Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
File: 8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer (raw, json)
Hash identifier: xo/cRuqyd5pq9u46wH8tMrsEgiP+GIPxa/zD1BIotBU=
Subject key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 018CC9BCA4853CE0113A5F91964E95A9A7C8
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Tue 02 Jan 2024 10:33:52 +0000
Certificate not after: Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources: AS: 13194
AS: 199527
AS: 204746
AS: 210906
AS: 211614
IP: 82.140.128.0 -- 82.140.130.255
IP: 82.140.132.0 -- 82.140.177.255
IP: 82.140.179.0 -- 82.140.181.255
IP: 82.140.184.0 -- 82.140.188.255
IP: 82.140.190.0/23
IP: 84.15.0.0/16
IP: 84.46.128.0 -- 84.46.169.255
IP: 84.46.172.0 -- 84.46.199.255
IP: 84.46.201.0 -- 84.46.233.255
IP: 86.38.0.0 -- 86.38.2.255
IP: 86.38.6.0/24
IP: 86.38.16.0/21
IP: 86.38.25.0 -- 86.38.31.255
IP: 86.38.33.0 -- 86.38.36.255
IP: 86.38.38.0 -- 86.38.150.255
IP: 86.38.152.0/22
IP: 86.38.157.0 -- 86.38.174.255
IP: 86.38.176.0/24
IP: 86.38.188.0/24
IP: 86.38.191.0 -- 86.38.199.255
IP: 86.38.201.0/24
IP: 86.38.206.0 -- 86.38.213.255
IP: 86.38.215.0/24
IP: 86.38.222.0 -- 86.38.224.255
IP: 86.38.227.0 -- 86.38.231.255
IP: 86.38.233.0 -- 86.38.234.255
IP: 86.38.236.0/23
IP: 86.38.239.0 -- 86.38.240.255
IP: 86.38.244.0/23
IP: 89.116.0.0/24
IP: 89.116.14.0/24
IP: 89.116.18.0/24
IP: 89.116.40.0/24
IP: 89.116.55.0/24
IP: 89.116.57.0/24
IP: 89.116.71.0/24
IP: 89.116.77.0 -- 89.116.79.255
IP: 89.116.90.0/24
IP: 89.116.93.0 -- 89.116.95.255
IP: 89.116.97.0 -- 89.116.98.255
IP: 89.116.101.0/24
IP: 89.116.104.0/23
IP: 89.116.109.0 -- 89.116.111.255
IP: 89.116.114.0/24
IP: 89.116.120.0 -- 89.116.122.255
IP: 89.116.124.0/24
IP: 89.116.129.0/24
IP: 89.116.133.0 -- 89.116.134.255
IP: 89.116.136.0/24
IP: 89.116.138.0/23
IP: 89.116.142.0/23
IP: 89.116.145.0/24
IP: 89.116.151.0 -- 89.116.152.255
IP: 89.116.155.0/24
IP: 89.116.157.0/24
IP: 89.116.159.0 -- 89.116.160.255
IP: 89.116.162.0/24
IP: 89.116.167.0/24
IP: 89.116.170.0/24
IP: 89.116.174.0/24
IP: 89.116.176.0/24
IP: 89.116.178.0/24
IP: 89.116.187.0 -- 89.116.188.255
IP: 89.116.191.0 -- 89.116.192.255
IP: 89.116.194.0 -- 89.116.197.255
IP: 89.116.199.0/24
IP: 89.116.201.0/24
IP: 89.116.204.0/22
IP: 89.116.216.0/23
IP: 89.116.219.0/24
IP: 89.116.222.0/24
IP: 89.116.232.0/24
IP: 89.116.235.0/24
IP: 89.116.238.0/24
IP: 89.116.240.0/24
IP: 89.116.245.0/24
IP: 89.116.249.0/24
IP: 89.116.251.0/24
IP: 89.116.254.0/24
IP: 89.117.4.0/24
IP: 89.117.10.0/24
IP: 89.117.14.0/24
IP: 89.117.26.0/24
IP: 89.117.34.0/24
IP: 89.117.39.0/24
IP: 89.117.69.0/24
IP: 89.117.86.0/24
IP: 89.117.92.0/23
IP: 89.117.100.0/24
IP: 89.117.108.0/24
IP: 89.117.110.0/24
IP: 89.117.119.0/24
IP: 89.117.125.0/24
IP: 89.117.127.0 -- 89.117.128.255
IP: 89.117.131.0/24
IP: 89.117.137.0 -- 89.117.138.255
IP: 89.117.140.0/23
IP: 89.117.156.0/24
IP: 89.117.165.0 -- 89.117.166.255
IP: 89.117.170.0/24
IP: 89.117.176.0 -- 89.117.187.255
IP: 89.117.189.0/24
IP: 89.117.191.0 -- 89.117.214.255
IP: 89.117.219.0 -- 89.117.221.255
IP: 89.117.223.0 -- 89.117.225.255
IP: 89.117.230.0 -- 89.117.244.255
IP: 89.117.246.0 -- 89.117.249.255
IP: 89.117.251.0 -- 89.117.253.255
IP: 89.117.255.0/24
IP: 185.189.152.0/22
IP: 213.226.128.0/18
IP: 213.252.192.0 -- 213.252.227.255
IP: 213.252.234.0 -- 213.252.237.255
IP: 213.252.240.0/20
IP: 217.9.240.0/24
IP: 217.9.243.0 -- 217.9.253.255
IP: 2a00:f500::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 20 Apr 2024 08:00:26 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:a4:85:3c:e0:11:3a:5f:91:96:4e:95:a9:a7:c8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 2 10:33:52 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:3f:42:77:0e:61:27:a4:cc:00:b6:cc:3d:1d:
d2:28:e6:99:a7:88:01:bb:69:e0:df:84:08:59:c6:
24:54:c5:06:5d:81:29:9e:2f:1c:13:d6:ba:b1:45:
74:93:af:5d:ee:b0:12:17:ef:49:ce:b3:35:0e:82:
bf:a3:43:d9:5c:97:ca:fc:56:bc:88:31:17:77:25:
8c:25:7d:c1:7f:90:e8:d5:72:37:d1:e1:18:47:e7:
f3:97:5f:79:d1:f8:6c:ea:3f:9f:90:4b:4f:3b:97:
96:20:6b:bd:49:0b:b7:d0:11:b1:fe:74:75:2d:14:
6a:98:ee:d6:db:fe:05:d4:e3:b9:15:87:2a:35:b4:
f2:d9:b5:b6:cf:4c:ce:e0:1c:d5:23:ad:bb:fe:49:
10:6b:7b:7f:05:e7:17:7b:c7:20:e3:f0:c8:4f:d5:
84:8e:60:61:21:3f:13:de:df:c1:81:ca:36:cc:d3:
fa:f9:55:2a:2e:37:f2:2b:f6:32:7b:85:22:19:42:
49:01:94:2a:37:a6:d0:ea:28:63:0b:b3:e9:9f:e2:
ab:17:21:76:a0:c4:83:05:f7:1e:a1:73:f9:cc:b2:
2a:a0:45:6e:5e:a3:13:cb:6a:9a:6c:82:5e:aa:de:
57:5a:be:c9:6f:31:db:f2:e8:e5:77:90:03:72:a7:
c8:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.140.128.0-82.140.130.255
82.140.132.0-82.140.177.255
82.140.179.0-82.140.181.255
82.140.184.0-82.140.188.255
82.140.190.0/23
84.15.0.0/16
84.46.128.0-84.46.169.255
84.46.172.0-84.46.199.255
84.46.201.0-84.46.233.255
86.38.0.0-86.38.2.255
86.38.6.0/24
86.38.16.0/21
86.38.25.0-86.38.31.255
86.38.33.0-86.38.36.255
86.38.38.0-86.38.150.255
86.38.152.0/22
86.38.157.0-86.38.174.255
86.38.176.0/24
86.38.188.0/24
86.38.191.0-86.38.199.255
86.38.201.0/24
86.38.206.0-86.38.213.255
86.38.215.0/24
86.38.222.0-86.38.224.255
86.38.227.0-86.38.231.255
86.38.233.0-86.38.234.255
86.38.236.0/23
86.38.239.0-86.38.240.255
86.38.244.0/23
89.116.0.0/24
89.116.14.0/24
89.116.18.0/24
89.116.40.0/24
89.116.55.0/24
89.116.57.0/24
89.116.71.0/24
89.116.77.0-89.116.79.255
89.116.90.0/24
89.116.93.0-89.116.95.255
89.116.97.0-89.116.98.255
89.116.101.0/24
89.116.104.0/23
89.116.109.0-89.116.111.255
89.116.114.0/24
89.116.120.0-89.116.122.255
89.116.124.0/24
89.116.129.0/24
89.116.133.0-89.116.134.255
89.116.136.0/24
89.116.138.0/23
89.116.142.0/23
89.116.145.0/24
89.116.151.0-89.116.152.255
89.116.155.0/24
89.116.157.0/24
89.116.159.0-89.116.160.255
89.116.162.0/24
89.116.167.0/24
89.116.170.0/24
89.116.174.0/24
89.116.176.0/24
89.116.178.0/24
89.116.187.0-89.116.188.255
89.116.191.0-89.116.192.255
89.116.194.0-89.116.197.255
89.116.199.0/24
89.116.201.0/24
89.116.204.0/22
89.116.216.0/23
89.116.219.0/24
89.116.222.0/24
89.116.232.0/24
89.116.235.0/24
89.116.238.0/24
89.116.240.0/24
89.116.245.0/24
89.116.249.0/24
89.116.251.0/24
89.116.254.0/24
89.117.4.0/24
89.117.10.0/24
89.117.14.0/24
89.117.26.0/24
89.117.34.0/24
89.117.39.0/24
89.117.69.0/24
89.117.86.0/24
89.117.92.0/23
89.117.100.0/24
89.117.108.0/24
89.117.110.0/24
89.117.119.0/24
89.117.125.0/24
89.117.127.0-89.117.128.255
89.117.131.0/24
89.117.137.0-89.117.138.255
89.117.140.0/23
89.117.156.0/24
89.117.165.0-89.117.166.255
89.117.170.0/24
89.117.176.0-89.117.187.255
89.117.189.0/24
89.117.191.0-89.117.214.255
89.117.219.0-89.117.221.255
89.117.223.0-89.117.225.255
89.117.230.0-89.117.244.255
89.117.246.0-89.117.249.255
89.117.251.0-89.117.253.255
89.117.255.0/24
185.189.152.0/22
213.226.128.0/18
213.252.192.0-213.252.227.255
213.252.234.0-213.252.237.255
213.252.240.0/20
217.9.240.0/24
217.9.243.0-217.9.253.255
IPv6:
2a00:f500::/29
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
13194
199527
204746
210906
211614
Signature Algorithm: sha256WithRSAEncryption
8d:c7:57:f7:49:84:12:8a:15:6c:90:65:34:cf:9a:3d:4d:c8:
37:b3:59:cc:b8:59:d2:9b:65:6d:81:b4:85:03:5a:0e:96:98:
74:ea:e9:f6:26:6f:46:90:47:f9:01:fe:94:c2:29:5c:db:c1:
12:62:25:23:d6:47:29:ad:f7:28:30:af:2b:ab:e3:9a:61:a1:
18:f4:29:e7:dd:b2:db:86:6c:36:44:9e:6b:d8:75:5f:9e:b5:
86:f9:d7:f4:7a:9f:1b:73:20:51:3b:71:9a:62:d3:83:9f:04:
94:42:16:d0:95:4b:c1:53:98:99:1d:fe:cc:39:79:2b:6f:3e:
6a:72:6b:c6:8b:dd:fc:98:ae:64:d5:81:71:38:c5:bf:82:b0:
fc:d6:19:dc:ac:fb:d3:e7:c8:1b:52:62:31:cc:4a:85:05:c3:
8c:3f:f4:51:a6:06:b0:85:34:0b:c7:cc:9c:26:bb:81:dc:62:
f0:c6:cb:c3:1b:58:c0:0d:93:ed:48:70:b1:be:59:1d:e9:63:
2f:b1:29:cd:27:e0:e4:40:2a:5d:bb:5f:85:be:1f:b6:02:1c:
cb:e0:da:5b:bf:03:0c:1b:c2:e3:fe:95:21:3c:e2:17:e3:39:
15:ce:e2:57:db:18:8b:ac:a3:84:66:a8:0d:ce:b3:f7:fc:88:
d0:2c:dd:de
-----BEGIN CERTIFICATE-----
MIIJwDCCCKigAwIBAgISAYzJvKSFPOAROl+Rlk6VqafIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMzUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGRkODFhODMzZDliMDQzYzdmZmQ2MzVhNTk4N2Y1MzY5NzExODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArT9Cdw5hJ6TMALbMPR3SKOaZp4gB
u2ng34QIWcYkVMUGXYEpni8cE9a6sUV0k69d7rASF+9JzrM1DoK/o0PZXJfK/Fa8
iDEXdyWMJX3Bf5Do1XI30eEYR+fzl1950fhs6j+fkEtPO5eWIGu9SQu30BGx/nR1
LRRqmO7W2/4F1OO5FYcqNbTy2bW2z0zO4BzVI627/kkQa3t/BecXe8cg4/DIT9WE
jmBhIT8T3t/Bgco2zNP6+VUqLjfyK/Yye4UiGUJJAZQqN6bQ6ihjC7Ppn+KrFyF2
oMSDBfceoXP5zLIqoEVuXqMTy2qabIJeqt5XWr7JbzHb8ujld5ADcqfIKwIDAQAB
o4IGzDCCBsgwHQYDVR0OBBYEFPDdgagz2bBDx//WNaWYf1NpcRgNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZhL2E4ZWJl
NC1kMGIzLTRlN2QtYWYyNS0wNDY4MDQyNDg2ZGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEvYThlYmU0
LWQwYjMtNGU3ZC1hZjI1LTA0NjgwNDI0ODZkYy8xLzhOMkJxRFBac0VQSF85WTFw
WmhfVTJseEdBMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIENgYIKwYB
BQUHAQcBAf8EggQlMIIEITCCBA4EAgABMIIEBjAMAwQHUoyAAwQAUoyCMAwDBAJS
jIQDBAFSjLAwDAMEAFKMswMEAVKMtDAMAwQDUoy4AwQAUoy8AwQBUoy+AwMAVA8w
DAMEB1QugAMEAVQuqDAMAwQCVC6sAwQDVC7AMAwDBABULskDBAFULugwCwMDAVYm
AwQAViYCAwQAViYGAwQDViYQMAwDBABWJhkDBAVWJgAwDAMEAFYmIQMEAFYmJDAM
AwQBViYmAwQAViaWAwQCViaYMAwDBABWJp0DBABWJq4DBABWJrADBABWJrwwDAME
AFYmvwMEA1YmwAMEAFYmyTAMAwQBVibOAwQBVibUAwQAVibXMAwDBAFWJt4DBABW
JuAwDAMEAFYm4wMEA1Ym4DAMAwQAVibpAwQAVibqAwQBVibsMAwDBABWJu8DBABW
JvADBAFWJvQDBABZdAADBABZdA4DBABZdBIDBABZdCgDBABZdDcDBABZdDkDBABZ
dEcwDAMEAFl0TQMEBFl0QAMEAFl0WjAMAwQAWXRdAwQFWXRAMAwDBABZdGEDBABZ
dGIDBABZdGUDBAFZdGgwDAMEAFl0bQMEBFl0YAMEAFl0cjAMAwQDWXR4AwQAWXR6
AwQAWXR8AwQAWXSBMAwDBABZdIUDBABZdIYDBABZdIgDBAFZdIoDBAFZdI4DBABZ
dJEwDAMEAFl0lwMEAFl0mAMEAFl0mwMEAFl0nTAMAwQAWXSfAwQAWXSgAwQAWXSi
AwQAWXSnAwQAWXSqAwQAWXSuAwQAWXSwAwQAWXSyMAwDBABZdLsDBABZdLwwDAME
AFl0vwMEAFl0wDAMAwQBWXTCAwQBWXTEAwQAWXTHAwQAWXTJAwQCWXTMAwQBWXTY
AwQAWXTbAwQAWXTeAwQAWXToAwQAWXTrAwQAWXTuAwQAWXTwAwQAWXT1AwQAWXT5
AwQAWXT7AwQAWXT+AwQAWXUEAwQAWXUKAwQAWXUOAwQAWXUaAwQAWXUiAwQAWXUn
AwQAWXVFAwQAWXVWAwQBWXVcAwQAWXVkAwQAWXVsAwQAWXVuAwQAWXV3AwQAWXV9
MAwDBABZdX8DBABZdYADBABZdYMwDAMEAFl1iQMEAFl1igMEAVl1jAMEAFl1nDAM
AwQAWXWlAwQAWXWmAwQAWXWqMAwDBARZdbADBAJZdbgDBABZdb0wDAMEAFl1vwME
AFl11jAMAwQAWXXbAwQBWXXcMAwDBABZdd8DBAFZdeAwDAMEAVl15gMEAFl19DAM
AwQBWXX2AwQBWXX4MAwDBABZdfsDBAFZdfwDBABZdf8DBAK5vZgDBAbV4oAwDAME
BtX8wAMEAtX84DAMAwQB1fzqAwQB1fzsAwQE1fzwAwQA2QnwMAwDBADZCfMDBAHZ
CfwwDQQCAAIwBwMFAyoA9QAwLQYIKwYBBQUHAQgBAf8EHjAcoBowGAICM4oCAwML
ZwIDAx/KAgMDN9oCAwM6njANBgkqhkiG9w0BAQsFAAOCAQEAjcdX90mEEooVbJBl
NM+aPU3IN7NZzLhZ0ptlbYG0hQNaDpaYdOrp9iZvRpBH+QH+lMIpXNvBEmIlI9ZH
Ka33KDCvK6vjmmGhGPQp592y24ZsNkSea9h1X561hvnX9HqfG3MgUTtxmmLTg58E
lEIW0JVLwVOYmR3+zDl5K28+anJrxovd/JiuZNWBcTjFv4Kw/NYZ3Kz70+fIG1Ji
McxKhQXDjD/0UaYGsIU0C8fMnCa7gdxi8MbLwxtYwA2T7Uhwsb5ZHeljL7EpzSfg
5EAqXbtfhb4ftgIcy+DaW78DDBvC4/6VITziF+M5Fc7iV9sYi6yjhGaoDc6z9/yI
0Czd3g==
-----END CERTIFICATE-----
Generated at Fri Apr 19 17:10:35 2024 by rpki-client on console-ams.rpki-client.org