This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75S8y9TC4P-PeqsEXhSjEfOy-f4.cer
File:                     75S8y9TC4P-PeqsEXhSjEfOy-f4.cer (raw, json)
Hash identifier:          hJN1EjYZ3VJs1LC4JhDEyDKQfz7s32ofMf81q3RX72k=
Subject key identifier:   EF:94:BC:CB:D4:C2:E0:FF:8F:7A:AB:04:5E:14:A3:11:F3:B2:F9:FE
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7EA5639AFAAF29C3CB2E2F33D014D750
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/38/bec253-9c29-478c-9711-cb63d6fbbfc7/1/75S8y9TC4P-PeqsEXhSjEfOy-f4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/38/bec253-9c29-478c-9711-cb63d6fbbfc7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 12:18:46 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 192.231.17.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 05 Jan 2026 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a5:63:9a:fa:af:29:c3:cb:2e:2f:33:d0:14:d7:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:18:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ef94bccbd4c2e0ff8f7aab045e14a311f3b2f9fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:2f:b7:6f:86:ce:d2:d5:b0:57:56:c1:6c:be:
                    48:78:8e:d3:5a:e2:6c:f0:de:a0:66:22:47:44:1c:
                    20:f8:e9:0d:58:71:7b:41:a8:3a:97:cf:89:7a:65:
                    f2:07:e7:7e:14:71:ee:85:ff:a4:91:b2:49:75:63:
                    b2:1a:63:54:6d:61:a2:1d:65:f2:bf:8d:31:74:77:
                    bd:73:2b:63:46:6a:60:15:06:bc:12:8d:3b:73:5b:
                    6d:3f:c7:68:0b:67:e6:0a:60:7e:bf:28:58:c7:c3:
                    22:b6:c9:fa:b1:35:b8:0f:ef:33:66:46:7b:af:2a:
                    5f:ee:f0:80:90:95:84:de:f5:05:b5:88:0d:1f:f2:
                    37:7f:f3:c7:5f:16:0d:71:ff:93:7b:93:fd:01:bf:
                    b1:31:e5:e8:9f:4d:5b:6d:e0:63:94:7d:fe:68:54:
                    32:19:26:69:59:33:6b:be:fd:9d:97:35:82:d2:91:
                    b0:99:6e:0c:e3:49:77:a9:49:7b:1e:c3:eb:03:59:
                    c6:18:7c:39:67:d7:a2:e0:15:32:76:32:fb:30:0a:
                    c3:65:17:b9:b7:49:8a:fd:09:df:d8:e6:d0:d8:61:
                    9d:6a:89:8e:3a:d1:d9:62:88:b3:39:71:25:40:73:
                    c5:88:c9:de:3d:a6:4c:09:fc:cc:90:66:08:df:94:
                    87:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:94:BC:CB:D4:C2:E0:FF:8F:7A:AB:04:5E:14:A3:11:F3:B2:F9:FE
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/bec253-9c29-478c-9711-cb63d6fbbfc7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/bec253-9c29-478c-9711-cb63d6fbbfc7/1/75S8y9TC4P-PeqsEXhSjEfOy-f4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.231.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:20:6d:9e:84:ef:e1:9a:55:ca:e2:0a:64:1b:da:5f:e8:d2:
         f8:3c:69:94:f3:1b:75:7d:76:c1:17:08:d0:32:02:5d:0a:40:
         13:ea:8a:2d:25:f7:2b:fc:1a:23:90:ee:34:4f:dc:aa:24:1a:
         bf:7a:4f:10:88:1e:d0:7b:7b:2d:66:d2:d3:a4:34:25:b9:a1:
         fd:b1:94:a3:69:12:45:8b:45:8a:c0:8d:12:0e:2e:dc:9c:e6:
         1e:d8:47:fe:56:fe:ae:2a:bc:13:26:4f:c6:f8:30:8b:52:5e:
         e0:a1:44:35:da:a5:0f:8a:98:70:57:26:92:00:3e:e0:fc:b7:
         44:19:23:63:73:95:de:4f:a4:e9:54:65:1a:77:75:79:bc:88:
         cf:f4:82:43:26:3f:9c:25:7b:36:dd:91:19:46:ae:5f:67:0e:
         33:75:61:70:38:52:82:9e:9c:fb:9c:be:1b:08:60:12:8d:01:
         db:e0:a7:c1:45:22:d3:ce:d3:03:4d:be:b5:b0:1a:a1:66:8a:
         d6:c9:0f:71:16:c5:90:91:36:13:81:48:1f:5f:2c:f5:ee:87:
         0e:9b:65:5f:aa:06:15:fd:11:86:f3:74:69:d7:65:aa:70:7a:
         e4:96:d7:ba:20:e2:0e:18:78:b5:20:84:0b:43:21:73:a5:14:
         90:65:5b:96
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt+pWOa+q8pw8suLzPQFNdQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTIxODQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjk0YmNjYmQ0YzJlMGZmOGY3YWFiMDQ1ZTE0YTMxMWYzYjJmOWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAty+3b4bO0tWwV1bBbL5IeI7TWuJs
8N6gZiJHRBwg+OkNWHF7Qag6l8+JemXyB+d+FHHuhf+kkbJJdWOyGmNUbWGiHWXy
v40xdHe9cytjRmpgFQa8Eo07c1ttP8doC2fmCmB+vyhYx8Mitsn6sTW4D+8zZkZ7
rypf7vCAkJWE3vUFtYgNH/I3f/PHXxYNcf+Te5P9Ab+xMeXon01bbeBjlH3+aFQy
GSZpWTNrvv2dlzWC0pGwmW4M40l3qUl7HsPrA1nGGHw5Z9ei4BUydjL7MArDZRe5
t0mK/Qnf2ObQ2GGdaomOOtHZYoizOXElQHPFiMnePaZMCfzMkGYI35SH6QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFO+UvMvUwuD/j3qrBF4UoxHzsvn+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM4L2JlYzI1
My05YzI5LTQ3OGMtOTcxMS1jYjYzZDZmYmJmYzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzgvYmVjMjUz
LTljMjktNDc4Yy05NzExLWNiNjNkNmZiYmZjNy8xLzc1Uzh5OVRDNFAtUGVxc0VY
aFNqRWZPeS1mNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwOcRMA0GCSqGSIb3DQEBCwUAA4IBAQA5IG2e
hO/hmlXK4gpkG9pf6NL4PGmU8xt1fXbBFwjQMgJdCkAT6ootJfcr/BojkO40T9yq
JBq/ek8QiB7Qe3stZtLTpDQluaH9sZSjaRJFi0WKwI0SDi7cnOYe2Ef+Vv6uKrwT
Jk/G+DCLUl7goUQ12qUPiphwVyaSAD7g/LdEGSNjc5XeT6TpVGUad3V5vIjP9IJD
Jj+cJXs23ZEZRq5fZw4zdWFwOFKCnpz7nL4bCGASjQHb4KfBRSLTztMDTb61sBqh
ZorWyQ9xFsWQkTYTgUgfXyz17ocOm2VfqgYV/RGG83Rp12WqcHrklte6IOIOGHi1
IIQLQyFzpRSQZVuW
-----END CERTIFICATE-----