Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0vHIhC58-JGyNNOh4OLg73PoQqo.cer
File:                     0vHIhC58-JGyNNOh4OLg73PoQqo.cer (raw, json)
Hash identifier:          KPmFgqP4aaDIKxQHtEpjh57DoYzpX3K+IJHrxYoaseU=
Subject key identifier:   D2:F1:C8:84:2E:7C:F8:91:B2:34:D3:A1:E0:E2:E0:EF:73:E8:42:AA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC433C7BC6835E6E7F120C78DB1E5F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/09/c99ae7-b671-40b9-bb1e-a19444f7a337/1/0vHIhC58-JGyNNOh4OLg73PoQqo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/09/c99ae7-b671-40b9-bb1e-a19444f7a337/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 8339
                          AS: 8559
                          IP: 62.40.128.0/17
                          IP: 81.217.0.0/16
                          IP: 82.149.96.0/19
                          IP: 82.218.0.0/16
                          IP: 89.104.0.0/19
                          IP: 92.62.16.0/20
                          IP: 94.16.32.0/19
                          IP: 95.143.224.0/20
                          IP: 141.98.176.0/22
                          IP: 178.18.160.0/20
                          IP: 185.93.8.0/22
                          IP: 185.100.96.0/22
                          IP: 194.106.224.0/19
                          IP: 195.202.128.0/18
                          IP: 195.230.160.0/19
                          IP: 202.170.80.0/21
                          IP: 2a00:1b38::/32
                          IP: 2a02:e200::/30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Mar 2024 06:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:43:3c:7b:c6:83:5e:6e:7f:12:0c:78:db:1e:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d2f1c8842e7cf891b234d3a1e0e2e0ef73e842aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:aa:20:a5:5c:92:02:9d:20:9e:ff:be:d6:54:
                    5c:50:a9:3d:5b:16:df:83:0b:31:4d:ca:b2:3b:9e:
                    e8:c7:f9:2d:57:18:f0:a9:87:b3:93:2e:22:40:cf:
                    4c:00:6c:c5:ce:bd:ae:03:38:67:e7:8a:6d:1a:37:
                    bd:ed:43:09:3b:89:91:c8:e0:92:e3:8b:60:41:09:
                    c9:18:7b:06:81:f1:67:9c:11:db:7e:37:95:96:21:
                    3d:80:c0:87:db:ed:ab:e4:e6:7c:ef:ef:8b:7e:b8:
                    48:68:7f:23:49:05:f8:88:af:2e:d7:2a:31:c1:82:
                    b9:e5:28:97:84:d2:81:53:e6:55:39:26:4d:37:c3:
                    ef:c9:46:f6:70:85:e5:0a:31:f8:f5:15:e9:4e:e4:
                    4d:5a:db:31:8b:7d:40:e6:ac:30:28:a1:77:a9:68:
                    50:fe:98:fd:da:0a:b8:24:7b:35:52:eb:c9:9b:a5:
                    c4:1f:ff:a8:01:ee:d5:42:33:fc:5a:ff:f2:33:ca:
                    1e:08:c0:f3:9b:10:c6:09:34:b7:b1:61:fa:eb:ef:
                    1f:02:1a:70:81:9e:e0:57:f0:7b:a3:c8:80:b6:fd:
                    c9:0d:55:3e:12:c2:41:a7:21:59:08:14:26:69:ec:
                    6e:23:6f:e4:e4:13:12:f3:ff:24:26:5a:d4:ba:31:
                    22:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:F1:C8:84:2E:7C:F8:91:B2:34:D3:A1:E0:E2:E0:EF:73:E8:42:AA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c99ae7-b671-40b9-bb1e-a19444f7a337/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/c99ae7-b671-40b9-bb1e-a19444f7a337/1/0vHIhC58-JGyNNOh4OLg73PoQqo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.40.128.0/17
                  81.217.0.0/16
                  82.149.96.0/19
                  82.218.0.0/16
                  89.104.0.0/19
                  92.62.16.0/20
                  94.16.32.0/19
                  95.143.224.0/20
                  141.98.176.0/22
                  178.18.160.0/20
                  185.93.8.0/22
                  185.100.96.0/22
                  194.106.224.0/19
                  195.202.128.0/18
                  195.230.160.0/19
                  202.170.80.0/21
                IPv6:
                  2a00:1b38::/32
                  2a02:e200::/30

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  8339
                  8559

    Signature Algorithm: sha256WithRSAEncryption
         ae:cb:5b:97:3f:79:8c:51:9c:14:5b:f3:35:37:32:d1:50:ca:
         d2:b8:7f:b2:6d:4b:10:38:be:a2:76:05:85:18:02:15:69:b2:
         98:87:fb:aa:80:de:26:5f:d0:30:b7:63:05:00:1a:0a:0d:bc:
         c2:a0:72:98:99:3d:9e:9e:a9:f7:e7:87:eb:00:18:25:63:8c:
         9b:d2:ec:34:06:33:1a:1c:ca:1d:55:ab:3e:fb:07:b6:5a:a2:
         1b:60:06:6a:63:95:eb:11:87:01:d2:4f:16:bd:a3:6d:53:a7:
         30:62:e9:8a:fa:30:10:0b:0a:ef:f9:a0:75:20:a0:33:6b:ee:
         24:08:b6:20:00:84:fe:c6:6a:29:25:a1:07:cc:c0:b4:65:f2:
         06:29:8c:df:c3:53:0f:e0:b6:ba:76:d0:c4:c8:39:b3:9f:2f:
         4b:0d:48:20:d4:93:61:b8:6c:86:e6:88:47:fb:ae:56:45:15:
         d7:40:e8:aa:7a:73:92:87:ca:cd:5a:94:84:54:8a:ff:c2:c5:
         db:89:27:33:ee:f1:12:0a:a9:66:9f:9a:a3:23:1f:4f:9e:ad:
         ed:ed:dd:06:09:64:a6:1d:5d:92:0a:80:20:e0:66:31:77:38:
         ab:2d:9d:41:22:22:68:a3:c4:8d:86:7c:56:e5:5e:50:fb:43:
         b7:b0:b3:9f
-----BEGIN CERTIFICATE-----
MIIGBjCCBO6gAwIBAgISAYzF3EM8e8aDXm5/Egx42x5fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmYxYzg4NDJlN2NmODkxYjIzNGQzYTFlMGUyZTBlZjczZTg0MmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyaogpVySAp0gnv++1lRcUKk9Wxbf
gwsxTcqyO57ox/ktVxjwqYezky4iQM9MAGzFzr2uAzhn54ptGje97UMJO4mRyOCS
44tgQQnJGHsGgfFnnBHbfjeVliE9gMCH2+2r5OZ87++LfrhIaH8jSQX4iK8u1yox
wYK55SiXhNKBU+ZVOSZNN8PvyUb2cIXlCjH49RXpTuRNWtsxi31A5qwwKKF3qWhQ
/pj92gq4JHs1UuvJm6XEH/+oAe7VQjP8Wv/yM8oeCMDzmxDGCTS3sWH66+8fAhpw
gZ7gV/B7o8iAtv3JDVU+EsJBpyFZCBQmaexuI2/k5BMS8/8kJlrUujEiFQIDAQAB
o4IDEjCCAw4wHQYDVR0OBBYEFNLxyIQufPiRsjTToeDi4O9z6EKqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA5L2M5OWFl
Ny1iNjcxLTQwYjktYmIxZS1hMTk0NDRmN2EzMzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDkvYzk5YWU3
LWI2NzEtNDBiOS1iYjFlLWExOTQ0NGY3YTMzNy8xLzB2SEloQzU4LUpHeU5OT2g0
T0xnNzNQb1Fxby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIGNBggrBgEF
BQcBBwEB/wR+MHwwZAQCAAEwXgMEBz4ogAMDAFHZAwQFUpVgAwMAUtoDBAVZaAAD
BARcPhADBAVeECADBARfj+ADBAKNYrADBASyEqADBAK5XQgDBAK5ZGADBAXCauAD
BAbDyoADBAXD5qADBAPKqlAwFAQCAAIwDgMFACoAGzgDBQIqAuIAMB0GCCsGAQUF
BwEIAQH/BA4wDKAKMAgCAiCTAgIhbzANBgkqhkiG9w0BAQsFAAOCAQEArstblz95
jFGcFFvzNTcy0VDK0rh/sm1LEDi+onYFhRgCFWmymIf7qoDeJl/QMLdjBQAaCg28
wqBymJk9np6p9+eH6wAYJWOMm9LsNAYzGhzKHVWrPvsHtlqiG2AGamOV6xGHAdJP
Fr2jbVOnMGLpivowEAsK7/mgdSCgM2vuJAi2IACE/sZqKSWhB8zAtGXyBimM38NT
D+C2unbQxMg5s58vSw1IINSTYbhshuaIR/uuVkUV10DoqnpzkofKzVqUhFSK/8LF
24knM+7xEgqpZp+aoyMfT56t7e3dBglkph1dkgqAIOBmMXc4qy2dQSIiaKPEjYZ8
VuVeUPtDt7Cznw==
-----END CERTIFICATE-----
Generated at Fri Mar 29 09:01:29 2024 by rpki-client on console-fra.rpki-client.org