Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/S3DLCl46TlMIm1HemjcKXyM4dMY.cer
File: S3DLCl46TlMIm1HemjcKXyM4dMY.cer (raw, json)
Hash identifier: TDsYgG7esxoQjO9okQMA9yhdzEcabA/Uz9WgcKQz/2g=
Subject key identifier: 4B:70:CB:0A:5E:3A:4E:53:08:9B:51:DE:9A:37:0A:5F:23:38:74:C6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 01942521F5123DBF7FAC1EE29896037383B1
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/75/04e22e-e555-4ece-85cf-ce59522ef66f/1/S3DLCl46TlMIm1HemjcKXyM4dMY.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/75/04e22e-e555-4ece-85cf-ce59522ef66f/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Thu 02 Jan 2025 03:49:29 +0000
Certificate not after: Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources: IP: 130.98.0.0/16
IP: 144.165.0.0/16
IP: 149.251.0.0/16
IP: 163.62.0.0 -- 163.65.255.255
IP: 163.67.0.0/16
IP: 163.70.0.0/17
IP: 163.71.0.0 -- 163.72.255.255
IP: 163.76.0.0/17
IP: 163.77.0.0/17
IP: 163.78.0.0 -- 163.79.127.255
IP: 163.80.0.0 -- 163.96.255.255
IP: 163.101.0.0/16
IP: 163.103.0.0 -- 163.106.255.255
IP: 163.108.0.0/16
IP: 163.113.0.0 -- 163.114.127.255
IP: 163.114.146.0 -- 163.114.158.255
IP: 163.115.0.0 -- 163.115.191.255
IP: 163.116.0.0/17
IP: 192.54.192.0/22
IP: 192.93.105.0 -- 192.93.109.255
IP: 192.93.121.0/24
IP: 192.93.148.0 -- 192.93.152.255
IP: 192.196.1.0 -- 192.196.155.255
IP: 2a00:7e40::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Sun 02 Feb 2025 21:14:06 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:f5:12:3d:bf:7f:ac:1e:e2:98:96:03:73:83:b1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 2 03:49:29 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4b70cb0a5e3a4e53089b51de9a370a5f233874c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:19:3f:d8:2b:92:22:55:1d:3d:21:d4:92:14:
bb:ce:1e:b2:4d:85:e0:0f:c4:9b:ba:96:e2:6e:a7:
47:78:4b:a1:c0:86:4e:28:99:ad:ab:6e:53:44:0e:
1c:fe:2e:07:4e:84:94:fb:c3:7e:c6:b6:c8:d5:6d:
19:89:17:7b:8f:16:f9:2f:39:6d:b3:b4:ca:81:c7:
1a:c1:4f:46:65:d2:5c:e4:ef:ce:da:93:de:a7:2e:
8c:57:e1:fb:ef:94:59:bc:a1:6b:dc:35:f7:16:b7:
90:4e:53:d1:6c:d4:93:7b:a7:4a:f4:d3:b7:df:53:
3b:e2:72:2e:56:e1:2b:71:b5:50:30:e2:7b:d4:db:
45:d5:1b:13:48:c4:74:9a:b2:ab:72:cb:55:49:9c:
ba:5b:41:b1:a0:ef:28:0c:f2:f5:4f:61:a7:35:77:
94:33:1d:c0:ea:a6:aa:c1:b0:9d:df:2f:c1:d3:5e:
ea:64:90:5e:83:a0:5f:54:bf:49:7d:ee:ad:46:8c:
bd:0b:98:61:57:4f:f5:a8:89:4b:4a:7c:e8:bc:9d:
31:55:59:62:60:8f:7c:a8:fd:83:55:a6:6f:66:34:
61:53:0c:26:a5:89:31:0a:44:58:dd:45:6a:e0:fe:
cf:42:d9:93:3e:cc:ff:70:08:f8:38:6b:f2:45:02:
30:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:70:CB:0A:5E:3A:4E:53:08:9B:51:DE:9A:37:0A:5F:23:38:74:C6
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/04e22e-e555-4ece-85cf-ce59522ef66f/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/04e22e-e555-4ece-85cf-ce59522ef66f/1/S3DLCl46TlMIm1HemjcKXyM4dMY.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
130.98.0.0/16
144.165.0.0/16
149.251.0.0/16
163.62.0.0-163.65.255.255
163.67.0.0/16
163.70.0.0/17
163.71.0.0-163.72.255.255
163.76.0.0/17
163.77.0.0/17
163.78.0.0-163.79.127.255
163.80.0.0-163.96.255.255
163.101.0.0/16
163.103.0.0-163.106.255.255
163.108.0.0/16
163.113.0.0-163.114.127.255
163.114.146.0-163.114.158.255
163.115.0.0-163.115.191.255
163.116.0.0/17
192.54.192.0/22
192.93.105.0-192.93.109.255
192.93.121.0/24
192.93.148.0-192.93.152.255
192.196.1.0-192.196.155.255
IPv6:
2a00:7e40::/29
Signature Algorithm: sha256WithRSAEncryption
b1:86:b4:c3:ad:1a:de:81:ee:18:71:02:70:32:06:af:b8:fc:
14:4c:fa:7c:a6:ff:4d:06:72:90:a7:fe:f1:da:92:96:57:9f:
71:8f:82:92:3b:a7:d4:78:74:9c:2c:f0:b7:68:f4:e6:43:c8:
9f:4d:d7:e7:ef:6f:af:fd:1c:bd:fc:00:e9:ba:7d:10:c2:27:
cb:93:32:55:fb:6d:3c:a1:b9:ea:b9:a0:d2:af:3f:1b:74:9d:
18:a8:b2:2d:98:f8:d3:0c:7c:74:b6:7d:b6:31:0e:6e:c9:90:
42:47:a4:66:7f:62:d5:1c:07:fa:fb:e3:b9:75:4c:d2:7a:02:
b3:2b:7c:1b:d3:b0:d9:19:1e:bc:8b:30:ca:d9:cf:2c:c8:1a:
c4:1e:8c:e9:21:07:4f:44:7b:44:08:78:e7:26:34:bf:bc:97:
e6:be:c2:b3:99:6b:f9:85:05:9e:9b:01:4f:67:62:84:9a:fc:
ba:12:cc:61:71:60:a0:21:9e:bb:de:78:2a:e0:b5:b3:78:19:
c1:cc:ec:68:c3:60:a8:6d:cc:42:14:0a:b5:b9:69:1e:49:ae:
4d:9f:c2:93:e9:78:f6:c5:e1:7d:a1:01:eb:82:02:a0:d3:c9:
11:9c:c4:46:1e:9a:cf:ff:43:9d:2e:8a:73:68:c8:63:b2:ae:
62:c5:93:57
-----BEGIN CERTIFICATE-----
MIIGVzCCBT+gAwIBAgISAZQlIfUSPb9/rB7imJYDc4OxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjcwY2IwYTVlM2E0ZTUzMDg5YjUxZGU5YTM3MGE1ZjIzMzg3NGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohk/2CuSIlUdPSHUkhS7zh6yTYXg
D8SbupbibqdHeEuhwIZOKJmtq25TRA4c/i4HToSU+8N+xrbI1W0ZiRd7jxb5Lzlt
s7TKgccawU9GZdJc5O/O2pPepy6MV+H775RZvKFr3DX3FreQTlPRbNSTe6dK9NO3
31M74nIuVuErcbVQMOJ71NtF1RsTSMR0mrKrcstVSZy6W0GxoO8oDPL1T2GnNXeU
Mx3A6qaqwbCd3y/B017qZJBeg6BfVL9Jfe6tRoy9C5hhV0/1qIlLSnzovJ0xVVli
YI98qP2DVaZvZjRhUwwmpYkxCkRY3UVq4P7PQtmTPsz/cAj4OGvyRQIwgwIDAQAB
o4IDYzCCA18wHQYDVR0OBBYEFEtwywpeOk5TCJtR3po3Cl8jOHTGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc1LzA0ZTIy
ZS1lNTU1LTRlY2UtODVjZi1jZTU5NTIyZWY2NmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzUvMDRlMjJl
LWU1NTUtNGVjZS04NWNmLWNlNTk1MjJlZjY2Zi8xL1MzRExDbDQ2VGxNSW0xSGVt
amNLWHlNNGRNWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIH9BggrBgEF
BQcBBwEB/wSB7TCB6jCB2AQCAAEwgdEDAwCCYgMDAJClAwMAlfswCgMDAaM+AwMB
o0ADAwCjQwMEB6NGADAKAwMAo0cDAwCjSAMEB6NMAAMEB6NNADALAwMBo04DBAej
TwAwCgMDBKNQAwMAo2ADAwCjZTAKAwMAo2cDAwCjagMDAKNsMAsDAwCjcQMEB6Ny
ADAMAwQBo3KSAwQAo3KeMAsDAwCjcwMEBqNzgAMEB6N0AAMEAsA2wDAMAwQAwF1p
AwQBwF1sAwQAwF15MAwDBALAXZQDBADAXZgwDAMEAMDEAQMEAsDEmDANBAIAAjAH
AwUDKgB+QDANBgkqhkiG9w0BAQsFAAOCAQEAsYa0w60a3oHuGHECcDIGr7j8FEz6
fKb/TQZykKf+8dqSllefcY+Ckjun1Hh0nCzwt2j05kPIn03X5+9vr/0cvfwA6bp9
EMIny5MyVfttPKG56rmg0q8/G3SdGKiyLZj40wx8dLZ9tjEObsmQQkekZn9i1RwH
+vvjuXVM0noCsyt8G9Ow2RkevIswytnPLMgaxB6M6SEHT0R7RAh45yY0v7yX5r7C
s5lr+YUFnpsBT2dihJr8uhLMYXFgoCGeu954KuC1s3gZwczsaMNgqG3MQhQKtblp
HkmuTZ/Ck+l49sXhfaEB64ICoNPJEZzERh6az/9DnS6Kc2jIY7KuYsWTVw==
-----END CERTIFICATE-----
Generated at Sun Feb 2 03:59:08 2025 by rpki-client