Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1-cSsxnpLABNVenTs5mQfT5R1_y0.cer
File:                     1-cSsxnpLABNVenTs5mQfT5R1_y0.cer (raw, json)
Hash identifier:          qRZmlviJ43uLZpiSjDwSV/gdKYPtquC4qhshoIOzEkk=
Subject key identifier:   F9:C4:AC:C6:7A:4B:00:13:55:7A:74:EC:E6:64:1F:4F:94:75:FF:2D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DFA190DCF1639F7E1900ED881C7CC6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ca/969c12-5263-4026-bfcd-0890b8051d85/1/1-cSsxnpLABNVenTs5mQfT5R1_y0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ca/969c12-5263-4026-bfcd-0890b8051d85/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:32:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 62099
                          IP: 176.98.248.0/21
                          IP: 185.47.220.0/22
                          IP: 185.91.168.0/22
                          IP: 2a01:9420::/29
                          IP: 2a05:ec00::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Mar 2024 06:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a1:90:dc:f1:63:9f:7e:19:00:ed:88:1c:7c:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9c4acc67a4b0013557a74ece6641f4f9475ff2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:e0:6d:9f:26:64:74:75:e7:72:49:88:04:0e:
                    50:37:eb:1b:2a:ba:c6:c5:d4:4e:6c:2b:07:d7:80:
                    72:6d:23:cc:70:80:5d:2b:53:00:64:42:f9:9c:93:
                    48:19:83:8d:97:23:98:34:d5:d7:25:55:aa:be:9f:
                    32:dc:3d:ed:5a:81:71:6e:48:b1:96:9c:e6:6b:4b:
                    fc:f9:eb:0d:11:a4:4c:d5:5d:c6:6b:73:15:c5:b4:
                    47:76:62:fe:c3:3d:0d:e0:1e:13:63:0d:7d:2c:04:
                    45:36:55:ae:38:1d:fd:8b:0d:39:06:46:7f:7e:f5:
                    38:ff:9e:66:9a:26:ab:02:e8:5b:12:ec:ae:07:df:
                    e7:90:45:74:35:52:68:6e:2f:2c:7a:64:b5:3e:89:
                    92:21:e4:7b:92:13:60:2b:00:1d:5b:7e:4b:17:ef:
                    40:bb:a7:77:08:27:ff:42:bb:70:46:fb:d8:34:88:
                    71:ab:9a:17:42:82:e7:cd:e4:0c:87:0d:0a:cb:79:
                    99:fc:98:5b:da:a9:07:64:e2:79:c1:a4:99:10:97:
                    e9:49:4f:c5:6f:89:2f:c3:2b:1a:e5:0c:a2:3d:4a:
                    4b:9b:e3:2e:66:a2:6b:ad:ba:c4:d4:9d:36:e6:e3:
                    ba:6b:6d:5e:67:b6:ca:ed:9d:1f:96:07:fa:a0:58:
                    2c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:C4:AC:C6:7A:4B:00:13:55:7A:74:EC:E6:64:1F:4F:94:75:FF:2D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969c12-5263-4026-bfcd-0890b8051d85/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969c12-5263-4026-bfcd-0890b8051d85/1/1-cSsxnpLABNVenTs5mQfT5R1_y0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.98.248.0/21
                  185.47.220.0/22
                  185.91.168.0/22
                IPv6:
                  2a01:9420::/29
                  2a05:ec00::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  62099

    Signature Algorithm: sha256WithRSAEncryption
         08:b4:4c:19:cb:10:1a:c9:a7:15:ab:5e:2a:37:2b:cc:df:6c:
         5f:54:2e:d1:ad:7c:48:64:15:7f:95:52:b1:6a:63:32:29:e1:
         96:e0:55:f5:20:a6:3a:26:07:d2:50:70:b3:4d:17:9e:2e:e8:
         32:c7:9f:7f:b0:92:96:96:b0:90:cf:9e:40:5e:ef:0b:85:72:
         f7:ba:d4:bc:5b:e3:57:cd:7a:aa:ed:9d:0c:55:a4:11:56:10:
         f6:dd:62:c5:92:4d:78:2c:72:ee:8d:4e:6f:06:f0:60:f3:1d:
         7a:e9:f4:43:6a:1a:c2:3d:fe:51:cf:d6:0a:30:0f:39:b9:82:
         09:8f:17:48:cb:b8:4f:09:3f:3e:a6:d5:f7:57:fa:24:23:9e:
         c0:ea:2e:b1:3a:24:33:05:24:e4:1d:5e:63:92:9b:45:e9:d5:
         dc:39:e5:47:9a:00:0d:91:1a:8e:3c:30:ed:eb:fc:26:99:ac:
         c8:ea:6e:fd:a7:7f:47:b4:69:f2:ba:3a:1e:0e:8b:bd:b7:40:
         d5:7d:93:50:49:0b:8d:48:63:cc:66:bb:97:f3:ea:6f:0e:20:
         61:c1:57:37:24:e1:28:65:35:8c:b4:52:97:62:fe:4b:c8:3e:
         a3:ff:c7:45:24:ec:c0:5d:8b:b3:36:4d:1e:98:60:57:06:39:
         98:4e:b8:4a
-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgISAYzI36GQ3PFjn34ZAO2IHHzGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWM0YWNjNjdhNGIwMDEzNTU3YTc0ZWNlNjY0MWY0Zjk0NzVmZjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6+BtnyZkdHXnckmIBA5QN+sbKrrG
xdRObCsH14BybSPMcIBdK1MAZEL5nJNIGYONlyOYNNXXJVWqvp8y3D3tWoFxbkix
lpzma0v8+esNEaRM1V3Ga3MVxbRHdmL+wz0N4B4TYw19LARFNlWuOB39iw05BkZ/
fvU4/55mmiarAuhbEuyuB9/nkEV0NVJobi8semS1PomSIeR7khNgKwAdW35LF+9A
u6d3CCf/QrtwRvvYNIhxq5oXQoLnzeQMhw0Ky3mZ/Jhb2qkHZOJ5waSZEJfpSU/F
b4kvwysa5QyiPUpLm+MuZqJrrbrE1J025uO6a21eZ7bK7Z0flgf6oFgsXwIDAQAB
o4ICwzCCAr8wHQYDVR0OBBYEFPnErMZ6SwATVXp07OZkH0+Udf8tMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEkBggrBgEFBQcBCwSCARYwggESMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NhLzk2OWMx
Mi01MjYzLTQwMjYtYmZjZC0wODkwYjgwNTFkODUvMS8wfQYIKwYBBQUHMAqGcXJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2EvOTY5YzEy
LTUyNjMtNDAyNi1iZmNkLTA4OTBiODA1MWQ4NS8xLzEtY1NzeG5wTEFCTlZlblRz
NW1RZlQ1UjFfeTAubWZ0MDIGCCsGAQUFBzANhiZodHRwczovL3JyZHAucmlwZS5u
ZXQvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jw
a2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhD
MlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBBBggrBgEF
BQcBBwEB/wQyMDAwGAQCAAEwEgMEA7Bi+AMEArkv3AMEArlbqDAUBAIAAjAOAwUD
KgGUIAMFAyoF7AAwGgYIKwYBBQUHAQgBAf8ECzAJoAcwBQIDAPKTMA0GCSqGSIb3
DQEBCwUAA4IBAQAItEwZyxAayacVq14qNyvM32xfVC7RrXxIZBV/lVKxamMyKeGW
4FX1IKY6JgfSUHCzTReeLugyx59/sJKWlrCQz55AXu8LhXL3utS8W+NXzXqq7Z0M
VaQRVhD23WLFkk14LHLujU5vBvBg8x166fRDahrCPf5Rz9YKMA85uYIJjxdIy7hP
CT8+ptX3V/okI57A6i6xOiQzBSTkHV5jkptF6dXcOeVHmgANkRqOPDDt6/wmmazI
6m79p39HtGnyujoeDou9t0DVfZNQSQuNSGPMZruX8+pvDiBhwVc3JOEoZTWMtFKX
Yv5LyD6j/8dFJOzAXYuzNk0emGBXBjmYTrhK
-----END CERTIFICATE-----
Generated at Fri Mar 29 13:53:22 2024 by rpki-client on console-ams.rpki-client.org