ANF AC Root Certificates


 

Root CA certificates are the starting element of any certification hierarchy. 

A certification hierarchy consists of a hierarchical structure of CAs in which it starts from a root CA (self-signed), which signs intermediate CA certificates and lists of intermediate CA revoked certificates (ARLs). At each level, there are one or more intermediate CAs that sign end entity certificates, and revoked certificate lists (CRLs).

The PKI administered by ANF AC follows a vertical Certification Hierarchy in accordance with the document IETF RFC 4158 “Internet X.509 Public Key Infrastructure:  Certification Path Building”. From the Root Certificate of the Certification Authority, the Certification Route is built

ANF Autoridad de Certificación, as stated in its Certificate Practice Statement, has the following root certificates:

Root CA

The Root Certificate CN = ANF Global Root CA with serial number ‎01 64 95 ee 61 8a 07 50, which wxpires on May 15, 2036.

The identification data of this Root Certificate are:

With SHA-256 algorithm:

Serial number

01 64 95 ee 61 8a 07 50

Subject

CN = ANF Global Root CA

SERIALNUMBER = G63287510

OU = ANF Clase 1 CA

O = ANF Autoridad de Certificación

C = ES

Validity period

Valid from 2016-05-20 to 2036-05-15

Public key

RSA (4096 Bits)

Signature algorithm

Sha256RSA

Digital fingerprint

fc 98 43 cc 99 22 61 50 01 a1 73 74 ce 8a 3d 79 58 0f ea 51

This certificate was issued to replace the Root Certificate CN = ANF Global Root CA issued with SHA-256 with serial number: 01 3f 2f 31 77 e6 which expires on June 5, 2033.


The certificate was issued without key renewal, and is valid until its expiration date. It uses the same private key, the same public key, and the same CA name. This certification model with shared keys is called "Cross Certification" * 1.

Whenever possible, the use of the hierarchy with expiration will be progressively abandoned, and in a friendly way with the institutions that have it approved, 2033.

* 1 "Cross Certification" is a mechanism to create multiple certification paths. In this case it is used so that the same certificate can be validated indistinctly in two certification hierarchies that end in different CA Roots. (See "RFC4949: Internet Security Glossary, Version 2": cross-certification).


The identification data of the Root Certificate CN = ANF Global Root CA with expiration date June 5, 2033 are:

With SHA-256 algorithm:

Serial number

01 3f 2f 31 77 e6

Subject

CN = ANF Global Root CA

SERIALNUMBER = G63287510

OU = ANF Clase 1 CA

O = ANF Autoridad de Certificación

C = ES

Validity period

Valid from 2013-06-10 to 2033-06-05

Public key

RSA (4096 Bits)

Signature algorithm

Sha256RSA

Digital fingerprint

26 ca ff 09 a7 af ba e9 68 10 cf ff 82 1a 94 32 6d 28 45 aa