Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1PkhKd96qnFX4VlzwkdT4RjJBX0.cer
File:                     1PkhKd96qnFX4VlzwkdT4RjJBX0.cer (raw, json)
Hash identifier:          oqk2WEhqHxo6+XwXWF4QN3DOjNQ8+UI5YZWGWU38lSw=
Subject key identifier:   D4:F9:21:29:DF:7A:AA:71:57:E1:59:73:C2:47:53:E1:18:C9:05:7D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801D3227B730FB15098A5F6525DD3A3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/78/9cfe5d-5770-4b5d-8935-9f38c8b8a928/1/1PkhKd96qnFX4VlzwkdT4RjJBX0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/78/9cfe5d-5770-4b5d-8935-9f38c8b8a928/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 204631
                          IP: 185.136.120.0/22
                          IP: 193.27.218.0/23
                          IP: 2001:67c:2c08::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d3:22:7b:73:0f:b1:50:98:a5:f6:52:5d:d3:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4f92129df7aaa7157e15973c24753e118c9057d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:98:be:b9:99:c9:b5:f1:29:88:38:e4:b2:98:
                    15:11:6d:79:8d:cb:91:ef:ac:8f:8e:1c:0f:e8:8c:
                    62:a6:87:ea:89:00:a7:c1:fa:14:bf:7f:5c:d8:3e:
                    5f:57:1a:2c:21:c1:a6:e0:4d:67:69:7a:1d:9e:ea:
                    c1:dd:18:dd:77:34:d6:89:02:b2:26:d8:fb:5a:a2:
                    8f:48:b8:e7:a6:ab:c3:fa:61:fe:ba:55:f7:f0:f4:
                    cd:00:4a:cf:71:46:06:5f:ce:6d:ba:26:3c:56:0f:
                    cd:8f:10:00:cc:15:b2:7f:e0:81:5f:88:d8:75:05:
                    06:fe:56:b8:bd:81:d2:98:1e:42:a5:ff:e8:a2:b0:
                    73:87:66:bd:7f:20:3c:04:35:92:a9:09:87:42:7a:
                    f7:1d:b0:66:5d:b5:34:be:cd:fb:83:cd:86:68:e2:
                    2e:07:d5:f8:21:3e:45:14:9a:7f:fb:10:b2:b9:8d:
                    e2:51:5d:3e:fe:3d:fb:b0:2c:98:e0:23:f3:4d:e7:
                    80:a2:42:f3:08:1e:70:18:df:48:9d:ad:94:4b:3c:
                    97:cf:4c:9d:60:98:75:56:9a:9d:ee:d6:50:62:ff:
                    87:66:85:74:5d:fc:15:91:8a:66:0c:55:1c:50:cb:
                    80:e6:7c:c5:2a:97:22:5d:3f:ae:bf:04:77:12:a6:
                    d8:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:F9:21:29:DF:7A:AA:71:57:E1:59:73:C2:47:53:E1:18:C9:05:7D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/9cfe5d-5770-4b5d-8935-9f38c8b8a928/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/9cfe5d-5770-4b5d-8935-9f38c8b8a928/1/1PkhKd96qnFX4VlzwkdT4RjJBX0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.136.120.0/22
                  193.27.218.0/23
                IPv6:
                  2001:67c:2c08::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204631

    Signature Algorithm: sha256WithRSAEncryption
         b0:74:23:f1:09:63:15:a2:5b:03:1b:f9:90:7b:bc:7c:df:c3:
         2c:6f:2d:ff:0b:ef:0c:ef:e1:7b:97:60:96:15:ce:b1:ca:22:
         c6:8b:5f:df:9b:17:4b:78:76:bd:dd:85:2c:05:32:44:45:cf:
         bd:a7:f8:22:81:ca:44:dc:80:87:f0:88:0e:0a:04:8c:4a:1b:
         e1:00:a6:ab:87:2d:a8:52:89:58:61:1d:2c:62:46:9e:d5:30:
         47:44:c7:84:7e:db:cd:a7:36:0f:45:f0:d9:1a:9d:7d:a1:61:
         4f:f4:b9:91:53:4a:2e:2a:d0:55:0d:f1:f8:0d:5b:b9:c5:c1:
         e8:90:58:06:3f:89:58:9d:2c:af:cb:ee:62:8b:68:e9:78:8b:
         f7:90:00:a6:58:49:af:7a:f3:bd:c7:cf:0d:d3:08:1f:67:aa:
         ab:b9:75:ab:b4:66:86:4a:fa:6e:91:3b:b4:c4:54:78:76:21:
         af:db:f8:a6:e9:3b:d7:42:6a:31:45:02:36:27:43:81:7f:1e:
         43:b3:fa:91:d7:8b:f0:92:48:cf:ea:38:46:11:e4:5e:ff:6e:
         43:92:cb:82:42:44:8d:a7:85:3b:36:c5:a9:17:c5:7c:c8:b9:
         7f:27:c8:05:54:50:08:07:14:5c:bb:70:a3:52:34:7f:ca:2f:
         3b:7f:be:8c
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgISAYzIAdMie3MPsVCYpfZSXdOjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGY5MjEyOWRmN2FhYTcxNTdlMTU5NzNjMjQ3NTNlMTE4YzkwNTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJi+uZnJtfEpiDjkspgVEW15jcuR
76yPjhwP6IxipofqiQCnwfoUv39c2D5fVxosIcGm4E1naXodnurB3RjddzTWiQKy
Jtj7WqKPSLjnpqvD+mH+ulX38PTNAErPcUYGX85tuiY8Vg/NjxAAzBWyf+CBX4jY
dQUG/la4vYHSmB5Cpf/oorBzh2a9fyA8BDWSqQmHQnr3HbBmXbU0vs37g82GaOIu
B9X4IT5FFJp/+xCyuY3iUV0+/j37sCyY4CPzTeeAokLzCB5wGN9Ina2USzyXz0yd
YJh1Vpqd7tZQYv+HZoV0XfwVkYpmDFUcUMuA5nzFKpciXT+uvwR3EqbYpQIDAQAB
o4ICtzCCArMwHQYDVR0OBBYEFNT5ISnfeqpxV+FZc8JHU+EYyQV9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc4LzljZmU1
ZC01NzcwLTRiNWQtODkzNS05ZjM4YzhiOGE5MjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvOWNmZTVk
LTU3NzAtNGI1ZC04OTM1LTlmMzhjOGI4YTkyOC8xLzFQa2hLZDk2cW5GWDRWbHp3
a2RUNFJqSkJYMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUF
BwEHAQH/BCcwJTASBAIAATAMAwQCuYh4AwQBwRvaMA8EAgACMAkDBwAgAQZ8LAgw
GgYIKwYBBQUHAQgBAf8ECzAJoAcwBQIDAx9XMA0GCSqGSIb3DQEBCwUAA4IBAQCw
dCPxCWMVolsDG/mQe7x838Msby3/C+8M7+F7l2CWFc6xyiLGi1/fmxdLeHa93YUs
BTJERc+9p/gigcpE3ICH8IgOCgSMShvhAKarhy2oUolYYR0sYkae1TBHRMeEftvN
pzYPRfDZGp19oWFP9LmRU0ouKtBVDfH4DVu5xcHokFgGP4lYnSyvy+5ii2jpeIv3
kACmWEmvevO9x88N0wgfZ6qruXWrtGaGSvpukTu0xFR4diGv2/im6TvXQmoxRQI2
J0OBfx5Ds/qR14vwkkjP6jhGEeRe/25DksuCQkSNp4U7NsWpF8V8yLl/J8gFVFAI
BxRcu3CjUjR/yi87f76M
-----END CERTIFICATE-----
Generated at Thu Mar 28 05:52:21 2024 by rpki-client on console-ams.rpki-client.org