This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer File: dTm3oSNBeqcZMllGqong8wqwygk.cer (raw, json) Hash identifier: eNl9uTVESMHDZ9tpu1b9puWrKTcY0xM2UNHoeev4K54= Subject key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09 Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669 Certificate serial: 019B78A2541CCE29C06DCB2D8E91D6F0EA52 Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Manifest: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.mft caRepository: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/ Notify URL: https://rrdp.ripe.net/notification.xml Certificate not before: Thu 01 Jan 2026 08:17:42 +0000 Certificate not after: Thu 01 Jul 2027 00:00:00 +0000 Subordinate resources: AS: 3302 AS: 5396 AS: 5602 AS: 12850 AS: 15589 AS: 207018 IP: 5.150.128.0/20 IP: 31.10.48.0/21 IP: 37.32.104.0/21 IP: 37.139.88.0/21 IP: 46.228.240.0/20 IP: 52.144.64.0/19 IP: 62.94.0.0/16 IP: 62.173.160.0/19 IP: 62.196.0.0/16 IP: 77.43.0.0/17 IP: 77.93.224.0/19 IP: 77.94.68.0 -- 77.94.95.255 IP: 77.246.0.0/20 IP: 80.74.176.0/20 IP: 80.247.64.0/20 IP: 81.27.176.0/20 IP: 81.92.32.0/20 IP: 82.193.0.0/19 IP: 83.211.0.0/16 IP: 84.253.128.0/18 IP: 87.248.32.0/19 IP: 88.86.160.0/19 IP: 89.186.64.0/19 IP: 91.213.129.0/24 IP: 94.138.32.0/19 IP: 94.141.0.0/19 IP: 109.168.0.0/17 IP: 128.65.112.0/20 IP: 178.239.176.0/20 IP: 185.21.172.0/22 IP: 185.48.32.0/22 IP: 185.53.0.0/22 IP: 185.58.44.0/22 IP: 185.82.0.0/22 IP: 185.168.24.0/22 IP: 193.219.30.0/24 IP: 194.20.0.0 -- 194.21.63.255 IP: 194.153.192.0 -- 194.153.211.255 IP: 194.242.192.0/19 IP: 194.244.0.0/16 IP: 195.43.160.0/19 IP: 195.62.224.0/19 IP: 195.78.192.0/19 IP: 195.110.128.0/19 IP: 195.130.195.0/24 IP: 212.29.128.0/19 IP: 212.90.0.0/19 IP: 212.91.64.0/19 IP: 212.97.32.0/19 IP: 212.110.0.0/19 IP: 213.21.128.0/18 IP: 213.136.128.0/18 IP: 213.149.192.0/19 IP: 213.183.128.0/19 IP: 213.198.128.0/18 IP: 213.203.128.0/18 IP: 217.11.80.0/20 IP: 217.12.176.0/20 IP: 217.15.208.0/20 IP: 217.26.80.0/20 IP: 217.29.160.0/20 IP: 2001:750::/29 IP: 2001:1450::/32 IP: 2001:4d38::/32 IP: 2a02:7d8::/32 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Fri 09 Jan 2026 18:00:54 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:78:a2:54:1c:ce:29:c0:6d:cb:2d:8e:91:d6:f0:ea:52 Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669 Validity Not Before: Jan 1 08:17:42 2026 GMT Not After : Jul 1 00:00:00 2027 GMT Subject: CN=7539b7a123417aa719325946aa89e0f30ab0ca09 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d7:d4:19:4f:21:3e:8d:5e:58:fd:f4:fc:65:81: e8:6f:9d:92:76:d9:6d:c9:39:82:5f:5c:1c:45:69: fe:d6:45:45:3d:6e:62:5f:75:d3:01:c6:34:73:18: 04:f0:f4:36:f9:b9:a5:d1:f3:2c:e3:e1:c8:f9:cb: ba:ec:cf:12:6b:f1:0b:b6:d1:69:1c:83:a6:d9:3c: d2:53:26:3f:02:69:8b:3e:90:8f:2e:e8:a5:25:af: 60:25:e1:19:ae:70:2f:65:13:ef:a8:f2:05:47:75: f7:03:25:68:25:de:32:da:b4:eb:48:11:6e:f7:97: ad:92:7f:f3:e1:7b:59:62:6d:60:52:ce:79:2b:bf: ed:f2:3d:70:c4:f9:ba:30:42:34:4d:5c:37:99:48: 5f:f1:c8:a1:71:9b:3b:2d:bf:e6:3d:9e:eb:d2:b8: 79:ba:6c:0d:c3:c0:53:44:37:8a:50:8f:15:35:0d: df:f3:1e:27:f9:2b:85:90:9f:7e:5a:48:0f:05:00: bf:6d:41:fe:47:7e:f6:18:aa:cf:cc:ac:c4:3e:ad: 97:c9:bf:f0:2c:84:2c:c5:07:27:b2:10:98:f4:e0: fc:5a:41:5e:18:6e:ec:e8:6e:ee:1d:bb:47:c6:0f: d1:e3:cc:e0:9f:c4:f3:4c:ed:48:05:01:2f:ff:eb: 48:9b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09 X509v3 Authority Key Identifier: keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Subject Information Access: CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/ RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.mft RPKI Notify - URI:https://rrdp.ripe.net/notification.xml X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 5.150.128.0/20 31.10.48.0/21 37.32.104.0/21 37.139.88.0/21 46.228.240.0/20 52.144.64.0/19 62.94.0.0/16 62.173.160.0/19 62.196.0.0/16 77.43.0.0/17 77.93.224.0/19 77.94.68.0-77.94.95.255 77.246.0.0/20 80.74.176.0/20 80.247.64.0/20 81.27.176.0/20 81.92.32.0/20 82.193.0.0/19 83.211.0.0/16 84.253.128.0/18 87.248.32.0/19 88.86.160.0/19 89.186.64.0/19 91.213.129.0/24 94.138.32.0/19 94.141.0.0/19 109.168.0.0/17 128.65.112.0/20 178.239.176.0/20 185.21.172.0/22 185.48.32.0/22 185.53.0.0/22 185.58.44.0/22 185.82.0.0/22 185.168.24.0/22 193.219.30.0/24 194.20.0.0-194.21.63.255 194.153.192.0-194.153.211.255 194.242.192.0/19 194.244.0.0/16 195.43.160.0/19 195.62.224.0/19 195.78.192.0/19 195.110.128.0/19 195.130.195.0/24 212.29.128.0/19 212.90.0.0/19 212.91.64.0/19 212.97.32.0/19 212.110.0.0/19 213.21.128.0/18 213.136.128.0/18 213.149.192.0/19 213.183.128.0/19 213.198.128.0/18 213.203.128.0/18 217.11.80.0/20 217.12.176.0/20 217.15.208.0/20 217.26.80.0/20 217.29.160.0/20 IPv6: 2001:750::/29 2001:1450::/32 2001:4d38::/32 2a02:7d8::/32 sbgp-autonomousSysNum: critical Autonomous System Numbers: 3302 5396 5602 12850 15589 207018 Signature Algorithm: sha256WithRSAEncryption 15:41:69:59:bf:9d:2a:e8:08:91:36:70:b4:db:db:03:2b:0a: bb:eb:75:39:18:16:04:85:14:10:42:7c:e6:ca:ec:2f:d6:8d: 14:52:17:67:54:f0:05:ad:51:19:5a:79:a6:e4:05:ac:f8:e9: b7:17:ae:c5:3e:7c:ed:2e:9b:dc:fe:68:b4:99:7c:c2:f4:42: 2b:5c:a0:a8:28:63:54:29:50:2b:d4:35:91:df:f2:9d:6e:b3: 86:f3:67:56:f5:b5:39:d1:57:78:77:bf:a8:4f:4b:0e:b3:b0: 12:b4:69:b0:d9:e5:99:3a:b8:c8:02:57:7a:c1:09:7d:26:37: 7b:c3:f1:58:91:57:dd:b7:4a:01:e2:70:78:7f:1b:f2:14:c4: da:4b:3e:41:a9:b5:42:4c:a6:3b:29:35:21:eb:d9:74:41:53: f9:18:9d:d2:e6:bf:50:f4:e7:0e:14:9b:b5:03:04:bd:78:0a: e5:ea:94:bc:4d:ad:9f:fd:00:85:c6:61:3c:71:9b:64:24:d2: b5:4d:94:11:3a:11:30:33:cd:c3:69:45:d0:2c:40:03:64:29: f3:77:ac:dc:c8:db:03:22:8e:69:41:15:ad:75:6e:c8:7f:0a: c7:f2:73:36:06:8e:58:ac:3f:b7:6f:0f:ca:55:16:3e:bc:0c: 15:22:80:75 -----BEGIN CERTIFICATE----- MIIHUTCCBjmgAwIBAgISAZt4olQczinAbcstjpHW8OpSMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk ZGU2NjkwHhcNMjYwMTAxMDgxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD Eyg3NTM5YjdhMTIzNDE3YWE3MTkzMjU5NDZhYTg5ZTBmMzBhYjBjYTA5MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19QZTyE+jV5Y/fT8ZYHob52Sdtlt yTmCX1wcRWn+1kVFPW5iX3XTAcY0cxgE8PQ2+bml0fMs4+HI+cu67M8Sa/ELttFp HIOm2TzSUyY/AmmLPpCPLuilJa9gJeEZrnAvZRPvqPIFR3X3AyVoJd4y2rTrSBFu 95etkn/z4XtZYm1gUs55K7/t8j1wxPm6MEI0TVw3mUhf8cihcZs7Lb/mPZ7r0rh5 umwNw8BTRDeKUI8VNQ3f8x4n+SuFkJ9+WkgPBQC/bUH+R372GKrPzKzEPq2Xyb/w LIQsxQcnshCY9OD8WkFeGG7s6G7uHbtHxg/R48zgn8TzTO1IBQEv/+tImwIDAQAB o4IEXTCCBFkwHQYDVR0OBBYEFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMB8GA1UdIwQY MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZiLzgwN2Vk NS01MGIzLTRlNWYtOTM2Ny01YjVlMzNjZTcwYWQvMS8wfAYIKwYBBQUHMAqGcHJz eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIvODA3ZWQ1 LTUwYjMtNGU1Zi05MzY3LTViNWUzM2NlNzBhZC8xL2RUbTNvU05CZXFjWk1sbEdx b25nOHdxd3lnay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIBxgYIKwYB BQUHAQcBAf8EggG1MIIBsTCCAYkEAgABMIIBgQMEBAWWgAMEAx8KMAMEAyUgaAME AyWLWAMEBC7k8AMEBTSQQAMDAD5eAwQFPq2gAwMAPsQDBAdNKwADBAVNXeAwDAME Ak1eRAMEBU1eQAMEBE32AAMEBFBKsAMEBFD3QAMEBFEbsAMEBFFcIAMEBVLBAAMD AFPTAwQGVP2AAwQFV/ggAwQFWFagAwQFWbpAAwQAW9WBAwQFXoogAwQFXo0AAwQH bagAAwQEgEFwAwQEsu+wAwQCuRWsAwQCuTAgAwQCuTUAAwQCuTosAwQCuVIAAwQC uagYAwQAwdseMAsDAwLCFAMEBsIVADAMAwQGwpnAAwQCwpnQAwQFwvLAAwMAwvQD BAXDK6ADBAXDPuADBAXDTsADBAXDboADBADDgsMDBAXUHYADBAXUWgADBAXUW0AD BAXUYSADBAXUbgADBAbVFYADBAbViIADBAXVlcADBAXVt4ADBAbVxoADBAbVy4AD BATZC1ADBATZDLADBATZD9ADBATZGlADBATZHaAwIgQCAAIwHAMFAyABB1ADBQAg ARRQAwUAIAFNOAMFACoCB9gwLgYIKwYBBQUHAQgBAf8EHzAdoBswGQICDOYCAhUU AgIV4gICMjICAjzlAgMDKKowDQYJKoZIhvcNAQELBQADggEBABVBaVm/nSroCJE2 cLTb2wMrCrvrdTkYFgSFFBBCfObK7C/WjRRSF2dU8AWtURlaeabkBaz46bcXrsU+ fO0um9z+aLSZfML0QitcoKgoY1QpUCvUNZHf8p1us4bzZ1b1tTnRV3h3v6hPSw6z sBK0abDZ5Zk6uMgCV3rBCX0mN3vD8ViRV923SgHicHh/G/IUxNpLPkGptUJMpjsp NSHr2XRBU/kYndLmv1D05w4Um7UDBL14CuXqlLxNrZ/9AIXGYTxxm2Qk0rVNlBE6 ETAzzcNpRdAsQANkKfN3rNzI2wMijmlBFa11bsh/CsfyczYGjlisP7dvD8pVFj68 DBUigHU= -----END CERTIFICATE-----Generated at Thu Jan 8 23:15:16 2026 by rpki-client