Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1DLOHXpgl0mORQlgy44us48oE9M.cer
File: 1DLOHXpgl0mORQlgy44us48oE9M.cer (raw, json)
Hash identifier: Sq+x6QCj9/AruOxkm3J/bFDrBbPJfbnzkaACDFHRoUM=
Subject key identifier: D4:32:CE:1D:7A:60:97:49:8E:45:09:60:CB:8E:2E:B3:8F:28:13:D3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 98B5EE092C
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://nostromo.heficed.net/repo/1123912/0/D432CE1D7A6097498E450960CB8E2EB38F2813D3.mft
caRepository: rsync://nostromo.heficed.net/repo/1123912/0/
Notify URL: https://nostromo.heficed.net/rrdp/notification.xml
Certificate not before: Sat 01 Jan 2022 00:01:00 +0000
Certificate not after: Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources: IP: 192.109.109.0 -- 192.109.110.255
IP: 192.109.117.0/24
IP: 192.109.119.0/24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 655887305004 (0x98b5ee092c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 1 00:01:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d432ce1d7a6097498e450960cb8e2eb38f2813d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:09:c6:85:5d:96:40:a4:dc:4e:d4:1d:74:b6:
c0:77:0f:d6:6e:db:6d:e5:89:ef:11:b4:49:c8:83:
ea:04:ea:9b:f5:2a:18:14:14:5f:ca:8b:d3:1b:7e:
43:36:cf:aa:44:11:ff:27:c2:ad:d0:4c:df:5b:f5:
a3:6a:2e:48:93:9b:d1:66:3c:52:7b:b3:4a:01:0d:
ff:21:a7:dc:85:e6:34:a5:c6:d6:9f:9c:ad:1e:24:
93:53:ce:16:59:7b:e2:54:12:8a:ca:f4:da:1f:d3:
31:ae:e2:03:4e:dc:40:c5:2c:bb:73:f8:02:d8:ff:
62:9e:66:c5:6f:36:8a:d1:6b:2d:93:97:92:cd:2d:
5f:60:a6:de:0d:75:4b:fd:ec:83:cf:59:d9:0b:84:
69:9b:90:97:24:4c:27:09:9d:74:6a:d7:b3:ba:1b:
3e:6e:19:27:eb:19:76:b0:65:77:5b:61:84:eb:4a:
61:31:c0:ca:ef:65:cc:86:0a:56:a6:1e:5b:9d:87:
50:e1:cd:c6:b4:70:bf:f2:5d:de:04:59:54:56:63:
d1:5b:cb:b3:13:ac:a8:1d:a3:8a:c6:aa:8e:8a:6c:
56:54:d0:cf:7f:9c:89:41:9b:6c:9b:e1:d3:50:02:
af:64:c2:b4:b1:6a:5f:e2:98:24:00:14:65:ac:3f:
88:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:32:CE:1D:7A:60:97:49:8E:45:09:60:CB:8E:2E:B3:8F:28:13:D3
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://nostromo.heficed.net/repo/1123912/0/
RPKI Manifest - URI:rsync://nostromo.heficed.net/repo/1123912/0/D432CE1D7A6097498E450960CB8E2EB38F2813D3.mft
RPKI Notify - URI:https://nostromo.heficed.net/rrdp/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
192.109.109.0-192.109.110.255
192.109.117.0/24
192.109.119.0/24
Signature Algorithm: sha256WithRSAEncryption
09:f0:01:e1:41:1a:c0:b8:b2:09:9a:e4:4e:04:b8:75:3c:cd:
05:7e:e8:d7:6c:bd:06:08:87:c5:d9:a6:d5:00:a0:38:a6:b4:
42:07:94:93:8d:3a:63:75:4d:a3:4b:e3:ae:93:72:e3:77:95:
06:7e:a5:37:57:92:06:40:33:25:18:18:64:44:a5:57:b3:28:
31:40:00:52:82:88:b9:1e:2c:7f:91:d9:72:12:35:99:53:dd:
6f:b3:78:b2:63:ae:e7:4e:fe:58:24:7f:1b:df:da:e6:0f:48:
9d:b8:48:53:01:59:c0:f5:10:38:fc:95:6b:a7:cf:36:88:17:
b2:49:72:5c:89:15:3a:e5:7b:14:31:42:3f:7a:de:f4:41:ef:
7b:77:d6:a2:22:fa:aa:a2:cc:b2:f3:f6:dc:21:3f:73:37:12:
9f:75:a4:62:78:19:44:19:39:4f:ba:bc:85:63:4c:27:a4:f9:
02:25:48:f0:09:34:b7:86:aa:4f:15:72:79:62:bc:88:3e:24:
d4:4a:5d:70:a9:df:1c:e6:1d:52:1d:7c:07:52:4f:55:65:04:
68:a5:67:a0:29:24:de:7d:10:29:c7:67:43:12:f6:d2:30:c1:
88:0b:2c:8c:f7:99:c6:c6:cb:8f:91:50:f0:b2:1c:9b:b5:27:
70:49:5d:73
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgIGAJi17gksMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDAwMTAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhkNDMyY2UxZDdh
NjA5NzQ5OGU0NTA5NjBjYjhlMmViMzhmMjgxM2QzMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwAnGhV2WQKTcTtQddLbAdw/Wbttt5YnvEbRJyIPqBOqb
9SoYFBRfyovTG35DNs+qRBH/J8Kt0EzfW/Wjai5Ik5vRZjxSe7NKAQ3/IafcheY0
pcbWn5ytHiSTU84WWXviVBKKyvTaH9MxruIDTtxAxSy7c/gC2P9inmbFbzaK0Wst
k5eSzS1fYKbeDXVL/eyDz1nZC4Rpm5CXJEwnCZ10atezuhs+bhkn6xl2sGV3W2GE
60phMcDK72XMhgpWph5bnYdQ4c3GtHC/8l3eBFlUVmPRW8uzE6yoHaOKxqqOimxW
VNDPf5yJQZtsm+HTUAKvZMK0sWpf4pgkABRlrD+I9wIDAQABo4ICZDCCAmAwHQYD
VR0OBBYEFNQyzh16YJdJjkUJYMuOLrOPKBPTMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
gfAGCCsGAQUFBwELBIHjMIHgMDgGCCsGAQUFBzAFhixyc3luYzovL25vc3Ryb21v
LmhlZmljZWQubmV0L3JlcG8vMTEyMzkxMi8wLzBkBggrBgEFBQcwCoZYcnN5bmM6
Ly9ub3N0cm9tby5oZWZpY2VkLm5ldC9yZXBvLzExMjM5MTIvMC9ENDMyQ0UxRDdB
NjA5NzQ5OEU0NTA5NjBDQjhFMkVCMzhGMjgxM0QzLm1mdDA+BggrBgEFBQcwDYYy
aHR0cHM6Ly9ub3N0cm9tby5oZWZpY2VkLm5ldC9ycmRwL25vdGlmaWNhdGlvbi54
bWwwWQYDVR0fBFIwUDBOoEygSoZIcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9z
aXRvcnkvREVGQVVMVC9LcFNvM1ZWSzV3RUhJSm5IQzJRSFZWM2Q1bWsuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwMwYIKwYBBQUHAQcBAf8EJDAiMCAEAgAB
MBowDAMEAMBtbQMEAMBtbgMEAMBtdQMEAMBtdzANBgkqhkiG9w0BAQsFAAOCAQEA
CfAB4UEawLiyCZrkTgS4dTzNBX7o12y9BgiHxdmm1QCgOKa0QgeUk406Y3VNo0vj
rpNy43eVBn6lN1eSBkAzJRgYZESlV7MoMUAAUoKIuR4sf5HZchI1mVPdb7N4smOu
507+WCR/G9/a5g9InbhIUwFZwPUQOPyVa6fPNogXsklyXIkVOuV7FDFCP3re9EHv
e3fWoiL6qqLMsvP23CE/czcSn3WkYngZRBk5T7q8hWNMJ6T5AiVI8Ak0t4aqTxVy
eWK8iD4k1EpdcKnfHOYdUh18B1JPVWUEaKVnoCkk3n0QKcdnQxL20jDBiAssjPeZ
xsbLj5FQ8LIcm7UncEldcw==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:37 2023 by rpki-client on console-ams.rpki-client.org