Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f2U67jLmKHb31C9zWncwpFEiJ4.cer
File:                     3f2U67jLmKHb31C9zWncwpFEiJ4.cer (raw, json)
Hash identifier:          xvDvCc7PfSRA6APViVHyRZO/bNSOPcGTC2NJMiijde8=
Subject key identifier:   DD:FD:94:EB:B8:CB:98:A1:DB:DF:50:BD:CD:69:DC:C2:91:44:88:9E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7940997849CC95EE7C4AD0BCB852A81
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/27/a6f506-6948-4cef-8548-c93c1ee898be/1/3f2U67jLmKHb31C9zWncwpFEiJ4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/27/a6f506-6948-4cef-8548-c93c1ee898be/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:16 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.56.127.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:09:97:84:9c:c9:5e:e7:c4:ad:0b:cb:85:2a:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddfd94ebb8cb98a1dbdf50bdcd69dcc29144889e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:80:0d:d2:1c:7e:e4:62:c8:d7:a6:d0:2d:a2:
                    9c:69:97:51:b3:54:4f:ff:cb:c3:05:8e:fc:de:3b:
                    b8:1d:53:fb:ee:26:82:6b:0b:4e:11:1a:6a:d3:c5:
                    49:0f:d8:65:65:eb:3b:5e:73:2e:80:23:0c:fb:37:
                    14:e6:19:88:b2:7f:fe:85:4a:a6:77:72:b4:23:56:
                    b7:cb:dd:2d:86:3d:37:e4:3c:14:33:e7:f0:29:f1:
                    b8:fc:6b:b8:f1:27:e2:ae:ee:10:11:ca:56:8f:fe:
                    b9:1a:50:7a:0a:2c:a5:ce:71:89:3b:96:52:a9:64:
                    4c:81:35:14:06:15:c3:76:9d:54:f3:54:b7:ab:cd:
                    c4:d9:a4:a4:66:bf:03:8e:2f:e1:c3:ff:b8:fe:0a:
                    22:82:a8:51:a7:c1:1d:0f:97:0a:38:7b:e0:ef:f3:
                    28:6c:7f:c9:5c:91:04:d6:40:62:be:bf:b3:56:b6:
                    dc:37:e2:4b:75:82:59:d0:ae:1b:bc:48:7f:c7:e9:
                    5b:10:76:96:b4:b7:d1:39:1d:69:c2:ea:09:ad:17:
                    6b:dd:6c:de:01:83:11:03:a2:fc:c2:e8:ee:d3:c0:
                    87:17:69:b3:ab:47:f4:f1:92:22:b0:5b:74:38:ac:
                    58:62:2d:16:4c:b2:ea:9b:9f:a7:f6:cb:50:3d:0a:
                    02:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:FD:94:EB:B8:CB:98:A1:DB:DF:50:BD:CD:69:DC:C2:91:44:88:9E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/a6f506-6948-4cef-8548-c93c1ee898be/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/a6f506-6948-4cef-8548-c93c1ee898be/1/3f2U67jLmKHb31C9zWncwpFEiJ4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.56.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:6c:d8:7b:13:04:cf:66:df:4e:c1:4d:60:6b:e9:b3:da:75:
         27:47:29:90:6d:82:80:28:03:0e:cc:29:fa:fc:24:5c:ef:e0:
         44:8b:8d:17:fd:5e:80:1b:3b:ac:e4:35:04:5a:7f:d3:70:7c:
         e1:a2:91:fa:e8:a8:2f:65:e9:65:ad:14:b8:58:dc:02:2d:44:
         dc:7b:c3:e0:f1:f0:db:3c:49:3f:19:c2:b3:13:a0:e9:3e:0f:
         f5:03:27:23:a9:c2:e5:3c:03:cd:8b:87:42:4b:9c:b8:47:15:
         09:92:cd:ce:30:ee:e1:e0:24:ce:de:63:f3:05:c8:cb:95:08:
         df:d0:8d:05:46:ba:10:f8:41:52:b2:86:04:1f:a8:74:b2:e6:
         b8:88:85:b7:62:10:b6:f0:43:8e:4a:b7:c4:ac:2c:ed:6e:8f:
         ef:6d:d7:88:b9:b5:d7:9a:6d:5a:46:10:ea:ad:40:39:e7:cc:
         f5:21:ba:53:15:10:65:c2:1a:62:de:df:f1:d5:12:30:ef:d3:
         b7:7b:65:82:96:16:90:69:b0:c7:c2:2b:5c:75:33:24:96:c6:
         dc:3f:52:b5:a7:9c:c9:94:2f:37:00:42:33:7d:ba:97:32:1b:
         fd:69:ba:75:be:40:aa:97:7c:c2:60:98:52:be:90:aa:aa:5e:
         19:3c:10:ae
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzHlAmXhJzJXufErQvLhSqBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGZkOTRlYmI4Y2I5OGExZGJkZjUwYmRjZDY5ZGNjMjkxNDQ4ODllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4AN0hx+5GLI16bQLaKcaZdRs1RP
/8vDBY783ju4HVP77iaCawtOERpq08VJD9hlZes7XnMugCMM+zcU5hmIsn/+hUqm
d3K0I1a3y90thj035DwUM+fwKfG4/Gu48Sfiru4QEcpWj/65GlB6CiylznGJO5ZS
qWRMgTUUBhXDdp1U81S3q83E2aSkZr8Dji/hw/+4/goigqhRp8EdD5cKOHvg7/Mo
bH/JXJEE1kBivr+zVrbcN+JLdYJZ0K4bvEh/x+lbEHaWtLfROR1pwuoJrRdr3Wze
AYMRA6L8wuju08CHF2mzq0f08ZIisFt0OKxYYi0WTLLqm5+n9stQPQoCUQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFN39lOu4y5ih299Qvc1p3MKRRIieMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI3L2E2ZjUw
Ni02OTQ4LTRjZWYtODU0OC1jOTNjMWVlODk4YmUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjcvYTZmNTA2
LTY5NDgtNGNlZi04NTQ4LWM5M2MxZWU4OThiZS8xLzNmMlU2N2pMbUtIYjMxQzl6
V25jd3BGRWlKNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwjh/MA0GCSqGSIb3DQEBCwUAA4IBAQCZbNh7
EwTPZt9OwU1ga+mz2nUnRymQbYKAKAMOzCn6/CRc7+BEi40X/V6AGzus5DUEWn/T
cHzhopH66KgvZellrRS4WNwCLUTce8Pg8fDbPEk/GcKzE6DpPg/1AycjqcLlPAPN
i4dCS5y4RxUJks3OMO7h4CTO3mPzBcjLlQjf0I0FRroQ+EFSsoYEH6h0sua4iIW3
YhC28EOOSrfErCztbo/vbdeIubXXmm1aRhDqrUA558z1IbpTFRBlwhpi3t/x1RIw
79O3e2WClhaQabDHwitcdTMklsbcP1K1p5zJlC83AEIzfbqXMhv9abp1vkCql3zC
YJhSvpCqql4ZPBCu
-----END CERTIFICATE-----
Generated at Thu Mar 28 20:08:12 2024 by rpki-client on console-fra.rpki-client.org