Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
File: NJy71cLPQZXMbsfyH2B1gaAiTao.cer (raw, json)
Hash identifier: 1vyG23uubNKru+dlxZO6RiwTW5FfNwOlHslpqbAGBMc=
Subject key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 018CC86FB972A60735B9DF461D630D5A385C
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Tue 02 Jan 2024 04:30:14 +0000
Certificate not after: Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources: AS: 34744
AS: 57217
IP: 31.131.8.0/21
IP: 31.132.192.0/21
IP: 31.133.24.0/21
IP: 31.133.192.0/21
IP: 31.135.0.0/21
IP: 37.97.112.0 -- 37.97.123.255
IP: 46.151.32.0/21
IP: 46.173.240.0/20
IP: 46.174.200.0/21
IP: 64.43.64.0/18
IP: 77.36.0.0/17
IP: 77.232.192.0/19
IP: 81.161.0.0/20
IP: 81.161.48.0/21
IP: 85.204.196.0/23
IP: 86.104.132.0/23
IP: 89.34.74.0/23
IP: 89.42.232.0/23
IP: 89.44.100.0/23
IP: 89.45.92.0/23
IP: 89.46.112.0/23
IP: 91.193.28.0/22
IP: 91.200.132.0/22
IP: 91.218.252.0/22
IP: 91.223.117.0/24
IP: 91.223.158.0/24
IP: 91.224.40.0/23
IP: 91.224.212.0/23
IP: 91.225.34.0/23
IP: 91.226.52.0/22
IP: 91.228.119.0/24
IP: 91.229.6.0/24
IP: 91.229.16.0/22
IP: 91.229.30.0/23
IP: 91.229.147.0/24
IP: 91.229.156.0/22
IP: 91.231.223.0 -- 91.231.227.255
IP: 91.232.16.0 -- 91.232.20.255
IP: 91.232.55.0 -- 91.232.57.255
IP: 91.232.226.0/23
IP: 91.232.254.0/24
IP: 91.233.0.0/22
IP: 91.233.200.0/22
IP: 91.234.120.0/22
IP: 91.234.150.0/23
IP: 91.234.156.0/22
IP: 91.234.220.0/22
IP: 91.235.166.0/23
IP: 91.236.76.0/23
IP: 91.236.237.0/24
IP: 91.237.44.0 -- 91.237.49.255
IP: 91.237.91.0 -- 91.237.93.255
IP: 91.237.193.0 -- 91.237.195.255
IP: 91.238.38.0 -- 91.238.43.255
IP: 91.239.0.0/22
IP: 91.239.178.0/23
IP: 91.239.220.0 -- 91.239.226.255
IP: 91.240.154.0/24
IP: 91.240.156.0/22
IP: 91.245.88.0/21
IP: 91.245.176.0/20
IP: 91.246.172.0 -- 91.246.201.255
IP: 91.246.203.0 -- 91.246.207.255
IP: 91.246.216.0/23
IP: 93.120.0.0/17
IP: 94.232.96.0/21
IP: 109.197.232.0/21
IP: 109.207.128.0/20
IP: 171.25.223.0/24
IP: 176.96.48.0/20
IP: 176.96.88.0/21
IP: 176.96.176.0/21
IP: 176.97.144.0/21
IP: 176.98.56.0/21
IP: 176.102.120.0/21
IP: 176.103.120.0/21
IP: 176.103.240.0/21
IP: 176.107.64.0/20
IP: 176.110.106.0/23
IP: 176.110.112.0/22
IP: 176.110.216.0/21
IP: 176.111.0.0/21
IP: 176.111.160.0/21
IP: 176.112.80.0/21
IP: 176.113.176.0/20
IP: 176.115.232.0/21
IP: 176.116.32.0/20
IP: 176.116.224.0/20
IP: 176.118.88.0/21
IP: 176.118.200.0/21
IP: 176.121.32.0/20
IP: 176.121.96.0/20
IP: 176.124.172.0 -- 176.124.183.255
IP: 178.159.144.0/20
IP: 178.212.184.0/21
IP: 178.213.176.0/21
IP: 185.9.236.0 -- 185.9.243.255
IP: 185.55.4.0/22
IP: 185.55.140.0/22
IP: 185.104.196.0/22
IP: 188.191.248.0/21
IP: 188.213.233.0/24
IP: 192.162.184.0/22
IP: 193.0.190.0/24
IP: 193.36.192.0/19
IP: 193.221.82.0/23
IP: 194.33.64.0/22
IP: 194.33.100.0/22
IP: 195.80.142.0/23
IP: 2a01:7d8::/32
IP: 2a05:84c0::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 26 Apr 2024 13:25:12 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:6f:b9:72:a6:07:35:b9:df:46:1d:63:0d:5a:38:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 2 04:30:14 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:ad:01:76:b4:fe:93:58:b2:b7:ea:a8:f9:d4:
a3:3a:d7:fc:73:6d:19:76:dd:75:7c:eb:7d:ce:ab:
67:18:7b:95:46:c0:72:ca:b9:60:46:97:cf:c6:54:
e5:e4:6f:1b:27:4f:28:2b:7e:47:bc:78:b1:4b:92:
c6:e5:e8:04:c5:a2:ee:dc:81:3e:f9:81:4b:57:f5:
25:c8:2d:09:2d:1c:60:a7:4f:55:45:c7:91:27:8f:
56:2e:45:a1:1f:97:1d:de:1a:de:8d:21:46:c3:49:
a4:c2:f3:88:74:fe:06:68:ec:96:47:01:53:bc:ac:
de:9b:bc:4f:34:23:00:78:33:d6:64:c4:82:d3:c2:
0a:59:76:c5:60:72:d7:29:61:33:8f:d9:7c:1a:e6:
55:d5:96:e3:1f:d3:77:de:0c:d2:86:94:b8:83:15:
5a:d3:25:5b:30:2f:d6:e6:8c:a6:f0:38:25:ac:3f:
6f:81:4c:99:1d:74:74:69:94:89:39:3d:a0:32:ce:
5b:d4:6d:6c:15:ee:7b:89:4a:a1:38:70:b3:e0:a6:
63:96:b5:06:66:f1:b3:47:eb:56:c9:02:63:a5:2c:
f3:3a:5c:93:f0:c5:af:d3:55:d7:da:39:b8:0c:70:
4a:76:6a:d9:2a:e3:19:2f:67:8d:d1:9a:ea:35:6f:
26:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.131.8.0/21
31.132.192.0/21
31.133.24.0/21
31.133.192.0/21
31.135.0.0/21
37.97.112.0-37.97.123.255
46.151.32.0/21
46.173.240.0/20
46.174.200.0/21
64.43.64.0/18
77.36.0.0/17
77.232.192.0/19
81.161.0.0/20
81.161.48.0/21
85.204.196.0/23
86.104.132.0/23
89.34.74.0/23
89.42.232.0/23
89.44.100.0/23
89.45.92.0/23
89.46.112.0/23
91.193.28.0/22
91.200.132.0/22
91.218.252.0/22
91.223.117.0/24
91.223.158.0/24
91.224.40.0/23
91.224.212.0/23
91.225.34.0/23
91.226.52.0/22
91.228.119.0/24
91.229.6.0/24
91.229.16.0/22
91.229.30.0/23
91.229.147.0/24
91.229.156.0/22
91.231.223.0-91.231.227.255
91.232.16.0-91.232.20.255
91.232.55.0-91.232.57.255
91.232.226.0/23
91.232.254.0/24
91.233.0.0/22
91.233.200.0/22
91.234.120.0/22
91.234.150.0/23
91.234.156.0/22
91.234.220.0/22
91.235.166.0/23
91.236.76.0/23
91.236.237.0/24
91.237.44.0-91.237.49.255
91.237.91.0-91.237.93.255
91.237.193.0-91.237.195.255
91.238.38.0-91.238.43.255
91.239.0.0/22
91.239.178.0/23
91.239.220.0-91.239.226.255
91.240.154.0/24
91.240.156.0/22
91.245.88.0/21
91.245.176.0/20
91.246.172.0-91.246.201.255
91.246.203.0-91.246.207.255
91.246.216.0/23
93.120.0.0/17
94.232.96.0/21
109.197.232.0/21
109.207.128.0/20
171.25.223.0/24
176.96.48.0/20
176.96.88.0/21
176.96.176.0/21
176.97.144.0/21
176.98.56.0/21
176.102.120.0/21
176.103.120.0/21
176.103.240.0/21
176.107.64.0/20
176.110.106.0/23
176.110.112.0/22
176.110.216.0/21
176.111.0.0/21
176.111.160.0/21
176.112.80.0/21
176.113.176.0/20
176.115.232.0/21
176.116.32.0/20
176.116.224.0/20
176.118.88.0/21
176.118.200.0/21
176.121.32.0/20
176.121.96.0/20
176.124.172.0-176.124.183.255
178.159.144.0/20
178.212.184.0/21
178.213.176.0/21
185.9.236.0-185.9.243.255
185.55.4.0/22
185.55.140.0/22
185.104.196.0/22
188.191.248.0/21
188.213.233.0/24
192.162.184.0/22
193.0.190.0/24
193.36.192.0/19
193.221.82.0/23
194.33.64.0/22
194.33.100.0/22
195.80.142.0/23
IPv6:
2a01:7d8::/32
2a05:84c0::/29
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
34744
57217
Signature Algorithm: sha256WithRSAEncryption
1a:a4:08:8e:59:18:69:a7:4e:c6:33:c9:95:33:52:de:1f:76:
40:71:33:a9:a8:9e:c3:f3:84:2e:b1:a4:94:a1:65:17:9b:fa:
bc:9e:eb:ff:70:e4:b9:f3:66:8a:12:57:06:ae:79:bc:4a:a2:
33:d3:67:ff:9f:9a:de:9a:9a:76:35:b0:91:a2:67:0a:1c:0f:
bc:60:4d:6a:2d:33:b2:26:b0:ac:81:3b:9b:98:79:55:1e:49:
01:a6:c2:21:7d:31:18:7a:77:58:b7:93:d9:37:67:1e:87:29:
42:33:32:43:f3:52:be:17:05:5f:e9:98:b4:3f:75:78:50:c0:
ce:40:1e:06:dc:f3:82:5b:25:94:2b:dc:d0:55:54:92:19:ae:
b3:5e:d0:8d:29:c8:27:e5:8b:68:c3:60:25:db:fb:d0:48:06:
ac:24:f2:59:5c:f0:7e:e4:f1:e4:1f:15:61:7e:d7:15:4e:15:
a2:9b:da:19:90:bc:f9:b8:73:3a:17:3d:09:75:0a:b9:f9:47:
21:83:9a:25:bf:ee:a7:8d:8c:4c:4f:6c:d0:4e:e6:f9:b7:ae:
6f:67:a4:77:91:bc:ec:ce:59:7f:d5:88:ac:e0:c3:d6:04:65:
d7:30:a0:b8:6d:98:ca:a6:2f:e9:42:b0:be:26:88:12:37:ca:
79:5f:d6:26
-----BEGIN CERTIFICATE-----
MIIIqTCCB5GgAwIBAgISAYzIb7lypgc1ud9GHWMNWjhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDljYmJkNWMyY2Y0MTk1Y2M2ZWM3ZjIxZjYwNzU4MWEwMjI0ZGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp60BdrT+k1iyt+qo+dSjOtf8c20Z
dt11fOt9zqtnGHuVRsByyrlgRpfPxlTl5G8bJ08oK35HvHixS5LG5egExaLu3IE+
+YFLV/UlyC0JLRxgp09VRceRJ49WLkWhH5cd3hrejSFGw0mkwvOIdP4GaOyWRwFT
vKzem7xPNCMAeDPWZMSC08IKWXbFYHLXKWEzj9l8GuZV1ZbjH9N33gzShpS4gxVa
0yVbMC/W5oym8DglrD9vgUyZHXR0aZSJOT2gMs5b1G1sFe57iUqhOHCz4KZjlrUG
ZvGzR+tWyQJjpSzzOlyT8MWv01XX2jm4DHBKdmrZKuMZL2eN0ZrqNW8mNwIDAQAB
o4IFtTCCBbEwHQYDVR0OBBYEFDScu9XCz0GVzG7H8h9gdYGgIk2qMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJkL2NkZjVm
Ni0yZjE4LTQyYzctOTMwZS1kYzA2ZGQ4MDU5NjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvY2RmNWY2
LTJmMTgtNDJjNy05MzBlLWRjMDZkZDgwNTk2MC8xL05KeTcxY0xQUVpYTWJzZnlI
MkIxZ2FBaVRhby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIDLQYIKwYB
BQUHAQcBAf8EggMcMIIDGDCCAv4EAgABMIIC9gMEAx+DCAMEAx+EwAMEAx+FGAME
Ax+FwAMEAx+HADAMAwQEJWFwAwQCJWF4AwQDLpcgAwQELq3wAwQDLq7IAwQGQCtA
AwQHTSQAAwQFTejAAwQEUaEAAwQDUaEwAwQBVczEAwQBVmiEAwQBWSJKAwQBWSro
AwQBWSxkAwQBWS1cAwQBWS5wAwQCW8EcAwQCW8iEAwQCW9r8AwQAW991AwQAW9+e
AwQBW+AoAwQBW+DUAwQBW+EiAwQCW+I0AwQAW+R3AwQAW+UGAwQCW+UQAwQBW+Ue
AwQAW+WTAwQCW+WcMAwDBABb598DBAJb5+AwDAMEBFvoEAMEAFvoFDAMAwQAW+g3
AwQBW+g4AwQBW+jiAwQAW+j+AwQCW+kAAwQCW+nIAwQCW+p4AwQBW+qWAwQCW+qc
AwQCW+rcAwQBW+umAwQBW+xMAwQAW+ztMAwDBAJb7SwDBAFb7TAwDAMEAFvtWwME
AVvtXDAMAwQAW+3BAwQCW+3AMAwDBAFb7iYDBAJb7igDBAJb7wADBAFb77IwDAME
Alvv3AMEAFvv4gMEAFvwmgMEAlvwnAMEA1v1WAMEBFv1sDAMAwQCW/asAwQBW/bI
MAwDBABb9ssDBARb9sADBAFb9tgDBAddeAADBANe6GADBANtxegDBARtz4ADBACr
Gd8DBASwYDADBAOwYFgDBAOwYLADBAOwYZADBAOwYjgDBAOwZngDBAOwZ3gDBAOw
Z/ADBASwa0ADBAGwbmoDBAKwbnADBAOwbtgDBAOwbwADBAOwb6ADBAOwcFADBASw
cbADBAOwc+gDBASwdCADBASwdOADBAOwdlgDBAOwdsgDBASweSADBASweWAwDAME
ArB8rAMEA7B8sAMEBLKfkAMEA7LUuAMEA7LVsDAMAwQCuQnsAwQCuQnwAwQCuTcE
AwQCuTeMAwQCuWjEAwQDvL/4AwQAvNXpAwQCwKK4AwQAwQC+AwQFwSTAAwQBwd1S
AwQCwiFAAwQCwiFkAwQBw1COMBQEAgACMA4DBQAqAQfYAwUDKgWEwDAfBggrBgEF
BQcBCAEB/wQQMA6gDDAKAgMAh7gCAwDfgTANBgkqhkiG9w0BAQsFAAOCAQEAGqQI
jlkYaadOxjPJlTNS3h92QHEzqaiew/OELrGklKFlF5v6vJ7r/3DkufNmihJXBq55
vEqiM9Nn/5+a3pqadjWwkaJnChwPvGBNai0zsiawrIE7m5h5VR5JAabCIX0xGHp3
WLeT2TdnHocpQjMyQ/NSvhcFX+mYtD91eFDAzkAeBtzzglsllCvc0FVUkhmus17Q
jSnIJ+WLaMNgJdv70EgGrCTyWVzwfuTx5B8VYX7XFU4VopvaGZC8+bhzOhc9CXUK
uflHIYOaJb/up42MTE9s0E7m+beub2ekd5G87M5Zf9WIrODD1gRl1zCguG2YyqYv
6UKwviaIEjfKeV/WJg==
-----END CERTIFICATE-----
Generated at Thu Apr 25 15:05:56 2024 by rpki-client on console-fra.rpki-client.org