This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Kbh1W8U-8XdGvSlu8oupAM2Y--A.cer
File:                     Kbh1W8U-8XdGvSlu8oupAM2Y--A.cer (raw, json)
Hash identifier:          X6X85rGs+VFcxJDDzQaozv/nfWbiJQq4HAsUN1EHY3E=
Subject key identifier:   29:B8:75:5B:C5:3E:F1:77:46:BD:29:6E:F2:8B:A9:00:CD:98:FB:E0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B76EB884468FBC41D3ED5361A87713C5C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/0c/068231-7cfc-4068-86b5-9ab4ad8b4ff4/1/Kbh1W8U-8XdGvSlu8oupAM2Y--A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/0c/068231-7cfc-4068-86b5-9ab4ad8b4ff4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 00:18:25 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    AS: 205018
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:88:44:68:fb:c4:1d:3e:d5:36:1a:87:71:3c:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:18:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29b8755bc53ef17746bd296ef28ba900cd98fbe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fe:bd:74:eb:4a:d5:20:1f:54:d5:3e:af:8e:
                    a2:be:5c:05:e5:c9:23:e6:a1:f9:e2:57:24:2b:c2:
                    f3:bd:11:6e:97:e4:2d:3c:48:98:6d:5c:af:93:cc:
                    54:1f:b5:20:d3:0b:3c:74:95:e2:37:59:49:c5:87:
                    8d:3d:71:91:0e:f5:6f:25:a4:ba:5a:06:3d:5c:8b:
                    ed:d8:fa:3d:d6:7b:31:13:0f:b2:05:77:80:49:fe:
                    94:e9:d1:ab:41:93:be:8f:4a:da:f4:4f:ab:d8:83:
                    70:6d:9a:40:5c:61:1d:08:97:53:6d:20:a3:e8:53:
                    2f:4a:08:2b:b4:a8:d1:fa:cd:7f:b5:d3:55:79:89:
                    df:3f:bd:35:77:a2:6f:9f:07:da:10:c0:5c:a8:33:
                    26:35:ca:f2:6c:dc:d8:b7:ae:d1:85:43:c1:06:a1:
                    49:31:fb:87:07:0e:38:d4:a9:34:e3:7e:42:0f:70:
                    45:2a:6c:f2:c9:f6:37:1a:8c:42:6b:79:bc:9a:90:
                    f3:13:a1:53:3f:5e:97:60:23:18:7a:e8:46:b1:8a:
                    c9:6f:ae:64:1e:df:aa:ee:7b:8a:b0:7f:72:25:07:
                    7a:bd:bb:55:1c:58:1b:11:b8:fa:96:a8:94:60:34:
                    36:5e:81:03:70:e2:ef:4b:57:bb:7d:dd:2b:4f:66:
                    a9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B8:75:5B:C5:3E:F1:77:46:BD:29:6E:F2:8B:A9:00:CD:98:FB:E0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/068231-7cfc-4068-86b5-9ab4ad8b4ff4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/068231-7cfc-4068-86b5-9ab4ad8b4ff4/1/Kbh1W8U-8XdGvSlu8oupAM2Y--A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205018

    Signature Algorithm: sha256WithRSAEncryption
         2d:df:f2:86:f6:bf:58:0f:75:a3:14:8f:dd:99:f3:20:aa:c0:
         88:ab:55:ee:0e:5f:bf:28:26:04:b0:15:2e:43:89:cd:1b:2b:
         76:e1:59:0b:a3:98:c9:97:06:cc:d3:62:4a:b5:f3:20:28:0e:
         d8:f9:44:e9:65:ec:1a:56:e0:33:62:07:fc:31:99:f0:f6:27:
         08:0d:39:fd:29:da:93:d5:eb:06:f4:26:7d:ab:16:43:70:99:
         de:56:a2:75:56:e3:7a:39:bd:92:87:ff:26:ba:c3:f8:49:5b:
         ca:75:ed:8c:48:26:e5:d1:00:5a:c8:e2:9f:9f:3f:75:ca:c2:
         13:e5:4f:52:69:56:fb:de:79:54:81:d8:32:d3:d3:c5:f9:27:
         12:d5:38:73:00:5d:d5:ab:59:c5:da:43:5e:62:1b:0b:57:88:
         0b:ed:ff:75:40:eb:99:e0:a3:12:52:cc:67:34:fc:d0:91:07:
         f3:cb:33:5d:3e:47:33:d3:ed:2c:3f:6c:81:01:06:a6:ac:ef:
         2e:65:74:60:13:73:69:9e:76:ed:5b:45:b3:2e:4b:9f:46:76:
         1a:02:de:17:19:43:bb:55:f0:e0:1e:2d:8b:38:a6:c7:eb:a3:
         ec:21:30:2b:83:6a:a0:e7:f3:cf:44:ce:a0:b0:24:62:2d:52:
         4b:82:a2:3d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZt264hEaPvEHT7VNhqHcTxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDAxODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWI4NzU1YmM1M2VmMTc3NDZiZDI5NmVmMjhiYTkwMGNkOThmYmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/69dOtK1SAfVNU+r46ivlwF5ckj
5qH54lckK8LzvRFul+QtPEiYbVyvk8xUH7Ug0ws8dJXiN1lJxYeNPXGRDvVvJaS6
WgY9XIvt2Po91nsxEw+yBXeASf6U6dGrQZO+j0ra9E+r2INwbZpAXGEdCJdTbSCj
6FMvSggrtKjR+s1/tdNVeYnfP701d6JvnwfaEMBcqDMmNcrybNzYt67RhUPBBqFJ
MfuHBw441Kk0435CD3BFKmzyyfY3GoxCa3m8mpDzE6FTP16XYCMYeuhGsYrJb65k
Ht+q7nuKsH9yJQd6vbtVHFgbEbj6lqiUYDQ2XoEDcOLvS1e7fd0rT2apgQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCm4dVvFPvF3Rr0pbvKLqQDNmPvgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzBjLzA2ODIz
MS03Y2ZjLTQwNjgtODZiNS05YWI0YWQ4YjRmZjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMGMvMDY4MjMx
LTdjZmMtNDA2OC04NmI1LTlhYjRhZDhiNGZmNC8xL0tiaDFXOFUtOFhkR3ZTbHU4
b3VwQU0yWS0tQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMg2jANBgkqhkiG9w0BAQsFAAOCAQEALd/yhva/WA91
oxSP3ZnzIKrAiKtV7g5fvygmBLAVLkOJzRsrduFZC6OYyZcGzNNiSrXzICgO2PlE
6WXsGlbgM2IH/DGZ8PYnCA05/Snak9XrBvQmfasWQ3CZ3laidVbjejm9kof/JrrD
+ElbynXtjEgm5dEAWsjin58/dcrCE+VPUmlW+955VIHYMtPTxfknEtU4cwBd1atZ
xdpDXmIbC1eIC+3/dUDrmeCjElLMZzT80JEH88szXT5HM9PtLD9sgQEGpqzvLmV0
YBNzaZ527VtFsy5Ln0Z2GgLeFxlDu1Xw4B4tizimx+uj7CEwK4NqoOfzz0TOoLAk
Yi1SS4KiPQ==
-----END CERTIFICATE-----