Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
File: 8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer (raw, json)
Hash identifier: F6Inib5rFllGKQbA++xCymT3evJWKpodh4a5FLxZfSY=
Subject key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 01963346952E3CE1E41F771566F3BF884AC0
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Mon 14 Apr 2025 07:49:45 +0000
Certificate not after: Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources: AS: 13194
AS: 199527
AS: 204746
AS: 210906
AS: 211614
IP: 82.140.128.0 -- 82.140.130.255
IP: 82.140.132.0 -- 82.140.177.255
IP: 82.140.179.0 -- 82.140.181.255
IP: 82.140.184.0 -- 82.140.188.255
IP: 82.140.190.0/23
IP: 84.15.0.0/16
IP: 84.46.128.0 -- 84.46.169.255
IP: 84.46.172.0 -- 84.46.199.255
IP: 84.46.201.0 -- 84.46.233.255
IP: 86.38.0.0 -- 86.38.2.255
IP: 86.38.6.0/24
IP: 86.38.16.0/21
IP: 86.38.25.0 -- 86.38.31.255
IP: 86.38.33.0 -- 86.38.36.255
IP: 86.38.38.0 -- 86.38.150.255
IP: 86.38.152.0/22
IP: 86.38.157.0 -- 86.38.174.255
IP: 86.38.176.0/24
IP: 86.38.188.0/24
IP: 86.38.191.0 -- 86.38.199.255
IP: 86.38.201.0/24
IP: 86.38.206.0 -- 86.38.213.255
IP: 86.38.215.0/24
IP: 86.38.222.0 -- 86.38.224.255
IP: 86.38.227.0 -- 86.38.231.255
IP: 86.38.233.0 -- 86.38.234.255
IP: 86.38.236.0/23
IP: 86.38.239.0 -- 86.38.240.255
IP: 86.38.244.0/23
IP: 89.116.0.0/24
IP: 89.116.14.0/24
IP: 89.116.18.0/24
IP: 89.116.40.0/24
IP: 89.116.55.0/24
IP: 89.116.57.0/24
IP: 89.116.71.0/24
IP: 89.116.77.0 -- 89.116.79.255
IP: 89.116.90.0/24
IP: 89.116.93.0 -- 89.116.95.255
IP: 89.116.97.0 -- 89.116.98.255
IP: 89.116.101.0/24
IP: 89.116.104.0/23
IP: 89.116.109.0 -- 89.116.111.255
IP: 89.116.114.0/24
IP: 89.116.120.0 -- 89.116.122.255
IP: 89.116.124.0/24
IP: 89.116.129.0/24
IP: 89.116.133.0 -- 89.116.134.255
IP: 89.116.136.0/24
IP: 89.116.138.0/23
IP: 89.116.142.0/23
IP: 89.116.145.0/24
IP: 89.116.151.0 -- 89.116.152.255
IP: 89.116.155.0/24
IP: 89.116.157.0/24
IP: 89.116.159.0 -- 89.116.160.255
IP: 89.116.162.0/24
IP: 89.116.167.0/24
IP: 89.116.170.0/24
IP: 89.116.174.0/24
IP: 89.116.176.0/24
IP: 89.116.178.0/24
IP: 89.116.187.0 -- 89.116.188.255
IP: 89.116.191.0 -- 89.116.192.255
IP: 89.116.194.0 -- 89.116.197.255
IP: 89.116.199.0/24
IP: 89.116.201.0/24
IP: 89.116.204.0/22
IP: 89.116.216.0/23
IP: 89.116.219.0/24
IP: 89.116.222.0/24
IP: 89.116.232.0/24
IP: 89.116.235.0/24
IP: 89.116.238.0/24
IP: 89.116.240.0/24
IP: 89.116.245.0/24
IP: 89.116.249.0/24
IP: 89.116.251.0/24
IP: 89.116.254.0/24
IP: 89.117.4.0/24
IP: 89.117.10.0/24
IP: 89.117.14.0/24
IP: 89.117.26.0/24
IP: 89.117.34.0/24
IP: 89.117.39.0/24
IP: 89.117.69.0/24
IP: 89.117.86.0/24
IP: 89.117.92.0/23
IP: 89.117.100.0/24
IP: 89.117.108.0/24
IP: 89.117.110.0/24
IP: 89.117.119.0/24
IP: 89.117.125.0/24
IP: 89.117.127.0 -- 89.117.128.255
IP: 89.117.131.0/24
IP: 89.117.137.0 -- 89.117.138.255
IP: 89.117.140.0/23
IP: 89.117.156.0/24
IP: 89.117.165.0 -- 89.117.166.255
IP: 89.117.170.0/24
IP: 89.117.176.0 -- 89.117.187.255
IP: 89.117.189.0/24
IP: 89.117.191.0 -- 89.117.214.255
IP: 89.117.219.0 -- 89.117.221.255
IP: 89.117.223.0 -- 89.117.225.255
IP: 89.117.230.0 -- 89.117.244.255
IP: 89.117.246.0 -- 89.117.249.255
IP: 89.117.251.0 -- 89.117.253.255
IP: 89.117.255.0/24
IP: 185.189.152.0/22
IP: 213.226.128.0/18
IP: 213.252.192.0 -- 213.252.227.255
IP: 213.252.234.0 -- 213.252.237.255
IP: 213.252.240.0/20
IP: 217.9.240.0/24
IP: 217.9.243.0 -- 217.9.253.255
IP: 2a00:f500::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 27 Apr 2025 17:20:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:33:46:95:2e:3c:e1:e4:1f:77:15:66:f3:bf:88:4a:c0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Apr 14 07:49:45 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:3f:42:77:0e:61:27:a4:cc:00:b6:cc:3d:1d:
d2:28:e6:99:a7:88:01:bb:69:e0:df:84:08:59:c6:
24:54:c5:06:5d:81:29:9e:2f:1c:13:d6:ba:b1:45:
74:93:af:5d:ee:b0:12:17:ef:49:ce:b3:35:0e:82:
bf:a3:43:d9:5c:97:ca:fc:56:bc:88:31:17:77:25:
8c:25:7d:c1:7f:90:e8:d5:72:37:d1:e1:18:47:e7:
f3:97:5f:79:d1:f8:6c:ea:3f:9f:90:4b:4f:3b:97:
96:20:6b:bd:49:0b:b7:d0:11:b1:fe:74:75:2d:14:
6a:98:ee:d6:db:fe:05:d4:e3:b9:15:87:2a:35:b4:
f2:d9:b5:b6:cf:4c:ce:e0:1c:d5:23:ad:bb:fe:49:
10:6b:7b:7f:05:e7:17:7b:c7:20:e3:f0:c8:4f:d5:
84:8e:60:61:21:3f:13:de:df:c1:81:ca:36:cc:d3:
fa:f9:55:2a:2e:37:f2:2b:f6:32:7b:85:22:19:42:
49:01:94:2a:37:a6:d0:ea:28:63:0b:b3:e9:9f:e2:
ab:17:21:76:a0:c4:83:05:f7:1e:a1:73:f9:cc:b2:
2a:a0:45:6e:5e:a3:13:cb:6a:9a:6c:82:5e:aa:de:
57:5a:be:c9:6f:31:db:f2:e8:e5:77:90:03:72:a7:
c8:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.140.128.0-82.140.130.255
82.140.132.0-82.140.177.255
82.140.179.0-82.140.181.255
82.140.184.0-82.140.188.255
82.140.190.0/23
84.15.0.0/16
84.46.128.0-84.46.169.255
84.46.172.0-84.46.199.255
84.46.201.0-84.46.233.255
86.38.0.0-86.38.2.255
86.38.6.0/24
86.38.16.0/21
86.38.25.0-86.38.31.255
86.38.33.0-86.38.36.255
86.38.38.0-86.38.150.255
86.38.152.0/22
86.38.157.0-86.38.174.255
86.38.176.0/24
86.38.188.0/24
86.38.191.0-86.38.199.255
86.38.201.0/24
86.38.206.0-86.38.213.255
86.38.215.0/24
86.38.222.0-86.38.224.255
86.38.227.0-86.38.231.255
86.38.233.0-86.38.234.255
86.38.236.0/23
86.38.239.0-86.38.240.255
86.38.244.0/23
89.116.0.0/24
89.116.14.0/24
89.116.18.0/24
89.116.40.0/24
89.116.55.0/24
89.116.57.0/24
89.116.71.0/24
89.116.77.0-89.116.79.255
89.116.90.0/24
89.116.93.0-89.116.95.255
89.116.97.0-89.116.98.255
89.116.101.0/24
89.116.104.0/23
89.116.109.0-89.116.111.255
89.116.114.0/24
89.116.120.0-89.116.122.255
89.116.124.0/24
89.116.129.0/24
89.116.133.0-89.116.134.255
89.116.136.0/24
89.116.138.0/23
89.116.142.0/23
89.116.145.0/24
89.116.151.0-89.116.152.255
89.116.155.0/24
89.116.157.0/24
89.116.159.0-89.116.160.255
89.116.162.0/24
89.116.167.0/24
89.116.170.0/24
89.116.174.0/24
89.116.176.0/24
89.116.178.0/24
89.116.187.0-89.116.188.255
89.116.191.0-89.116.192.255
89.116.194.0-89.116.197.255
89.116.199.0/24
89.116.201.0/24
89.116.204.0/22
89.116.216.0/23
89.116.219.0/24
89.116.222.0/24
89.116.232.0/24
89.116.235.0/24
89.116.238.0/24
89.116.240.0/24
89.116.245.0/24
89.116.249.0/24
89.116.251.0/24
89.116.254.0/24
89.117.4.0/24
89.117.10.0/24
89.117.14.0/24
89.117.26.0/24
89.117.34.0/24
89.117.39.0/24
89.117.69.0/24
89.117.86.0/24
89.117.92.0/23
89.117.100.0/24
89.117.108.0/24
89.117.110.0/24
89.117.119.0/24
89.117.125.0/24
89.117.127.0-89.117.128.255
89.117.131.0/24
89.117.137.0-89.117.138.255
89.117.140.0/23
89.117.156.0/24
89.117.165.0-89.117.166.255
89.117.170.0/24
89.117.176.0-89.117.187.255
89.117.189.0/24
89.117.191.0-89.117.214.255
89.117.219.0-89.117.221.255
89.117.223.0-89.117.225.255
89.117.230.0-89.117.244.255
89.117.246.0-89.117.249.255
89.117.251.0-89.117.253.255
89.117.255.0/24
185.189.152.0/22
213.226.128.0/18
213.252.192.0-213.252.227.255
213.252.234.0-213.252.237.255
213.252.240.0/20
217.9.240.0/24
217.9.243.0-217.9.253.255
IPv6:
2a00:f500::/29
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
13194
199527
204746
210906
211614
Signature Algorithm: sha256WithRSAEncryption
53:1a:72:c1:75:0c:4a:74:52:2d:05:1b:ab:08:66:61:a2:75:
45:f8:0b:40:42:27:28:90:7a:d4:ea:94:9c:e2:4d:13:64:d4:
ba:a6:68:53:b5:85:64:c2:d5:c1:35:42:c7:ba:94:42:1b:ff:
a2:73:50:73:e8:00:79:51:27:b8:fc:25:ad:6a:44:04:2c:e3:
b0:83:18:f9:56:9b:3c:07:2e:e7:f0:67:da:37:8c:bd:ad:0e:
61:73:93:0d:76:6f:fa:cc:53:e6:5e:bf:18:7b:a3:91:2e:c5:
f9:f9:44:35:16:7a:7e:79:f2:a1:3e:de:14:07:21:1e:c2:57:
94:79:c2:50:5a:d3:d6:54:84:a8:1f:ce:44:3a:11:b6:67:a6:
58:f5:51:40:40:79:dd:22:6a:03:30:29:de:8d:0f:b1:35:d6:
4b:33:09:24:aa:c3:0d:d2:49:4b:66:76:5a:e0:ad:62:70:47:
72:2e:f5:9d:76:cb:3a:d7:cc:66:3d:c8:2a:31:9f:02:84:82:
6c:0f:ee:95:8d:e2:a7:a5:1f:a9:37:f2:7f:ec:2c:9e:97:46:
e0:04:81:3f:10:6b:82:65:ab:3a:f3:4c:f4:ba:db:0f:26:6c:
88:d5:13:1a:77:55:59:7d:f5:b6:86:c5:d4:f0:67:8d:d6:b6:
05:0d:72:9e
-----BEGIN CERTIFICATE-----
MIIJwDCCCKigAwIBAgISAZYzRpUuPOHkH3cVZvO/iErAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNDE0MDc0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGRkODFhODMzZDliMDQzYzdmZmQ2MzVhNTk4N2Y1MzY5NzExODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArT9Cdw5hJ6TMALbMPR3SKOaZp4gB
u2ng34QIWcYkVMUGXYEpni8cE9a6sUV0k69d7rASF+9JzrM1DoK/o0PZXJfK/Fa8
iDEXdyWMJX3Bf5Do1XI30eEYR+fzl1950fhs6j+fkEtPO5eWIGu9SQu30BGx/nR1
LRRqmO7W2/4F1OO5FYcqNbTy2bW2z0zO4BzVI627/kkQa3t/BecXe8cg4/DIT9WE
jmBhIT8T3t/Bgco2zNP6+VUqLjfyK/Yye4UiGUJJAZQqN6bQ6ihjC7Ppn+KrFyF2
oMSDBfceoXP5zLIqoEVuXqMTy2qabIJeqt5XWr7JbzHb8ujld5ADcqfIKwIDAQAB
o4IGzDCCBsgwHQYDVR0OBBYEFPDdgagz2bBDx//WNaWYf1NpcRgNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZhL2E4ZWJl
NC1kMGIzLTRlN2QtYWYyNS0wNDY4MDQyNDg2ZGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEvYThlYmU0
LWQwYjMtNGU3ZC1hZjI1LTA0NjgwNDI0ODZkYy8xLzhOMkJxRFBac0VQSF85WTFw
WmhfVTJseEdBMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIENgYIKwYB
BQUHAQcBAf8EggQlMIIEITCCBA4EAgABMIIEBjAMAwQHUoyAAwQAUoyCMAwDBAJS
jIQDBAFSjLAwDAMEAFKMswMEAVKMtDAMAwQDUoy4AwQAUoy8AwQBUoy+AwMAVA8w
DAMEB1QugAMEAVQuqDAMAwQCVC6sAwQDVC7AMAwDBABULskDBAFULugwCwMDAVYm
AwQAViYCAwQAViYGAwQDViYQMAwDBABWJhkDBAVWJgAwDAMEAFYmIQMEAFYmJDAM
AwQBViYmAwQAViaWAwQCViaYMAwDBABWJp0DBABWJq4DBABWJrADBABWJrwwDAME
AFYmvwMEA1YmwAMEAFYmyTAMAwQBVibOAwQBVibUAwQAVibXMAwDBAFWJt4DBABW
JuAwDAMEAFYm4wMEA1Ym4DAMAwQAVibpAwQAVibqAwQBVibsMAwDBABWJu8DBABW
JvADBAFWJvQDBABZdAADBABZdA4DBABZdBIDBABZdCgDBABZdDcDBABZdDkDBABZ
dEcwDAMEAFl0TQMEBFl0QAMEAFl0WjAMAwQAWXRdAwQFWXRAMAwDBABZdGEDBABZ
dGIDBABZdGUDBAFZdGgwDAMEAFl0bQMEBFl0YAMEAFl0cjAMAwQDWXR4AwQAWXR6
AwQAWXR8AwQAWXSBMAwDBABZdIUDBABZdIYDBABZdIgDBAFZdIoDBAFZdI4DBABZ
dJEwDAMEAFl0lwMEAFl0mAMEAFl0mwMEAFl0nTAMAwQAWXSfAwQAWXSgAwQAWXSi
AwQAWXSnAwQAWXSqAwQAWXSuAwQAWXSwAwQAWXSyMAwDBABZdLsDBABZdLwwDAME
AFl0vwMEAFl0wDAMAwQBWXTCAwQBWXTEAwQAWXTHAwQAWXTJAwQCWXTMAwQBWXTY
AwQAWXTbAwQAWXTeAwQAWXToAwQAWXTrAwQAWXTuAwQAWXTwAwQAWXT1AwQAWXT5
AwQAWXT7AwQAWXT+AwQAWXUEAwQAWXUKAwQAWXUOAwQAWXUaAwQAWXUiAwQAWXUn
AwQAWXVFAwQAWXVWAwQBWXVcAwQAWXVkAwQAWXVsAwQAWXVuAwQAWXV3AwQAWXV9
MAwDBABZdX8DBABZdYADBABZdYMwDAMEAFl1iQMEAFl1igMEAVl1jAMEAFl1nDAM
AwQAWXWlAwQAWXWmAwQAWXWqMAwDBARZdbADBAJZdbgDBABZdb0wDAMEAFl1vwME
AFl11jAMAwQAWXXbAwQBWXXcMAwDBABZdd8DBAFZdeAwDAMEAVl15gMEAFl19DAM
AwQBWXX2AwQBWXX4MAwDBABZdfsDBAFZdfwDBABZdf8DBAK5vZgDBAbV4oAwDAME
BtX8wAMEAtX84DAMAwQB1fzqAwQB1fzsAwQE1fzwAwQA2QnwMAwDBADZCfMDBAHZ
CfwwDQQCAAIwBwMFAyoA9QAwLQYIKwYBBQUHAQgBAf8EHjAcoBowGAICM4oCAwML
ZwIDAx/KAgMDN9oCAwM6njANBgkqhkiG9w0BAQsFAAOCAQEAUxpywXUMSnRSLQUb
qwhmYaJ1RfgLQEInKJB61OqUnOJNE2TUuqZoU7WFZMLVwTVCx7qUQhv/onNQc+gA
eVEnuPwlrWpEBCzjsIMY+VabPAcu5/Bn2jeMva0OYXOTDXZv+sxT5l6/GHujkS7F
+flENRZ6fnnyoT7eFAchHsJXlHnCUFrT1lSEqB/ORDoRtmemWPVRQEB53SJqAzAp
3o0PsTXWSzMJJKrDDdJJS2Z2WuCtYnBHci71nXbLOtfMZj3IKjGfAoSCbA/ulY3i
p6UfqTfyf+wsnpdG4ASBPxBrgmWrOvNM9LrbDyZsiNUTGndVWX31tobF1PBnjda2
BQ1yng==
-----END CERTIFICATE-----
Generated at Sun Apr 27 00:09:09 2025 by rpki-client