This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/x02iHagDioIFQrOvr76qqmZreyc.cer
File:                     x02iHagDioIFQrOvr76qqmZreyc.cer (raw, json)
Hash identifier:          3He6NLbd5XN3Ty/c7HKFmgfKgLny4gORZsw8mjW8Qmc=
Subject key identifier:   C7:4D:A2:1D:A8:03:8A:82:05:42:B3:AF:AF:BE:AA:AA:66:6B:7B:27
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7B35B1164D60EA7B5EEBF7387F6714FC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/64/4f8444-2c3d-4592-9458-801d89d7366d/1/x02iHagDioIFQrOvr76qqmZreyc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/64/4f8444-2c3d-4592-9458-801d89d7366d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 01 Jan 2026 20:17:54 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 195.43.132.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 27 Jan 2026 15:35:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:35:b1:16:4d:60:ea:7b:5e:eb:f7:38:7f:67:14:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:17:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c74da21da8038a820542b3afafbeaaaa666b7b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a4:a5:09:34:ec:93:39:32:d7:21:20:52:c0:
                    6f:aa:29:e5:c1:8b:62:5e:5e:48:de:52:cf:71:69:
                    e6:56:d1:cc:55:79:4d:10:3b:32:82:5c:46:c2:75:
                    95:46:62:d1:19:04:0c:40:9c:b3:5e:10:1c:3d:67:
                    8b:4c:1b:86:8b:01:fe:bd:74:6b:bf:94:c3:10:09:
                    35:67:25:7d:e8:9a:cf:10:fc:8a:ca:31:ed:5c:c4:
                    59:4a:87:30:58:f2:e8:c7:f5:2b:1b:d0:4b:69:55:
                    80:3a:97:4f:81:29:a9:0e:0b:57:73:38:a9:f9:90:
                    36:51:19:65:60:e3:3d:26:42:30:97:17:fa:bc:fc:
                    08:f2:27:73:5f:33:c0:24:dc:c4:28:7c:a8:43:c0:
                    d3:a6:2d:b1:9e:b1:bc:81:47:8d:ad:0b:dc:40:96:
                    83:7c:a2:27:01:af:78:61:68:a0:0f:29:bf:ef:e4:
                    11:ca:88:af:8a:f0:fd:22:b2:00:ae:e8:05:ac:b2:
                    a5:32:63:32:c6:eb:7e:5e:c6:4c:0b:4e:32:34:18:
                    b5:af:f7:95:49:34:5e:c5:61:e3:17:b8:ce:68:5c:
                    37:dd:e3:1b:30:3d:19:ab:a8:01:f9:99:8b:0a:27:
                    1e:49:a2:41:8d:64:f1:ac:0c:a7:f8:2d:d0:c5:3b:
                    cc:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:4D:A2:1D:A8:03:8A:82:05:42:B3:AF:AF:BE:AA:AA:66:6B:7B:27
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/4f8444-2c3d-4592-9458-801d89d7366d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/4f8444-2c3d-4592-9458-801d89d7366d/1/x02iHagDioIFQrOvr76qqmZreyc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.43.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:b5:ed:65:cb:8f:7b:88:6b:35:ed:d7:7b:ec:03:75:e3:88:
         bb:66:4b:e6:60:a6:12:9c:dd:c7:37:60:6d:12:80:b3:24:58:
         ec:5e:7c:26:1a:e1:19:64:01:29:80:a1:03:7c:f0:ff:62:ed:
         42:25:7e:37:c1:02:17:e0:1d:28:eb:d9:8d:a2:0e:5f:34:53:
         d7:0d:35:16:cc:b2:55:d1:9f:9e:37:7a:53:55:bf:dc:e0:9e:
         93:fb:cf:23:f1:72:38:cd:de:31:88:7f:1d:04:09:cf:3b:03:
         ca:cd:aa:5e:3c:f9:c5:e9:d9:f9:91:2a:89:22:6e:a3:62:ae:
         44:dc:db:be:c3:e8:19:d4:87:96:47:61:cf:2d:f1:bf:48:38:
         a6:58:62:b5:b6:b8:14:5f:63:de:11:ac:51:9c:10:89:12:ed:
         4e:e5:4c:cf:db:24:21:b3:9e:e4:77:0b:76:91:87:64:c3:ee:
         b2:ab:a0:b4:0c:a7:4b:7f:1c:a2:9d:56:e9:6b:8a:52:ae:d3:
         42:29:55:dc:85:81:93:f7:4e:7c:dd:46:ae:96:98:b0:5d:63:
         1e:8d:e5:7f:16:4d:df:91:45:92:ee:64:c5:31:d7:83:e2:8a:
         08:ad:09:26:81:74:68:3a:10:77:c4:44:31:ba:7c:76:17:f3:
         60:67:da:89
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt7NbEWTWDqe17r9zh/ZxT8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMjAxNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzRkYTIxZGE4MDM4YTgyMDU0MmIzYWZhZmJlYWFhYTY2NmI3YjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqSlCTTskzky1yEgUsBvqinlwYti
Xl5I3lLPcWnmVtHMVXlNEDsyglxGwnWVRmLRGQQMQJyzXhAcPWeLTBuGiwH+vXRr
v5TDEAk1ZyV96JrPEPyKyjHtXMRZSocwWPLox/UrG9BLaVWAOpdPgSmpDgtXczip
+ZA2URllYOM9JkIwlxf6vPwI8idzXzPAJNzEKHyoQ8DTpi2xnrG8gUeNrQvcQJaD
fKInAa94YWigDym/7+QRyoivivD9IrIArugFrLKlMmMyxut+XsZMC04yNBi1r/eV
STRexWHjF7jOaFw33eMbMD0Zq6gB+ZmLCiceSaJBjWTxrAyn+C3QxTvM+wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFMdNoh2oA4qCBUKzr6++qqpma3snMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY0LzRmODQ0
NC0yYzNkLTQ1OTItOTQ1OC04MDFkODlkNzM2NmQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjQvNGY4NDQ0
LTJjM2QtNDU5Mi05NDU4LTgwMWQ4OWQ3MzY2ZC8xL3gwMmlIYWdEaW9JRlFyT3Zy
NzZxcW1acmV5Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwyuEMA0GCSqGSIb3DQEBCwUAA4IBAQB0te1l
y497iGs17dd77AN144i7ZkvmYKYSnN3HN2BtEoCzJFjsXnwmGuEZZAEpgKEDfPD/
Yu1CJX43wQIX4B0o69mNog5fNFPXDTUWzLJV0Z+eN3pTVb/c4J6T+88j8XI4zd4x
iH8dBAnPOwPKzapePPnF6dn5kSqJIm6jYq5E3Nu+w+gZ1IeWR2HPLfG/SDimWGK1
trgUX2PeEaxRnBCJEu1O5UzP2yQhs57kdwt2kYdkw+6yq6C0DKdLfxyinVbpa4pS
rtNCKVXchYGT90583UaulpiwXWMejeV/Fk3fkUWS7mTFMdeD4ooIrQkmgXRoOhB3
xEQxunx2F/NgZ9qJ
-----END CERTIFICATE-----