This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rxfMznTBr7qDt7qF2XcSsrzEpeg.cer
File:                     rxfMznTBr7qDt7qF2XcSsrzEpeg.cer (raw, json)
Hash identifier:          BZ8aQgxUSqcmgSGZSuOFw1/lmIqxaSDVS0OhegYv/U0=
Subject key identifier:   AF:17:CC:CE:74:C1:AF:BA:83:B7:BA:85:D9:77:12:B2:BC:C4:A5:E8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7DCAFDCCCFC478FFF78FB47CB1BF9465
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/de/b73cac-3610-4224-bdba-a5757aaafffa/1/rxfMznTBr7qDt7qF2XcSsrzEpeg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/de/b73cac-3610-4224-bdba-a5757aaafffa/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 08:20:13 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 164.138.204.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 01:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:fd:cc:cf:c4:78:ff:f7:8f:b4:7c:b1:bf:94:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:20:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af17ccce74c1afba83b7ba85d97712b2bcc4a5e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:60:8c:af:9a:5d:a6:6a:01:3f:7e:25:de:70:
                    23:64:8f:a7:c5:67:50:57:6f:cb:11:43:70:8d:65:
                    b0:e8:35:fa:2d:98:03:c8:6c:67:b5:a2:ee:41:58:
                    85:ff:69:32:fa:f9:2d:50:08:7c:96:a3:d5:6b:f9:
                    0e:e2:b7:49:37:be:84:a4:ef:73:14:b5:dc:50:75:
                    2a:e2:f9:4b:20:bb:cf:88:47:e1:6e:3a:4c:fb:e0:
                    79:f8:73:0a:6c:2c:29:01:2c:31:ee:38:6d:17:db:
                    37:b0:1d:e6:33:0b:6d:88:58:e3:ae:94:8e:cb:a9:
                    ce:81:79:69:94:f4:ea:42:29:1f:8c:c8:ea:53:4d:
                    8f:8d:fd:e4:69:69:52:4c:84:ac:da:79:79:db:a2:
                    a0:ba:cb:b4:3c:e5:11:b8:be:b9:1f:a5:3a:10:6a:
                    97:47:15:d0:2d:9a:f8:38:0f:4b:41:a2:be:f8:a9:
                    bc:c0:7f:60:c2:91:05:b8:89:f7:08:30:57:36:50:
                    1d:f0:f5:01:8e:02:be:1b:2f:20:6c:26:f5:73:be:
                    2c:61:af:3f:09:fe:1f:33:da:25:4d:80:50:34:b7:
                    83:8d:5c:d3:1f:97:c3:5f:94:6f:b2:af:04:c4:64:
                    d7:74:6a:69:b3:8a:17:95:77:7c:45:b7:38:db:3c:
                    a6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:17:CC:CE:74:C1:AF:BA:83:B7:BA:85:D9:77:12:B2:BC:C4:A5:E8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/b73cac-3610-4224-bdba-a5757aaafffa/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/b73cac-3610-4224-bdba-a5757aaafffa/1/rxfMznTBr7qDt7qF2XcSsrzEpeg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.138.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:7e:37:a3:e0:01:73:20:6f:5d:0e:80:dc:a5:91:1e:0c:98:
         5c:ac:34:a7:00:28:19:43:28:8b:0d:76:63:f2:24:55:05:c9:
         48:a0:18:a1:eb:18:96:fd:88:4d:f9:02:61:6c:aa:18:2f:0b:
         c7:dc:7a:76:8c:a5:57:0c:a5:46:1a:71:a6:0c:16:18:39:1c:
         90:19:e1:0c:46:ef:99:86:ce:f8:36:88:5b:8c:7d:e4:d1:af:
         e2:87:e6:5c:32:9f:44:0f:4c:71:04:7d:87:81:68:73:82:4e:
         b5:c6:df:c1:dc:7a:b6:e4:01:6c:88:21:ab:5c:6a:6c:a7:b6:
         c7:b7:18:08:07:6a:79:0b:a0:3b:d9:ee:71:d7:ff:b3:2e:4f:
         fa:85:c9:8c:5e:30:54:fe:02:60:fb:fb:28:03:13:59:e0:89:
         59:9a:2a:e3:f4:06:98:91:33:42:4f:64:ee:43:3b:7c:48:5d:
         0e:4b:e6:ba:a7:92:18:93:d5:5c:a9:fd:bd:49:62:17:47:b4:
         d0:dc:46:55:cf:b8:ff:2f:8e:8a:2f:32:b6:d2:6b:96:3e:f6:
         5b:bf:f6:e0:5c:e8:38:18:41:6a:d7:83:ea:99:bd:6e:6f:1b:
         f3:37:88:f2:7f:5a:b4:07:dd:cc:71:26:e9:93:ec:b2:1c:47:
         d4:39:72:b4
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt9yv3Mz8R4//ePtHyxv5RlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDgyMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjE3Y2NjZTc0YzFhZmJhODNiN2JhODVkOTc3MTJiMmJjYzRhNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02CMr5pdpmoBP34l3nAjZI+nxWdQ
V2/LEUNwjWWw6DX6LZgDyGxntaLuQViF/2ky+vktUAh8lqPVa/kO4rdJN76EpO9z
FLXcUHUq4vlLILvPiEfhbjpM++B5+HMKbCwpASwx7jhtF9s3sB3mMwttiFjjrpSO
y6nOgXlplPTqQikfjMjqU02Pjf3kaWlSTISs2nl526Kgusu0POURuL65H6U6EGqX
RxXQLZr4OA9LQaK++Km8wH9gwpEFuIn3CDBXNlAd8PUBjgK+Gy8gbCb1c74sYa8/
Cf4fM9olTYBQNLeDjVzTH5fDX5Rvsq8ExGTXdGpps4oXlXd8Rbc42zym3wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFK8XzM50wa+6g7e6hdl3ErK8xKXoMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RlL2I3M2Nh
Yy0zNjEwLTQyMjQtYmRiYS1hNTc1N2FhYWZmZmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGUvYjczY2Fj
LTM2MTAtNDIyNC1iZGJhLWE1NzU3YWFhZmZmYS8xL3J4Zk16blRCcjdxRHQ3cUYy
WGNTc3J6RXBlZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQApIrMMA0GCSqGSIb3DQEBCwUAA4IBAQCPfjej
4AFzIG9dDoDcpZEeDJhcrDSnACgZQyiLDXZj8iRVBclIoBih6xiW/YhN+QJhbKoY
LwvH3Hp2jKVXDKVGGnGmDBYYORyQGeEMRu+Zhs74NohbjH3k0a/ih+ZcMp9ED0xx
BH2HgWhzgk61xt/B3Hq25AFsiCGrXGpsp7bHtxgIB2p5C6A72e5x1/+zLk/6hcmM
XjBU/gJg+/soAxNZ4IlZmirj9AaYkTNCT2TuQzt8SF0OS+a6p5IYk9Vcqf29SWIX
R7TQ3EZVz7j/L46KLzK20muWPvZbv/bgXOg4GEFq14Pqmb1ubxvzN4jyf1q0B93M
cSbpk+yyHEfUOXK0
-----END CERTIFICATE-----