This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NhNfE6vwL6P8pQXVaIFq_FkzSRY.cer
File:                     NhNfE6vwL6P8pQXVaIFq_FkzSRY.cer (raw, json)
Hash identifier:          ZNw6S49ouozT8e3BcuJSDIPDBvvk5lTXCnunJHeaq1k=
Subject key identifier:   36:13:5F:13:AB:F0:2F:A3:FC:A5:05:D5:68:81:6A:FC:59:33:49:16
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B8E4175018105EFF9340504702C433073
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/98/288330-0fe3-42aa-b264-9dfd795a5ada/1/NhNfE6vwL6P8pQXVaIFq_FkzSRY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/98/288330-0fe3-42aa-b264-9dfd795a5ada/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 05 Jan 2026 13:03:33 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 194.169.158.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 16:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:8e:41:75:01:81:05:ef:f9:34:05:04:70:2c:43:30:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  5 13:03:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=36135f13abf02fa3fca505d568816afc59334916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:bb:33:54:7e:59:20:c6:4f:ca:b0:f0:66:1f:
                    d1:42:10:46:df:92:37:12:13:9f:5f:65:f4:15:e8:
                    a1:98:5b:e6:49:5e:a0:40:fd:0a:27:73:d5:d8:59:
                    5b:4a:76:c7:e1:55:1c:30:0f:33:21:0c:99:ec:71:
                    c4:c7:03:a0:9f:2e:cd:e8:cb:4b:d7:8e:02:a6:07:
                    3f:d6:70:09:63:70:23:ca:5c:70:df:d4:04:09:af:
                    68:97:c7:f4:89:5a:66:17:80:f0:ad:44:32:15:b0:
                    e4:37:a6:07:d7:16:17:73:2b:5c:f0:93:38:23:e9:
                    d5:c8:91:b8:30:96:02:9c:c1:b6:7e:dd:04:ba:70:
                    57:b2:e2:a4:04:d7:66:cb:cf:0c:b3:03:3b:a1:a5:
                    07:cf:e6:09:4f:8d:37:cf:8b:85:3f:7b:d7:76:db:
                    ed:d7:2e:56:d7:46:bf:ef:61:8a:5a:a5:66:f7:23:
                    d0:93:3e:b3:bc:23:70:52:4f:32:cf:e3:23:06:01:
                    06:4c:cc:e2:3b:1d:0a:18:0c:46:2d:93:3a:6f:fa:
                    32:0e:12:fd:7d:09:1b:43:10:39:fc:06:72:d0:9b:
                    a5:99:68:32:e8:7e:84:e0:ec:ad:9e:e5:1a:a9:09:
                    9e:37:0d:47:88:0b:9b:26:40:13:f8:d4:0d:b6:e4:
                    2e:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:13:5F:13:AB:F0:2F:A3:FC:A5:05:D5:68:81:6A:FC:59:33:49:16
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/288330-0fe3-42aa-b264-9dfd795a5ada/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/288330-0fe3-42aa-b264-9dfd795a5ada/1/NhNfE6vwL6P8pQXVaIFq_FkzSRY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.169.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:e3:04:12:ef:58:ea:fc:6c:85:f9:f9:34:dd:db:97:95:01:
         d3:eb:99:71:05:02:9d:ed:1e:94:a1:df:31:fb:67:1c:82:ac:
         6c:da:b7:8c:34:61:8a:56:a4:5d:1e:68:06:2c:7e:98:ee:db:
         c2:77:6c:c6:17:28:bd:ef:47:4e:17:4b:7a:ab:82:dc:b5:e5:
         22:cb:38:10:e6:d4:9b:f2:10:f4:ef:e5:51:6a:4f:ae:25:c6:
         bb:84:75:dc:13:e7:59:ea:69:55:52:60:a4:5f:8d:86:21:24:
         b0:29:3f:c7:32:8e:d3:2a:77:76:70:43:6c:7e:35:10:a2:8d:
         a7:11:c0:f7:d3:e5:ee:a8:b2:b6:0d:46:37:47:ef:34:a0:c0:
         d7:26:39:95:b8:39:a5:ba:73:d8:b6:8f:b6:ba:f6:4a:4c:60:
         d3:88:9b:f2:a4:16:d6:7e:48:12:a5:5a:76:43:36:43:21:01:
         76:dd:2d:08:a7:44:1a:f2:45:94:01:5a:1a:41:dd:d7:fb:eb:
         e8:d1:ed:10:99:af:2d:eb:ad:f3:f2:f8:bb:72:76:78:8e:ee:
         99:6e:c0:9e:cc:44:c3:1e:8e:d9:28:c4:ee:d6:22:f1:99:06:
         e4:30:a5:1d:bb:39:b6:96:3c:14:07:74:72:a3:f3:3b:c3:46:
         40:4e:43:25
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZuOQXUBgQXv+TQFBHAsQzBzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTA1MTMwMzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjEzNWYxM2FiZjAyZmEzZmNhNTA1ZDU2ODgxNmFmYzU5MzM0OTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLszVH5ZIMZPyrDwZh/RQhBG35I3
EhOfX2X0FeihmFvmSV6gQP0KJ3PV2FlbSnbH4VUcMA8zIQyZ7HHExwOgny7N6MtL
144Cpgc/1nAJY3Ajylxw39QECa9ol8f0iVpmF4DwrUQyFbDkN6YH1xYXcytc8JM4
I+nVyJG4MJYCnMG2ft0EunBXsuKkBNdmy88MswM7oaUHz+YJT403z4uFP3vXdtvt
1y5W10a/72GKWqVm9yPQkz6zvCNwUk8yz+MjBgEGTMziOx0KGAxGLZM6b/oyDhL9
fQkbQxA5/AZy0JulmWgy6H6E4OytnuUaqQmeNw1HiAubJkAT+NQNtuQubQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFDYTXxOr8C+j/KUF1WiBavxZM0kWMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk4LzI4ODMz
MC0wZmUzLTQyYWEtYjI2NC05ZGZkNzk1YTVhZGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvMjg4MzMw
LTBmZTMtNDJhYS1iMjY0LTlkZmQ3OTVhNWFkYS8xL05oTmZFNnZ3TDZQOHBRWFZh
SUZxX0ZrelNSWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwqmeMA0GCSqGSIb3DQEBCwUAA4IBAQA84wQS
71jq/GyF+fk03duXlQHT65lxBQKd7R6Uod8x+2ccgqxs2reMNGGKVqRdHmgGLH6Y
7tvCd2zGFyi970dOF0t6q4LcteUiyzgQ5tSb8hD07+VRak+uJca7hHXcE+dZ6mlV
UmCkX42GISSwKT/HMo7TKnd2cENsfjUQoo2nEcD30+XuqLK2DUY3R+80oMDXJjmV
uDmlunPYto+2uvZKTGDTiJvypBbWfkgSpVp2QzZDIQF23S0Ip0Qa8kWUAVoaQd3X
++vo0e0Qma8t663z8vi7cnZ4ju6ZbsCezETDHo7ZKMTu1iLxmQbkMKUduzm2ljwU
B3Ryo/M7w0ZATkMl
-----END CERTIFICATE-----