Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2fkESVCev547D0LBzcIuPvQAdCY.cer
File:                     2fkESVCev547D0LBzcIuPvQAdCY.cer (raw, json)
Hash identifier:          vn+F76/dfUuWml7eE5FN2hpO2+0qCWc0B6Ar6zm8B+Q=
Subject key identifier:   D9:F9:04:49:50:9E:BF:9E:3B:0F:42:C1:CD:C2:2E:3E:F4:00:74:26
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8715F3CCC364F0183B66A4CD12314C2
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/2fkESVCev547D0LBzcIuPvQAdCY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:32:02 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 206102
                          IP: 152.89.136.0/22
                          IP: 185.195.96.0/22
                          IP: 2a09:39c0::/29
                          IP: 2a0a:5740::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Mar 2024 06:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:5f:3c:cc:36:4f:01:83:b6:6a:4c:d1:23:14:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:32:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d9f90449509ebf9e3b0f42c1cdc22e3ef4007426
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:d4:f3:13:15:71:9b:51:d3:5b:67:9f:63:89:
                    b4:8b:9e:a9:c2:72:83:54:53:b8:fb:7b:aa:c7:bf:
                    e3:f1:0a:c1:65:9a:ca:8c:df:65:48:96:69:dd:e5:
                    a7:ed:60:5d:a1:6b:1c:5e:8d:ff:43:bb:25:4e:bb:
                    32:2c:55:ac:d8:b5:96:1c:ee:13:a9:f5:04:5c:11:
                    22:b1:ad:63:d4:9e:58:8c:20:ae:57:e9:93:a1:85:
                    a9:b0:be:13:b3:d2:f2:4b:c2:a1:9e:62:27:e5:80:
                    68:ea:11:0d:60:3f:ec:66:52:96:5a:2b:bb:61:ad:
                    de:3a:bf:d0:f6:23:a2:5c:63:c9:25:3a:7e:31:92:
                    7e:5f:38:08:f2:3d:41:87:e1:e3:22:0c:05:63:fa:
                    8e:e3:cc:a9:43:e1:20:cf:d2:b7:d9:35:b4:93:b4:
                    63:de:b9:a5:94:64:c1:2b:3d:dd:0f:20:43:8e:88:
                    91:3a:66:ce:d8:79:c3:70:70:10:4a:81:2e:2c:00:
                    15:85:2c:76:d5:d5:83:17:6c:74:a6:b9:b7:fe:30:
                    1a:ba:ab:05:be:29:fe:2a:ab:02:5a:96:14:1a:df:
                    8a:5a:4f:d4:8d:28:ea:9c:01:a7:72:4b:92:79:56:
                    b5:26:69:cf:86:1d:34:0f:15:21:c7:63:67:25:14:
                    9c:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:F9:04:49:50:9E:BF:9E:3B:0F:42:C1:CD:C2:2E:3E:F4:00:74:26
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/9c5cef-d4e4-44e1-abf5-bb48828c9f05/1/2fkESVCev547D0LBzcIuPvQAdCY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.136.0/22
                  185.195.96.0/22
                IPv6:
                  2a09:39c0::/29
                  2a0a:5740::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206102

    Signature Algorithm: sha256WithRSAEncryption
         73:27:fd:e5:1a:f8:38:d2:95:39:de:0d:6c:13:df:f3:a0:31:
         a3:6d:5c:cf:15:cd:99:9e:85:f9:6c:36:9e:e6:ed:56:2d:11:
         0d:d8:1f:eb:f6:70:9a:97:f7:b5:61:94:0a:55:17:ea:38:84:
         28:49:c3:8b:a4:9d:d8:3f:ec:6b:e0:c3:3a:86:cd:cb:15:9e:
         89:32:0b:af:4f:cd:89:43:3c:53:1d:be:58:2f:00:41:29:d8:
         15:a2:86:09:7a:c8:10:15:92:f2:20:ee:94:e6:a4:4f:86:71:
         9e:dd:a2:e4:bd:6e:83:1a:f9:a9:57:f7:98:a1:47:70:73:40:
         8a:39:29:67:6c:98:37:b8:53:81:61:b4:7e:18:89:28:12:2f:
         5c:b2:0a:e6:80:85:76:1d:7d:8f:3e:5c:57:00:46:45:93:4d:
         51:26:ee:d8:bc:ca:b2:cd:e2:92:73:6e:7d:aa:17:7b:7b:a4:
         3c:48:90:16:f7:4f:9a:c5:c8:1d:e2:e3:04:16:ce:14:84:0a:
         99:40:37:3a:8b:9a:74:71:06:fe:b0:5e:17:96:1e:93:66:f1:
         93:72:4f:7a:00:d6:b3:f2:f3:80:c4:2a:f2:a6:71:56:d9:87:
         f4:91:36:e5:9f:96:fc:aa:06:24:2f:a2:14:b9:76:e7:dd:a0:
         94:e3:1a:d9
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgISAYzIcV88zDZPAYO2akzRIxTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMjAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWY5MDQ0OTUwOWViZjllM2IwZjQyYzFjZGMyMmUzZWY0MDA3NDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutTzExVxm1HTW2efY4m0i56pwnKD
VFO4+3uqx7/j8QrBZZrKjN9lSJZp3eWn7WBdoWscXo3/Q7slTrsyLFWs2LWWHO4T
qfUEXBEisa1j1J5YjCCuV+mToYWpsL4Ts9LyS8KhnmIn5YBo6hENYD/sZlKWWiu7
Ya3eOr/Q9iOiXGPJJTp+MZJ+XzgI8j1Bh+HjIgwFY/qO48ypQ+Egz9K32TW0k7Rj
3rmllGTBKz3dDyBDjoiROmbO2HnDcHAQSoEuLAAVhSx21dWDF2x0prm3/jAauqsF
vin+KqsCWpYUGt+KWk/UjSjqnAGnckuSeVa1JmnPhh00DxUhx2NnJRScZwIDAQAB
o4ICvDCCArgwHQYDVR0OBBYEFNn5BElQnr+eOw9Cwc3CLj70AHQmMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgzLzljNWNl
Zi1kNGU0LTQ0ZTEtYWJmNS1iYjQ4ODI4YzlmMDUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODMvOWM1Y2Vm
LWQ0ZTQtNDRlMS1hYmY1LWJiNDg4MjhjOWYwNS8xLzJma0VTVkNldjU0N0QwTEJ6
Y0l1UHZRQWRDWS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDsGCCsGAQUF
BwEHAQH/BCwwKjASBAIAATAMAwQCmFmIAwQCucNgMBQEAgACMA4DBQMqCTnAAwUD
KgpXQDAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDJRYwDQYJKoZIhvcNAQELBQAD
ggEBAHMn/eUa+DjSlTneDWwT3/OgMaNtXM8VzZmehflsNp7m7VYtEQ3YH+v2cJqX
97VhlApVF+o4hChJw4ukndg/7GvgwzqGzcsVnokyC69PzYlDPFMdvlgvAEEp2BWi
hgl6yBAVkvIg7pTmpE+GcZ7douS9boMa+alX95ihR3BzQIo5KWdsmDe4U4FhtH4Y
iSgSL1yyCuaAhXYdfY8+XFcARkWTTVEm7ti8yrLN4pJzbn2qF3t7pDxIkBb3T5rF
yB3i4wQWzhSECplANzqLmnRxBv6wXheWHpNm8ZNyT3oA1rPy84DEKvKmcVbZh/SR
NuWflvyqBiQvohS5dufdoJTjGtk=
-----END CERTIFICATE-----
Generated at Fri Mar 29 08:54:05 2024 by rpki-client on console-ams.rpki-client.org