Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30ZXgSQ1uxr0gC-WAy-RxXy8yTM.cer
File:                     30ZXgSQ1uxr0gC-WAy-RxXy8yTM.cer (raw, json)
Hash identifier:          ykAcSaGxZGTyjYAPT777PtSBb8XQERAIXlbqOklw1GU=
Subject key identifier:   DF:46:57:81:24:35:BB:1A:F4:80:2F:96:03:2F:91:C5:7C:BC:C9:33
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01870E4E452D37C6ED8FFE1370F97BF1308B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b3/47012a-e1cf-43d7-9351-0edf2c4f7ec0/1/30ZXgSQ1uxr0gC-WAy-RxXy8yTM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b3/47012a-e1cf-43d7-9351-0edf2c4f7ec0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 23 Mar 2023 11:50:23 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    IP: 5.180.100.0/22
                          IP: 45.15.252.0/22
                          IP: 45.93.12.0/22
                          IP: 77.83.184.0/22
                          IP: 176.53.132.0/22
                          IP: 193.187.97.0/24
                          IP: 194.34.248.0/22
                          IP: 213.166.88.0/22
                          IP: 2a09:3900::/29
                          IP: 2a09:3c80::/29
                          IP: 2a09:cb00::/29
                          IP: 2a0d:fb40::/29
                          IP: 2a0f:ff80::/29
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:87:0e:4e:45:2d:37:c6:ed:8f:fe:13:70:f9:7b:f1:30:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 23 11:50:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=df4657812435bb1af4802f96032f91c57cbcc933
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ce:db:20:0b:e7:8a:58:2d:40:2f:c2:be:17:
                    14:40:a0:25:e3:b2:61:d5:b4:fa:ed:6c:4d:a3:52:
                    7d:ac:b7:b6:7e:cf:73:5c:12:79:45:0d:7e:c6:48:
                    8a:63:78:37:9b:ea:d3:f8:43:5f:c7:36:d2:ab:53:
                    94:2a:69:fe:b8:78:ce:22:7b:62:b1:0b:e4:e0:6b:
                    88:0b:9d:fe:7b:6f:9f:a2:d5:bf:3a:40:c2:b0:74:
                    8f:11:13:7b:db:cd:81:23:14:29:38:a5:46:bc:25:
                    06:ea:b2:ea:2d:43:6b:8b:92:0a:c2:be:18:8d:fb:
                    80:c3:7c:f1:dd:4d:69:e2:33:67:c9:a4:a6:70:1b:
                    dc:66:f4:fb:ec:5a:52:3b:c6:c4:f8:9c:e5:cc:a9:
                    23:f6:5b:be:0c:67:77:17:93:0f:52:c1:c2:0e:7e:
                    f8:d0:2c:cb:3f:83:d2:24:29:85:e4:9f:14:72:e5:
                    42:d7:25:32:46:87:e2:c2:a1:f9:f5:d2:3d:56:fd:
                    67:1e:90:48:d9:07:c5:43:d2:1f:45:94:ad:43:03:
                    13:89:35:8c:6a:fe:0e:26:0b:05:b1:50:9a:96:42:
                    c1:94:9a:19:06:96:eb:27:4d:f6:7f:0f:dd:6b:b9:
                    8a:4b:14:b2:3f:9b:f5:3e:6c:6e:52:12:34:b2:01:
                    fa:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:46:57:81:24:35:BB:1A:F4:80:2F:96:03:2F:91:C5:7C:BC:C9:33
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/47012a-e1cf-43d7-9351-0edf2c4f7ec0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/47012a-e1cf-43d7-9351-0edf2c4f7ec0/1/30ZXgSQ1uxr0gC-WAy-RxXy8yTM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.180.100.0/22
                  45.15.252.0/22
                  45.93.12.0/22
                  77.83.184.0/22
                  176.53.132.0/22
                  193.187.97.0/24
                  194.34.248.0/22
                  213.166.88.0/22
                IPv6:
                  2a09:3900::/29
                  2a09:3c80::/29
                  2a09:cb00::/29
                  2a0d:fb40::/29
                  2a0f:ff80::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:ff:92:35:29:26:5f:90:3f:40:e3:66:77:01:d5:80:a2:da:
         57:6f:cb:45:b1:6d:b5:32:d4:aa:56:be:60:2d:41:4d:5e:60:
         c0:8d:53:dd:ca:82:d0:92:c9:ef:a5:4b:d5:34:72:a9:3c:13:
         f1:25:e0:eb:9e:26:8b:70:de:3c:88:18:39:70:e1:65:23:10:
         03:b4:66:26:a1:5f:69:38:15:55:b0:17:df:88:78:d0:85:a8:
         ac:88:17:b3:96:c4:02:db:28:19:24:80:54:b9:26:3f:07:7d:
         ae:1e:83:1c:da:1b:37:ba:67:8b:44:40:08:77:a2:09:af:a7:
         7d:5d:91:53:8f:62:16:09:e6:38:1e:c7:22:aa:8a:df:58:bc:
         64:50:b8:03:df:46:58:07:09:87:f8:01:4b:21:9f:9c:85:c7:
         61:43:62:ff:d4:72:56:65:c4:c8:e2:79:d0:af:c6:e1:45:9e:
         7d:bc:59:f7:e1:8b:a6:4a:2d:30:09:bd:1a:8d:26:06:65:39:
         1a:81:f5:b1:61:a9:e1:c8:3d:84:e9:71:c1:5f:97:17:7a:17:
         3e:de:48:6e:2a:9e:15:a6:77:21:b9:14:e2:85:db:96:32:48:
         49:a0:4a:be:cd:3e:48:fc:15:db:19:b7:e5:84:c0:e8:af:74:
         b9:30:e0:e4
-----BEGIN CERTIFICATE-----
MIIFzTCCBLWgAwIBAgISAYcOTkUtN8btj/4TcPl78TCLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMzIzMTE1MDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjQ2NTc4MTI0MzViYjFhZjQ4MDJmOTYwMzJmOTFjNTdjYmNjOTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms7bIAvnilgtQC/CvhcUQKAl47Jh
1bT67WxNo1J9rLe2fs9zXBJ5RQ1+xkiKY3g3m+rT+ENfxzbSq1OUKmn+uHjOInti
sQvk4GuIC53+e2+fotW/OkDCsHSPERN7282BIxQpOKVGvCUG6rLqLUNri5IKwr4Y
jfuAw3zx3U1p4jNnyaSmcBvcZvT77FpSO8bE+JzlzKkj9lu+DGd3F5MPUsHCDn74
0CzLP4PSJCmF5J8UcuVC1yUyRofiwqH59dI9Vv1nHpBI2QfFQ9IfRZStQwMTiTWM
av4OJgsFsVCalkLBlJoZBpbrJ032fw/da7mKSxSyP5v1PmxuUhI0sgH67wIDAQAB
o4IC2TCCAtUwHQYDVR0OBBYEFN9GV4EkNbsa9IAvlgMvkcV8vMkzMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IzLzQ3MDEy
YS1lMWNmLTQzZDctOTM1MS0wZWRmMmM0ZjdlYzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjMvNDcwMTJh
LWUxY2YtNDNkNy05MzUxLTBlZGYyYzRmN2VjMC8xLzMwWlhnU1ExdXhyMGdDLVdB
eS1SeFh5OHlUTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMHQGCCsGAQUF
BwEHAQH/BGUwYzA2BAIAATAwAwQCBbRkAwQCLQ/8AwQCLV0MAwQCTVO4AwQCsDWE
AwQAwbthAwQCwiL4AwQC1aZYMCkEAgACMCMDBQMqCTkAAwUDKgk8gAMFAyoJywAD
BQMqDftAAwUDKg//gDANBgkqhkiG9w0BAQsFAAOCAQEALf+SNSkmX5A/QONmdwHV
gKLaV2/LRbFttTLUqla+YC1BTV5gwI1T3cqC0JLJ76VL1TRyqTwT8SXg654mi3De
PIgYOXDhZSMQA7RmJqFfaTgVVbAX34h40IWorIgXs5bEAtsoGSSAVLkmPwd9rh6D
HNobN7pni0RACHeiCa+nfV2RU49iFgnmOB7HIqqK31i8ZFC4A99GWAcJh/gBSyGf
nIXHYUNi/9RyVmXEyOJ50K/G4UWefbxZ9+GLpkotMAm9Go0mBmU5GoH1sWGp4cg9
hOlxwV+XF3oXPt5IbiqeFaZ3IbkU4oXbljJISaBKvs0+SPwV2xm35YTA6K90uTDg
5A==
-----END CERTIFICATE-----
Generated at Thu Jun 12 02:10:28 2025 by rpki-client