Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2hbGGY0NwZQvwR6o_QRrj4Qn6Ck.cer
File: 2hbGGY0NwZQvwR6o_QRrj4Qn6Ck.cer (raw, json)
Hash identifier: 7D+5tdnUMweVLVY0bYtSbQe/7XVAcTKhLottdDE+PCI=
Subject key identifier: DA:16:C6:19:8D:0D:C1:94:2F:C1:1E:A8:FD:04:6B:8F:84:27:E8:29
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 018CC5013A83142F4FE93B601D593D8EEC6B
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/b1/cd4ac8-2235-4539-85b1-78a709d7fefd/1/2hbGGY0NwZQvwR6o_QRrj4Qn6Ck.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/b1/cd4ac8-2235-4539-85b1-78a709d7fefd/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Mon 01 Jan 2024 12:30:41 +0000
Certificate not after: Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources: IP: 193.5.44.0/23
Validation: Failed, certificate revoked on Wed 14 Feb 2024 14:45:01 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:3a:83:14:2f:4f:e9:3b:60:1d:59:3d:8e:ec:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 1 12:30:41 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=da16c6198d0dc1942fc11ea8fd046b8f8427e829
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:b9:fc:2b:0a:b0:84:12:ce:cd:6c:b0:fa:e8:
e6:83:b3:0a:29:26:34:f6:ef:d7:d5:c4:b6:76:43:
dd:d9:af:0e:fc:30:0d:aa:04:7e:7c:6d:c5:b1:ab:
53:53:9b:ad:bb:91:fe:e3:c1:d5:26:95:f9:d8:a9:
72:5c:21:8c:97:9f:d4:3f:d6:e5:30:a5:98:5d:84:
69:f6:cc:68:9e:e4:cd:96:b3:22:e7:52:9c:68:e4:
bb:a0:df:0b:fb:c8:6d:e6:0e:c5:38:06:79:b3:c2:
a7:f9:58:be:c0:6e:40:05:2e:de:be:0d:e8:74:3b:
ec:22:ee:a2:4f:95:45:23:7e:7e:e8:06:78:72:05:
f2:f6:d4:85:00:c0:5c:6b:ef:06:9b:d1:fe:c5:7c:
13:87:e1:a9:a9:13:f1:08:36:f9:bc:2f:77:f4:cf:
d8:2f:a1:54:4a:3f:89:2a:e2:8d:c9:35:39:13:9f:
ee:ec:07:ff:b6:2f:d1:31:b7:8a:4a:20:fb:83:dd:
24:ac:f7:8a:51:d9:f5:0c:1c:b7:75:0e:52:69:3e:
af:37:67:2c:32:57:1f:8b:1a:31:ec:bc:e6:56:45:
e4:54:a9:98:e4:eb:a5:e5:05:ee:48:51:25:cf:71:
79:83:a5:57:c0:f7:58:6a:2d:b4:52:27:f7:81:b1:
26:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:16:C6:19:8D:0D:C1:94:2F:C1:1E:A8:FD:04:6B:8F:84:27:E8:29
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cd4ac8-2235-4539-85b1-78a709d7fefd/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cd4ac8-2235-4539-85b1-78a709d7fefd/1/2hbGGY0NwZQvwR6o_QRrj4Qn6Ck.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.5.44.0/23
Signature Algorithm: sha256WithRSAEncryption
23:f2:7b:15:ca:3c:6a:86:ea:80:b9:f4:f5:aa:0f:fe:67:68:
f1:fa:da:9f:fa:cb:f4:c7:4c:63:01:9b:95:03:dc:fb:86:fa:
0c:6d:86:73:65:ac:73:52:93:49:73:c9:82:2d:38:a2:5d:58:
48:1a:97:d9:db:ad:3b:e6:3e:cb:2a:ea:a2:45:ca:b4:02:e2:
04:c0:9f:8d:54:50:72:af:42:d4:59:86:45:f6:e2:28:15:cb:
16:7c:78:ee:b4:9d:8d:86:a5:89:5b:0f:75:b4:67:49:70:a5:
43:95:e4:83:e3:69:e2:09:50:de:1b:c5:75:ed:34:7e:91:9d:
f4:10:0a:b7:1c:4c:fb:49:65:86:5d:35:f0:1d:49:03:35:25:
84:b2:5b:62:cb:40:e9:f2:68:17:57:82:c8:cd:36:fd:11:54:
44:03:ad:e0:58:60:e5:d1:9c:77:b8:f4:ca:4d:ab:0f:26:5c:
d3:9e:25:e7:c2:54:90:4d:5a:29:5d:66:92:5a:40:a6:80:93:
54:9f:16:6b:45:f2:d7:58:2b:82:a7:c1:0c:30:17:57:2f:e7:
40:13:b3:53:3b:f1:de:24:45:2e:85:f5:44:7e:f0:71:15:e3:
5e:fc:85:d5:d7:48:38:96:a6:21:72:8d:5c:11:7d:2d:b6:9f:
2f:7e:e5:02
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzFATqDFC9P6TtgHVk9juxrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTE2YzYxOThkMGRjMTk0MmZjMTFlYThmZDA0NmI4Zjg0MjdlODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrn8KwqwhBLOzWyw+ujmg7MKKSY0
9u/X1cS2dkPd2a8O/DANqgR+fG3FsatTU5utu5H+48HVJpX52KlyXCGMl5/UP9bl
MKWYXYRp9sxonuTNlrMi51KcaOS7oN8L+8ht5g7FOAZ5s8Kn+Vi+wG5ABS7evg3o
dDvsIu6iT5VFI35+6AZ4cgXy9tSFAMBca+8Gm9H+xXwTh+GpqRPxCDb5vC939M/Y
L6FUSj+JKuKNyTU5E5/u7Af/ti/RMbeKSiD7g90krPeKUdn1DBy3dQ5SaT6vN2cs
Mlcfixox7LzmVkXkVKmY5Oul5QXuSFElz3F5g6VXwPdYai20Uif3gbEmkQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNoWxhmNDcGUL8EeqP0Ea4+EJ+gpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IxL2NkNGFj
OC0yMjM1LTQ1MzktODViMS03OGE3MDlkN2ZlZmQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEvY2Q0YWM4
LTIyMzUtNDUzOS04NWIxLTc4YTcwOWQ3ZmVmZC8xLzJoYkdHWTBOd1pRdndSNm9f
UVJyajRRbjZDay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwQUsMA0GCSqGSIb3DQEBCwUAA4IBAQAj8nsV
yjxqhuqAufT1qg/+Z2jx+tqf+sv0x0xjAZuVA9z7hvoMbYZzZaxzUpNJc8mCLTii
XVhIGpfZ26075j7LKuqiRcq0AuIEwJ+NVFByr0LUWYZF9uIoFcsWfHjutJ2NhqWJ
Ww91tGdJcKVDleSD42niCVDeG8V17TR+kZ30EAq3HEz7SWWGXTXwHUkDNSWEslti
y0Dp8mgXV4LIzTb9EVREA63gWGDl0Zx3uPTKTasPJlzTniXnwlSQTVopXWaSWkCm
gJNUnxZrRfLXWCuCp8EMMBdXL+dAE7NTO/HeJEUuhfVEfvBxFeNe/IXV10g4lqYh
co1cEX0ttp8vfuUC
-----END CERTIFICATE-----
Generated at Wed Feb 14 18:15:40 2024 by rpki-client on console-ams.rpki-client.org