Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer
File: 8N2BqDPZsEPH_9Y1pZh_U2lxGA0.cer (raw, json)
Hash identifier: nL1gLWWSOfOCL3MO1bstetSfPjxWWqM2S63oo7qXksg=
Subject key identifier: F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 0195F0A072D9726A3D981012DA0BAE62A288
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Tue 01 Apr 2025 09:13:21 +0000
Certificate not after: Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources: AS: 13194
AS: 199527
AS: 204746
AS: 210906
AS: 211614
IP: 82.140.128.0 -- 82.140.130.255
IP: 82.140.132.0 -- 82.140.177.255
IP: 82.140.179.0 -- 82.140.181.255
IP: 82.140.184.0 -- 82.140.188.255
IP: 82.140.190.0/23
IP: 84.15.0.0/16
IP: 84.46.128.0 -- 84.46.169.255
IP: 84.46.172.0 -- 84.46.199.255
IP: 84.46.201.0 -- 84.46.233.255
IP: 86.38.0.0 -- 86.38.2.255
IP: 86.38.6.0/24
IP: 86.38.16.0/21
IP: 86.38.25.0 -- 86.38.31.255
IP: 86.38.33.0 -- 86.38.36.255
IP: 86.38.38.0 -- 86.38.150.255
IP: 86.38.152.0/22
IP: 86.38.157.0 -- 86.38.174.255
IP: 86.38.176.0/24
IP: 86.38.188.0/24
IP: 86.38.191.0 -- 86.38.199.255
IP: 86.38.201.0/24
IP: 86.38.206.0 -- 86.38.213.255
IP: 86.38.215.0/24
IP: 86.38.222.0 -- 86.38.224.255
IP: 86.38.227.0 -- 86.38.231.255
IP: 86.38.233.0 -- 86.38.234.255
IP: 86.38.236.0/23
IP: 86.38.239.0 -- 86.38.240.255
IP: 86.38.244.0/23
IP: 89.116.0.0/24
IP: 89.116.14.0/24
IP: 89.116.18.0/24
IP: 89.116.40.0/24
IP: 89.116.55.0/24
IP: 89.116.57.0/24
IP: 89.116.71.0/24
IP: 89.116.77.0 -- 89.116.79.255
IP: 89.116.90.0/24
IP: 89.116.93.0 -- 89.116.95.255
IP: 89.116.97.0 -- 89.116.98.255
IP: 89.116.101.0/24
IP: 89.116.104.0/23
IP: 89.116.109.0 -- 89.116.111.255
IP: 89.116.114.0/24
IP: 89.116.120.0 -- 89.116.122.255
IP: 89.116.124.0/24
IP: 89.116.129.0/24
IP: 89.116.133.0 -- 89.116.134.255
IP: 89.116.136.0/24
IP: 89.116.138.0/23
IP: 89.116.142.0/23
IP: 89.116.145.0/24
IP: 89.116.151.0 -- 89.116.152.255
IP: 89.116.155.0/24
IP: 89.116.157.0/24
IP: 89.116.159.0 -- 89.116.160.255
IP: 89.116.162.0/24
IP: 89.116.167.0/24
IP: 89.116.170.0/24
IP: 89.116.174.0/24
IP: 89.116.176.0/24
IP: 89.116.178.0/24
IP: 89.116.187.0 -- 89.116.188.255
IP: 89.116.191.0 -- 89.116.192.255
IP: 89.116.194.0 -- 89.116.197.255
IP: 89.116.199.0/24
IP: 89.116.201.0/24
IP: 89.116.204.0/22
IP: 89.116.216.0/23
IP: 89.116.219.0/24
IP: 89.116.222.0/24
IP: 89.116.232.0/24
IP: 89.116.235.0/24
IP: 89.116.238.0/24
IP: 89.116.240.0/24
IP: 89.116.245.0/24
IP: 89.116.249.0/24
IP: 89.116.251.0/24
IP: 89.116.254.0/24
IP: 89.117.4.0/24
IP: 89.117.10.0/24
IP: 89.117.14.0/24
IP: 89.117.26.0/24
IP: 89.117.34.0/24
IP: 89.117.39.0/24
IP: 89.117.69.0/24
IP: 89.117.86.0/24
IP: 89.117.92.0/23
IP: 89.117.100.0/24
IP: 89.117.108.0/24
IP: 89.117.110.0/24
IP: 89.117.119.0/24
IP: 89.117.125.0/24
IP: 89.117.127.0 -- 89.117.128.255
IP: 89.117.131.0/24
IP: 89.117.137.0 -- 89.117.138.255
IP: 89.117.140.0/23
IP: 89.117.156.0/24
IP: 89.117.165.0 -- 89.117.166.255
IP: 89.117.170.0/24
IP: 89.117.176.0 -- 89.117.187.255
IP: 89.117.189.0/24
IP: 89.117.191.0 -- 89.117.214.255
IP: 89.117.219.0 -- 89.117.221.255
IP: 89.117.223.0 -- 89.117.225.255
IP: 89.117.230.0 -- 89.117.244.255
IP: 89.117.246.0 -- 89.117.249.255
IP: 89.117.251.0 -- 89.117.253.255
IP: 89.117.255.0/24
IP: 185.189.152.0/22
IP: 213.226.128.0/18
IP: 213.252.192.0/18
IP: 217.9.240.0/24
IP: 217.9.243.0 -- 217.9.253.255
IP: 2a00:f500::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Tue 08 Apr 2025 10:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:f0:a0:72:d9:72:6a:3d:98:10:12:da:0b:ae:62:a2:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Apr 1 09:13:21 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=f0dd81a833d9b043c7ffd635a5987f536971180d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:3f:42:77:0e:61:27:a4:cc:00:b6:cc:3d:1d:
d2:28:e6:99:a7:88:01:bb:69:e0:df:84:08:59:c6:
24:54:c5:06:5d:81:29:9e:2f:1c:13:d6:ba:b1:45:
74:93:af:5d:ee:b0:12:17:ef:49:ce:b3:35:0e:82:
bf:a3:43:d9:5c:97:ca:fc:56:bc:88:31:17:77:25:
8c:25:7d:c1:7f:90:e8:d5:72:37:d1:e1:18:47:e7:
f3:97:5f:79:d1:f8:6c:ea:3f:9f:90:4b:4f:3b:97:
96:20:6b:bd:49:0b:b7:d0:11:b1:fe:74:75:2d:14:
6a:98:ee:d6:db:fe:05:d4:e3:b9:15:87:2a:35:b4:
f2:d9:b5:b6:cf:4c:ce:e0:1c:d5:23:ad:bb:fe:49:
10:6b:7b:7f:05:e7:17:7b:c7:20:e3:f0:c8:4f:d5:
84:8e:60:61:21:3f:13:de:df:c1:81:ca:36:cc:d3:
fa:f9:55:2a:2e:37:f2:2b:f6:32:7b:85:22:19:42:
49:01:94:2a:37:a6:d0:ea:28:63:0b:b3:e9:9f:e2:
ab:17:21:76:a0:c4:83:05:f7:1e:a1:73:f9:cc:b2:
2a:a0:45:6e:5e:a3:13:cb:6a:9a:6c:82:5e:aa:de:
57:5a:be:c9:6f:31:db:f2:e8:e5:77:90:03:72:a7:
c8:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:DD:81:A8:33:D9:B0:43:C7:FF:D6:35:A5:98:7F:53:69:71:18:0D
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/a8ebe4-d0b3-4e7d-af25-0468042486dc/1/8N2BqDPZsEPH_9Y1pZh_U2lxGA0.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.140.128.0-82.140.130.255
82.140.132.0-82.140.177.255
82.140.179.0-82.140.181.255
82.140.184.0-82.140.188.255
82.140.190.0/23
84.15.0.0/16
84.46.128.0-84.46.169.255
84.46.172.0-84.46.199.255
84.46.201.0-84.46.233.255
86.38.0.0-86.38.2.255
86.38.6.0/24
86.38.16.0/21
86.38.25.0-86.38.31.255
86.38.33.0-86.38.36.255
86.38.38.0-86.38.150.255
86.38.152.0/22
86.38.157.0-86.38.174.255
86.38.176.0/24
86.38.188.0/24
86.38.191.0-86.38.199.255
86.38.201.0/24
86.38.206.0-86.38.213.255
86.38.215.0/24
86.38.222.0-86.38.224.255
86.38.227.0-86.38.231.255
86.38.233.0-86.38.234.255
86.38.236.0/23
86.38.239.0-86.38.240.255
86.38.244.0/23
89.116.0.0/24
89.116.14.0/24
89.116.18.0/24
89.116.40.0/24
89.116.55.0/24
89.116.57.0/24
89.116.71.0/24
89.116.77.0-89.116.79.255
89.116.90.0/24
89.116.93.0-89.116.95.255
89.116.97.0-89.116.98.255
89.116.101.0/24
89.116.104.0/23
89.116.109.0-89.116.111.255
89.116.114.0/24
89.116.120.0-89.116.122.255
89.116.124.0/24
89.116.129.0/24
89.116.133.0-89.116.134.255
89.116.136.0/24
89.116.138.0/23
89.116.142.0/23
89.116.145.0/24
89.116.151.0-89.116.152.255
89.116.155.0/24
89.116.157.0/24
89.116.159.0-89.116.160.255
89.116.162.0/24
89.116.167.0/24
89.116.170.0/24
89.116.174.0/24
89.116.176.0/24
89.116.178.0/24
89.116.187.0-89.116.188.255
89.116.191.0-89.116.192.255
89.116.194.0-89.116.197.255
89.116.199.0/24
89.116.201.0/24
89.116.204.0/22
89.116.216.0/23
89.116.219.0/24
89.116.222.0/24
89.116.232.0/24
89.116.235.0/24
89.116.238.0/24
89.116.240.0/24
89.116.245.0/24
89.116.249.0/24
89.116.251.0/24
89.116.254.0/24
89.117.4.0/24
89.117.10.0/24
89.117.14.0/24
89.117.26.0/24
89.117.34.0/24
89.117.39.0/24
89.117.69.0/24
89.117.86.0/24
89.117.92.0/23
89.117.100.0/24
89.117.108.0/24
89.117.110.0/24
89.117.119.0/24
89.117.125.0/24
89.117.127.0-89.117.128.255
89.117.131.0/24
89.117.137.0-89.117.138.255
89.117.140.0/23
89.117.156.0/24
89.117.165.0-89.117.166.255
89.117.170.0/24
89.117.176.0-89.117.187.255
89.117.189.0/24
89.117.191.0-89.117.214.255
89.117.219.0-89.117.221.255
89.117.223.0-89.117.225.255
89.117.230.0-89.117.244.255
89.117.246.0-89.117.249.255
89.117.251.0-89.117.253.255
89.117.255.0/24
185.189.152.0/22
213.226.128.0/18
213.252.192.0/18
217.9.240.0/24
217.9.243.0-217.9.253.255
IPv6:
2a00:f500::/29
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
13194
199527
204746
210906
211614
Signature Algorithm: sha256WithRSAEncryption
a7:3d:d6:ef:43:e8:02:2d:21:dc:9e:72:fa:db:d0:41:32:2b:
c5:01:fb:93:fb:99:a3:06:54:10:d2:f2:e1:1e:5a:5b:62:7e:
82:a8:a3:ae:61:f8:3e:72:d4:59:51:fd:c0:bf:c1:dc:cb:2c:
f5:53:87:51:80:f7:3d:05:fb:a8:5f:37:89:7b:03:bb:95:a6:
a2:84:cc:57:37:e9:3c:b2:d1:ed:6f:e3:d5:38:5b:7b:53:96:
8c:56:eb:d9:0f:ed:96:f5:b5:ba:51:ba:46:4a:ed:de:b3:48:
17:f1:c1:6c:50:c2:2a:73:0f:91:10:f8:7a:60:0c:05:04:eb:
c7:7e:58:9e:ce:b9:72:cf:de:ff:a6:f0:5e:5c:6f:8d:1c:84:
28:18:e8:9c:8a:ac:68:7f:e7:a6:72:ea:5d:3e:7a:10:12:00:
08:8a:cd:a6:0f:25:60:4c:02:22:cc:64:f6:39:fd:3e:40:f9:
50:35:56:2b:95:4e:d3:aa:4c:0b:c5:6a:74:75:dd:b6:8f:25:
a7:d5:af:f0:df:47:27:9f:a6:a9:c6:15:d3:0b:df:56:ce:05:
c2:07:58:f3:5b:16:83:06:df:dd:88:05:7b:07:07:0d:62:22:
49:19:f8:bf:aa:1b:3e:9e:b5:a3:1e:91:25:d8:54:b6:65:09:
c6:bb:c5:c8
-----BEGIN CERTIFICATE-----
MIIJpDCCCIygAwIBAgISAZXwoHLZcmo9mBAS2guuYqKIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNDAxMDkxMzIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGRkODFhODMzZDliMDQzYzdmZmQ2MzVhNTk4N2Y1MzY5NzExODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArT9Cdw5hJ6TMALbMPR3SKOaZp4gB
u2ng34QIWcYkVMUGXYEpni8cE9a6sUV0k69d7rASF+9JzrM1DoK/o0PZXJfK/Fa8
iDEXdyWMJX3Bf5Do1XI30eEYR+fzl1950fhs6j+fkEtPO5eWIGu9SQu30BGx/nR1
LRRqmO7W2/4F1OO5FYcqNbTy2bW2z0zO4BzVI627/kkQa3t/BecXe8cg4/DIT9WE
jmBhIT8T3t/Bgco2zNP6+VUqLjfyK/Yye4UiGUJJAZQqN6bQ6ihjC7Ppn+KrFyF2
oMSDBfceoXP5zLIqoEVuXqMTy2qabIJeqt5XWr7JbzHb8ujld5ADcqfIKwIDAQAB
o4IGsDCCBqwwHQYDVR0OBBYEFPDdgagz2bBDx//WNaWYf1NpcRgNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZhL2E4ZWJl
NC1kMGIzLTRlN2QtYWYyNS0wNDY4MDQyNDg2ZGMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEvYThlYmU0
LWQwYjMtNGU3ZC1hZjI1LTA0NjgwNDI0ODZkYy8xLzhOMkJxRFBac0VQSF85WTFw
WmhfVTJseEdBMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIEGgYIKwYB
BQUHAQcBAf8EggQJMIIEBTCCA/IEAgABMIID6jAMAwQHUoyAAwQAUoyCMAwDBAJS
jIQDBAFSjLAwDAMEAFKMswMEAVKMtDAMAwQDUoy4AwQAUoy8AwQBUoy+AwMAVA8w
DAMEB1QugAMEAVQuqDAMAwQCVC6sAwQDVC7AMAwDBABULskDBAFULugwCwMDAVYm
AwQAViYCAwQAViYGAwQDViYQMAwDBABWJhkDBAVWJgAwDAMEAFYmIQMEAFYmJDAM
AwQBViYmAwQAViaWAwQCViaYMAwDBABWJp0DBABWJq4DBABWJrADBABWJrwwDAME
AFYmvwMEA1YmwAMEAFYmyTAMAwQBVibOAwQBVibUAwQAVibXMAwDBAFWJt4DBABW
JuAwDAMEAFYm4wMEA1Ym4DAMAwQAVibpAwQAVibqAwQBVibsMAwDBABWJu8DBABW
JvADBAFWJvQDBABZdAADBABZdA4DBABZdBIDBABZdCgDBABZdDcDBABZdDkDBABZ
dEcwDAMEAFl0TQMEBFl0QAMEAFl0WjAMAwQAWXRdAwQFWXRAMAwDBABZdGEDBABZ
dGIDBABZdGUDBAFZdGgwDAMEAFl0bQMEBFl0YAMEAFl0cjAMAwQDWXR4AwQAWXR6
AwQAWXR8AwQAWXSBMAwDBABZdIUDBABZdIYDBABZdIgDBAFZdIoDBAFZdI4DBABZ
dJEwDAMEAFl0lwMEAFl0mAMEAFl0mwMEAFl0nTAMAwQAWXSfAwQAWXSgAwQAWXSi
AwQAWXSnAwQAWXSqAwQAWXSuAwQAWXSwAwQAWXSyMAwDBABZdLsDBABZdLwwDAME
AFl0vwMEAFl0wDAMAwQBWXTCAwQBWXTEAwQAWXTHAwQAWXTJAwQCWXTMAwQBWXTY
AwQAWXTbAwQAWXTeAwQAWXToAwQAWXTrAwQAWXTuAwQAWXTwAwQAWXT1AwQAWXT5
AwQAWXT7AwQAWXT+AwQAWXUEAwQAWXUKAwQAWXUOAwQAWXUaAwQAWXUiAwQAWXUn
AwQAWXVFAwQAWXVWAwQBWXVcAwQAWXVkAwQAWXVsAwQAWXVuAwQAWXV3AwQAWXV9
MAwDBABZdX8DBABZdYADBABZdYMwDAMEAFl1iQMEAFl1igMEAVl1jAMEAFl1nDAM
AwQAWXWlAwQAWXWmAwQAWXWqMAwDBARZdbADBAJZdbgDBABZdb0wDAMEAFl1vwME
AFl11jAMAwQAWXXbAwQBWXXcMAwDBABZdd8DBAFZdeAwDAMEAVl15gMEAFl19DAM
AwQBWXX2AwQBWXX4MAwDBABZdfsDBAFZdfwDBABZdf8DBAK5vZgDBAbV4oADBAbV
/MADBADZCfAwDAMEANkJ8wMEAdkJ/DANBAIAAjAHAwUDKgD1ADAtBggrBgEFBQcB
CAEB/wQeMBygGjAYAgIzigIDAwtnAgMDH8oCAwM32gIDAzqeMA0GCSqGSIb3DQEB
CwUAA4IBAQCnPdbvQ+gCLSHcnnL629BBMivFAfuT+5mjBlQQ0vLhHlpbYn6CqKOu
Yfg+ctRZUf3Av8Hcyyz1U4dRgPc9BfuoXzeJewO7laaihMxXN+k8stHtb+PVOFt7
U5aMVuvZD+2W9bW6UbpGSu3es0gX8cFsUMIqcw+REPh6YAwFBOvHfliezrlyz97/
pvBeXG+NHIQoGOiciqxof+emcupdPnoQEgAIis2mDyVgTAIizGT2Of0+QPlQNVYr
lU7TqkwLxWp0dd22jyWn1a/w30cnn6apxhXTC99WzgXCB1jzWxaDBt/diAV7BwcN
YiJJGfi/qhs+nrWjHpEl2FS2ZQnGu8XI
-----END CERTIFICATE-----
Generated at Mon Apr 7 13:08:21 2025 by rpki-client