This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QA3igTHHO19TIPUdrmwb1Hq4L5I.cer
File:                     QA3igTHHO19TIPUdrmwb1Hq4L5I.cer (raw, json)
Hash identifier:          +myJbcaUaEZAw3k0mMHyfIQCMpk7NMYvpc2vS1F252E=
Subject key identifier:   40:0D:E2:81:31:C7:3B:5F:53:20:F5:1D:AE:6C:1B:D4:7A:B8:2F:92
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7C12E43DE59B75D720EE757D2A5D997C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/QA3igTHHO19TIPUdrmwb1Hq4L5I.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 00:19:31 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 91.197.243.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 13:21:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:12:e4:3d:e5:9b:75:d7:20:ee:75:7d:2a:5d:99:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:19:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=400de28131c73b5f5320f51dae6c1bd47ab82f92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e6:94:a2:52:29:d1:99:89:8f:24:58:e4:a5:
                    a3:07:aa:4c:40:a9:88:35:51:c3:23:75:47:80:ad:
                    39:68:8f:dc:80:5c:05:46:77:63:9f:26:8f:26:25:
                    3d:75:9b:fa:1e:fb:98:c2:35:3f:f7:88:54:c7:37:
                    c7:c4:03:36:9e:6b:65:83:6a:54:22:03:d7:88:4c:
                    96:79:09:fe:57:28:b3:80:80:a6:17:fa:5a:b9:a3:
                    76:e0:16:0f:bb:c6:d4:05:aa:a5:04:36:ca:a0:96:
                    3b:d8:13:00:30:17:b0:06:dd:9a:ab:59:57:34:82:
                    3d:81:f7:a2:32:83:b3:e2:0f:13:a0:59:f3:bd:64:
                    12:26:1c:aa:ea:7c:bf:79:1d:c3:d5:4a:ac:39:61:
                    49:61:6f:29:49:e7:35:a2:b1:16:4a:c6:5e:59:9f:
                    b6:8e:6e:53:b2:6e:e2:87:75:22:cb:41:8c:55:ce:
                    fc:42:81:91:e9:83:d5:59:24:5a:ae:31:c3:4c:99:
                    96:38:19:39:62:37:69:76:ef:39:0a:f5:c4:be:7e:
                    31:aa:a6:78:f5:d8:49:28:0c:d8:81:c8:74:c0:39:
                    9b:22:6c:38:00:46:d4:44:45:97:d5:90:5d:13:63:
                    2c:5d:85:15:dc:ba:8a:a9:2f:53:f4:4a:be:ab:7b:
                    4a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:0D:E2:81:31:C7:3B:5F:53:20:F5:1D:AE:6C:1B:D4:7A:B8:2F:92
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/e797f2-f272-4663-b145-bc6a1b21fd5e/1/QA3igTHHO19TIPUdrmwb1Hq4L5I.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:41:2b:42:d7:60:65:f7:61:07:fc:59:87:a2:eb:fe:76:80:
         b0:31:7e:fa:a2:a0:89:38:2e:0c:95:05:0c:e2:d2:0d:40:b0:
         98:22:0a:40:a2:31:d3:cd:67:3f:38:e8:83:7f:9d:67:d8:7f:
         0f:c8:01:e5:6e:95:10:ca:68:91:30:d9:7a:7f:f3:bb:4b:e9:
         5c:02:37:a3:20:71:39:96:5a:7a:5c:dd:28:6d:34:3a:fe:e0:
         2d:68:bc:8f:4e:26:ff:1f:37:cc:cd:4c:bc:ab:ae:03:66:21:
         9b:20:20:f9:d4:7d:aa:63:0b:48:b6:8f:7a:03:06:6f:04:69:
         e1:d9:91:cf:2e:93:ad:28:bd:6f:99:0a:16:6e:44:19:19:98:
         54:12:24:c1:a0:b6:6d:03:74:b9:15:47:24:fe:b0:11:b1:7c:
         ff:4a:35:a0:23:88:67:70:fe:e7:f1:3d:13:9e:95:d7:1c:f1:
         0f:2c:26:9b:59:69:56:67:ca:f0:89:a9:c8:27:40:5f:cc:e5:
         0c:fd:d5:50:b2:7c:79:01:32:bc:8b:32:a8:57:70:15:06:d0:
         5e:df:8f:52:94:f9:20:c1:c6:eb:97:60:eb:20:b9:86:c0:78:
         ce:21:45:9f:8f:7d:39:bc:92:3a:8d:0e:18:c4:b8:c5:c5:2a:
         2b:27:39:c5
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt8EuQ95Zt11yDudX0qXZl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDAxOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDBkZTI4MTMxYzczYjVmNTMyMGY1MWRhZTZjMWJkNDdhYjgyZjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseaUolIp0ZmJjyRY5KWjB6pMQKmI
NVHDI3VHgK05aI/cgFwFRndjnyaPJiU9dZv6HvuYwjU/94hUxzfHxAM2nmtlg2pU
IgPXiEyWeQn+VyizgICmF/pauaN24BYPu8bUBaqlBDbKoJY72BMAMBewBt2aq1lX
NII9gfeiMoOz4g8ToFnzvWQSJhyq6ny/eR3D1UqsOWFJYW8pSec1orEWSsZeWZ+2
jm5Tsm7ih3Uiy0GMVc78QoGR6YPVWSRarjHDTJmWOBk5Yjdpdu85CvXEvn4xqqZ4
9dhJKAzYgch0wDmbImw4AEbUREWX1ZBdE2MsXYUV3LqKqS9T9Eq+q3tKjwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFEAN4oExxztfUyD1Ha5sG9R6uC+SMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk5L2U3OTdm
Mi1mMjcyLTQ2NjMtYjE0NS1iYzZhMWIyMWZkNWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTkvZTc5N2Yy
LWYyNzItNDY2My1iMTQ1LWJjNmExYjIxZmQ1ZS8xL1FBM2lnVEhITzE5VElQVWRy
bXdiMUhxNEw1SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8XzMA0GCSqGSIb3DQEBCwUAA4IBAQATQStC
12Bl92EH/FmHouv+doCwMX76oqCJOC4MlQUM4tINQLCYIgpAojHTzWc/OOiDf51n
2H8PyAHlbpUQymiRMNl6f/O7S+lcAjejIHE5llp6XN0obTQ6/uAtaLyPTib/HzfM
zUy8q64DZiGbICD51H2qYwtIto96AwZvBGnh2ZHPLpOtKL1vmQoWbkQZGZhUEiTB
oLZtA3S5FUck/rARsXz/SjWgI4hncP7n8T0TnpXXHPEPLCabWWlWZ8rwianIJ0Bf
zOUM/dVQsnx5ATK8izKoV3AVBtBe349SlPkgwcbrl2DrILmGwHjOIUWfj305vJI6
jQ4YxLjFxSorJznF
-----END CERTIFICATE-----