This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Z8-tqx1DTEwmEYyaYp50-p83xGE.cer
File:                     Z8-tqx1DTEwmEYyaYp50-p83xGE.cer (raw, json)
Hash identifier:          VHzqIzjebdXFXnOMIHX6BFEM3ztDAfZSCI81n9MmM/o=
Subject key identifier:   67:CF:AD:AB:1D:43:4C:4C:26:11:8C:9A:62:9E:74:FA:9F:37:C4:61
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019A9D5B7F55A267A9A5F21E2A8B2E7CEF3D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e3/1e1ec8-dbf4-43e3-bfea-73797d00687f/1/Z8-tqx1DTEwmEYyaYp50-p83xGE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e3/1e1ec8-dbf4-43e3-bfea-73797d00687f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 19 Nov 2025 18:23:30 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.84.26.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Dec 2025 20:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:9d:5b:7f:55:a2:67:a9:a5:f2:1e:2a:8b:2e:7c:ef:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Nov 19 18:23:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67cfadab1d434c4c26118c9a629e74fa9f37c461
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:1d:56:cc:30:3f:68:7f:6b:5f:f3:40:fa:d8:
                    d5:84:12:3d:40:57:e1:2d:49:d6:3e:70:33:56:f4:
                    e8:bf:54:ec:94:2e:32:e0:b9:91:ea:17:44:33:dc:
                    ba:10:c5:ca:b1:df:84:1c:f3:4a:7e:15:bb:05:64:
                    fa:aa:14:0f:5e:e6:01:00:ea:86:0a:c5:c1:fa:b0:
                    78:e0:99:92:90:c5:c9:ce:79:92:e7:a6:bc:94:0b:
                    4d:88:4f:50:bb:cc:8f:1e:bd:6c:b7:dc:62:d8:59:
                    6e:4c:e9:9a:99:ce:43:e9:0f:e6:ee:0c:ac:cd:cc:
                    0d:47:aa:73:8f:7f:e6:71:df:cd:2d:c1:c8:7b:69:
                    ca:93:8a:9c:9e:6d:9b:37:f2:08:56:e1:fa:73:19:
                    b0:7d:35:c1:39:5f:7a:08:0e:20:fc:15:7b:f9:1b:
                    fd:25:e1:93:26:49:6e:e1:36:9f:7c:75:44:12:e7:
                    9b:17:b8:dc:fb:da:8d:0e:1e:ad:57:a5:26:76:c3:
                    3e:2a:e6:69:58:69:85:59:71:e2:f5:68:c7:fc:ff:
                    a5:f6:9d:40:42:1f:09:b5:99:98:80:36:b8:dc:b0:
                    05:b1:02:03:bf:2f:db:66:bb:95:98:fb:bf:b7:e5:
                    1b:cb:9e:21:13:1a:72:d1:7c:39:d1:37:1e:fe:67:
                    1b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:CF:AD:AB:1D:43:4C:4C:26:11:8C:9A:62:9E:74:FA:9F:37:C4:61
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/1e1ec8-dbf4-43e3-bfea-73797d00687f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/1e1ec8-dbf4-43e3-bfea-73797d00687f/1/Z8-tqx1DTEwmEYyaYp50-p83xGE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.84.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:db:62:ae:e5:8d:e5:ef:8c:2e:f6:63:e4:73:fa:35:fd:4a:
         46:90:ae:93:0e:0c:c9:88:0f:56:8c:04:e3:18:72:c6:f7:67:
         88:60:e5:8e:2d:c9:f9:a3:89:db:9c:be:33:53:9c:a2:93:28:
         49:b3:d5:44:37:fb:5f:1d:3d:94:6e:5a:7a:f7:b0:50:20:95:
         9d:8e:ab:ab:3a:5e:fc:c1:36:01:c9:75:d4:bf:93:4f:61:f8:
         1d:7a:d0:b0:ca:e8:76:b2:38:1b:cd:37:f9:2e:49:99:3b:de:
         de:40:49:1f:61:c2:3a:7e:42:0c:75:4f:9c:3d:61:92:97:6d:
         e5:60:54:33:15:08:3d:9a:cc:36:dd:89:82:1a:57:a2:c0:7c:
         0a:9d:ca:f0:50:73:7a:69:eb:74:7c:19:04:55:67:68:8f:77:
         9b:f0:b8:38:1a:6c:5b:c3:83:5b:7d:2f:e5:4c:6c:6e:57:24:
         87:7b:89:3e:8b:9e:d4:d3:8b:5c:4b:23:68:9b:ec:97:85:93:
         22:cd:56:d5:40:b0:a3:98:dc:85:14:2c:b0:7b:4d:77:91:cd:
         33:a0:2c:89:9b:82:70:56:47:c8:9e:fe:f9:57:b2:68:5b:2c:
         1e:77:79:97:7e:e5:33:97:55:91:cc:c6:c6:6a:f2:62:cd:8f:
         94:9a:5f:a3
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZqdW39VomeppfIeKosufO89MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUxMTE5MTgyMzMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2NmYWRhYjFkNDM0YzRjMjYxMThjOWE2MjllNzRmYTlmMzdjNDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3x1WzDA/aH9rX/NA+tjVhBI9QFfh
LUnWPnAzVvTov1TslC4y4LmR6hdEM9y6EMXKsd+EHPNKfhW7BWT6qhQPXuYBAOqG
CsXB+rB44JmSkMXJznmS56a8lAtNiE9Qu8yPHr1st9xi2FluTOmamc5D6Q/m7gys
zcwNR6pzj3/mcd/NLcHIe2nKk4qcnm2bN/IIVuH6cxmwfTXBOV96CA4g/BV7+Rv9
JeGTJklu4TaffHVEEuebF7jc+9qNDh6tV6UmdsM+KuZpWGmFWXHi9WjH/P+l9p1A
Qh8JtZmYgDa43LAFsQIDvy/bZruVmPu/t+Uby54hExpy0Xw50Tce/mcbBQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGfPrasdQ0xMJhGMmmKedPqfN8RhMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UzLzFlMWVj
OC1kYmY0LTQzZTMtYmZlYS03Mzc5N2QwMDY4N2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTMvMWUxZWM4
LWRiZjQtNDNlMy1iZmVhLTczNzk3ZDAwNjg3Zi8xL1o4LXRxeDFEVEV3bUVZeWFZ
cDUwLXA4M3hHRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwVQaMA0GCSqGSIb3DQEBCwUAA4IBAQAI22Ku
5Y3l74wu9mPkc/o1/UpGkK6TDgzJiA9WjATjGHLG92eIYOWOLcn5o4nbnL4zU5yi
kyhJs9VEN/tfHT2Ublp697BQIJWdjqurOl78wTYByXXUv5NPYfgdetCwyuh2sjgb
zTf5LkmZO97eQEkfYcI6fkIMdU+cPWGSl23lYFQzFQg9msw23YmCGleiwHwKncrw
UHN6aet0fBkEVWdoj3eb8Lg4Gmxbw4NbfS/lTGxuVySHe4k+i57U04tcSyNom+yX
hZMizVbVQLCjmNyFFCywe013kc0zoCyJm4JwVkfInv75V7JoWywed3mXfuUzl1WR
zMbGavJizY+Uml+j
-----END CERTIFICATE-----