This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dTm3oSNBeqcZMllGqong8wqwygk.cer File: dTm3oSNBeqcZMllGqong8wqwygk.cer (raw, json) Hash identifier: UlwBRl0hOXmbz+trlhY16z3mb7+ZrPWzMPZC0Mwq4b4= Subject key identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09 Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669 Certificate serial: 019B31B5149D7A66D9AE4C5F914901122D2C Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Manifest: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.mft caRepository: rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/ Notify URL: https://rrdp.ripe.net/notification.xml Certificate not before: Thu 18 Dec 2025 13:45:09 +0000 Certificate not after: Wed 01 Jul 2026 00:00:00 +0000 Subordinate resources: AS: 3302 AS: 5396 AS: 5602 AS: 12850 AS: 15589 AS: 207018 IP: 5.150.128.0/20 IP: 31.10.48.0/21 IP: 37.32.104.0/21 IP: 37.139.88.0/21 IP: 46.228.240.0/20 IP: 52.144.64.0/19 IP: 62.94.0.0/16 IP: 62.173.160.0/19 IP: 62.196.0.0/16 IP: 77.43.0.0/17 IP: 77.93.224.0/19 IP: 77.94.68.0 -- 77.94.95.255 IP: 77.246.0.0/20 IP: 80.74.176.0/20 IP: 80.247.64.0/20 IP: 81.27.176.0/20 IP: 81.92.32.0/20 IP: 82.193.0.0/19 IP: 83.211.0.0/16 IP: 84.253.128.0/18 IP: 87.248.32.0/19 IP: 88.86.160.0/19 IP: 89.186.64.0/19 IP: 91.213.129.0/24 IP: 94.138.32.0/19 IP: 94.141.0.0/19 IP: 109.168.0.0/17 IP: 128.65.112.0/20 IP: 178.239.176.0/20 IP: 185.21.172.0/22 IP: 185.48.32.0/22 IP: 185.53.0.0/22 IP: 185.58.44.0/22 IP: 185.82.0.0/22 IP: 185.168.24.0/22 IP: 193.219.30.0/24 IP: 194.20.0.0 -- 194.21.63.255 IP: 194.153.192.0 -- 194.153.211.255 IP: 194.242.192.0/19 IP: 194.244.0.0/16 IP: 195.43.160.0/19 IP: 195.62.224.0/19 IP: 195.78.192.0/19 IP: 195.110.128.0/19 IP: 195.130.195.0/24 IP: 212.29.128.0/19 IP: 212.90.0.0/19 IP: 212.91.64.0/19 IP: 212.97.32.0/19 IP: 212.110.0.0/19 IP: 213.21.128.0/18 IP: 213.136.128.0/18 IP: 213.149.192.0/19 IP: 213.183.128.0/19 IP: 213.198.128.0/18 IP: 213.203.128.0/18 IP: 217.11.80.0/20 IP: 217.12.176.0/20 IP: 217.15.208.0/20 IP: 217.26.80.0/20 IP: 217.29.160.0/20 IP: 2001:750::/29 IP: 2001:1450::/32 IP: 2001:4d38::/32 IP: 2a02:7d8::/32 Validation: OK Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer Signature path expires: Sun 21 Dec 2025 09:56:29 +0000 Certificate: Data: Version: 3 (0x2) Serial Number: 01:9b:31:b5:14:9d:7a:66:d9:ae:4c:5f:91:49:01:12:2d:2c Signature Algorithm: sha256WithRSAEncryption Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669 Validity Not Before: Dec 18 13:45:09 2025 GMT Not After : Jul 1 00:00:00 2026 GMT Subject: CN=7539b7a123417aa719325946aa89e0f30ab0ca09 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:d7:d4:19:4f:21:3e:8d:5e:58:fd:f4:fc:65:81: e8:6f:9d:92:76:d9:6d:c9:39:82:5f:5c:1c:45:69: fe:d6:45:45:3d:6e:62:5f:75:d3:01:c6:34:73:18: 04:f0:f4:36:f9:b9:a5:d1:f3:2c:e3:e1:c8:f9:cb: ba:ec:cf:12:6b:f1:0b:b6:d1:69:1c:83:a6:d9:3c: d2:53:26:3f:02:69:8b:3e:90:8f:2e:e8:a5:25:af: 60:25:e1:19:ae:70:2f:65:13:ef:a8:f2:05:47:75: f7:03:25:68:25:de:32:da:b4:eb:48:11:6e:f7:97: ad:92:7f:f3:e1:7b:59:62:6d:60:52:ce:79:2b:bf: ed:f2:3d:70:c4:f9:ba:30:42:34:4d:5c:37:99:48: 5f:f1:c8:a1:71:9b:3b:2d:bf:e6:3d:9e:eb:d2:b8: 79:ba:6c:0d:c3:c0:53:44:37:8a:50:8f:15:35:0d: df:f3:1e:27:f9:2b:85:90:9f:7e:5a:48:0f:05:00: bf:6d:41:fe:47:7e:f6:18:aa:cf:cc:ac:c4:3e:ad: 97:c9:bf:f0:2c:84:2c:c5:07:27:b2:10:98:f4:e0: fc:5a:41:5e:18:6e:ec:e8:6e:ee:1d:bb:47:c6:0f: d1:e3:cc:e0:9f:c4:f3:4c:ed:48:05:01:2f:ff:eb: 48:9b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 75:39:B7:A1:23:41:7A:A7:19:32:59:46:AA:89:E0:F3:0A:B0:CA:09 X509v3 Authority Key Identifier: keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69 X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Certificate Sign, CRL Sign Authority Information Access: CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer Subject Information Access: CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/ RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/807ed5-50b3-4e5f-9367-5b5e33ce70ad/1/dTm3oSNBeqcZMllGqong8wqwygk.mft RPKI Notify - URI:https://rrdp.ripe.net/notification.xml X509v3 CRL Distribution Points: Full Name: URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl X509v3 Certificate Policies: critical Policy: ipAddr-asNumber sbgp-ipAddrBlock: critical IPv4: 5.150.128.0/20 31.10.48.0/21 37.32.104.0/21 37.139.88.0/21 46.228.240.0/20 52.144.64.0/19 62.94.0.0/16 62.173.160.0/19 62.196.0.0/16 77.43.0.0/17 77.93.224.0/19 77.94.68.0-77.94.95.255 77.246.0.0/20 80.74.176.0/20 80.247.64.0/20 81.27.176.0/20 81.92.32.0/20 82.193.0.0/19 83.211.0.0/16 84.253.128.0/18 87.248.32.0/19 88.86.160.0/19 89.186.64.0/19 91.213.129.0/24 94.138.32.0/19 94.141.0.0/19 109.168.0.0/17 128.65.112.0/20 178.239.176.0/20 185.21.172.0/22 185.48.32.0/22 185.53.0.0/22 185.58.44.0/22 185.82.0.0/22 185.168.24.0/22 193.219.30.0/24 194.20.0.0-194.21.63.255 194.153.192.0-194.153.211.255 194.242.192.0/19 194.244.0.0/16 195.43.160.0/19 195.62.224.0/19 195.78.192.0/19 195.110.128.0/19 195.130.195.0/24 212.29.128.0/19 212.90.0.0/19 212.91.64.0/19 212.97.32.0/19 212.110.0.0/19 213.21.128.0/18 213.136.128.0/18 213.149.192.0/19 213.183.128.0/19 213.198.128.0/18 213.203.128.0/18 217.11.80.0/20 217.12.176.0/20 217.15.208.0/20 217.26.80.0/20 217.29.160.0/20 IPv6: 2001:750::/29 2001:1450::/32 2001:4d38::/32 2a02:7d8::/32 sbgp-autonomousSysNum: critical Autonomous System Numbers: 3302 5396 5602 12850 15589 207018 Signature Algorithm: sha256WithRSAEncryption 61:ad:d1:f2:d0:f0:65:c9:1e:10:4e:47:4c:d6:ad:c6:c9:b5: 3b:66:42:5a:a2:7d:fa:1a:32:22:b7:97:c5:98:a9:b3:af:3d: 3c:1d:0b:6a:77:86:5b:11:e2:74:e0:5c:0d:c1:38:ff:ad:e1: 43:bf:58:cf:31:7e:0f:87:f2:a1:35:d7:f6:39:41:8f:5d:71: c5:75:10:c6:66:2b:b0:b5:1d:8c:dc:24:7c:bb:0e:94:b5:92: 4a:2e:41:97:cd:10:56:f5:fc:5c:7f:50:f7:96:99:5b:a1:e4: 26:95:66:a5:d2:85:b8:aa:b2:b6:a0:1b:df:98:e3:f4:56:9c: 99:62:5a:4e:38:c9:4e:3a:a0:df:00:c7:ab:e5:c2:f9:6f:b3: e7:bc:bb:d0:00:1f:43:a9:b8:6d:50:bf:8d:00:15:e6:b6:bc: b4:8b:57:96:34:46:dc:54:60:74:4a:b5:09:8b:3f:d9:bc:16: aa:ce:a9:01:04:74:3a:01:c4:ae:dc:33:d4:a1:d2:4c:97:e9: 3b:89:44:b7:27:a9:40:7e:5a:1f:d6:53:ec:13:41:1e:65:41: c4:74:4a:e2:a2:fa:c7:cc:e0:8e:fb:ac:e3:f2:82:d6:3d:13: 08:1a:58:58:a8:38:70:fb:eb:d7:16:70:15:3d:2a:4c:e5:93: a6:33:c4:6b -----BEGIN CERTIFICATE----- MIIHUTCCBjmgAwIBAgISAZsxtRSdembZrkxfkUkBEi0sMA0GCSqGSIb3DQEBCwUA MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk ZGU2NjkwHhcNMjUxMjE4MTM0NTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD Eyg3NTM5YjdhMTIzNDE3YWE3MTkzMjU5NDZhYTg5ZTBmMzBhYjBjYTA5MIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19QZTyE+jV5Y/fT8ZYHob52Sdtlt yTmCX1wcRWn+1kVFPW5iX3XTAcY0cxgE8PQ2+bml0fMs4+HI+cu67M8Sa/ELttFp HIOm2TzSUyY/AmmLPpCPLuilJa9gJeEZrnAvZRPvqPIFR3X3AyVoJd4y2rTrSBFu 95etkn/z4XtZYm1gUs55K7/t8j1wxPm6MEI0TVw3mUhf8cihcZs7Lb/mPZ7r0rh5 umwNw8BTRDeKUI8VNQ3f8x4n+SuFkJ9+WkgPBQC/bUH+R372GKrPzKzEPq2Xyb/w LIQsxQcnshCY9OD8WkFeGG7s6G7uHbtHxg/R48zgn8TzTO1IBQEv/+tImwIDAQAB o4IEXTCCBFkwHQYDVR0OBBYEFHU5t6EjQXqnGTJZRqqJ4PMKsMoJMB8GA1UdIwQY MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZiLzgwN2Vk NS01MGIzLTRlNWYtOTM2Ny01YjVlMzNjZTcwYWQvMS8wfAYIKwYBBQUHMAqGcHJz eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmIvODA3ZWQ1 LTUwYjMtNGU1Zi05MzY3LTViNWUzM2NlNzBhZC8xL2RUbTNvU05CZXFjWk1sbEdx b25nOHdxd3lnay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIBxgYIKwYB BQUHAQcBAf8EggG1MIIBsTCCAYkEAgABMIIBgQMEBAWWgAMEAx8KMAMEAyUgaAME AyWLWAMEBC7k8AMEBTSQQAMDAD5eAwQFPq2gAwMAPsQDBAdNKwADBAVNXeAwDAME Ak1eRAMEBU1eQAMEBE32AAMEBFBKsAMEBFD3QAMEBFEbsAMEBFFcIAMEBVLBAAMD AFPTAwQGVP2AAwQFV/ggAwQFWFagAwQFWbpAAwQAW9WBAwQFXoogAwQFXo0AAwQH bagAAwQEgEFwAwQEsu+wAwQCuRWsAwQCuTAgAwQCuTUAAwQCuTosAwQCuVIAAwQC uagYAwQAwdseMAsDAwLCFAMEBsIVADAMAwQGwpnAAwQCwpnQAwQFwvLAAwMAwvQD BAXDK6ADBAXDPuADBAXDTsADBAXDboADBADDgsMDBAXUHYADBAXUWgADBAXUW0AD BAXUYSADBAXUbgADBAbVFYADBAbViIADBAXVlcADBAXVt4ADBAbVxoADBAbVy4AD BATZC1ADBATZDLADBATZD9ADBATZGlADBATZHaAwIgQCAAIwHAMFAyABB1ADBQAg ARRQAwUAIAFNOAMFACoCB9gwLgYIKwYBBQUHAQgBAf8EHzAdoBswGQICDOYCAhUU AgIV4gICMjICAjzlAgMDKKowDQYJKoZIhvcNAQELBQADggEBAGGt0fLQ8GXJHhBO R0zWrcbJtTtmQlqiffoaMiK3l8WYqbOvPTwdC2p3hlsR4nTgXA3BOP+t4UO/WM8x fg+H8qE11/Y5QY9dccV1EMZmK7C1HYzcJHy7DpS1kkouQZfNEFb1/Fx/UPeWmVuh 5CaVZqXShbiqsragG9+Y4/RWnJliWk44yU46oN8Ax6vlwvlvs+e8u9AAH0OpuG1Q v40AFea2vLSLV5Y0RtxUYHRKtQmLP9m8FqrOqQEEdDoBxK7cM9Sh0kyX6TuJRLcn qUB+Wh/WU+wTQR5lQcR0SuKi+sfM4I77rOPygtY9EwgaWFioOHD769cWcBU9Kkzl k6YzxGs= -----END CERTIFICATE-----Generated at Sat Dec 20 17:19:21 2025 by rpki-client