1a:d7:35:54:d0:97:
                    3a:2b:c2:08:0d:82:d0:9d:0a:d6:20:b9:bf:54:ac:
                    c6:6d:02:63:70:0d:c1:43:10:e3:f6:2c:98:a8:f7:
                    36:c2:d0:31:ff:25:c7:6c:55:4a:91:03:3e:f9:87:
                    47:9e:34:c3:39:6b:f7:0e:8f:fd:f3:02:ab:5a:64:
                    ff:c8:af:7d:cd:ea:fc:d4:90:42:0f:13:10:1f:39:
                    e4:3c:cc:ab:66:14:59:09:d6:d8:75:db:fb:cd:c3:
                    39:e5:a1:1a:d1:c8:6d:fa:ff:18:17:04:36:dd:e5:
                    1c:be:b8:40:f8:41:17:db:db:63:cc:fb:a4:07:58:
                    44:1d:84:66:54:81:7d:1a:76:db:32:0b:f6:f3:a1:
                    71:61:68:11:b3:42:25:12:9e:61:fb:a8:9d:7e:85:
                    8d:7b:84:e1:57:35:d5:96:20:20:0f:8f:94:eb:65:
                    32:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:00:6E:D8:71:A5:CE:00:D2:BB:F9:68:BC:09:40:EE:58:6A:3C:EB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/c8f6e1-46c8-4e12-8ce6-95b9e362f077/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/c8f6e1-46c8-4e12-8ce6-95b9e362f077/1/3wBu2HGlzgDSu_lovAlA7lhqPOs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.220.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         a2:3c:80:17:df:30:a9:e3:6d:30:be:2e:97:77:48:dc:e7:a1:
         a4:bc:27:5e:b2:87:c5:92:3f:e4:fa:68:c2:9b:d5:0d:b4:0d:
         8a:d5:52:2e:af:d3:18:95:f2:9e:91:b8:db:e9:3e:31:df:05:
         c1:cd:5b:0c:c1:53:7c:56:69:81:85:5c:c1:8f:8b:60:8c:2b:
         6a:a8:9a:f3:24:b0:43:e1:77:64:05:6c:63:af:78:55:93:18:
         fc:e3:8f:77:35:fa:a1:72:8e:68:2b:37:85:90:68:52:5b:f0:
         c5:14:67:66:7e:75:6e:a7:5a:45:9a:75:df:e6:5b:88:c8:fc:
         45:ba:a7:32:f8:df:c2:d7:bb:23:89:94:3b:46:c3:c2:98:fd:
         ec:2e:2b:fa:e8:c0:06:5d:a8:02:68:b7:1c:df:06:ca:9d:e7:
         40:21:c5:f9:2b:7d:ac:18:42:db:ef:c6:01:4b:0a:eb:a9:d0:
         e2:49:01:fd:51:f6:c0:ac:0a:62:ea:ab:64:48:1c:5d:75:14:
         ea:b1:36:7d:51:71:92:0a:7c:a3:e6:fe:52:2b:ca:5b:76:bc:
         1e:66:a7:43:26:39:b3:cb:d7:bb:5d:61:cc:77:05:f3:8b:ff:
         61:15:fd:89:c6:d9:f1:cc:cc:2d:b4:84:a9:ae:55:0e:77:e6:
         af:06:26:10
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAZt/ge13D3fXouJh48wFhBHRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTYxOTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjAwNmVkODcxYTVjZTAwZDJiYmY5NjhiYzA5NDBlZTU4NmEzY2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXevDNGTvdQoXN2kBYVTQbCmVO0u
vIaHU+66OFzkmRXsOG6r3YcAleZRfmXZ820IZo2jGwrTMGmexdq/jRkN95LM/pWo
VRAhxD4MX1ZheJ58tzsa1zVU0Jc6K8IIDYLQnQrWILm/VKzGbQJjcA3BQxDj9iyY
qPc2wtAx/yXHbFVKkQM++YdHnjTDOWv3Do/98wKrWmT/yK99zer81JBCDxMQHznk
PMyrZhRZCdbYddv7zcM55aEa0cht+v8YFwQ23eUcvrhA+EEX29tjzPukB1hEHYRm
VIF9GnbbMgv286FxYWgRs0IlEp5h+6idfoWNe4ThVzXVliAgD4+U62UyLwIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFN8Abthxpc4A0rv5aLwJQO5YajzrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVkL2M4ZjZl
MS00NmM4LTRlMTItOGNlNi05NWI5ZTM2MmYwNzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWQvYzhmNmUx
LTQ2YzgtNGUxMi04Y2U2LTk1YjllMzYyZjA3Ny8xLzN3QnUySEdsemdEU3VfbG92
QWxBN2xocVBPcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB4GCCsGAQUF
BwEHAQH/BA8wDTALBAIAATAFAwMAk9wwDQYJKoZIhvcNAQELBQADggEBAKI8gBff
MKnjbTC+Lpd3SNznoaS8J16yh8WSP+T6aMKb1Q20DYrVUi6v0xiV8p6RuNvpPjHf
BcHNWwzBU3xWaYGFXMGPi2CMK2qomvMksEPhd2QFbGOveFWTGPzjj3c1+qFyjmgr
N4WQaFJb8MUUZ2Z+dW6nWkWadd/mW4jI/EW6pzL438LXuyOJlDtGw8KY/ewuK/ro
wAZdqAJotxzfBsqd50AhxfkrfawYQtvvxgFLCuup0OJJAf1R9sCsCmLqq2RIHF11
FOqxNn1RcZIKfKPm/lIrylt2vB5mp0MmObPL17tdYcx3BfOL/2EV/YnG2fHMzC20
hKmuVQ535q8GJhA=
-----END CERTIFICATE-----