Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/FYi9izG5XpysnzgSjZW4UvA9V4Q.cer
File: FYi9izG5XpysnzgSjZW4UvA9V4Q.cer (raw, json)
Hash identifier: E+71UmUcZsv+wJWk9hrJ8fiwD9lKSqCPbqzJrmXs1vs=
Subject key identifier: 15:88:BD:8B:31:B9:5E:9C:AC:9F:38:12:8D:95:B8:52:F0:3D:57:84
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 019B7D5D0C91E0DB8BBE1528A41CEC90E4EC
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/60/d1aa2e-b819-421c-8456-b5ae839f30e2/1/FYi9izG5XpysnzgSjZW4UvA9V4Q.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/60/d1aa2e-b819-421c-8456-b5ae839f30e2/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Fri 02 Jan 2026 06:20:08 +0000
Certificate not after: Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources: AS: 29164
AS: 43082
IP: 5.187.16.0/20
IP: 31.24.32.0/21
IP: 45.66.68.0/22
IP: 77.246.160.0/20
IP: 84.22.160.0/19
IP: 85.232.32.0/19
IP: 89.207.168.0/21
IP: 91.199.151.0/24
IP: 91.207.220.0/23
IP: 91.215.180.0/22
IP: 95.129.104.0/21
IP: 130.180.200.0/21
IP: 130.185.144.0/21
IP: 185.34.252.0/22
IP: 185.91.76.0/22
IP: 185.92.252.0/22
IP: 185.181.124.0/22
IP: 185.227.60.0/22
IP: 185.245.116.0/22
IP: 194.1.150.0/24
IP: 195.177.192.0/23
IP: 212.38.160.0/19
IP: 217.77.176.0/20
IP: 2a02:8c8::/32
IP: 2a02:17e0::/32
IP: 2a03:4160::/32
IP: 2a0d:31c0::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Thu 26 Mar 2026 15:17:46 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7d:5d:0c:91:e0:db:8b:be:15:28:a4:1c:ec:90:e4:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 2 06:20:08 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=1588bd8b31b95e9cac9f38128d95b852f03d5784
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:7f:7c:7a:95:97:8a:bd:f9:01:8a:80:ae:de:
1b:11:25:4f:e1:40:62:bf:00:c2:e9:10:1b:45:32:
7b:3c:a0:9d:3e:91:82:76:e0:a1:25:ec:aa:a1:f8:
ab:65:dd:ef:34:e1:48:80:02:3c:49:ab:48:67:9f:
e1:a8:bd:72:87:bd:46:cc:90:bf:bf:2b:56:30:68:
8f:19:13:70:c2:ef:77:18:9d:cc:d1:dd:c5:c3:96:
e9:89:7a:db:7c:f7:46:20:c9:b7:c5:ff:33:89:cf:
56:dd:3d:53:2e:fe:9b:fd:9f:db:a6:77:b0:56:48:
e5:e5:94:9c:69:9f:ae:3e:d6:c1:da:ea:2b:16:90:
bc:84:62:ab:ff:5e:05:09:b2:c5:4b:8f:51:1f:ee:
04:49:6b:5f:2c:03:41:45:73:6b:fd:76:4f:77:81:
7d:61:c6:4f:5d:49:11:11:ce:90:7f:b4:66:ce:41:
aa:32:8f:a0:1d:08:12:57:38:69:72:20:45:e8:6c:
d8:32:e1:13:17:d2:92:56:f2:34:8b:02:2d:eb:af:
5d:00:fe:36:db:b2:39:fb:93:1a:1e:c8:32:6d:b2:
56:f6:a9:2d:10:38:5f:45:16:ea:d0:e1:0e:38:d9:
37:41:54:c3:03:12:48:1b:e4:df:45:1d:ba:6e:93:
5f:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
15:88:BD:8B:31:B9:5E:9C:AC:9F:38:12:8D:95:B8:52:F0:3D:57:84
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/d1aa2e-b819-421c-8456-b5ae839f30e2/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/d1aa2e-b819-421c-8456-b5ae839f30e2/1/FYi9izG5XpysnzgSjZW4UvA9V4Q.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.187.16.0/20
31.24.32.0/21
45.66.68.0/22
77.246.160.0/20
84.22.160.0/19
85.232.32.0/19
89.207.168.0/21
91.199.151.0/24
91.207.220.0/23
91.215.180.0/22
95.129.104.0/21
130.180.200.0/21
130.185.144.0/21
185.34.252.0/22
185.91.76.0/22
185.92.252.0/22
185.181.124.0/22
185.227.60.0/22
185.245.116.0/22
194.1.150.0/24
195.177.192.0/23
212.38.160.0/19
217.77.176.0/20
IPv6:
2a02:8c8::/32
2a02:17e0::/32
2a03:4160::/32
2a0d:31c0::/29
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
29164
43082
Signature Algorithm: sha256WithRSAEncryption
4b:d3:dd:86:27:e6:b9:2c:32:a1:53:3a:a4:52:7e:2a:e8:c2:
2c:ff:4b:e6:39:8e:c5:53:a1:c7:7b:53:ab:75:38:fa:7a:d6:
ad:ba:44:08:70:53:98:00:8e:45:44:7d:a9:99:f0:23:5d:79:
96:34:45:19:2e:e2:83:7d:34:ff:cb:f5:c5:30:23:49:c3:c1:
16:c1:0d:35:93:87:22:3b:6a:90:15:4f:5a:16:b3:a9:8f:13:
35:12:09:fb:eb:ca:be:19:8b:e8:22:bd:39:f5:b9:29:a3:9d:
66:4c:f2:2e:cf:6a:a1:34:4b:5c:e3:90:9c:b6:c9:2a:aa:c2:
31:d9:b4:d4:42:64:66:e5:fb:c6:59:e0:1f:29:e3:9d:d6:e0:
6b:86:b4:7d:06:44:f5:50:50:2c:c3:64:74:bb:2e:03:66:98:
42:c5:6e:cc:ff:05:e5:5b:30:da:cd:40:38:f5:7c:7d:15:d8:
7c:b1:40:a9:e4:ed:9a:35:6e:cd:28:f9:9a:ff:61:7d:b9:42:
56:08:9f:6a:6b:2a:72:04:2c:ea:30:f7:f7:14:00:70:d0:e1:
35:cd:6d:99:f3:e6:62:af:5d:d4:e8:7e:6c:6e:6a:11:48:3a:
dc:29:b4:1d:5a:af:fd:6c:29:f5:4f:cd:9b:e0:45:e0:05:56:
fc:66:08:54
-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgISAZt9XQyR4NuLvhUopBzskOTsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMDYyMDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTg4YmQ4YjMxYjk1ZTljYWM5ZjM4MTI4ZDk1Yjg1MmYwM2Q1Nzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtX98epWXir35AYqArt4bESVP4UBi
vwDC6RAbRTJ7PKCdPpGCduChJeyqofirZd3vNOFIgAI8SatIZ5/hqL1yh71GzJC/
vytWMGiPGRNwwu93GJ3M0d3Fw5bpiXrbfPdGIMm3xf8zic9W3T1TLv6b/Z/bpnew
Vkjl5ZScaZ+uPtbB2uorFpC8hGKr/14FCbLFS49RH+4ESWtfLANBRXNr/XZPd4F9
YcZPXUkREc6Qf7RmzkGqMo+gHQgSVzhpciBF6GzYMuETF9KSVvI0iwIt669dAP42
27I5+5MaHsgybbJW9qktEDhfRRbq0OEOONk3QVTDAxJIG+TfRR26bpNftwIDAQAB
o4IDUTCCA00wHQYDVR0OBBYEFBWIvYsxuV6crJ84Eo2VuFLwPVeEMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYwL2QxYWEy
ZS1iODE5LTQyMWMtODQ1Ni1iNWFlODM5ZjMwZTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjAvZDFhYTJl
LWI4MTktNDIxYy04NDU2LWI1YWU4MzlmMzBlMi8xL0ZZaTlpekc1WHB5c256Z1Nq
Wlc0VXZBOVY0US5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIHLBggrBgEF
BQcBBwEB/wSBuzCBuDCBkQQCAAEwgYoDBAQFuxADBAMfGCADBAItQkQDBARN9qAD
BAVUFqADBAVV6CADBANZz6gDBABbx5cDBAFbz9wDBAJb17QDBANfgWgDBAOCtMgD
BAOCuZADBAK5IvwDBAK5W0wDBAK5XPwDBAK5tXwDBAK54zwDBAK59XQDBADCAZYD
BAHDscADBAXUJqADBATZTbAwIgQCAAIwHAMFACoCCMgDBQAqAhfgAwUAKgNBYAMF
AyoNMcAwHgYIKwYBBQUHAQgBAf8EDzANoAswCQICcewCAwCoSjANBgkqhkiG9w0B
AQsFAAOCAQEAS9PdhifmuSwyoVM6pFJ+KujCLP9L5jmOxVOhx3tTq3U4+nrWrbpE
CHBTmACORUR9qZnwI115ljRFGS7ig300/8v1xTAjScPBFsENNZOHIjtqkBVPWhaz
qY8TNRIJ++vKvhmL6CK9OfW5KaOdZkzyLs9qoTRLXOOQnLbJKqrCMdm01EJkZuX7
xlngHynjndbga4a0fQZE9VBQLMNkdLsuA2aYQsVuzP8F5Vsw2s1AOPV8fRXYfLFA
qeTtmjVuzSj5mv9hfblCVgifamsqcgQs6jD39xQAcNDhNc1tmfPmYq9d1Oh+bG5q
EUg63Cm0HVqv/Wwp9U/Nm+BF4AVW/GYIVA==
-----END CERTIFICATE-----
Generated at Wed Mar 25 23:06:27 2026 by rpki-client