Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/q1wa2N15IqRaLMdIHv4B3UMwBsI.cer
File: q1wa2N15IqRaLMdIHv4B3UMwBsI.cer (raw, json)
Hash identifier: 12k0cKhPdgsQecTjKViolU8vCA9rb5CIJXrqF/Nvo3U=
Subject key identifier: AB:5C:1A:D8:DD:79:22:A4:5A:2C:C7:48:1E:FE:01:DD:43:30:06:C2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 0199ED88E760ECE7A0D8056F45D14A4E0DE4
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/fa/9e99bf-2d89-4401-bc9f-cba8c8a5453e/1/q1wa2N15IqRaLMdIHv4B3UMwBsI.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/fa/9e99bf-2d89-4401-bc9f-cba8c8a5453e/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Thu 16 Oct 2025 14:59:56 +0000
Certificate not after: Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources: IP: 81.92.200.0 -- 81.92.215.255
IP: 85.199.216.0/21
IP: 193.108.244.0/22
IP: 217.138.8.0/23
IP: 217.138.12.0/23
IP: 217.138.15.0 -- 217.138.28.255
IP: 217.138.30.0 -- 217.138.52.255
IP: 217.138.54.0 -- 217.138.70.255
IP: 217.138.72.0/21
IP: 217.138.81.0 -- 217.138.83.255
IP: 217.138.85.0 -- 217.138.88.255
IP: 217.138.90.0 -- 217.138.93.255
IP: 217.138.95.0 -- 217.138.102.255
IP: 217.138.106.0 -- 217.138.110.255
IP: 217.138.112.0 -- 217.138.132.255
IP: 217.138.136.0/21
IP: 217.138.145.0 -- 217.138.154.255
IP: 217.138.156.0 -- 217.138.161.255
IP: 217.138.163.0 -- 217.138.191.255
IP: 217.138.224.0 -- 217.138.251.255
IP: 2a0a:c200::/29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 20 Oct 2025 01:22:59 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:99:ed:88:e7:60:ec:e7:a0:d8:05:6f:45:d1:4a:4e:0d:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Oct 16 14:59:56 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ab5c1ad8dd7922a45a2cc7481efe01dd433006c2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:4a:3b:51:b1:35:e6:61:6f:33:83:70:b3:6b:
99:ba:52:ba:76:f0:2d:55:6f:ce:e7:5a:48:4f:f0:
7e:db:1b:9c:6b:66:2f:52:44:33:f9:c9:8c:e4:17:
88:5e:3e:b3:cb:34:f6:68:b3:45:15:09:41:13:df:
56:8f:1e:06:cc:d9:28:c4:fb:10:35:c8:13:8f:1e:
8e:d1:8f:25:df:29:0b:44:f4:4a:f4:00:87:03:97:
10:1f:6c:7f:51:1f:6b:da:83:38:77:7d:3d:b8:1d:
d0:f8:b6:27:db:6b:95:67:9b:c6:ba:0e:30:4a:92:
c5:92:a0:52:ad:3b:51:b5:eb:c3:3a:f1:3f:31:b1:
94:1d:42:59:03:d4:07:2a:29:0c:51:65:c5:d3:99:
98:1f:8b:e6:98:19:7d:4c:0e:9c:5d:b1:0e:9f:7a:
53:c9:be:35:58:8b:7c:39:bd:e1:1d:5b:ca:b8:fa:
c8:2f:de:45:b6:d6:af:a5:b7:23:81:18:de:c3:f1:
d1:da:df:fa:9d:11:a0:2a:7d:4d:9f:27:f8:ea:52:
fd:2d:44:24:fe:cd:82:e2:9c:b3:fc:43:86:c7:ef:
3e:a8:90:27:33:63:8d:37:b3:09:48:e6:d5:b4:06:
75:e3:5d:09:d7:14:e4:ec:8f:76:6a:0f:c2:7b:40:
4a:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:5C:1A:D8:DD:79:22:A4:5A:2C:C7:48:1E:FE:01:DD:43:30:06:C2
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/9e99bf-2d89-4401-bc9f-cba8c8a5453e/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/9e99bf-2d89-4401-bc9f-cba8c8a5453e/1/q1wa2N15IqRaLMdIHv4B3UMwBsI.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.92.200.0-81.92.215.255
85.199.216.0/21
193.108.244.0/22
217.138.8.0/23
217.138.12.0/23
217.138.15.0-217.138.28.255
217.138.30.0-217.138.52.255
217.138.54.0-217.138.70.255
217.138.72.0/21
217.138.81.0-217.138.83.255
217.138.85.0-217.138.88.255
217.138.90.0-217.138.93.255
217.138.95.0-217.138.102.255
217.138.106.0-217.138.110.255
217.138.112.0-217.138.132.255
217.138.136.0/21
217.138.145.0-217.138.154.255
217.138.156.0-217.138.161.255
217.138.163.0-217.138.191.255
217.138.224.0-217.138.251.255
IPv6:
2a0a:c200::/29
Signature Algorithm: sha256WithRSAEncryption
a9:24:8a:b5:0a:bd:66:d3:f1:46:aa:d3:03:fa:15:99:59:2e:
69:69:85:75:e6:d5:e9:03:32:62:a0:55:6f:2c:8f:8e:42:f7:
5f:72:fa:44:5b:39:76:0e:0d:10:b1:65:6a:14:ce:25:62:4a:
a4:7c:69:4e:8d:ed:7a:58:75:1f:52:a5:b6:70:96:16:98:5b:
36:ae:47:9c:c6:8e:ca:fc:22:31:2e:a2:76:8d:fe:fd:46:30:
47:0f:a0:b8:23:8f:c4:5e:f3:91:ab:ca:9e:b7:46:9b:76:90:
ef:99:2d:00:1d:4f:f4:d7:43:43:1e:de:7f:bd:74:0a:74:89:
8c:e2:d5:ff:ac:66:ab:75:de:b2:4a:df:52:d0:67:82:64:96:
63:71:10:ec:0d:df:1c:6e:a6:dd:de:ed:3e:d7:83:18:13:6a:
7e:ca:22:d6:db:05:03:aa:f1:61:9c:a5:c7:18:75:36:3a:95:
d4:e2:8b:df:1a:0f:b8:28:d3:73:e9:fb:7e:79:72:4d:a8:e6:
30:32:e4:01:e4:28:64:76:a7:a5:ab:1f:40:78:92:1c:f8:8d:
b3:ce:cc:f3:22:35:fb:75:d5:57:d2:61:6b:ee:49:8c:b8:89:
21:18:ee:27:3b:08:c1:62:92:9b:0f:72:21:45:02:3f:7b:1d:
b9:c3:6d:6b
-----BEGIN CERTIFICATE-----
MIIGcTCCBVmgAwIBAgISAZntiOdg7Oeg2AVvRdFKTg3kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUxMDE2MTQ1OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjVjMWFkOGRkNzkyMmE0NWEyY2M3NDgxZWZlMDFkZDQzMzAwNmMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Uo7UbE15mFvM4Nws2uZulK6dvAt
VW/O51pIT/B+2xuca2YvUkQz+cmM5BeIXj6zyzT2aLNFFQlBE99Wjx4GzNkoxPsQ
NcgTjx6O0Y8l3ykLRPRK9ACHA5cQH2x/UR9r2oM4d309uB3Q+LYn22uVZ5vGug4w
SpLFkqBSrTtRtevDOvE/MbGUHUJZA9QHKikMUWXF05mYH4vmmBl9TA6cXbEOn3pT
yb41WIt8Ob3hHVvKuPrIL95FttavpbcjgRjew/HR2t/6nRGgKn1Nnyf46lL9LUQk
/s2C4pyz/EOGx+8+qJAnM2ONN7MJSObVtAZ1410J1xTk7I92ag/Ce0BK9QIDAQAB
o4IDfTCCA3kwHQYDVR0OBBYEFKtcGtjdeSKkWizHSB7+Ad1DMAbCMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZhLzllOTli
Zi0yZDg5LTQ0MDEtYmM5Zi1jYmE4YzhhNTQ1M2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmEvOWU5OWJm
LTJkODktNDQwMS1iYzlmLWNiYThjOGE1NDUzZS8xL3Exd2EyTjE1SXFSYUxNZElI
djRCM1VNd0JzSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIBFgYIKwYB
BQUHAQcBAf8EggEFMIIBATCB7wQCAAEwgegwDAMEA1FcyAMEA1Fc0AMEA1XH2AME
AsFs9AMEAdmKCAMEAdmKDDAMAwQA2YoPAwQA2YocMAwDBAHZih4DBADZijQwDAME
AdmKNgMEANmKRgMEA9mKSDAMAwQA2YpRAwQC2YpQMAwDBADZilUDBADZilgwDAME
AdmKWgMEAdmKXDAMAwQA2YpfAwQA2YpmMAwDBAHZimoDBADZim4wDAMEBNmKcAME
ANmKhAMEA9mKiDAMAwQA2YqRAwQA2YqaMAwDBALZipwDBAHZiqAwDAMEANmKowME
BtmKgDAMAwQF2YrgAwQC2Yr4MA0EAgACMAcDBQMqCsIAMA0GCSqGSIb3DQEBCwUA
A4IBAQCpJIq1Cr1m0/FGqtMD+hWZWS5paYV15tXpAzJioFVvLI+OQvdfcvpEWzl2
Dg0QsWVqFM4lYkqkfGlOje16WHUfUqW2cJYWmFs2rkecxo7K/CIxLqJ2jf79RjBH
D6C4I4/EXvORq8qet0abdpDvmS0AHU/010NDHt5/vXQKdImM4tX/rGardd6ySt9S
0GeCZJZjcRDsDd8cbqbd3u0+14MYE2p+yiLW2wUDqvFhnKXHGHU2OpXU4ovfGg+4
KNNz6ft+eXJNqOYwMuQB5Chkdqelqx9AeJIc+I2zzszzIjX7ddVX0mFr7kmMuIkh
GO4nOwjBYpKbD3IhRQI/ex25w21r
-----END CERTIFICATE-----
Generated at Sun Oct 19 10:36:23 2025 by rpki-client