This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer File: AXChabbNQRAiJ56f-ZfxNP9Uqxw.cer (raw, json) Hash identifier: Rzs0diVvnSA9WVKPXQpcEj9K0DzIL6j500Fyd7h3sI4= Subject key identifier: 01:70:A1:69:B6:CD:41:10:22:27:9E:9F:F9:97:F1:34:FF:54:AB:1C Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669 Certificate serial: 019B7E387A82820A18E657240765716D0F70 Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Manifest: rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/AXChabbNQRAiJ56f-ZfxNP9Uqxw.mft caRepository: rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/ Notify URL: https://rrdp.ripe.net/notification.xml Certificate not before: Fri 02 Jan 2026 10:19:49 +0000 Certificate not after: Thu 01 Jul 2027 00:00:00 +0000 Subordinate resources: AS: 35699 IP: 45.130.132.0/22 IP: 45.133.138.0/23 IP: 45.137.240.0/22 IP: 45.145.244.0/22 IP: 45.151.224.0/22 IP: 45.230.12.0/22 IP: 62.56.192.0/20 IP: 64.190.114.0/23 IP: 66.45.120.0/21 IP: 70.34.224.0/20 IP: 74.126.176.0/20 IP: 86.111.60.0/22 IP: 87.236.180.0/22 IP: 91.126.16.0 -- 91.126.255.255 IP: 98.96.184.0/21 IP: 103.202.232.0/22 IP: 110.93.8.0/22 IP: 135.129.224.0/20 IP: 143.131.192.0/18 IP: 147.136.252.0/23 IP: 147.161.64.0/18 IP: 173.243.32.0/20 IP: 185.203.208.0/22 IP: 185.239.36.0/22 IP: 212.97.88.0/21 IP: 216.147.96.0/20 IP: 2a00:1af0::/29 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Mon 26 Jan 2026 13:21:19 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:7e:38:7a:82:82:0a:18:e6:57:24:07:65:71:6d:0f:70 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669 Validity Not Before: Jan 2 10:19:49 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=0170a169b6cd411022279e9ff997f134ff54ab1c Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:b0:75:6e:64:bb:3f:67:13:90:4d:d1:48:ed:72: 85:b2:5b:07:d8:b8:30:96:e8:f6:dc:7f:96:50:99: 79:cf:88:ec:34:54:59:a3:ec:d1:a9:fc:d7:d7:45: 3f:c9:55:7c:c7:a9:3a:d0:90:7c:b0:cc:9b:49:c0: 04:b1:f4:75:f4:5d:74:04:99:6c:fc:8e:4b:b8:aa: 8d:ba:f2:5b:aa:d1:6c:86:92:e4:78:00:34:ae:76: 16:d3:6a:09:31:c8:d8:70:06:bd:8f:7e:f2:ea:71: a1:da:50:cf:0c:64:db:3f:92:fd:9d:e7:ab:21:6a: 2f:ee:54:82:77:4b:f4:3b:88:a2:8a:38:cb:82:a7: fa:9b:cc:d8:98:0b:87:3d:b5:62:fc:d6:1c:f4:fa: 17:fe:70:3d:cb:da:df:5e:be:73:c5:e0:a5:cf:38: d2:fc:03:96:de:ed:7d:52:2f:43:1d:b0:f2:1f:c0: 51:78:a2:2e:03:f0:23:9d:bd:db:ef:ad:ad:32:d5: 73:f5:35:19:e4:44:06:b1:40:a4:c8:a6:75:06:64: 3e:9f:ea:dd:c8:43:44:c3:75:49:a7:ff:50:1f:2c: c3:fb:37:00:c3:c7:6a:3c:c6:e8:46:09:78:d6:b9: 1a:f6:62:a0:77:94:8c:ec:2f:44:68:1c:b3:c5:91: c9:ef Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 01:70:A1:69:B6:CD:41:10:22:27:9E:9F:F9:97:F1:34:FF:54:AB:1C X509v3 Authority Key Identifier: keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Subject Information Access: CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/ RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1e777f-986b-4e34-8d81-7d4bb2380487/1/AXChabbNQRAiJ56f-ZfxNP9Uqxw.mft RPKI Notify - URI:https://rrdp.ripe.net/notification.xml X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 45.130.132.0/22 45.133.138.0/23 45.137.240.0/22 45.145.244.0/22 45.151.224.0/22 45.230.12.0/22 62.56.192.0/20 64.190.114.0/23 66.45.120.0/21 70.34.224.0/20 74.126.176.0/20 86.111.60.0/22 87.236.180.0/22 91.126.16.0-91.126.255.255 98.96.184.0/21 103.202.232.0/22 110.93.8.0/22 135.129.224.0/20 143.131.192.0/18 147.136.252.0/23 147.161.64.0/18 173.243.32.0/20 185.203.208.0/22 185.239.36.0/22 212.97.88.0/21 216.147.96.0/20 IPv6: 2a00:1af0::/29 sbgp-autonomousSysNum: critical Autonomous System Numbers: 35699 Signature Algorithm: sha256WithRSAEncryption a9:82:e3:ac:f4:73:50:ee:63:e8:f5:16:f2:08:f2:ef:32:05: 3e:75:03:0d:15:34:fb:ba:f1:3d:73:e4:a2:f2:e5:b1:eb:59: cf:8e:0e:74:d8:3c:ee:be:af:94:d2:79:77:f8:ec:7f:e5:15: 57:12:24:39:f2:8e:aa:b0:28:c9:01:70:49:d9:d3:6d:1e:1e: 2e:4e:eb:38:8e:5b:fd:c3:b1:31:36:30:a1:68:85:57:29:3a: 9d:59:48:6c:09:7a:14:54:33:05:81:c6:ae:83:50:a7:30:f2: a0:20:8e:d0:53:5d:3d:29:df:da:03:a3:86:fd:4d:29:d9:2d: 62:b5:33:af:06:e7:51:50:6c:29:e9:3f:4a:62:9b:b9:d1:f2: 44:04:fd:f9:f8:30:df:5e:de:6c:16:37:bc:e6:70:4f:3a:eb: 7f:2b:0f:9e:76:75:8f:62:8a:3f:65:48:c3:53:24:de:0b:39: 50:ed:ed:40:8c:a3:eb:50:28:b0:d7:70:8e:07:7e:6b:d7:6d: e2:94:12:11:85:0a:c0:e3:e1:a7:ae:5e:29:ee:8e:a6:36:24: fa:3b:2b:a2:9e:f0:2f:fe:0c:7f:7d:06:03:84:2e:47:bd:b7: e5:f5:10:24:69:c5:09:50:d9:a8:56:90:83:cc:66:ef:54:89: bf:07:bc:fd -----BEGIN CERTIFICATE----- MIIGRTCCBS2gAwIBAgISAZt+OHqCggoY5lckB2VxbQ9wMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk ZGU2NjkwHhcNMjYwMTAyMTAxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD EygwMTcwYTE2OWI2Y2Q0MTEwMjIyNzllOWZmOTk3ZjEzNGZmNTRhYjFjMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsHVuZLs/ZxOQTdFI7XKFslsH2Lgw luj23H+WUJl5z4jsNFRZo+zRqfzX10U/yVV8x6k60JB8sMybScAEsfR19F10BJls /I5LuKqNuvJbqtFshpLkeAA0rnYW02oJMcjYcAa9j37y6nGh2lDPDGTbP5L9neer IWov7lSCd0v0O4iiijjLgqf6m8zYmAuHPbVi/NYc9PoX/nA9y9rfXr5zxeClzzjS /AOW3u19Ui9DHbDyH8BReKIuA/Ajnb3b762tMtVz9TUZ5EQGsUCkyKZ1BmQ+n+rd yENEw3VJp/9QHyzD+zcAw8dqPMboRgl41rka9mKgd5SM7C9EaByzxZHJ7wIDAQAB o4IDUTCCA00wHQYDVR0OBBYEFAFwoWm2zUEQIieen/mX8TT/VKscMB8GA1UdIwQY MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NkLzFlNzc3 Zi05ODZiLTRlMzQtOGQ4MS03ZDRiYjIzODA0ODcvMS8wfAYIKwYBBQUHMAqGcHJz eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2QvMWU3Nzdm LTk4NmItNGUzNC04ZDgxLTdkNGJiMjM4MDQ4Ny8xL0FYQ2hhYmJOUVJBaUo1NmYt WmZ4TlA5VXF4dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIHPBggrBgEF BQcBBwEB/wSBvzCBvDCBqgQCAAEwgaMDBAItgoQDBAEthYoDBAItifADBAItkfQD BAItl+ADBAIt5gwDBAQ+OMADBAFAvnIDBANCLXgDBARGIuADBARKfrADBAJWbzwD BAJX7LQwCwMEBFt+EAMDAFt+AwQDYmC4AwQCZ8roAwQCbl0IAwQEh4HgAwQGj4PA AwQBk4j8AwQGk6FAAwQErfMgAwQCucvQAwQCue8kAwQD1GFYAwQE2JNgMA0EAgAC MAcDBQMqABrwMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCLczANBgkqhkiG9w0B AQsFAAOCAQEAqYLjrPRzUO5j6PUW8gjy7zIFPnUDDRU0+7rxPXPkovLlsetZz44O dNg87r6vlNJ5d/jsf+UVVxIkOfKOqrAoyQFwSdnTbR4eLk7rOI5b/cOxMTYwoWiF Vyk6nVlIbAl6FFQzBYHGroNQpzDyoCCO0FNdPSnf2gOjhv1NKdktYrUzrwbnUVBs Kek/SmKbudHyRAT9+fgw317ebBY3vOZwTzrrfysPnnZ1j2KKP2VIw1Mk3gs5UO3t QIyj61AosNdwjgd+a9dt4pQSEYUKwOPhp65eKe6OpjYk+jsrop7wL/4Mf30GA4Qu R7235fUQJGnFCVDZqFaQg8xm71SJvwe8/Q== -----END CERTIFICATE-----Generated at Sun Jan 25 23:33:55 2026 by rpki-client