Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CgN3SN0oSDyrZzaZNRPl88JBoY0.cer
File:                     CgN3SN0oSDyrZzaZNRPl88JBoY0.cer (raw, json)
Hash identifier:          /JPuCjWbV32qzXjTNGyC+0asAiceToHX/GSOcSQjRno=
Subject key identifier:   0A:03:77:48:DD:28:48:3C:AB:67:36:99:35:13:E5:F3:C2:41:A1:8D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       754E0EA137
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://nostromo.heficed.net/repo/1123922/0/0A037748DD28483CAB6736993513E5F3C241A18D.mft
caRepository:             rsync://nostromo.heficed.net/repo/1123922/0/
Notify URL:               https://nostromo.heficed.net/rrdp/notification.xml
Certificate not before:   Fri 01 Jan 2021 00:02:52 +0000
Certificate not after:    Fri 01 Jul 2022 00:00:00 +0000
Subordinate resources:    IP: 192.109.136.0/24
                          IP: 192.109.149.0/24
                          IP: 192.109.159.0/24
                          IP: 192.109.165.0/24
Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 503820755255 (0x754e0ea137)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:02:52 2021 GMT
            Not After : Jul  1 00:00:00 2022 GMT
        Subject: CN=0a037748dd28483cab6736993513e5f3c241a18d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8f:0a:97:cb:e3:59:17:c9:ae:c0:90:2c:b3:
                    ef:86:40:43:30:e0:49:a1:f0:8e:17:78:38:9a:4f:
                    ce:c9:76:e7:6b:04:a5:ae:d2:0a:4d:59:76:5e:05:
                    fa:d4:2f:4c:91:d0:3f:5f:a2:d6:8f:93:96:66:b1:
                    15:2d:cb:74:32:76:2e:21:13:e2:a3:19:60:f4:c3:
                    3c:e0:fd:7a:37:19:da:11:4c:62:04:4b:5f:7d:96:
                    ab:e6:6a:19:41:5d:56:b4:b2:1d:d0:cd:8a:dd:f2:
                    b8:ab:73:98:9a:6a:39:f7:ca:5e:0d:a8:ab:07:d9:
                    26:33:5b:1a:eb:d6:57:e4:da:d1:37:5c:07:98:ba:
                    89:2f:c2:1d:78:78:9f:ea:a1:3c:07:1e:f3:17:3d:
                    83:03:b6:84:38:d8:6c:f6:b4:9d:d7:ed:60:39:5c:
                    2a:3d:9e:a5:e5:d8:d9:4b:9e:52:0d:73:d8:68:d6:
                    15:e4:35:15:45:bb:12:a4:5a:bc:c7:71:ad:51:f8:
                    75:ad:05:cd:45:ef:fd:d5:50:bf:37:7e:47:c9:ee:
                    1e:53:f2:f0:da:0a:b2:d3:5c:fa:29:46:d3:60:01:
                    19:9d:e9:a3:e6:39:f7:e0:c5:4c:64:82:1a:9a:76:
                    54:b7:02:ea:ad:9d:c7:f4:94:79:2e:73:73:b5:4c:
                    6d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:03:77:48:DD:28:48:3C:AB:67:36:99:35:13:E5:F3:C2:41:A1:8D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://nostromo.heficed.net/repo/1123922/0/
                RPKI Manifest - URI:rsync://nostromo.heficed.net/repo/1123922/0/0A037748DD28483CAB6736993513E5F3C241A18D.mft
                RPKI Notify - URI:https://nostromo.heficed.net/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.136.0/24
                  192.109.149.0/24
                  192.109.159.0/24
                  192.109.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:cc:0f:b0:23:2a:ce:49:16:76:75:b2:d2:12:5b:d6:50:c2:
         de:6f:62:28:a0:19:65:d6:40:e1:c3:09:60:5d:41:3a:cf:ef:
         3a:82:6c:2b:03:33:e7:f1:11:12:5f:36:fe:ba:f9:97:ca:bd:
         5f:4b:2d:0b:23:fc:54:12:83:2e:f2:98:43:32:64:1e:bc:e0:
         9c:96:4e:8d:0c:49:00:61:65:3d:4f:29:ee:8c:05:87:73:d2:
         4c:53:b7:38:78:ae:f5:f7:f5:f7:3a:0d:a9:26:6c:e8:63:cc:
         7e:76:f1:18:9f:2d:18:a8:6d:02:70:34:69:df:5f:47:5d:95:
         00:58:72:16:0e:e1:89:a7:84:32:72:27:db:05:b2:58:58:79:
         f1:50:75:da:e6:37:c6:0a:1f:de:57:2e:06:10:81:63:16:1a:
         32:4e:21:6f:e7:b5:e2:81:f8:8a:26:e5:b8:75:0f:05:e8:ec:
         9c:b4:71:58:be:b5:ba:83:25:23:6a:2f:48:f0:2c:1e:07:b2:
         2f:d1:31:e8:6a:cd:68:c4:5c:c1:9d:be:8f:f6:ee:6e:74:54:
         6c:ae:61:35:e4:f3:76:46:97:19:a1:b0:98:7f:eb:61:30:f7:
         d5:d5:0d:c2:0c:7c:a3:69:30:58:4b:da:27:43:37:d3:93:97:
         d8:c5:7c:01
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgIFdU4OoTcwDQYJKoZIhvcNAQELBQAwMzExMC8GA1UEAxMo
MmE5NGE4ZGQ1NTRhZTcwMTA3MjA5OWM3MGI2NDA3NTU1ZGRkZTY2OTAeFw0yMTAx
MDEwMDAyNTJaFw0yMjA3MDEwMDAwMDBaMDMxMTAvBgNVBAMTKDBhMDM3NzQ4ZGQy
ODQ4M2NhYjY3MzY5OTM1MTNlNWYzYzI0MWExOGQwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC1jwqXy+NZF8muwJAss++GQEMw4Emh8I4XeDiaT87Jdudr
BKWu0gpNWXZeBfrUL0yR0D9fotaPk5ZmsRUty3Qydi4hE+KjGWD0wzzg/Xo3GdoR
TGIES199lqvmahlBXVa0sh3QzYrd8rirc5iaajn3yl4NqKsH2SYzWxrr1lfk2tE3
XAeYuokvwh14eJ/qoTwHHvMXPYMDtoQ42Gz2tJ3X7WA5XCo9nqXl2NlLnlINc9ho
1hXkNRVFuxKkWrzHca1R+HWtBc1F7/3VUL83fkfJ7h5T8vDaCrLTXPopRtNgARmd
6aPmOffgxUxkghqadlS3Auqtncf0lHkuc3O1TG1HAgMBAAGjggJiMIICXjAdBgNV
HQ4EFgQUCgN3SN0oSDyrZzaZNRPl88JBoY0wHwYDVR0jBBgwFoAUKpSo3VVK5wEH
IJnHC2QHVV3d5mkwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwYAYI
KwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRyc3luYzovL3Jwa2kucmlwZS5uZXQv
cmVwb3NpdG9yeS9hY2EvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNlcjCB
8AYIKwYBBQUHAQsEgeMwgeAwOAYIKwYBBQUHMAWGLHJzeW5jOi8vbm9zdHJvbW8u
aGVmaWNlZC5uZXQvcmVwby8xMTIzOTIyLzAvMGQGCCsGAQUFBzAKhlhyc3luYzov
L25vc3Ryb21vLmhlZmljZWQubmV0L3JlcG8vMTEyMzkyMi8wLzBBMDM3NzQ4REQy
ODQ4M0NBQjY3MzY5OTM1MTNFNUYzQzI0MUExOEQubWZ0MD4GCCsGAQUFBzANhjJo
dHRwczovL25vc3Ryb21vLmhlZmljZWQubmV0L3JyZHAvbm90aWZpY2F0aW9uLnht
bDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3Np
dG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYD
VR0gAQH/BA4wDDAKBggrBgEFBQcOAjAxBggrBgEFBQcBBwEB/wQiMCAwHgQCAAEw
GAMEAMBtiAMEAMBtlQMEAMBtnwMEAMBtpTANBgkqhkiG9w0BAQsFAAOCAQEAZcwP
sCMqzkkWdnWy0hJb1lDC3m9iKKAZZdZA4cMJYF1BOs/vOoJsKwMz5/EREl82/rr5
l8q9X0stCyP8VBKDLvKYQzJkHrzgnJZOjQxJAGFlPU8p7owFh3PSTFO3OHiu9ff1
9zoNqSZs6GPMfnbxGJ8tGKhtAnA0ad9fR12VAFhyFg7hiaeEMnIn2wWyWFh58VB1
2uY3xgof3lcuBhCBYxYaMk4hb+e14oH4iibluHUPBejsnLRxWL61uoMlI2ovSPAs
HgeyL9Ex6GrNaMRcwZ2+j/bubnRUbK5hNeTzdkaXGaGwmH/rYTD31dUNwgx8o2kw
WEvaJ0M305OX2MV8AQ==
-----END CERTIFICATE-----
Generated at Tue Jul 1 07:58:33 2025 by rpki-client