Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/L4Z1RXWU1-dAqu7y59fv0CI5xhc.cer
File: L4Z1RXWU1-dAqu7y59fv0CI5xhc.cer (raw, json)
Hash identifier: KkhcJ0qcZ3/YGZUVBY/rdAOvxWiDF1Lf0ILfYSZEx8I=
Subject key identifier: 2F:86:75:45:75:94:D7:E7:40:AA:EE:F2:E7:D7:EF:D0:22:39:C6:17
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 019B7E3787820EE4C38940F2B8C174842711
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/5e/4cd4ca-c195-4bc4-bb9f-1031ae1eb032/1/L4Z1RXWU1-dAqu7y59fv0CI5xhc.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/5e/4cd4ca-c195-4bc4-bb9f-1031ae1eb032/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Fri 02 Jan 2026 10:18:47 +0000
Certificate not after: Thu 01 Jul 2027 00:00:00 +0000
Subordinate resources: AS: 47583
AS: 204915
IP: 2.57.88.0/22
IP: 31.170.160.0/21
IP: 31.220.16.0/21
IP: 31.220.48.0/20
IP: 31.220.104.0/21
IP: 45.13.132.0/22
IP: 45.13.252.0/22
IP: 45.87.80.0/22
IP: 45.93.136.0/22
IP: 93.188.160.0/21
IP: 141.136.33.0 -- 141.136.36.255
IP: 141.136.39.0/24
IP: 141.136.41.0 -- 141.136.47.255
IP: 153.92.0.0/20
IP: 153.92.208.0/20
IP: 156.67.64.0/20
IP: 156.67.208.0/20
IP: 185.28.20.0/22
IP: 185.77.96.0/23
IP: 194.11.154.0/23
IP: 194.11.214.0/23
IP: 195.110.58.0/23
IP: 212.1.208.0/21
IP: 2a02:4780::/32
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Fri 27 Mar 2026 00:00:38 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9b:7e:37:87:82:0e:e4:c3:89:40:f2:b8:c1:74:84:27:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 2 10:18:47 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=2f8675457594d7e740aaeef2e7d7efd02239c617
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:34:e2:25:c2:7e:da:65:05:d9:26:7c:dc:bc:
a0:50:28:44:ef:3d:56:3d:20:58:f3:e6:d2:ab:70:
ec:f2:99:2f:4b:2a:a1:45:5a:26:c3:bc:d7:c3:b2:
9b:e7:2b:15:73:91:e2:e7:93:9b:aa:61:46:d9:7f:
b5:25:7d:d0:c4:54:77:ba:8e:90:ea:a1:98:87:b3:
b8:55:3d:2d:57:cc:5e:ea:85:72:fe:6d:15:dd:49:
40:30:fa:77:dc:6d:f0:14:b5:fa:f9:32:e7:d2:07:
ea:29:8e:6f:56:9d:4f:c9:e5:bc:fb:9f:93:19:02:
27:b5:a5:f9:db:28:e5:9e:36:ad:d5:41:04:6c:22:
c4:d5:6a:ef:39:a2:74:33:79:bc:a6:25:6d:62:7c:
a8:e5:4c:fd:2f:cb:54:b4:31:9d:80:23:e5:fd:92:
22:19:68:e7:13:7a:4e:a1:e9:46:a1:32:95:b7:1c:
3b:81:28:d4:b7:3f:97:cb:00:25:94:14:31:5c:84:
9c:58:b8:5b:9c:98:5b:8e:62:2d:8e:68:ef:4b:8e:
66:cf:95:21:60:32:94:b3:35:d1:92:7f:f4:34:dd:
de:63:46:54:9c:3e:be:c0:19:34:98:19:94:e8:b3:
59:36:ad:ba:fc:50:a0:cc:7f:6d:47:b5:d7:ed:26:
d6:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2F:86:75:45:75:94:D7:E7:40:AA:EE:F2:E7:D7:EF:D0:22:39:C6:17
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/4cd4ca-c195-4bc4-bb9f-1031ae1eb032/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/4cd4ca-c195-4bc4-bb9f-1031ae1eb032/1/L4Z1RXWU1-dAqu7y59fv0CI5xhc.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.88.0/22
31.170.160.0/21
31.220.16.0/21
31.220.48.0/20
31.220.104.0/21
45.13.132.0/22
45.13.252.0/22
45.87.80.0/22
45.93.136.0/22
93.188.160.0/21
141.136.33.0-141.136.36.255
141.136.39.0/24
141.136.41.0-141.136.47.255
153.92.0.0/20
153.92.208.0/20
156.67.64.0/20
156.67.208.0/20
185.28.20.0/22
185.77.96.0/23
194.11.154.0/23
194.11.214.0/23
195.110.58.0/23
212.1.208.0/21
IPv6:
2a02:4780::/32
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
47583
204915
Signature Algorithm: sha256WithRSAEncryption
35:c2:ab:7e:a8:d8:36:31:83:50:6e:6f:bf:9e:91:81:70:45:
16:70:47:da:5e:b3:1f:66:dc:22:5c:51:9e:e6:b7:9a:6e:b9:
62:ec:40:84:7f:06:bd:27:b4:ff:b5:77:83:8e:d6:8c:82:ff:
f5:8a:76:08:a0:02:69:e5:a8:dd:f3:c5:f2:d8:b0:f6:23:ee:
c1:b0:c7:ed:7a:36:c0:ac:bf:ea:09:fd:78:01:9f:5f:72:d9:
61:8b:df:f4:23:63:cd:c5:28:bd:6e:fa:0c:54:c7:bc:b3:ad:
3c:30:38:cb:d8:b6:89:85:83:89:f4:41:eb:99:c5:43:53:ed:
dd:f9:c2:56:ba:34:2b:6a:9e:45:be:0a:01:15:2b:d1:19:bf:
ef:be:9a:ee:c6:b7:a9:5b:ec:7f:f5:68:6c:fc:68:46:36:3d:
3f:52:ee:31:67:5b:dc:1a:be:3b:0b:67:96:3e:21:a7:f8:a5:
14:d7:3c:c8:e6:61:45:6e:16:5a:03:72:27:f7:6f:03:e7:5f:
05:aa:09:ac:eb:61:c8:db:76:35:cf:51:71:40:99:76:5b:c4:
9f:4c:a3:05:ea:ba:81:7a:a5:34:18:a0:24:ba:ef:c7:2c:2e:
e2:77:0e:76:85:6f:e6:48:4e:48:0c:15:34:7c:50:10:83:35:
4c:5f:52:a5
-----BEGIN CERTIFICATE-----
MIIGQTCCBSmgAwIBAgISAZt+N4eCDuTDiUDyuMF0hCcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjYwMTAyMTAxODQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjg2NzU0NTc1OTRkN2U3NDBhYWVlZjJlN2Q3ZWZkMDIyMzljNjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTTiJcJ+2mUF2SZ83LygUChE7z1W
PSBY8+bSq3Ds8pkvSyqhRVomw7zXw7Kb5ysVc5Hi55ObqmFG2X+1JX3QxFR3uo6Q
6qGYh7O4VT0tV8xe6oVy/m0V3UlAMPp33G3wFLX6+TLn0gfqKY5vVp1PyeW8+5+T
GQIntaX52yjlnjat1UEEbCLE1WrvOaJ0M3m8piVtYnyo5Uz9L8tUtDGdgCPl/ZIi
GWjnE3pOoelGoTKVtxw7gSjUtz+XywAllBQxXIScWLhbnJhbjmItjmjvS45mz5Uh
YDKUszXRkn/0NN3eY0ZUnD6+wBk0mBmU6LNZNq26/FCgzH9tR7XX7SbW3QIDAQAB
o4IDTTCCA0kwHQYDVR0OBBYEFC+GdUV1lNfnQKru8ufX79AiOcYXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVlLzRjZDRj
YS1jMTk1LTRiYzQtYmI5Zi0xMDMxYWUxZWIwMzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWUvNGNkNGNh
LWMxOTUtNGJjNC1iYjlmLTEwMzFhZTFlYjAzMi8xL0w0WjFSWFdVMS1kQXF1N3k1
OWZ2MENJNXhoYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIHGBggrBgEF
BQcBBwEB/wSBtjCBszCBoQQCAAEwgZoDBAICOVgDBAMfqqADBAMf3BADBAQf3DAD
BAMf3GgDBAItDYQDBAItDfwDBAItV1ADBAItXYgDBANdvKAwDAMEAI2IIQMEAI2I
JAMEAI2IJzAMAwQAjYgpAwQEjYggAwQEmVwAAwQEmVzQAwQEnENAAwQEnEPQAwQC
uRwUAwQBuU1gAwQBwguaAwQBwgvWAwQBw246AwQD1AHQMA0EAgACMAcDBQAqAkeA
MB8GCCsGAQUFBwEIAQH/BBAwDqAMMAoCAwC53wIDAyBzMA0GCSqGSIb3DQEBCwUA
A4IBAQA1wqt+qNg2MYNQbm+/npGBcEUWcEfaXrMfZtwiXFGe5reabrli7ECEfwa9
J7T/tXeDjtaMgv/1inYIoAJp5ajd88Xy2LD2I+7BsMftejbArL/qCf14AZ9fctlh
i9/0I2PNxSi9bvoMVMe8s608MDjL2LaJhYOJ9EHrmcVDU+3d+cJWujQrap5FvgoB
FSvRGb/vvpruxrepW+x/9Whs/GhGNj0/Uu4xZ1vcGr47C2eWPiGn+KUU1zzI5mFF
bhZaA3In928D518Fqgms62HI23Y1z1FxQJl2W8SfTKMF6rqBeqU0GKAkuu/HLC7i
dw52hW/mSE5IDBU0fFAQgzVMX1Kl
-----END CERTIFICATE-----
Generated at Thu Mar 26 11:04:41 2026 by rpki-client