This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PxP6dbPOiUzEZAQaipX4WffBxNI.cer
File:                     PxP6dbPOiUzEZAQaipX4WffBxNI.cer (raw, json)
Hash identifier:          wX2jol200HLwLVCjuR+AKe9GscjqVJZSluKx6gWMdI0=
Subject key identifier:   3F:13:FA:75:B3:CE:89:4C:C4:64:04:1A:8A:95:F8:59:F7:C1:C4:D2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019B7F15F329C6E9C61C0492D0134ABD767A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/41/82c263-4791-4223-8970-4ae7ad6ea285/1/PxP6dbPOiUzEZAQaipX4WffBxNI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/41/82c263-4791-4223-8970-4ae7ad6ea285/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 02 Jan 2026 14:21:43 +0000
Certificate not after:    Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources:    IP: 194.177.15.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 Jan 2026 12:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:f3:29:c6:e9:c6:1c:04:92:d0:13:4a:bd:76:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:21:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3f13fa75b3ce894cc464041a8a95f859f7c1c4d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ba:72:b6:e5:0b:ea:f9:8b:87:e4:40:1a:63:
                    af:db:bb:e8:4f:27:19:54:0d:5e:b7:60:19:69:d0:
                    79:d8:64:b5:44:5f:a5:47:a4:92:a3:33:dc:f6:ff:
                    aa:be:cd:a4:3e:5f:2d:a9:fe:8d:2c:e6:83:c4:19:
                    b5:b4:c6:79:2d:df:82:11:ee:9a:38:3b:bc:f0:e0:
                    18:69:36:55:e6:00:67:0f:48:1f:b9:a2:7e:8b:4d:
                    b0:5c:1d:7d:07:0e:91:d9:30:a9:0f:b5:f7:e9:fe:
                    60:7f:17:84:cf:87:30:a1:d5:a8:e2:df:5f:0b:f1:
                    fa:83:69:7b:6c:75:c2:bb:51:0a:8d:b0:c4:06:b6:
                    ff:80:bc:f3:88:bb:f6:da:85:8d:18:ca:93:74:32:
                    fc:40:3f:9b:0e:1a:fe:9c:ec:e1:7c:5d:f3:dc:de:
                    c1:f8:07:af:85:6f:41:cd:91:c9:df:17:b6:82:b6:
                    ca:e0:00:ac:02:c1:8a:23:cf:43:ca:aa:11:9a:a4:
                    55:4d:6e:67:c9:98:1d:17:61:d6:43:d8:85:e9:4c:
                    3d:76:87:50:d6:08:e6:28:49:10:ee:21:6b:ab:5c:
                    33:fe:a6:cb:30:a4:f5:05:3a:85:3d:0b:4e:82:ff:
                    35:46:e3:22:3a:f3:71:b6:9f:fd:17:fa:1c:35:22:
                    1f:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:13:FA:75:B3:CE:89:4C:C4:64:04:1A:8A:95:F8:59:F7:C1:C4:D2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/82c263-4791-4223-8970-4ae7ad6ea285/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/82c263-4791-4223-8970-4ae7ad6ea285/1/PxP6dbPOiUzEZAQaipX4WffBxNI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.177.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:10:99:36:e9:2e:57:d9:43:ad:c8:a0:af:97:ed:48:57:3a:
         ce:32:f2:e8:e5:ed:cf:6e:19:63:23:f3:75:c3:2e:ea:48:c6:
         7b:5f:25:37:1f:99:7a:9c:b6:87:4c:7d:51:0b:b4:a6:7b:db:
         63:66:5f:3b:1c:45:f4:5c:1e:9e:90:01:cc:3d:5b:ec:6a:49:
         94:a8:36:46:f9:e4:53:7b:12:7f:0c:4e:ca:ca:93:de:9d:b6:
         c8:ef:8d:a7:64:91:6d:7b:0d:41:32:fa:9d:a1:6f:b8:55:b9:
         9d:5a:9d:81:ea:95:ee:5f:4f:59:82:ec:5f:b9:6b:1d:6a:60:
         d9:60:a7:63:da:cf:ae:21:d4:5e:9d:bb:ad:7c:13:45:38:8a:
         ce:b5:e3:9c:8e:bf:68:60:c3:a2:9e:d4:b8:b5:b9:80:f6:87:
         0b:45:57:39:9b:30:35:05:9d:9f:53:de:54:05:35:79:86:3c:
         aa:31:eb:18:37:de:98:98:2c:da:6b:ae:fb:e7:e0:32:fa:80:
         05:e1:bb:1f:d5:b1:07:e0:a7:fc:79:17:9d:3f:3a:d7:83:1e:
         01:e0:a4:c0:95:ca:2b:08:cc:66:ba:cf:6e:c2:2a:1d:88:ba:
         a9:3a:9b:88:e2:18:f3:fa:a4:89:4e:39:24:4d:90:67:16:cb:
         73:d4:e9:ff
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZt/FfMpxunGHASS0BNKvXZ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTQyMTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjEzZmE3NWIzY2U4OTRjYzQ2NDA0MWE4YTk1Zjg1OWY3YzFjNGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLpytuUL6vmLh+RAGmOv27voTycZ
VA1et2AZadB52GS1RF+lR6SSozPc9v+qvs2kPl8tqf6NLOaDxBm1tMZ5Ld+CEe6a
ODu88OAYaTZV5gBnD0gfuaJ+i02wXB19Bw6R2TCpD7X36f5gfxeEz4cwodWo4t9f
C/H6g2l7bHXCu1EKjbDEBrb/gLzziLv22oWNGMqTdDL8QD+bDhr+nOzhfF3z3N7B
+AevhW9BzZHJ3xe2grbK4ACsAsGKI89DyqoRmqRVTW5nyZgdF2HWQ9iF6Uw9dodQ
1gjmKEkQ7iFrq1wz/qbLMKT1BTqFPQtOgv81RuMiOvNxtp/9F/ocNSIfmwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFD8T+nWzzolMxGQEGoqV+Fn3wcTSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQxLzgyYzI2
My00NzkxLTQyMjMtODk3MC00YWU3YWQ2ZWEyODUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEvODJjMjYz
LTQ3OTEtNDIyMy04OTcwLTRhZTdhZDZlYTI4NS8xL1B4UDZkYlBPaVV6RVpBUWFp
cFg0V2ZmQnhOSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwrEPMA0GCSqGSIb3DQEBCwUAA4IBAQA/EJk2
6S5X2UOtyKCvl+1IVzrOMvLo5e3PbhljI/N1wy7qSMZ7XyU3H5l6nLaHTH1RC7Sm
e9tjZl87HEX0XB6ekAHMPVvsakmUqDZG+eRTexJ/DE7KypPenbbI742nZJFtew1B
MvqdoW+4VbmdWp2B6pXuX09ZguxfuWsdamDZYKdj2s+uIdRenbutfBNFOIrOteOc
jr9oYMOintS4tbmA9ocLRVc5mzA1BZ2fU95UBTV5hjyqMesYN96YmCzaa6775+Ay
+oAF4bsf1bEH4Kf8eRedPzrXgx4B4KTAlcorCMxmus9uwiodiLqpOpuI4hjz+qSJ
TjkkTZBnFstz1On/
-----END CERTIFICATE-----