Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
File: 2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer (raw, json)
Hash identifier: /BGE1LX2YClKS3kB/F14/xHpRl95NOixePwG500mtZA=
Subject key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 018CC94DA8FEFD6D2891F0C72BC09CBE61AF
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Tue 02 Jan 2024 08:32:39 +0000
Certificate not after: Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources: AS: 29119
AS: 31577
AS: 56882
AS: 60494
IP: 5.35.200.0/21
IP: 5.154.0.0/17
IP: 5.154.172.0/23
IP: 5.154.185.0/24
IP: 5.154.234.0/23
IP: 5.154.241.0/24
IP: 5.159.240.0/21
IP: 31.3.120.0/21
IP: 31.14.200.0/21
IP: 31.200.240.0/21
IP: 37.72.0.0/19
IP: 37.153.88.0/21
IP: 37.209.160.0/21
IP: 37.230.64.0/19
IP: 45.252.236.0/22
IP: 46.251.252.0/22
IP: 78.136.64.0/18
IP: 83.136.184.0/21
IP: 84.232.0.0/17
IP: 84.236.128.0/17
IP: 85.204.140.0/22
IP: 86.104.24.0/23
IP: 86.104.27.0/24
IP: 86.105.156.0/22
IP: 88.148.0.0/17
IP: 89.32.160.0/21
IP: 89.34.120.0/22
IP: 89.35.148.0/22
IP: 89.37.227.0/24
IP: 89.40.80.0/24
IP: 89.40.203.0/24
IP: 89.43.74.0 -- 89.43.77.255
IP: 89.43.84.0/22
IP: 89.44.64.0/21
IP: 89.45.240.0/21
IP: 89.46.136.0/21
IP: 91.228.91.0/24
IP: 93.113.48.0/22
IP: 93.114.252.0/22
IP: 93.115.156.0/22
IP: 93.115.204.0/22
IP: 93.119.28.0/22
IP: 93.119.156.0/22
IP: 94.24.32.0/22
IP: 94.24.40.0/21
IP: 94.24.104.0/22
IP: 94.76.128.0/18
IP: 94.176.136.0/21
IP: 94.176.194.0/23
IP: 94.177.152.0/21
IP: 95.129.112.0/21
IP: 95.178.32.0/22
IP: 95.178.38.0/24
IP: 95.178.112.0/21
IP: 103.82.48.0/22
IP: 109.167.0.0/17
IP: 115.42.52.0/22
IP: 151.237.192.0/19
IP: 159.253.248.0/21
IP: 168.245.196.0/23
IP: 176.56.96.0/19
IP: 176.227.144.0/20
IP: 178.156.0.0/17
IP: 185.23.120.0/22
IP: 185.25.196.0/22
IP: 185.27.124.0/22
IP: 185.32.112.0/22
IP: 185.40.144.0/22
IP: 185.40.180.0/22
IP: 185.59.64.0/22
IP: 185.99.248.0/22
IP: 185.130.152.0/22
IP: 185.132.164.0/22
IP: 185.150.204.0/22
IP: 185.155.68.0/22
IP: 185.193.8.0/22
IP: 185.218.188.0/22
IP: 185.225.149.0 -- 185.225.151.255
IP: 185.226.231.0/24
IP: 185.228.116.0/22
IP: 188.64.96.0/21
IP: 188.227.128.0/19
IP: 188.240.36.0/22
IP: 188.240.43.0/24
IP: 212.63.124.0/22
IP: 212.237.236.0/22
IP: 213.170.224.0/19
IP: 217.61.64.0 -- 217.61.87.255
IP: 2a00:8a80::/29
IP: 2a00:f640::/29
IP: 2a02:69a0::/32
IP: 2a03:1cc0::/32
IP: 2a03:ae80::/32
IP: 2a07:6840::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 25 Apr 2024 23:00:08 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4d:a8:fe:fd:6d:28:91:f0:c7:2b:c0:9c:be:61:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 2 08:32:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:51:14:5e:4a:c4:35:86:fa:f0:1f:75:08:dc:
1c:1a:59:2a:22:23:64:1a:02:a6:ab:89:73:fa:af:
4f:7d:f4:da:d2:31:d4:e1:46:bf:a6:37:c6:23:b7:
a0:d0:a7:07:22:c2:43:c2:f5:8d:ca:cf:ec:40:c5:
4d:eb:17:80:47:31:8d:59:19:9e:c3:7e:0e:29:d5:
6d:ba:45:5e:45:fa:25:e5:b5:6c:60:b6:f6:98:1a:
7d:7b:ad:c7:a3:7d:c7:19:75:9d:45:3a:f5:49:00:
80:de:2b:2d:69:04:a3:e3:2d:75:0c:de:73:03:ab:
70:b7:40:07:79:6b:59:cf:c2:26:82:13:ac:27:50:
1a:6c:3b:87:f0:e8:37:7f:87:9e:4c:1b:60:01:89:
87:81:b8:48:ca:4f:c0:86:9a:4d:71:9f:d2:81:0f:
cd:b9:a7:f1:1e:d7:83:e1:ab:04:ac:da:5f:45:db:
52:01:4e:7d:c0:69:1e:f6:8a:ce:28:3f:e2:4c:cb:
02:9d:07:5d:93:46:65:17:78:93:36:f4:dd:0c:3f:
6b:8c:2b:39:56:b8:7c:ca:00:ad:cc:99:aa:7a:e1:
6e:94:46:eb:d5:44:b8:ce:c3:28:f0:b5:5b:eb:0a:
1e:c9:ca:62:06:2d:ed:11:b4:ff:5f:cc:1c:96:8d:
f4:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.200.0/21
5.154.0.0/17
5.154.172.0/23
5.154.185.0/24
5.154.234.0/23
5.154.241.0/24
5.159.240.0/21
31.3.120.0/21
31.14.200.0/21
31.200.240.0/21
37.72.0.0/19
37.153.88.0/21
37.209.160.0/21
37.230.64.0/19
45.252.236.0/22
46.251.252.0/22
78.136.64.0/18
83.136.184.0/21
84.232.0.0/17
84.236.128.0/17
85.204.140.0/22
86.104.24.0/23
86.104.27.0/24
86.105.156.0/22
88.148.0.0/17
89.32.160.0/21
89.34.120.0/22
89.35.148.0/22
89.37.227.0/24
89.40.80.0/24
89.40.203.0/24
89.43.74.0-89.43.77.255
89.43.84.0/22
89.44.64.0/21
89.45.240.0/21
89.46.136.0/21
91.228.91.0/24
93.113.48.0/22
93.114.252.0/22
93.115.156.0/22
93.115.204.0/22
93.119.28.0/22
93.119.156.0/22
94.24.32.0/22
94.24.40.0/21
94.24.104.0/22
94.76.128.0/18
94.176.136.0/21
94.176.194.0/23
94.177.152.0/21
95.129.112.0/21
95.178.32.0/22
95.178.38.0/24
95.178.112.0/21
103.82.48.0/22
109.167.0.0/17
115.42.52.0/22
151.237.192.0/19
159.253.248.0/21
168.245.196.0/23
176.56.96.0/19
176.227.144.0/20
178.156.0.0/17
185.23.120.0/22
185.25.196.0/22
185.27.124.0/22
185.32.112.0/22
185.40.144.0/22
185.40.180.0/22
185.59.64.0/22
185.99.248.0/22
185.130.152.0/22
185.132.164.0/22
185.150.204.0/22
185.155.68.0/22
185.193.8.0/22
185.218.188.0/22
185.225.149.0-185.225.151.255
185.226.231.0/24
185.228.116.0/22
188.64.96.0/21
188.227.128.0/19
188.240.36.0/22
188.240.43.0/24
212.63.124.0/22
212.237.236.0/22
213.170.224.0/19
217.61.64.0-217.61.87.255
IPv6:
2a00:8a80::/29
2a00:f640::/29
2a02:69a0::/32
2a03:1cc0::/32
2a03:ae80::/32
2a07:6840::/29
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
29119
31577
56882
60494
Signature Algorithm: sha256WithRSAEncryption
07:8e:da:0f:d2:df:eb:f0:28:99:47:c0:8e:66:71:50:b2:c4:
a0:3f:8b:a9:34:df:27:c4:66:88:eb:5d:c7:b4:b2:a1:44:6d:
f6:b9:da:5d:93:56:21:89:76:fb:7e:76:23:26:18:04:0f:ad:
39:ac:d8:76:1c:d7:f0:7b:13:a8:e4:a0:f1:e5:c4:45:4d:d1:
dd:d8:fe:85:ba:4f:66:56:d4:fe:dc:e1:81:13:01:22:e2:a5:
97:4c:78:ec:6d:e3:63:10:d5:7d:e7:e6:9a:35:8c:7e:f2:75:
ba:de:c1:4c:2e:ee:eb:50:3f:3d:47:99:31:ee:61:34:5e:a7:
7e:42:34:88:1d:6a:51:1d:56:d1:60:0f:c4:c2:a3:67:96:54:
a1:2e:cd:50:03:80:0a:27:d3:6d:2b:18:fb:85:2e:55:bd:ad:
4d:2e:1c:3c:c8:f7:be:47:eb:78:b2:22:f3:11:dc:62:ed:8c:
26:b1:a6:f8:d2:e8:c8:65:3b:1c:82:55:e7:7a:38:7a:70:1d:
a7:c7:2b:b8:da:09:46:2a:5e:a5:20:26:eb:c3:9c:12:4c:86:
51:f1:cd:ec:da:6b:6c:64:27:9e:6b:72:bc:9c:be:1d:87:37:
68:b2:92:b1:27:28:6e:d4:e4:bc:36:d2:b0:6f:59:bb:db:fe:
df:02:83:d9
-----BEGIN CERTIFICATE-----
MIIH/zCCBuegAwIBAgISAYzJTaj+/W0okfDHK8CcvmGvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWFmMTdiMDAxNWRiYjdjZDk5MmYyNmNkZmYwMWM0ZTI2MjBiNzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2FEUXkrENYb68B91CNwcGlkqIiNk
GgKmq4lz+q9PffTa0jHU4Ua/pjfGI7eg0KcHIsJDwvWNys/sQMVN6xeARzGNWRme
w34OKdVtukVeRfol5bVsYLb2mBp9e63Ho33HGXWdRTr1SQCA3istaQSj4y11DN5z
A6twt0AHeWtZz8ImghOsJ1AabDuH8Og3f4eeTBtgAYmHgbhIyk/AhppNcZ/SgQ/N
uafxHteD4asErNpfRdtSAU59wGke9orOKD/iTMsCnQddk0ZlF3iTNvTdDD9rjCs5
Vrh8ygCtzJmqeuFulEbr1US4zsMo8LVb6woeycpiBi3tEbT/X8wclo30qwIDAQAB
o4IFCzCCBQcwHQYDVR0OBBYEFNqvF7ABXbt82ZLybN/wHE4mILc+MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ1L2M4OTcz
Yy0zY2ZhLTQ2MDQtODExMC1jZjA2ZDE5ODNiYTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvYzg5NzNj
LTNjZmEtNDYwNC04MTEwLWNmMDZkMTk4M2JhMS8xLzJxOFhzQUZkdTN6Wmt2SnMz
X0FjVGlZZ3R6NC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIICewYIKwYB
BQUHAQcBAf8EggJqMIICZjCCAjAEAgABMIICKAMEAwUjyAMEBwWaAAMEAQWarAME
AAWauQMEAQWa6gMEAAWa8QMEAwWf8AMEAx8DeAMEAx8OyAMEAx/I8AMEBSVIAAME
AyWZWAMEAyXRoAMEBSXmQAMEAi387AMEAi77/AMEBk6IQAMEA1OIuAMEB1ToAAME
B1TsgAMEAlXMjAMEAVZoGAMEAFZoGwMEAlZpnAMEB1iUAAMEA1kgoAMEAlkieAME
AlkjlAMEAFkl4wMEAFkoUAMEAFkoyzAMAwQBWStKAwQBWStMAwQCWStUAwQDWSxA
AwQDWS3wAwQDWS6IAwQAW+RbAwQCXXEwAwQCXXL8AwQCXXOcAwQCXXPMAwQCXXcc
AwQCXXecAwQCXhggAwQDXhgoAwQCXhhoAwQGXkyAAwQDXrCIAwQBXrDCAwQDXrGY
AwQDX4FwAwQCX7IgAwQAX7ImAwQDX7JwAwQCZ1IwAwQHbacAAwQCcyo0AwQFl+3A
AwQDn/34AwQBqPXEAwQFsDhgAwQEsOOQAwQHspwAAwQCuRd4AwQCuRnEAwQCuRt8
AwQCuSBwAwQCuSiQAwQCuSi0AwQCuTtAAwQCuWP4AwQCuYKYAwQCuYSkAwQCuZbM
AwQCuZtEAwQCucEIAwQCudq8MAwDBAC54ZUDBAO54ZADBAC54ucDBAK55HQDBAO8
QGADBAW844ADBAK88CQDBAC88CsDBALUP3wDBALU7ewDBAXVquAwDAMEBtk9QAME
A9k9UDAwBAIAAjAqAwUDKgCKgAMFAyoA9kADBQAqAmmgAwUAKgMcwAMFACoDroAD
BQMqB2hAMCcGCCsGAQUFBwEIAQH/BBgwFqAUMBICAnG/AgJ7WQIDAN4yAgMA7E4w
DQYJKoZIhvcNAQELBQADggEBAAeO2g/S3+vwKJlHwI5mcVCyxKA/i6k03yfEZojr
Xce0sqFEbfa52l2TViGJdvt+diMmGAQPrTms2HYc1/B7E6jkoPHlxEVN0d3Y/oW6
T2ZW1P7c4YETASLipZdMeOxt42MQ1X3n5po1jH7ydbrewUwu7utQPz1HmTHuYTRe
p35CNIgdalEdVtFgD8TCo2eWVKEuzVADgAon020rGPuFLlW9rU0uHDzI975H63iy
IvMR3GLtjCaxpvjS6MhlOxyCVed6OHpwHafHK7jaCUYqXqUgJuvDnBJMhlHxzeza
a2xkJ55rcrycvh2HN2iykrEnKG7U5Lw20rBvWbvb/t8Cg9k=
-----END CERTIFICATE-----
Generated at Thu Apr 25 04:17:39 2024 by rpki-client on console-ams.rpki-client.org