Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
File: NJy71cLPQZXMbsfyH2B1gaAiTao.cer (raw, json)
Hash identifier: Oqahn0pPnztEb4IZD34y2hdKLcAdO7vdIH/qYTk/pFc=
Subject key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 0194258F8735C1F7C718CDD98E945A6B3A9E
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Thu 02 Jan 2025 05:49:10 +0000
Certificate not after: Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources: AS: 34744
AS: 57217
IP: 31.131.8.0/21
IP: 31.132.192.0/21
IP: 31.133.24.0/21
IP: 31.133.192.0/21
IP: 31.135.0.0/21
IP: 37.97.112.0 -- 37.97.123.255
IP: 46.151.32.0/21
IP: 46.173.240.0/20
IP: 46.174.200.0/21
IP: 64.43.64.0/18
IP: 77.36.0.0/17
IP: 77.232.192.0/19
IP: 81.161.0.0/20
IP: 81.161.48.0/21
IP: 85.204.196.0/23
IP: 86.104.132.0/23
IP: 89.34.74.0/23
IP: 89.42.232.0/23
IP: 89.44.100.0/23
IP: 89.45.92.0/23
IP: 89.46.112.0/23
IP: 91.193.28.0/22
IP: 91.200.132.0/22
IP: 91.218.252.0/22
IP: 91.223.117.0/24
IP: 91.223.158.0/24
IP: 91.224.40.0/23
IP: 91.224.212.0/23
IP: 91.225.34.0/23
IP: 91.226.52.0/22
IP: 91.228.119.0/24
IP: 91.229.6.0/24
IP: 91.229.16.0/22
IP: 91.229.30.0/23
IP: 91.229.147.0/24
IP: 91.229.156.0/22
IP: 91.231.223.0 -- 91.231.227.255
IP: 91.232.16.0 -- 91.232.20.255
IP: 91.232.55.0 -- 91.232.57.255
IP: 91.232.226.0/23
IP: 91.232.254.0/24
IP: 91.233.0.0/22
IP: 91.233.200.0/22
IP: 91.234.120.0/22
IP: 91.234.150.0/23
IP: 91.234.156.0/22
IP: 91.234.220.0/22
IP: 91.235.166.0/23
IP: 91.236.76.0/23
IP: 91.236.237.0/24
IP: 91.237.44.0 -- 91.237.49.255
IP: 91.237.91.0 -- 91.237.93.255
IP: 91.237.193.0 -- 91.237.195.255
IP: 91.238.38.0 -- 91.238.43.255
IP: 91.239.0.0/22
IP: 91.239.178.0/23
IP: 91.239.220.0 -- 91.239.226.255
IP: 91.240.154.0/24
IP: 91.240.156.0/22
IP: 91.245.88.0/21
IP: 91.245.176.0/20
IP: 91.246.172.0 -- 91.246.201.255
IP: 91.246.203.0 -- 91.246.207.255
IP: 91.246.216.0/23
IP: 93.120.0.0/17
IP: 94.232.96.0/21
IP: 109.197.232.0/21
IP: 109.207.128.0/20
IP: 130.195.58.0/23
IP: 130.195.214.0/23
IP: 171.25.223.0/24
IP: 176.96.48.0/20
IP: 176.96.88.0/21
IP: 176.96.176.0/21
IP: 176.97.144.0/21
IP: 176.98.56.0/21
IP: 176.102.120.0/21
IP: 176.103.120.0/21
IP: 176.103.240.0/21
IP: 176.107.64.0/20
IP: 176.110.106.0/23
IP: 176.110.112.0/22
IP: 176.110.216.0/21
IP: 176.111.0.0/21
IP: 176.111.160.0/22
IP: 176.112.80.0/21
IP: 176.113.176.0/20
IP: 176.115.232.0/21
IP: 176.116.32.0/20
IP: 176.116.224.0/20
IP: 176.118.88.0/21
IP: 176.118.200.0/21
IP: 176.121.32.0/20
IP: 176.121.96.0/20
IP: 176.124.172.0 -- 176.124.183.255
IP: 178.159.144.0/20
IP: 178.212.184.0/21
IP: 178.213.176.0/21
IP: 185.9.236.0 -- 185.9.243.255
IP: 185.55.4.0/22
IP: 185.55.140.0/22
IP: 185.104.196.0/22
IP: 188.191.248.0/21
IP: 188.213.233.0/24
IP: 192.162.184.0/22
IP: 193.0.190.0/24
IP: 193.36.192.0/19
IP: 193.221.82.0/23
IP: 194.33.64.0/22
IP: 194.33.100.0/22
IP: 195.80.142.0/23
IP: 2a01:7d8::/32
IP: 2a05:84c0::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sat 05 Apr 2025 19:00:49 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:8f:87:35:c1:f7:c7:18:cd:d9:8e:94:5a:6b:3a:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 2 05:49:10 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:ad:01:76:b4:fe:93:58:b2:b7:ea:a8:f9:d4:
a3:3a:d7:fc:73:6d:19:76:dd:75:7c:eb:7d:ce:ab:
67:18:7b:95:46:c0:72:ca:b9:60:46:97:cf:c6:54:
e5:e4:6f:1b:27:4f:28:2b:7e:47:bc:78:b1:4b:92:
c6:e5:e8:04:c5:a2:ee:dc:81:3e:f9:81:4b:57:f5:
25:c8:2d:09:2d:1c:60:a7:4f:55:45:c7:91:27:8f:
56:2e:45:a1:1f:97:1d:de:1a:de:8d:21:46:c3:49:
a4:c2:f3:88:74:fe:06:68:ec:96:47:01:53:bc:ac:
de:9b:bc:4f:34:23:00:78:33:d6:64:c4:82:d3:c2:
0a:59:76:c5:60:72:d7:29:61:33:8f:d9:7c:1a:e6:
55:d5:96:e3:1f:d3:77:de:0c:d2:86:94:b8:83:15:
5a:d3:25:5b:30:2f:d6:e6:8c:a6:f0:38:25:ac:3f:
6f:81:4c:99:1d:74:74:69:94:89:39:3d:a0:32:ce:
5b:d4:6d:6c:15:ee:7b:89:4a:a1:38:70:b3:e0:a6:
63:96:b5:06:66:f1:b3:47:eb:56:c9:02:63:a5:2c:
f3:3a:5c:93:f0:c5:af:d3:55:d7:da:39:b8:0c:70:
4a:76:6a:d9:2a:e3:19:2f:67:8d:d1:9a:ea:35:6f:
26:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.131.8.0/21
31.132.192.0/21
31.133.24.0/21
31.133.192.0/21
31.135.0.0/21
37.97.112.0-37.97.123.255
46.151.32.0/21
46.173.240.0/20
46.174.200.0/21
64.43.64.0/18
77.36.0.0/17
77.232.192.0/19
81.161.0.0/20
81.161.48.0/21
85.204.196.0/23
86.104.132.0/23
89.34.74.0/23
89.42.232.0/23
89.44.100.0/23
89.45.92.0/23
89.46.112.0/23
91.193.28.0/22
91.200.132.0/22
91.218.252.0/22
91.223.117.0/24
91.223.158.0/24
91.224.40.0/23
91.224.212.0/23
91.225.34.0/23
91.226.52.0/22
91.228.119.0/24
91.229.6.0/24
91.229.16.0/22
91.229.30.0/23
91.229.147.0/24
91.229.156.0/22
91.231.223.0-91.231.227.255
91.232.16.0-91.232.20.255
91.232.55.0-91.232.57.255
91.232.226.0/23
91.232.254.0/24
91.233.0.0/22
91.233.200.0/22
91.234.120.0/22
91.234.150.0/23
91.234.156.0/22
91.234.220.0/22
91.235.166.0/23
91.236.76.0/23
91.236.237.0/24
91.237.44.0-91.237.49.255
91.237.91.0-91.237.93.255
91.237.193.0-91.237.195.255
91.238.38.0-91.238.43.255
91.239.0.0/22
91.239.178.0/23
91.239.220.0-91.239.226.255
91.240.154.0/24
91.240.156.0/22
91.245.88.0/21
91.245.176.0/20
91.246.172.0-91.246.201.255
91.246.203.0-91.246.207.255
91.246.216.0/23
93.120.0.0/17
94.232.96.0/21
109.197.232.0/21
109.207.128.0/20
130.195.58.0/23
130.195.214.0/23
171.25.223.0/24
176.96.48.0/20
176.96.88.0/21
176.96.176.0/21
176.97.144.0/21
176.98.56.0/21
176.102.120.0/21
176.103.120.0/21
176.103.240.0/21
176.107.64.0/20
176.110.106.0/23
176.110.112.0/22
176.110.216.0/21
176.111.0.0/21
176.111.160.0/22
176.112.80.0/21
176.113.176.0/20
176.115.232.0/21
176.116.32.0/20
176.116.224.0/20
176.118.88.0/21
176.118.200.0/21
176.121.32.0/20
176.121.96.0/20
176.124.172.0-176.124.183.255
178.159.144.0/20
178.212.184.0/21
178.213.176.0/21
185.9.236.0-185.9.243.255
185.55.4.0/22
185.55.140.0/22
185.104.196.0/22
188.191.248.0/21
188.213.233.0/24
192.162.184.0/22
193.0.190.0/24
193.36.192.0/19
193.221.82.0/23
194.33.64.0/22
194.33.100.0/22
195.80.142.0/23
IPv6:
2a01:7d8::/32
2a05:84c0::/29
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
34744
57217
Signature Algorithm: sha256WithRSAEncryption
3b:e3:9f:49:7d:d4:b2:36:d4:f0:d2:67:6a:2f:f3:7a:20:be:
e3:1b:cc:f6:60:89:3b:76:63:98:91:16:05:92:c4:81:77:7e:
fa:f0:75:18:3b:a5:b1:53:29:d8:0d:8b:e3:5d:29:8d:aa:05:
9e:7e:c8:37:6a:60:ca:d3:a9:92:58:00:5a:f5:2b:7c:e9:15:
cb:54:72:c8:06:e0:b5:05:a6:b7:9f:8d:63:b6:ba:a7:c4:f5:
b9:b4:ec:9e:14:d8:bb:cc:96:ca:61:79:34:c3:f7:2d:62:a1:
e3:0a:f9:5c:ea:f7:09:6e:2e:6a:3d:cb:26:de:e2:af:95:1f:
d7:0a:93:ff:28:5d:ad:60:c8:37:fa:1d:18:2c:fa:09:75:e0:
00:a8:5a:26:fe:4a:29:24:16:e5:57:ba:b4:74:82:66:ca:5d:
f6:a8:e2:eb:aa:52:8e:7f:12:f3:60:80:59:da:d4:d8:2b:d0:
16:9b:5c:7d:47:2f:51:b2:9c:e5:1d:9b:12:08:77:7b:75:f3:
10:5b:21:d8:a2:20:aa:e0:e4:e9:b5:c8:66:8e:c2:63:55:45:
7c:5f:3b:55:8f:40:54:d7:da:93:74:af:a8:8b:3c:0f:d8:63:
7a:da:c5:87:c5:44:5b:bf:83:5a:18:47:47:f4:40:a5:50:fb:
a1:56:f9:7c
-----BEGIN CERTIFICATE-----
MIIItTCCB52gAwIBAgISAZQlj4c1wffHGM3ZjpRaazqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDljYmJkNWMyY2Y0MTk1Y2M2ZWM3ZjIxZjYwNzU4MWEwMjI0ZGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp60BdrT+k1iyt+qo+dSjOtf8c20Z
dt11fOt9zqtnGHuVRsByyrlgRpfPxlTl5G8bJ08oK35HvHixS5LG5egExaLu3IE+
+YFLV/UlyC0JLRxgp09VRceRJ49WLkWhH5cd3hrejSFGw0mkwvOIdP4GaOyWRwFT
vKzem7xPNCMAeDPWZMSC08IKWXbFYHLXKWEzj9l8GuZV1ZbjH9N33gzShpS4gxVa
0yVbMC/W5oym8DglrD9vgUyZHXR0aZSJOT2gMs5b1G1sFe57iUqhOHCz4KZjlrUG
ZvGzR+tWyQJjpSzzOlyT8MWv01XX2jm4DHBKdmrZKuMZL2eN0ZrqNW8mNwIDAQAB
o4IFwTCCBb0wHQYDVR0OBBYEFDScu9XCz0GVzG7H8h9gdYGgIk2qMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJkL2NkZjVm
Ni0yZjE4LTQyYzctOTMwZS1kYzA2ZGQ4MDU5NjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvY2RmNWY2
LTJmMTgtNDJjNy05MzBlLWRjMDZkZDgwNTk2MC8xL05KeTcxY0xQUVpYTWJzZnlI
MkIxZ2FBaVRhby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIDOQYIKwYB
BQUHAQcBAf8EggMoMIIDJDCCAwoEAgABMIIDAgMEAx+DCAMEAx+EwAMEAx+FGAME
Ax+FwAMEAx+HADAMAwQEJWFwAwQCJWF4AwQDLpcgAwQELq3wAwQDLq7IAwQGQCtA
AwQHTSQAAwQFTejAAwQEUaEAAwQDUaEwAwQBVczEAwQBVmiEAwQBWSJKAwQBWSro
AwQBWSxkAwQBWS1cAwQBWS5wAwQCW8EcAwQCW8iEAwQCW9r8AwQAW991AwQAW9+e
AwQBW+AoAwQBW+DUAwQBW+EiAwQCW+I0AwQAW+R3AwQAW+UGAwQCW+UQAwQBW+Ue
AwQAW+WTAwQCW+WcMAwDBABb598DBAJb5+AwDAMEBFvoEAMEAFvoFDAMAwQAW+g3
AwQBW+g4AwQBW+jiAwQAW+j+AwQCW+kAAwQCW+nIAwQCW+p4AwQBW+qWAwQCW+qc
AwQCW+rcAwQBW+umAwQBW+xMAwQAW+ztMAwDBAJb7SwDBAFb7TAwDAMEAFvtWwME
AVvtXDAMAwQAW+3BAwQCW+3AMAwDBAFb7iYDBAJb7igDBAJb7wADBAFb77IwDAME
Alvv3AMEAFvv4gMEAFvwmgMEAlvwnAMEA1v1WAMEBFv1sDAMAwQCW/asAwQBW/bI
MAwDBABb9ssDBARb9sADBAFb9tgDBAddeAADBANe6GADBANtxegDBARtz4ADBAGC
wzoDBAGCw9YDBACrGd8DBASwYDADBAOwYFgDBAOwYLADBAOwYZADBAOwYjgDBAOw
ZngDBAOwZ3gDBAOwZ/ADBASwa0ADBAGwbmoDBAKwbnADBAOwbtgDBAOwbwADBAKw
b6ADBAOwcFADBASwcbADBAOwc+gDBASwdCADBASwdOADBAOwdlgDBAOwdsgDBASw
eSADBASweWAwDAMEArB8rAMEA7B8sAMEBLKfkAMEA7LUuAMEA7LVsDAMAwQCuQns
AwQCuQnwAwQCuTcEAwQCuTeMAwQCuWjEAwQDvL/4AwQAvNXpAwQCwKK4AwQAwQC+
AwQFwSTAAwQBwd1SAwQCwiFAAwQCwiFkAwQBw1COMBQEAgACMA4DBQAqAQfYAwUD
KgWEwDAfBggrBgEFBQcBCAEB/wQQMA6gDDAKAgMAh7gCAwDfgTANBgkqhkiG9w0B
AQsFAAOCAQEAO+OfSX3UsjbU8NJnai/zeiC+4xvM9mCJO3ZjmJEWBZLEgXd++vB1
GDulsVMp2A2L410pjaoFnn7IN2pgytOpklgAWvUrfOkVy1RyyAbgtQWmt5+NY7a6
p8T1ubTsnhTYu8yWymF5NMP3LWKh4wr5XOr3CW4uaj3LJt7ir5Uf1wqT/yhdrWDI
N/odGCz6CXXgAKhaJv5KKSQW5Ve6tHSCZspd9qji66pSjn8S82CAWdrU2CvQFptc
fUcvUbKc5R2bEgh3e3XzEFsh2KIgquDk6bXIZo7CY1VFfF87VY9AVNfak3SvqIs8
D9hjetrFh8VEW7+DWhhHR/RApVD7oVb5fA==
-----END CERTIFICATE-----
Generated at Sat Apr 5 05:35:05 2025 by rpki-client