Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
File: CnMngF3yD7XB1vTokHR0PK6ySvc.cer (raw, json)
Hash identifier: Mygq48QA0Nn5/MK48SwD2Z4tLdzayg5zBJP5z9fvH9E=
Subject key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 019864673F6355DD821F982EDF8D0A2243C3
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Fri 01 Aug 2025 06:52:24 +0000
Certificate not after: Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources: IP: 85.159.94.0/24
IP: 86.54.184.0/24
IP: 91.147.108.0/22
IP: 91.198.101.0/24
IP: 91.231.66.0/24
IP: 92.240.243.0/24
IP: 109.175.174.0/23
IP: 109.175.215.0/24
IP: 109.175.225.0/24
IP: 185.162.234.0/24
IP: 193.43.251.0/24
IP: 193.106.99.0/24
IP: 194.31.132.0/22
IP: 194.164.115.0/24
IP: 212.108.86.0/23
IP: 2a0d:7d40::/29
IP: 2a0e:6600::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 05 Aug 2025 03:00:28 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:98:64:67:3f:63:55:dd:82:1f:98:2e:df:8d:0a:22:43:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Aug 1 06:52:24 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:01:dd:99:2a:a8:e3:b5:02:9c:a1:4e:86:55:
07:63:05:ca:6d:dc:48:ce:2f:fd:ed:85:d0:8b:6e:
90:ee:d7:b9:8f:b4:84:ea:89:46:bb:67:c1:a8:30:
16:7c:bd:fc:55:b2:39:28:30:4e:d5:e1:7e:4f:e9:
f1:ba:e5:6f:79:42:ec:e7:35:d7:f7:f4:e5:23:8b:
31:0a:16:be:08:1e:7c:b3:2d:2b:a3:b7:da:e0:e2:
e5:b1:63:5c:67:72:aa:89:c2:9f:e9:92:a9:cd:4c:
25:ab:b6:17:46:0f:8e:68:68:47:3d:20:31:4c:32:
5c:59:82:e8:f4:b0:cb:3b:08:2a:ec:5a:75:8f:24:
3c:2d:f9:f6:1d:ab:54:92:35:37:e8:e6:31:ee:fe:
b9:93:cb:16:8c:15:46:86:c2:aa:34:09:0e:5c:96:
53:e4:2e:b0:8d:ba:39:17:2a:98:19:04:71:83:b9:
07:07:16:09:64:de:27:14:73:c6:3b:2c:98:8d:c3:
7b:77:f3:ad:90:53:d9:73:9d:84:3d:c4:58:5f:81:
7d:29:44:f9:5d:08:ed:e3:77:4c:46:03:28:30:75:
a5:8e:02:22:21:1f:9c:89:1e:c3:5d:ed:c2:7c:a8:
7a:0b:7f:e6:63:d2:c0:f7:09:14:b2:dc:d0:75:5e:
e3:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.159.94.0/24
86.54.184.0/24
91.147.108.0/22
91.198.101.0/24
91.231.66.0/24
92.240.243.0/24
109.175.174.0/23
109.175.215.0/24
109.175.225.0/24
185.162.234.0/24
193.43.251.0/24
193.106.99.0/24
194.31.132.0/22
194.164.115.0/24
212.108.86.0/23
IPv6:
2a0d:7d40::/29
2a0e:6600::/29
Signature Algorithm: sha256WithRSAEncryption
7b:b7:d7:2f:e0:08:84:bc:19:22:2b:ee:26:d0:61:9f:e3:c8:
6c:a5:82:7b:0e:bf:c4:6f:55:09:19:34:5a:28:e8:09:d4:54:
65:b4:78:51:1e:52:c0:6d:2c:b4:0c:19:fb:1e:25:69:75:7d:
5f:a2:1f:7a:dd:2c:39:67:f3:80:a6:a2:e8:97:92:15:23:78:
dc:78:66:06:fb:93:aa:1d:5e:c1:a8:ee:c2:28:6e:76:34:b2:
f2:3f:99:9d:0a:04:db:0b:a0:9f:62:cc:29:21:56:e0:b1:66:
b5:e0:9b:7f:53:d1:02:33:d9:27:77:4d:63:01:a0:ed:2f:24:
09:63:0d:12:86:4c:9b:22:f0:b5:c7:74:d7:b5:dc:10:7a:d9:
47:e5:c0:c9:2c:35:e4:93:09:3b:45:d0:0c:6c:66:6f:ae:d7:
49:98:f1:32:3d:5c:20:ca:04:7d:b4:2a:55:e2:e5:8f:79:37:
f8:c0:53:46:35:7c:1d:4a:25:df:02:bf:30:5d:5d:fb:7e:71:
45:5f:9a:20:67:73:bb:a5:6b:99:af:ba:9a:e4:04:e6:10:25:
24:e2:59:19:eb:1b:21:d3:bd:48:a6:a0:cd:13:3c:e5:fa:e9:
0d:35:59:6d:65:c8:48:ec:4c:09:cd:2c:43:c1:03:03:f9:c3:
2a:39:36:86
-----BEGIN CERTIFICATE-----
MIIF4zCCBMugAwIBAgISAZhkZz9jVd2CH5gu340KIkPDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwODAxMDY1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTczMjc4MDVkZjIwZmI1YzFkNmY0ZTg5MDc0NzQzY2FlYjI0YWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2gHdmSqo47UCnKFOhlUHYwXKbdxI
zi/97YXQi26Q7te5j7SE6olGu2fBqDAWfL38VbI5KDBO1eF+T+nxuuVveULs5zXX
9/TlI4sxCha+CB58sy0ro7fa4OLlsWNcZ3KqicKf6ZKpzUwlq7YXRg+OaGhHPSAx
TDJcWYLo9LDLOwgq7Fp1jyQ8Lfn2HatUkjU36OYx7v65k8sWjBVGhsKqNAkOXJZT
5C6wjbo5FyqYGQRxg7kHBxYJZN4nFHPGOyyYjcN7d/OtkFPZc52EPcRYX4F9KUT5
XQjt43dMRgMoMHWljgIiIR+ciR7DXe3CfKh6C3/mY9LA9wkUstzQdV7jJwIDAQAB
o4IC7zCCAuswHQYDVR0OBBYEFApzJ4Bd8g+1wdb06JB0dDyuskr3MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRhLzhiMWZh
Yy01YTIxLTQ4NDgtYTY2YS0xMGJiNDU3OWQ1MjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEvOGIxZmFj
LTVhMjEtNDg0OC1hNjZhLTEwYmI0NTc5ZDUyOC8xL0NuTW5nRjN5RDdYQjF2VG9r
SFIwUEs2eVN2Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIGJBggrBgEF
BQcBBwEB/wR6MHgwYAQCAAEwWgMEAFWfXgMEAFY2uAMEAluTbAMEAFvGZQMEAFvn
QgMEAFzw8wMEAW2vrgMEAG2v1wMEAG2v4QMEALmi6gMEAMEr+wMEAMFqYwMEAsIf
hAMEAMKkcwMEAdRsVjAUBAIAAjAOAwUDKg19QAMFAyoOZgAwDQYJKoZIhvcNAQEL
BQADggEBAHu31y/gCIS8GSIr7ibQYZ/jyGylgnsOv8RvVQkZNFoo6AnUVGW0eFEe
UsBtLLQMGfseJWl1fV+iH3rdLDln84CmouiXkhUjeNx4Zgb7k6odXsGo7sIobnY0
svI/mZ0KBNsLoJ9izCkhVuCxZrXgm39T0QIz2Sd3TWMBoO0vJAljDRKGTJsi8LXH
dNe13BB62UflwMksNeSTCTtF0AxsZm+u10mY8TI9XCDKBH20KlXi5Y95N/jAU0Y1
fB1KJd8CvzBdXft+cUVfmiBnc7ula5mvuprkBOYQJSTiWRnrGyHTvUimoM0TPOX6
6Q01WW1lyEjsTAnNLEPBAwP5wyo5NoY=
-----END CERTIFICATE-----
Generated at Mon Aug 4 07:56:40 2025 by rpki-client