This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/i_iimBQfwvRcBy0noL8mJlXLb1o.cer
File:                     i_iimBQfwvRcBy0noL8mJlXLb1o.cer (raw, json)
Hash identifier:          w9E0PufVF9uD2xXGofF1mAVGRjZsY5W6Zakw+K+rmCs=
Subject key identifier:   8B:F8:A2:98:14:1F:C2:F4:5C:07:2D:27:A0:BF:26:26:55:CB:6F:5A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7F821749A0278EED384CEA7D5ABE957A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/i_iimBQfwvRcBy0noL8mJlXLb1o.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 16:19:50 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 185.94.180.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:82:17:49:a0:27:8e:ed:38:4c:ea:7d:5a:be:95:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 16:19:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8bf8a298141fc2f45c072d27a0bf262655cb6f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:50:27:a5:c2:bb:86:23:b1:e2:5e:5c:5b:c7:
                    82:78:c7:f7:20:69:28:43:a3:a5:8e:37:73:67:21:
                    44:4d:69:02:30:5e:31:e2:14:07:8e:1b:0f:6a:36:
                    67:f0:4f:dc:14:7b:34:4e:28:46:14:09:76:ed:5c:
                    8e:67:b4:ae:56:36:06:0c:1c:d6:f6:36:23:87:76:
                    ab:60:27:20:f4:a9:df:c9:5d:42:ca:e2:a6:2c:33:
                    d2:1f:db:c0:a7:e8:a2:28:8b:bb:18:fd:79:22:e5:
                    ff:fd:af:40:e9:02:d2:52:34:dd:85:56:bb:4e:e5:
                    34:bd:bf:eb:1b:63:0d:a1:a2:06:69:c1:94:cf:49:
                    68:b8:c0:12:cd:c0:51:aa:a4:a5:42:c3:8e:ff:05:
                    77:16:64:b0:f0:73:47:34:44:2a:20:3d:c6:fa:0c:
                    a5:40:35:b8:21:e9:34:3d:75:59:6f:d1:b4:4e:52:
                    cf:3a:96:a2:d0:2d:2f:9c:4d:b6:39:70:4d:26:4f:
                    06:d6:e2:46:37:3c:8e:4d:ba:34:1f:e8:c8:f4:2b:
                    c4:45:54:fa:76:d8:e5:74:3c:3e:ed:3c:e5:d9:e5:
                    78:34:f2:4b:a8:26:56:a6:9f:43:9f:38:3b:01:71:
                    5d:16:61:65:2a:15:32:ba:f8:94:0d:3d:89:35:fc:
                    3b:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F8:A2:98:14:1F:C2:F4:5C:07:2D:27:A0:BF:26:26:55:CB:6F:5A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/496442-aab7-409c-9eff-d46ed568f871/1/i_iimBQfwvRcBy0noL8mJlXLb1o.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.94.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:61:7a:d4:24:0b:29:0e:e2:70:94:d4:23:dd:27:22:f7:af:
         85:6c:9e:47:35:61:22:16:2a:25:74:9d:22:9e:ec:03:cb:f7:
         5c:86:a0:9d:1d:4d:46:d5:d8:c8:a2:75:c9:55:30:e4:4b:9d:
         45:66:c0:4a:db:d8:54:c6:1d:b0:65:b0:61:ea:b7:90:eb:47:
         d4:c1:8b:74:de:4f:05:61:c0:02:d4:87:6f:38:c5:31:2c:47:
         a8:da:ab:a0:f7:30:30:dd:10:e4:20:e5:05:71:74:cb:66:dc:
         90:39:b3:f4:6e:41:43:e9:bc:b2:da:ae:5b:e0:53:02:fc:64:
         1e:4d:94:e6:f7:21:c7:03:64:c7:6f:9e:ca:3e:d9:10:d9:a2:
         86:a1:29:2f:e3:9c:ac:34:f8:b9:3b:00:d6:03:6d:43:6b:0f:
         eb:de:60:17:a8:3e:4f:34:32:ab:1e:6f:7d:95:db:6a:44:09:
         ea:e6:ae:fd:d1:c6:52:03:ee:6d:51:a6:92:b6:79:e3:18:4d:
         03:16:7f:8f:15:e8:b2:ec:83:5d:14:8b:ba:d4:aa:8a:97:61:
         04:47:42:b6:7f:88:06:0c:b3:6d:ab:3b:16:be:b2:d4:8b:6b:
         17:eb:ff:3a:00:c9:7b:fa:46:08:13:d0:61:48:51:b2:48:3b:
         be:6b:39:2b
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt/ghdJoCeO7ThM6n1avpV6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTYxOTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmY4YTI5ODE0MWZjMmY0NWMwNzJkMjdhMGJmMjYyNjU1Y2I2ZjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFAnpcK7hiOx4l5cW8eCeMf3IGko
Q6OljjdzZyFETWkCMF4x4hQHjhsPajZn8E/cFHs0TihGFAl27VyOZ7SuVjYGDBzW
9jYjh3arYCcg9KnfyV1CyuKmLDPSH9vAp+iiKIu7GP15IuX//a9A6QLSUjTdhVa7
TuU0vb/rG2MNoaIGacGUz0louMASzcBRqqSlQsOO/wV3FmSw8HNHNEQqID3G+gyl
QDW4Iek0PXVZb9G0TlLPOpai0C0vnE22OXBNJk8G1uJGNzyOTbo0H+jI9CvERVT6
dtjldDw+7Tzl2eV4NPJLqCZWpp9Dnzg7AXFdFmFlKhUyuviUDT2JNfw7KwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFIv4opgUH8L0XActJ6C/JiZVy29aMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzczLzQ5NjQ0
Mi1hYWI3LTQwOWMtOWVmZi1kNDZlZDU2OGY4NzEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzMvNDk2NDQy
LWFhYjctNDA5Yy05ZWZmLWQ0NmVkNTY4Zjg3MS8xL2lfaWltQlFmd3ZSY0J5MG5v
TDhtSmxYTGIxby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuV60MA0GCSqGSIb3DQEBCwUAA4IBAQBkYXrU
JAspDuJwlNQj3Sci96+FbJ5HNWEiFioldJ0inuwDy/dchqCdHU1G1djIonXJVTDk
S51FZsBK29hUxh2wZbBh6reQ60fUwYt03k8FYcAC1IdvOMUxLEeo2qug9zAw3RDk
IOUFcXTLZtyQObP0bkFD6byy2q5b4FMC/GQeTZTm9yHHA2THb57KPtkQ2aKGoSkv
45ysNPi5OwDWA21Daw/r3mAXqD5PNDKrHm99ldtqRAnq5q790cZSA+5tUaaStnnj
GE0DFn+PFeiy7INdFIu61KqKl2EER0K2f4gGDLNtqzsWvrLUi2sX6/86AMl7+kYI
E9BhSFGySDu+azkr
-----END CERTIFICATE-----