Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3WQWapEXkwjyU6kXVhbMxoKMRGM.cer
File: 3WQWapEXkwjyU6kXVhbMxoKMRGM.cer (raw, json)
Hash identifier: 5hRciQmuvxsWcwJi+T2ntYc061VwfdiRTF1oBRK2uZI=
Subject key identifier: DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 01994DADFDA372EDC2E21EC80184C2DF9DF3
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Mon 15 Sep 2025 14:01:12 +0000
Certificate not after: Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources: AS: 34250
AS: 197486
AS: 201767
AS: 202175
IP: 5.133.120.0/22
IP: 45.150.24.0/22
IP: 83.222.6.0/23
IP: 84.54.64.0/18
IP: 86.62.0.0/22
IP: 87.192.224.0/19
IP: 89.104.102.0/24
IP: 89.126.208.0/20
IP: 89.223.3.0/24
IP: 89.249.60.0/22
IP: 90.156.160.0/21
IP: 90.156.192.0/21
IP: 92.63.204.0/22
IP: 93.188.80.0/21
IP: 94.230.225.0 -- 94.230.226.255
IP: 94.230.228.0 -- 94.230.239.255
IP: 109.94.172.0/22
IP: 144.124.192.0/20
IP: 185.0.23.0/24
IP: 185.4.160.0/22
IP: 185.100.52.0/22
IP: 185.203.236.0/22
IP: 194.93.24.0/22
IP: 198.163.192.0/20
IP: 213.206.39.0 -- 213.206.42.255
IP: 213.206.44.0 -- 213.206.63.255
IP: 2001:7f8:110::/48
IP: 2a09:6700::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 01:22:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:4d:ad:fd:a3:72:ed:c2:e2:1e:c8:01:84:c2:df:9d:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Sep 15 14:01:12 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=dd64166a91179308f253a9175616ccc6828c4463
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:86:52:2b:52:56:5d:a9:57:fc:72:e4:0b:db:
b9:bb:14:e9:2e:97:68:16:5c:c6:bb:a7:9d:5c:9a:
84:6d:f3:bf:62:98:1f:5d:0f:e2:34:7b:ff:fc:e7:
90:66:2f:40:f2:6e:80:50:0e:aa:95:3b:f8:ba:dd:
3d:b2:64:cf:a8:5a:ae:31:e7:91:52:71:96:a2:77:
40:10:4a:cb:8c:f9:37:a7:aa:42:90:15:b2:54:17:
12:3f:97:02:60:a3:05:b0:cb:41:0b:4a:a0:57:9a:
ad:10:6f:82:e1:bc:9f:ef:77:1a:f4:6c:a4:31:fb:
8c:ed:fc:ca:4b:73:22:03:e2:b9:16:ba:03:e9:29:
60:c8:84:85:97:16:e3:35:1c:2c:17:d1:c3:56:26:
fd:a1:9f:bb:89:d1:69:4c:1c:04:64:43:db:c6:65:
d2:93:63:cc:69:ca:50:ee:29:66:3e:e7:60:f4:aa:
6d:21:1c:94:1d:07:e1:28:67:9f:a9:86:02:77:9b:
a8:c5:e9:61:66:0d:30:0a:dd:1a:98:52:d4:fb:e0:
1d:54:dc:b9:3f:01:ad:03:0e:01:69:17:b2:1f:03:
52:d6:14:43:3a:4d:8a:4a:d3:95:e8:ce:61:d3:c4:
08:c4:da:33:f1:43:96:a3:cc:7a:df:b4:c7:a5:3e:
cb:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:64:16:6A:91:17:93:08:F2:53:A9:17:56:16:CC:C6:82:8C:44:63
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/0a489b-9d9e-4f6a-87c7-74de258a76f8/1/3WQWapEXkwjyU6kXVhbMxoKMRGM.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.133.120.0/22
45.150.24.0/22
83.222.6.0/23
84.54.64.0/18
86.62.0.0/22
87.192.224.0/19
89.104.102.0/24
89.126.208.0/20
89.223.3.0/24
89.249.60.0/22
90.156.160.0/21
90.156.192.0/21
92.63.204.0/22
93.188.80.0/21
94.230.225.0-94.230.226.255
94.230.228.0-94.230.239.255
109.94.172.0/22
144.124.192.0/20
185.0.23.0/24
185.4.160.0/22
185.100.52.0/22
185.203.236.0/22
194.93.24.0/22
198.163.192.0/20
213.206.39.0-213.206.42.255
213.206.44.0-213.206.63.255
IPv6:
2001:7f8:110::/48
2a09:6700::/29
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
34250
197486
201767
202175
Signature Algorithm: sha256WithRSAEncryption
67:32:d2:e4:a9:dd:48:4d:63:99:26:9c:4d:db:d1:8d:e2:c9:
6c:ef:85:0a:e4:77:91:73:e2:1b:84:00:1c:42:70:48:8b:4a:
05:a1:d1:a1:57:ca:3f:09:82:e9:09:01:65:7a:b1:d5:5b:49:
02:3f:2c:e9:32:c5:50:41:8a:7d:33:49:67:34:38:58:e2:b1:
3d:c8:85:ee:59:9d:94:6d:25:f5:3e:90:c2:5d:6c:d5:81:78:
ba:55:12:39:69:4c:f1:26:ed:f0:af:96:01:ab:21:ef:f6:d8:
c3:8e:92:8e:42:46:c7:1b:dc:19:0f:34:95:04:06:f4:79:28:
e9:87:32:2d:4c:2a:eb:ec:8e:72:65:40:df:26:09:1d:f6:24:
42:21:91:ba:d6:3b:58:aa:fb:b7:7b:5b:e7:17:c7:3c:2b:69:
82:a6:8e:58:ac:fa:22:50:ad:1e:b3:20:45:59:e6:b5:07:57:
1f:7f:38:1d:5d:17:44:ee:6c:7a:0e:87:ed:bd:c8:b1:4c:be:
93:60:ed:26:36:ce:f9:6a:0b:e7:d1:a6:16:33:24:2d:e6:b8:
3e:29:5b:7d:33:66:8c:ca:2b:80:63:00:90:88:58:f1:11:f6:
92:01:3e:e0:7c:ce:47:00:96:94:37:c6:54:00:da:c9:ee:90:
a0:01:7e:6b
-----BEGIN CERTIFICATE-----
MIIGdjCCBV6gAwIBAgISAZlNrf2jcu3C4h7IAYTC353zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwOTE1MTQwMTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDY0MTY2YTkxMTc5MzA4ZjI1M2E5MTc1NjE2Y2NjNjgyOGM0NDYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYZSK1JWXalX/HLkC9u5uxTpLpdo
FlzGu6edXJqEbfO/YpgfXQ/iNHv//OeQZi9A8m6AUA6qlTv4ut09smTPqFquMeeR
UnGWondAEErLjPk3p6pCkBWyVBcSP5cCYKMFsMtBC0qgV5qtEG+C4byf73ca9Gyk
MfuM7fzKS3MiA+K5FroD6SlgyISFlxbjNRwsF9HDVib9oZ+7idFpTBwEZEPbxmXS
k2PMacpQ7ilmPudg9KptIRyUHQfhKGefqYYCd5uoxelhZg0wCt0amFLU++AdVNy5
PwGtAw4BaReyHwNS1hRDOk2KStOV6M5h08QIxNoz8UOWo8x637THpT7L+wIDAQAB
o4IDgjCCA34wHQYDVR0OBBYEFN1kFmqRF5MI8lOpF1YWzMaCjERjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZkLzBhNDg5
Yi05ZDllLTRmNmEtODdjNy03NGRlMjU4YTc2ZjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmQvMGE0ODli
LTlkOWUtNGY2YS04N2M3LTc0ZGUyNThhNzZmOC8xLzNXUVdhcEVYa3dqeVU2a1hW
aGJNeG9LTVJHTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIHxBggrBgEF
BQcBBwEB/wSB4TCB3jCBwwQCAAEwgbwDBAIFhXgDBAItlhgDBAFT3gYDBAZUNkAD
BAJWPgADBAVXwOADBABZaGYDBARZftADBABZ3wMDBAJZ+TwDBANanKADBANanMAD
BAJcP8wDBANdvFAwDAMEAF7m4QMEAF7m4jAMAwQCXubkAwQEXubgAwQCbV6sAwQE
kHzAAwQAuQAXAwQCuQSgAwQCuWQ0AwQCucvsAwQCwl0YAwQExqPAMAwDBADVzicD
BADVziowDAMEAtXOLAMEBtXOADAWBAIAAjAQAwcAIAEH+AEQAwUDKglnADApBggr
BgEFBQcBCAEB/wQaMBigFjAUAgMAhcoCAwMDbgIDAxQnAgMDFb8wDQYJKoZIhvcN
AQELBQADggEBAGcy0uSp3UhNY5kmnE3b0Y3iyWzvhQrkd5Fz4huEABxCcEiLSgWh
0aFXyj8JgukJAWV6sdVbSQI/LOkyxVBBin0zSWc0OFjisT3Ihe5ZnZRtJfU+kMJd
bNWBeLpVEjlpTPEm7fCvlgGrIe/22MOOko5CRscb3BkPNJUEBvR5KOmHMi1MKuvs
jnJlQN8mCR32JEIhkbrWO1iq+7d7W+cXxzwraYKmjlis+iJQrR6zIEVZ5rUHVx9/
OB1dF0TubHoOh+29yLFMvpNg7SY2zvlqC+fRphYzJC3muD4pW30zZozKK4BjAJCI
WPER9pIBPuB8zkcAlpQ3xlQA2snukKABfms=
-----END CERTIFICATE-----
Generated at Sun Oct 19 10:27:23 2025 by rpki-client