This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/sRFXyY8mJ5_D7tLas88Rg3K9vhs.cer
File:                     sRFXyY8mJ5_D7tLas88Rg3K9vhs.cer (raw, json)
Hash identifier:          ZlTi4N0FPvBBx7dJgIHiEatM3Uus2JTHNCeWiZVZsao=
Subject key identifier:   B1:11:57:C9:8F:26:27:9F:C3:EE:D2:DA:B3:CF:11:83:72:BD:BE:1B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7EA50D43AB6FF60AE762B01A2E79C01C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3c/521a74-ebc9-4267-b046-e0acacc10ef5/1/sRFXyY8mJ5_D7tLas88Rg3K9vhs.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3c/521a74-ebc9-4267-b046-e0acacc10ef5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 12:18:24 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 193.23.229.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 22:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:0d:43:ab:6f:f6:0a:e7:62:b0:1a:2e:79:c0:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:18:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b11157c98f26279fc3eed2dab3cf118372bdbe1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e3:cb:ee:d8:f5:30:9b:9b:36:48:51:f1:36:
                    06:e3:14:df:1e:7f:54:c6:dc:44:ae:5d:90:0c:24:
                    d0:7c:27:0a:37:c1:42:7c:96:40:32:9d:a5:e4:0d:
                    e2:95:f2:a5:f0:43:54:e9:20:c6:97:99:44:2d:dc:
                    e6:09:98:1f:3e:80:6d:8e:e4:d8:09:b4:fe:f2:2f:
                    1a:50:85:e7:6f:b6:9d:32:b0:83:a0:f5:05:17:fb:
                    1e:86:72:14:c1:e0:3c:b2:9f:98:2d:80:8d:34:62:
                    6d:01:b5:7a:0c:4d:cc:76:81:5d:c1:1c:0a:a9:b3:
                    ac:9b:f9:10:2d:25:43:c0:e1:1a:87:a7:85:ac:28:
                    3e:d5:5e:31:bb:f0:dd:3f:e0:3a:c4:f6:96:45:31:
                    df:31:16:77:e9:b0:12:8f:64:6c:54:da:5e:5c:09:
                    06:b2:19:13:f9:8e:da:bc:d6:b7:c9:59:7b:b7:fe:
                    60:90:1a:0d:b4:9f:e2:0f:4d:b8:e5:fc:c1:94:9f:
                    96:41:f3:d8:40:8e:06:c2:0f:ef:cd:d4:f6:58:a1:
                    ca:95:e1:2c:1c:74:04:b6:89:65:3e:e4:3a:ec:66:
                    ab:62:6c:b2:8b:d5:3e:fd:bf:d5:da:4a:95:3b:69:
                    08:f3:fd:24:3c:5d:8d:ac:b8:0f:10:36:db:80:63:
                    32:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:11:57:C9:8F:26:27:9F:C3:EE:D2:DA:B3:CF:11:83:72:BD:BE:1B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/521a74-ebc9-4267-b046-e0acacc10ef5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/521a74-ebc9-4267-b046-e0acacc10ef5/1/sRFXyY8mJ5_D7tLas88Rg3K9vhs.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:1a:27:4c:2e:14:3c:19:a7:1b:d3:15:9c:dc:4e:68:dc:f7:
         91:e7:6e:75:88:88:bf:ce:f1:85:54:90:09:93:24:cd:a3:00:
         a3:8a:ed:e8:bc:bf:e3:92:c1:d6:c4:2c:93:e1:29:07:ef:8a:
         ff:2d:8d:bf:75:ac:0c:2b:a3:61:b2:78:a5:a6:ee:e8:ec:04:
         02:58:d1:e6:f7:44:dd:8f:41:b1:47:18:1d:7d:c3:5f:23:4b:
         4d:6b:cf:ff:8c:0a:cb:a6:8a:46:27:c7:6a:a7:10:41:34:bd:
         5e:49:51:0f:91:a3:ed:0d:49:c6:70:7e:9f:58:12:52:fb:50:
         48:12:da:cf:7b:86:18:6d:6f:1c:22:4a:08:0d:65:46:3f:59:
         d9:ac:a6:ef:86:9c:1b:9a:64:b1:cb:f2:fe:c9:63:84:7e:2c:
         58:80:6b:8b:cf:ce:bf:6b:e3:41:14:0d:c0:ee:d6:76:2f:e8:
         54:ac:70:48:ef:a6:1e:31:e8:db:30:16:c8:f2:36:e0:ed:50:
         9a:5e:6b:9e:46:2a:18:21:72:3f:dc:f3:ac:eb:76:36:98:7e:
         f1:a4:02:e0:ba:da:ec:4f:2d:2d:6f:6f:c0:5c:8b:9d:5b:94:
         7d:f1:30:d4:84:42:61:ce:a2:b2:d6:a6:ec:36:c3:30:e4:b6:
         04:dd:7e:d2
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt+pQ1Dq2/2CudisBouecAcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTIxODI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTExNTdjOThmMjYyNzlmYzNlZWQyZGFiM2NmMTE4MzcyYmRiZTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOPL7tj1MJubNkhR8TYG4xTfHn9U
xtxErl2QDCTQfCcKN8FCfJZAMp2l5A3ilfKl8ENU6SDGl5lELdzmCZgfPoBtjuTY
CbT+8i8aUIXnb7adMrCDoPUFF/sehnIUweA8sp+YLYCNNGJtAbV6DE3MdoFdwRwK
qbOsm/kQLSVDwOEah6eFrCg+1V4xu/DdP+A6xPaWRTHfMRZ36bASj2RsVNpeXAkG
shkT+Y7avNa3yVl7t/5gkBoNtJ/iD0245fzBlJ+WQfPYQI4Gwg/vzdT2WKHKleEs
HHQEtollPuQ67GarYmyyi9U+/b/V2kqVO2kI8/0kPF2NrLgPEDbbgGMyRQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFLERV8mPJiefw+7S2rPPEYNyvb4bMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNjLzUyMWE3
NC1lYmM5LTQyNjctYjA0Ni1lMGFjYWNjMTBlZjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2MvNTIxYTc0
LWViYzktNDI2Ny1iMDQ2LWUwYWNhY2MxMGVmNS8xL3NSRlh5WThtSjVfRDd0TGFz
ODhSZzNLOXZocy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwRflMA0GCSqGSIb3DQEBCwUAA4IBAQATGidM
LhQ8Gacb0xWc3E5o3PeR5251iIi/zvGFVJAJkyTNowCjiu3ovL/jksHWxCyT4SkH
74r/LY2/dawMK6Nhsnilpu7o7AQCWNHm90Tdj0GxRxgdfcNfI0tNa8//jArLpopG
J8dqpxBBNL1eSVEPkaPtDUnGcH6fWBJS+1BIEtrPe4YYbW8cIkoIDWVGP1nZrKbv
hpwbmmSxy/L+yWOEfixYgGuLz86/a+NBFA3A7tZ2L+hUrHBI76YeMejbMBbI8jbg
7VCaXmueRioYIXI/3POs63Y2mH7xpALgutrsTy0tb2/AXIudW5R98TDUhEJhzqKy
1qbsNsMw5LYE3X7S
-----END CERTIFICATE-----