This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hyd386vnZf-Is-jm24PSfDxiYTg.cer
File:                     hyd386vnZf-Is-jm24PSfDxiYTg.cer (raw, json)
Hash identifier:          0hWN78JPY0K78cdGTBR70eQ6NnqXpz0g+KwZzKx3JLQ=
Subject key identifier:   87:27:77:F3:AB:E7:65:FF:88:B3:E8:E6:DB:83:D2:7C:3C:62:61:38
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7EA64764EBBE850226BF16F22BF6836E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2d/7a7ef6-372a-4b74-92f2-41b468f3aab0/1/hyd386vnZf-Is-jm24PSfDxiYTg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2d/7a7ef6-372a-4b74-92f2-41b468f3aab0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 12:19:45 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 193.201.66.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:47:64:eb:be:85:02:26:bf:16:f2:2b:f6:83:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:19:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=872777f3abe765ff88b3e8e6db83d27c3c626138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:54:ba:7e:a0:af:1a:e3:28:5f:6e:bd:b5:6a:
                    58:1c:e9:8a:59:a7:d8:96:70:45:89:81:82:a4:4a:
                    cc:2f:f7:f5:80:5a:65:da:e6:9f:1c:f6:23:ee:fd:
                    aa:8e:70:c2:c5:21:b3:06:60:5b:08:d7:19:6c:e5:
                    db:5a:6b:75:5b:67:08:a6:b3:8b:0a:39:96:86:61:
                    78:38:68:c6:98:74:d0:8c:a1:3b:1b:e5:55:6e:c7:
                    dd:da:3b:46:b1:cc:70:a0:08:03:e0:33:6e:5e:cd:
                    7b:e5:b4:75:26:cf:1d:e5:9e:f2:ec:39:e2:fd:e4:
                    5b:71:cd:77:0f:c0:ea:56:07:2f:37:c8:f4:db:3a:
                    79:97:b0:b3:d2:62:fb:09:61:db:30:da:bf:4f:9a:
                    ea:53:14:9f:d5:d2:31:e9:47:ca:5d:58:33:b5:31:
                    00:85:fe:75:1c:7d:e6:d6:87:d6:37:82:8f:d5:12:
                    a1:33:fb:62:e0:52:0a:c3:23:63:ed:fd:af:ac:d8:
                    05:2c:f7:a2:c4:d8:76:1f:e6:b2:a5:55:25:d4:fd:
                    4c:6a:b1:43:a6:3d:48:53:bc:6b:b6:f9:c5:79:fa:
                    a0:0d:9e:66:07:19:8b:83:9b:5a:a8:01:f8:7e:36:
                    44:1f:ce:97:0a:a4:1f:78:ee:16:ed:0b:35:5b:8a:
                    6b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:27:77:F3:AB:E7:65:FF:88:B3:E8:E6:DB:83:D2:7C:3C:62:61:38
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/7a7ef6-372a-4b74-92f2-41b468f3aab0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/7a7ef6-372a-4b74-92f2-41b468f3aab0/1/hyd386vnZf-Is-jm24PSfDxiYTg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:d7:e9:24:87:9f:16:fe:a0:49:f5:89:fb:f5:06:44:96:31:
         8a:c7:d2:a5:48:64:a2:96:7b:91:21:65:3f:ed:82:38:28:2c:
         96:2a:ba:45:46:4d:23:e2:00:8d:ef:aa:bc:ff:67:59:9c:97:
         b6:db:9f:e3:d1:6a:ad:83:06:89:56:59:ca:cb:8d:43:c3:78:
         4a:36:7c:1d:69:8a:23:f2:d2:1b:2c:b4:0e:04:4a:10:84:4a:
         de:a7:ee:1a:d9:d4:f2:5b:a4:1d:c8:6f:b7:07:0b:ad:75:79:
         27:d8:fd:b0:d1:e2:1a:36:91:fb:04:c8:c5:ae:d3:76:0a:d9:
         b3:19:6b:f9:6a:33:5c:a7:17:bb:f5:e2:27:8a:3a:30:b6:46:
         75:8a:93:a0:ce:ef:c2:70:d6:d3:44:81:98:d8:8e:89:d6:12:
         ba:f2:21:07:77:5a:9c:eb:46:1a:9b:91:2f:a8:3c:a6:ba:06:
         fc:de:56:35:42:dc:2b:ed:a1:ca:a1:fc:e1:8c:1f:fb:35:38:
         f4:59:0b:d6:74:f6:eb:0d:56:a4:92:ea:cb:e2:14:32:1a:06:
         e6:94:82:aa:21:ff:6c:0d:1a:92:c7:53:c1:5b:cf:2f:8b:b4:
         76:f8:ff:dd:17:d0:b7:d3:76:9a:5e:f2:b8:00:a4:09:be:cb:
         a0:34:ed:15
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt+pkdk676FAia/FvIr9oNuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTIxOTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzI3NzdmM2FiZTc2NWZmODhiM2U4ZTZkYjgzZDI3YzNjNjI2MTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVS6fqCvGuMoX269tWpYHOmKWafY
lnBFiYGCpErML/f1gFpl2uafHPYj7v2qjnDCxSGzBmBbCNcZbOXbWmt1W2cIprOL
CjmWhmF4OGjGmHTQjKE7G+VVbsfd2jtGscxwoAgD4DNuXs175bR1Js8d5Z7y7Dni
/eRbcc13D8DqVgcvN8j02zp5l7Cz0mL7CWHbMNq/T5rqUxSf1dIx6UfKXVgztTEA
hf51HH3m1ofWN4KP1RKhM/ti4FIKwyNj7f2vrNgFLPeixNh2H+aypVUl1P1MarFD
pj1IU7xrtvnFefqgDZ5mBxmLg5taqAH4fjZEH86XCqQfeO4W7Qs1W4prgQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIcnd/Or52X/iLPo5tuD0nw8YmE4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJkLzdhN2Vm
Ni0zNzJhLTRiNzQtOTJmMi00MWI0NjhmM2FhYjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvN2E3ZWY2
LTM3MmEtNGI3NC05MmYyLTQxYjQ2OGYzYWFiMC8xL2h5ZDM4NnZuWmYtSXMtam0y
NFBTZkR4aVlUZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwclCMA0GCSqGSIb3DQEBCwUAA4IBAQCD1+kk
h58W/qBJ9Yn79QZEljGKx9KlSGSilnuRIWU/7YI4KCyWKrpFRk0j4gCN76q8/2dZ
nJe225/j0WqtgwaJVlnKy41Dw3hKNnwdaYoj8tIbLLQOBEoQhErep+4a2dTyW6Qd
yG+3BwutdXkn2P2w0eIaNpH7BMjFrtN2CtmzGWv5ajNcpxe79eInijowtkZ1ipOg
zu/CcNbTRIGY2I6J1hK68iEHd1qc60Yam5EvqDymugb83lY1Qtwr7aHKofzhjB/7
NTj0WQvWdPbrDVakkurL4hQyGgbmlIKqIf9sDRqSx1PBW88vi7R2+P/dF9C303aa
XvK4AKQJvsugNO0V
-----END CERTIFICATE-----