Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HeL84IWat-AbhRy2Buvb1cAzgSU.cer
File: HeL84IWat-AbhRy2Buvb1cAzgSU.cer (raw, json)
Hash identifier: vQZONm07xYvopiKWOeLMkiK6tCOp3eiGoLRyXvN57WA=
Subject key identifier: 1D:E2:FC:E0:85:9A:B7:E0:1B:85:1C:B6:06:EB:DB:D5:C0:33:81:25
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 019B76EAC58C97332F1DD5380BF9BB12C16E
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/34/b66569-33db-4d89-9a67-f069345e428c/1/HeL84IWat-AbhRy2Buvb1cAzgSU.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/34/b66569-33db-4d89-9a67-f069345e428c/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Thu 01 Jan 2026 00:17:36 +0000
Certificate not after: Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources: AS: 42707
IP: 5.45.32.0/22
IP: 5.57.248.0/21
IP: 5.206.208.0/20
IP: 77.75.48.0/22
IP: 83.143.76.0/22
IP: 84.39.204.0/22
IP: 91.189.224.0/21
IP: 91.195.64.0/22
IP: 109.207.72.0/22
IP: 185.148.28.0/22
IP: 185.229.80.0/22
IP: 185.231.24.0/21
IP: 185.233.212.0/22
IP: 185.236.4.0/22
IP: 185.245.88.0/22
IP: 185.247.44.0 -- 185.247.51.255
IP: 185.248.228.0/22
IP: 185.250.136.0/22
IP: 185.252.124.0/22
IP: 185.254.48.0/22
IP: 193.33.134.0/23
IP: 193.36.164.0/22
IP: 194.49.88.0/22
IP: 195.42.224.0 -- 195.42.229.255
IP: 2a00:5140::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 03 Mar 2026 21:16:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:76:ea:c5:8c:97:33:2f:1d:d5:38:0b:f9:bb:12:c1:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 1 00:17:36 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1de2fce0859ab7e01b851cb606ebdbd5c0338125
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:90:f5:86:d4:71:54:4c:81:00:a7:45:7e:1a:
85:e1:f7:42:0b:1b:02:bd:a8:42:94:7f:1a:ca:56:
7f:65:6f:bf:fc:33:95:6b:30:f8:49:cd:89:d8:ed:
57:9b:11:5d:29:a1:01:a9:f6:8d:e1:f4:c3:22:ad:
21:dd:5d:bf:bc:4b:8c:57:02:94:d5:83:27:17:36:
2e:40:58:95:bc:05:cb:1b:49:e1:b0:af:b6:e6:65:
a7:c7:1d:d9:46:f7:35:ff:fa:22:c7:b4:cb:84:ef:
e0:fd:96:7b:41:58:3e:ba:3c:c2:cf:9f:18:98:3f:
1c:a0:00:0a:70:95:a7:f7:1d:ed:a5:4d:13:12:86:
c8:5b:62:03:6c:fb:88:18:92:9e:19:53:95:0c:07:
c3:d9:b9:54:a9:d8:52:bd:76:4a:ea:9e:d7:c2:ba:
72:00:a2:24:dd:ea:da:a4:6b:db:f8:30:88:e0:46:
d5:9b:97:da:d1:b8:d7:c0:04:85:4f:b4:b2:ca:32:
0d:9b:de:b7:82:df:12:e8:2e:c1:09:85:fb:d3:8f:
80:d4:69:6a:28:20:0e:c8:91:db:30:26:38:bc:e4:
7e:ad:27:fc:ca:65:f6:9b:ec:ba:49:95:f2:f9:dc:
f5:b2:f1:d7:96:b2:27:eb:4c:2d:eb:1b:b7:d5:65:
01:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:E2:FC:E0:85:9A:B7:E0:1B:85:1C:B6:06:EB:DB:D5:C0:33:81:25
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b66569-33db-4d89-9a67-f069345e428c/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b66569-33db-4d89-9a67-f069345e428c/1/HeL84IWat-AbhRy2Buvb1cAzgSU.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.45.32.0/22
5.57.248.0/21
5.206.208.0/20
77.75.48.0/22
83.143.76.0/22
84.39.204.0/22
91.189.224.0/21
91.195.64.0/22
109.207.72.0/22
185.148.28.0/22
185.229.80.0/22
185.231.24.0/21
185.233.212.0/22
185.236.4.0/22
185.245.88.0/22
185.247.44.0-185.247.51.255
185.248.228.0/22
185.250.136.0/22
185.252.124.0/22
185.254.48.0/22
193.33.134.0/23
193.36.164.0/22
194.49.88.0/22
195.42.224.0-195.42.229.255
IPv6:
2a00:5140::/29
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
42707
Signature Algorithm: sha256WithRSAEncryption
1f:a9:93:53:e8:74:bb:b4:bd:b7:ab:3a:f4:ac:d2:d9:42:b2:
aa:56:c6:4a:c4:49:93:36:02:ca:f5:93:3d:df:69:db:86:9e:
12:9f:d9:28:67:8e:81:22:76:db:c3:bd:0b:29:4c:3c:71:27:
1a:74:1b:fb:a1:71:3d:cc:bf:70:eb:5c:fe:15:f1:95:8d:89:
12:78:10:7f:fe:37:7b:0a:86:27:02:85:a9:e3:c1:94:c5:99:
dc:13:4b:03:e1:60:77:25:d1:6a:e1:25:0e:d3:d1:31:89:13:
4e:33:bd:c3:fd:b9:e5:8d:79:b7:2b:20:cb:ba:a5:24:86:d9:
4e:c6:4c:fe:bc:5b:57:17:f6:86:e0:29:89:ab:2f:e5:66:a4:
e0:8b:82:4f:ba:11:9c:80:f4:d5:ba:49:e1:a1:b3:60:29:cd:
a1:9e:79:42:18:52:48:af:dc:7b:10:29:34:e3:f2:14:28:0a:
c4:07:f2:93:e1:6d:c2:32:e7:20:9c:6d:cb:d4:11:18:3f:a2:
fd:c1:a5:80:90:21:aa:7b:06:55:ac:ef:9c:96:fa:0a:6d:01:
87:ac:b0:ce:3a:6e:02:c7:6c:f4:41:0a:43:b6:6f:3c:d1:2a:
08:c4:14:28:cb:ef:0a:f0:ca:18:6f:ad:20:39:5a:8e:67:16:
fb:2b:ac:85
-----BEGIN CERTIFICATE-----
MIIGQjCCBSqgAwIBAgISAZt26sWMlzMvHdU4C/m7EsFuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAxMDAxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGUyZmNlMDg1OWFiN2UwMWI4NTFjYjYwNmViZGJkNWMwMzM4MTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm5D1htRxVEyBAKdFfhqF4fdCCxsC
vahClH8aylZ/ZW+//DOVazD4Sc2J2O1XmxFdKaEBqfaN4fTDIq0h3V2/vEuMVwKU
1YMnFzYuQFiVvAXLG0nhsK+25mWnxx3ZRvc1//oix7TLhO/g/ZZ7QVg+ujzCz58Y
mD8coAAKcJWn9x3tpU0TEobIW2IDbPuIGJKeGVOVDAfD2blUqdhSvXZK6p7Xwrpy
AKIk3erapGvb+DCI4EbVm5fa0bjXwASFT7SyyjINm963gt8S6C7BCYX704+A1Glq
KCAOyJHbMCY4vOR+rSf8ymX2m+y6SZXy+dz1svHXlrIn60wt6xu31WUBbQIDAQAB
o4IDTjCCA0owHQYDVR0OBBYEFB3i/OCFmrfgG4Uctgbr29XAM4ElMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzM0L2I2NjU2
OS0zM2RiLTRkODktOWE2Ny1mMDY5MzQ1ZTQyOGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzQvYjY2NTY5
LTMzZGItNGQ4OS05YTY3LWYwNjkzNDVlNDI4Yy8xL0hlTDg0SVdhdC1BYmhSeTJC
dXZiMWNBemdTVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIHMBggrBgEF
BQcBBwEB/wSBvDCBuTCBpwQCAAEwgaADBAIFLSADBAMFOfgDBAQFztADBAJNSzAD
BAJTj0wDBAJUJ8wDBANbveADBAJbw0ADBAJtz0gDBAK5lBwDBAK55VADBAO55xgD
BAK56dQDBAK57AQDBAK59VgwDAMEArn3LAMEArn3MAMEArn45AMEArn6iAMEArn8
fAMEArn+MAMEAcEhhgMEAsEkpAMEAsIxWDAMAwQFwyrgAwQBwyrkMA0EAgACMAcD
BQMqAFFAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCm0zANBgkqhkiG9w0BAQsF
AAOCAQEAH6mTU+h0u7S9t6s69KzS2UKyqlbGSsRJkzYCyvWTPd9p24aeEp/ZKGeO
gSJ228O9CylMPHEnGnQb+6FxPcy/cOtc/hXxlY2JEngQf/43ewqGJwKFqePBlMWZ
3BNLA+FgdyXRauElDtPRMYkTTjO9w/255Y15tysgy7qlJIbZTsZM/rxbVxf2huAp
iasv5Wak4IuCT7oRnID01bpJ4aGzYCnNoZ55QhhSSK/cexApNOPyFCgKxAfyk+Ft
wjLnIJxty9QRGD+i/cGlgJAhqnsGVazvnJb6Cm0Bh6ywzjpuAsds9EEKQ7ZvPNEq
CMQUKMvvCvDKGG+tIDlajmcW+yushQ==
-----END CERTIFICATE-----
Generated at Tue Mar 3 02:54:58 2026 by rpki-client