This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer File: 8P8sYimvdjqZ9TSaMlEN9KRSYUM.cer (raw, json) Hash identifier: HAgNemHxjqNmcOSEJvzvQ+ka0vw+ULy19nydnoJ7Hjs= Subject key identifier: F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43 Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669 Certificate serial: 019B7B3670F6181B8EA9F6C7296538EC38B5 Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Manifest: rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.mft caRepository: rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/ Notify URL: https://rrdp.ripe.net/notification.xml Certificate not before: Thu 01 Jan 2026 20:18:44 +0000 Certificate not after: Thu 01 Jul 2027 00:00:00 +0000 Subordinate resources: AS: 1241 AS: 8951 AS: 15617 AS: 25472 IP: 37.6.0.0/16 IP: 46.12.0.0/16 IP: 46.190.0.0/17 IP: 46.246.128.0/17 IP: 62.1.0.0/16 IP: 62.169.192.0/18 IP: 77.49.0.0/16 IP: 79.103.0.0/16 IP: 79.107.0.0/16 IP: 80.245.160.0/20 IP: 81.92.48.0/20 IP: 84.254.0.0/18 IP: 91.140.0.0/17 IP: 109.242.0.0/16 IP: 130.43.0.0/17 IP: 176.58.128.0/17 IP: 185.3.220.0/22 IP: 185.4.88.0/22 IP: 188.4.0.0/16 IP: 188.73.192.0/18 IP: 193.92.0.0/16 IP: 194.219.0.0/16 IP: 195.74.224.0/19 IP: 212.54.192.0/19 IP: 212.152.64.0/18 IP: 212.251.0.0/17 IP: 213.16.128.0/17 IP: 2a02:2148::/29 IP: 2a03:f000::/29 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 26 Jan 2026 16:00:30 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:7b:36:70:f6:18:1b:8e:a9:f6:c7:29:65:38:ec:38:b5 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669 Validity Not Before: Jan 1 20:18:44 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=f0ff2c6229af763a99f5349a32510df4a4526143 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:c8:93:36:95:0e:73:da:5a:ca:3b:16:d4:1e:5b: 30:59:38:82:16:8a:f9:f2:b4:1a:ec:c4:72:bd:f5: c6:45:56:91:ef:ed:1e:4e:83:00:1c:28:97:df:62: b3:65:22:d7:33:c7:fd:6d:24:ec:36:4a:72:ed:73: e3:1b:0c:3a:61:25:8a:0a:41:ab:58:e4:a5:80:c2: f9:72:c8:0d:c9:86:ae:d1:57:8c:8d:0b:d4:05:9f: f5:c9:b5:bd:93:03:0a:17:e1:a3:83:d3:87:5f:53: d6:05:27:6c:db:6f:54:3b:77:70:f6:7a:37:7c:8e: 23:97:40:44:f3:a0:43:32:e1:97:be:86:6d:38:da: 8c:b0:ee:c1:78:cf:2f:74:4b:13:8d:b6:e9:ad:2f: 8b:38:57:f1:52:ef:79:0a:e7:47:e9:56:a7:55:f6: a6:2f:a1:65:a8:66:1e:c9:94:93:e7:6c:c3:71:2d: 31:e7:a3:65:1c:78:b4:56:4d:4e:35:bd:6f:1d:83: 64:f9:c5:4d:d6:4c:52:5d:c0:16:67:b8:39:2f:2d: cd:d8:a4:74:aa:78:d1:ab:23:ba:04:bb:36:59:48: 51:8f:8c:e6:b4:ae:92:7c:e6:1f:fd:d2:de:d3:e2: c9:67:03:cf:59:7f:62:61:08:d6:42:01:c3:f5:4a: 46:ed Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: F0:FF:2C:62:29:AF:76:3A:99:F5:34:9A:32:51:0D:F4:A4:52:61:43 X509v3 Authority Key Identifier: keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Subject Information Access: CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/ RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/051fa2-c580-4a02-a186-e69f7a5d2d90/1/8P8sYimvdjqZ9TSaMlEN9KRSYUM.mft RPKI Notify - URI:https://rrdp.ripe.net/notification.xml X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 37.6.0.0/16 46.12.0.0/16 46.190.0.0/17 46.246.128.0/17 62.1.0.0/16 62.169.192.0/18 77.49.0.0/16 79.103.0.0/16 79.107.0.0/16 80.245.160.0/20 81.92.48.0/20 84.254.0.0/18 91.140.0.0/17 109.242.0.0/16 130.43.0.0/17 176.58.128.0/17 185.3.220.0/22 185.4.88.0/22 188.4.0.0/16 188.73.192.0/18 193.92.0.0/16 194.219.0.0/16 195.74.224.0/19 212.54.192.0/19 212.152.64.0/18 212.251.0.0/17 213.16.128.0/17 IPv6: 2a02:2148::/29 2a03:f000::/29 sbgp-autonomousSysNum: critical Autonomous System Numbers: 1241 8951 15617 25472 Signature Algorithm: sha256WithRSAEncryption 1a:23:c5:37:cf:84:b8:6a:59:d9:03:e1:90:0a:95:8d:5e:01: 39:7b:db:5e:ff:45:1d:99:aa:4a:f9:8e:9c:3d:cc:5f:46:f0: 7f:8a:ad:30:8b:73:0e:22:c5:55:fe:91:e7:af:72:3f:73:87: 8e:e6:18:31:4d:e0:2b:d0:30:28:ea:67:34:5a:6f:9a:b3:35: b0:1d:c1:69:49:ca:2b:b7:1a:c9:c7:db:f7:22:83:9d:61:7b: 25:1e:eb:83:06:28:a6:33:46:32:76:1b:fc:8e:c0:4c:0b:88: c0:d6:80:f6:17:16:07:28:69:77:55:76:b6:40:56:98:01:47: 99:bd:6e:51:fb:20:5a:9f:c6:b4:d3:b3:22:fa:cd:be:f5:0e: 2a:bc:15:06:6e:74:c6:67:9d:7a:d8:ea:15:bb:4e:a7:77:89: b7:5d:79:a4:1d:8a:36:a9:cd:bf:4d:41:56:b3:89:5b:1d:de: 65:58:ed:b8:35:a6:69:22:de:2c:1c:38:87:01:2f:1d:7b:4d: 81:d9:7c:0c:ef:a4:1e:a7:cc:f9:db:50:0e:f3:ab:c1:28:dd: a4:43:2f:49:68:89:53:cd:7d:c6:47:af:4e:75:26:18:c0:50: 49:32:7c:4e:9b:d2:56:3c:c2:24:9c:c8:e0:fd:d5:31:39:0d: 14:38:92:fc -----BEGIN CERTIFICATE----- MIIGTDCCBTSgAwIBAgISAZt7NnD2GBuOqfbHKWU47Di1MA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk ZGU2NjkwHhcNMjYwMTAxMjAxODQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD EyhmMGZmMmM2MjI5YWY3NjNhOTlmNTM0OWEzMjUxMGRmNGE0NTI2MTQzMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJM2lQ5z2lrKOxbUHlswWTiCFor5 8rQa7MRyvfXGRVaR7+0eToMAHCiX32KzZSLXM8f9bSTsNkpy7XPjGww6YSWKCkGr WOSlgML5csgNyYau0VeMjQvUBZ/1ybW9kwMKF+Gjg9OHX1PWBSds229UO3dw9no3 fI4jl0BE86BDMuGXvoZtONqMsO7BeM8vdEsTjbbprS+LOFfxUu95CudH6VanVfam L6FlqGYeyZST52zDcS0x56NlHHi0Vk1ONb1vHYNk+cVN1kxSXcAWZ7g5Ly3N2KR0 qnjRqyO6BLs2WUhRj4zmtK6SfOYf/dLe0+LJZwPPWX9iYQjWQgHD9UpG7QIDAQAB o4IDWDCCA1QwHQYDVR0OBBYEFPD/LGIpr3Y6mfU0mjJRDfSkUmFDMB8GA1UdIwQY MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NjLzA1MWZh Mi1jNTgwLTRhMDItYTE4Ni1lNjlmN2E1ZDJkOTAvMS8wfAYIKwYBBQUHMAqGcHJz eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2MvMDUxZmEy LWM1ODAtNGEwMi1hMTg2LWU2OWY3YTVkMmQ5MC8xLzhQOHNZaW12ZGpxWjlUU2FN bEVOOUtSU1lVTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIHLBggrBgEF BQcBBwEB/wSBuzCBuDCBnwQCAAEwgZgDAwAlBgMDAC4MAwQHLr4AAwQHLvaAAwMA PgEDBAY+qcADAwBNMQMDAE9nAwMAT2sDBARQ9aADBARRXDADBAZU/gADBAdbjAAD AwBt8gMEB4IrAAMEB7A6gAMEArkD3AMEArkEWAMDALwEAwQGvEnAAwMAwVwDAwDC 2wMEBcNK4AMEBdQ2wAMEBtSYQAMEB9T7AAMEB9UQgDAUBAIAAjAOAwUDKgIhSAMF AyoD8AAwJQYIKwYBBQUHAQgBAf8EFjAUoBIwEAICBNkCAiL3AgI9AQICY4AwDQYJ KoZIhvcNAQELBQADggEBABojxTfPhLhqWdkD4ZAKlY1eATl7217/RR2Zqkr5jpw9 zF9G8H+KrTCLcw4ixVX+keevcj9zh47mGDFN4CvQMCjqZzRab5qzNbAdwWlJyiu3 GsnH2/cig51heyUe64MGKKYzRjJ2G/yOwEwLiMDWgPYXFgcoaXdVdrZAVpgBR5m9 blH7IFqfxrTTsyL6zb71Diq8FQZudMZnnXrY6hW7Tqd3ibddeaQdijapzb9NQVaz iVsd3mVY7bg1pmki3iwcOIcBLx17TYHZfAzvpB6nzPnbUA7zq8Eo3aRDL0loiVPN fcZHr051JhjAUEkyfE6b0lY8wiScyOD91TE5DRQ4kvw= -----END CERTIFICATE-----Generated at Mon Jan 26 01:08:32 2026 by rpki-client