Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28eECSDRxwn_KZrtNoLCP7Qydn0.cer
File:                     28eECSDRxwn_KZrtNoLCP7Qydn0.cer (raw, json)
Hash identifier:          8Bqf6BG1kBPdXH1WL5bwMkv+Z2AeshQ5mm2YCagPR7I=
Subject key identifier:   DB:C7:84:09:20:D1:C7:09:FF:29:9A:ED:36:82:C2:3F:B4:32:76:7D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5013D169AD09BB4FD445AE03CE1DB49
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/28eECSDRxwn_KZrtNoLCP7Qydn0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:41 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 48721
                          AS: 209588
                          AS: 211794
                          IP: 141.98.80.0/22
                          IP: 194.165.16.0/23
                          IP: 2a10:9100::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:3d:16:9a:d0:9b:b4:fd:44:5a:e0:3c:e1:db:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dbc7840920d1c709ff299aed3682c23fb432767d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1c:bc:4f:09:05:58:fa:bd:37:6d:5d:5a:ed:
                    1f:6c:9e:de:f9:4e:0f:94:7d:4a:8e:32:aa:c2:aa:
                    09:40:bb:19:24:e6:8f:75:40:58:cc:33:2f:71:4c:
                    12:53:a3:1f:1d:32:b8:89:28:f3:66:c5:d7:db:c7:
                    1e:d5:39:f8:f5:9c:22:df:4a:d3:57:ba:22:8a:6c:
                    1e:6a:e7:f2:4d:40:3a:50:23:37:38:f3:31:43:83:
                    44:d6:eb:26:2e:9c:df:a0:69:44:7c:00:87:86:65:
                    77:c8:4d:17:dc:77:fe:6d:e3:d7:1c:f1:65:c2:20:
                    4f:77:7e:ae:6c:e3:e3:f0:02:84:a8:b3:f5:22:3e:
                    af:cb:73:d4:6a:42:55:47:f0:d9:b0:5b:1d:b7:13:
                    1d:41:8f:73:7e:a3:e0:5a:93:b8:aa:2e:49:bf:f3:
                    de:26:6b:a0:ea:52:18:1b:88:a7:ab:a2:6f:37:6f:
                    bb:32:b9:de:85:d7:9e:d5:c6:73:50:19:c0:1b:30:
                    d4:68:39:60:95:fe:46:cb:8f:92:cc:c1:ca:c5:99:
                    eb:6e:9c:22:5d:e8:a6:fc:97:8a:da:b2:13:21:9d:
                    6d:af:32:6d:d3:50:a9:6c:52:85:c2:24:79:31:1a:
                    fa:59:92:38:0d:11:dd:70:74:fd:10:51:df:c2:d5:
                    de:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:C7:84:09:20:D1:C7:09:FF:29:9A:ED:36:82:C2:3F:B4:32:76:7D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/9521e1-7610-4d43-8683-51be2f9608bc/1/28eECSDRxwn_KZrtNoLCP7Qydn0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.80.0/22
                  194.165.16.0/23
                IPv6:
                  2a10:9100::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48721
                  209588
                  211794

    Signature Algorithm: sha256WithRSAEncryption
         62:9f:c0:4a:97:1d:34:14:5f:a8:3a:d0:38:ef:a1:73:8b:e3:
         7d:e0:29:db:17:ae:da:02:e4:05:65:5f:3c:dd:1b:26:a4:a9:
         9f:b6:ab:3a:9d:1b:60:88:33:43:3e:94:fb:07:01:25:e6:30:
         8d:36:b9:15:d2:a9:2f:78:b2:0c:19:29:0d:8f:7f:02:3a:a7:
         b5:00:9f:56:75:08:73:8e:2c:ac:22:bd:5e:99:14:97:e2:fc:
         1b:b7:0a:f0:1a:68:ae:49:5d:ec:29:a3:8f:e9:74:81:13:a4:
         e2:65:f5:a5:34:e0:e9:05:06:b8:31:e3:24:95:e5:b5:85:79:
         ba:a9:bd:5b:45:1a:d0:44:68:0e:35:de:58:d7:c2:8d:25:1e:
         a2:fd:83:ad:84:32:40:14:c7:9c:57:a0:f5:46:6f:cf:f8:ce:
         7f:f3:e3:d4:37:9d:be:2d:10:1b:8c:bb:f0:a9:ee:54:72:2b:
         26:c2:1b:42:39:67:f7:33:68:80:1f:e7:37:0d:5c:5b:f9:5b:
         ae:b5:d1:40:1d:b6:ab:2f:e8:9f:0a:4c:5a:33:94:a9:32:1f:
         b8:13:b8:69:88:5f:31:97:aa:1b:54:94:6a:cc:95:cc:a7:25:
         3b:24:be:81:85:d0:a3:8b:09:51:0a:6e:3b:2a:a0:85:93:04:
         a2:70:89:8b
-----BEGIN CERTIFICATE-----
MIIFszCCBJugAwIBAgISAYzFAT0WmtCbtP1EWuA84dtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmM3ODQwOTIwZDFjNzA5ZmYyOTlhZWQzNjgyYzIzZmI0MzI3NjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBy8TwkFWPq9N21dWu0fbJ7e+U4P
lH1KjjKqwqoJQLsZJOaPdUBYzDMvcUwSU6MfHTK4iSjzZsXX28ce1Tn49Zwi30rT
V7oiimweaufyTUA6UCM3OPMxQ4NE1usmLpzfoGlEfACHhmV3yE0X3Hf+bePXHPFl
wiBPd36ubOPj8AKEqLP1Ij6vy3PUakJVR/DZsFsdtxMdQY9zfqPgWpO4qi5Jv/Pe
Jmug6lIYG4inq6JvN2+7Mrnehdee1cZzUBnAGzDUaDlglf5Gy4+SzMHKxZnrbpwi
Xeim/JeK2rITIZ1trzJt01CpbFKFwiR5MRr6WZI4DRHdcHT9EFHfwtXetQIDAQAB
o4ICvzCCArswHQYDVR0OBBYEFNvHhAkg0ccJ/yma7TaCwj+0MnZ9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU0Lzk1MjFl
MS03NjEwLTRkNDMtODY4My01MWJlMmY5NjA4YmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvOTUyMWUx
LTc2MTAtNGQ0My04NjgzLTUxYmUyZjk2MDhiYy8xLzI4ZUVDU0RSeHduX0tacnRO
b0xDUDdReWRuMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQCjWJQAwQBwqUQMA0EAgACMAcDBQMqEJEAMCQG
CCsGAQUFBwEIAQH/BBUwE6ARMA8CAwC+UQIDAzK0AgMDO1IwDQYJKoZIhvcNAQEL
BQADggEBAGKfwEqXHTQUX6g60DjvoXOL433gKdsXrtoC5AVlXzzdGyakqZ+2qzqd
G2CIM0M+lPsHASXmMI02uRXSqS94sgwZKQ2PfwI6p7UAn1Z1CHOOLKwivV6ZFJfi
/Bu3CvAaaK5JXewpo4/pdIETpOJl9aU04OkFBrgx4ySV5bWFebqpvVtFGtBEaA41
3ljXwo0lHqL9g62EMkAUx5xXoPVGb8/4zn/z49Q3nb4tEBuMu/Cp7lRyKybCG0I5
Z/czaIAf5zcNXFv5W6610UAdtqsv6J8KTFozlKkyH7gTuGmIXzGXqhtUlGrMlcyn
JTskvoGF0KOLCVEKbjsqoIWTBKJwiYs=
-----END CERTIFICATE-----
Generated at Thu Mar 28 20:01:55 2024 by rpki-client on console-fra.rpki-client.org