Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5nvBKzaFcW2O9lZ-IZBBlDd74eU.cer
File:                     5nvBKzaFcW2O9lZ-IZBBlDd74eU.cer (raw, json)
Hash identifier:          HIqz/Fpse6KMYEUaXuxnycnxNLCnYyJ/FMgxyniHyYo=
Subject key identifier:   E6:7B:C1:2B:36:85:71:6D:8E:F6:56:7E:21:90:41:94:37:7B:E1:E5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94AE15E880669B6498D18886D46C3AA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e1/6afa85-367a-4efd-a311-41172b249740/1/5nvBKzaFcW2O9lZ-IZBBlDd74eU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e1/6afa85-367a-4efd-a311-41172b249740/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:29:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 207074
                          IP: 185.166.148.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Mar 2024 06:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:e1:5e:88:06:69:b6:49:8d:18:88:6d:46:c3:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e67bc12b3685716d8ef6567e21904194377be1e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cf:fb:1b:9f:d2:2c:94:58:e8:97:f0:4e:b3:
                    3f:d4:d5:e6:aa:ab:60:f3:86:88:ed:17:e2:8e:17:
                    f0:c2:91:54:c0:6b:be:67:35:03:03:59:fe:ce:37:
                    88:b8:db:07:5a:ad:e3:f6:3d:b9:71:83:36:38:f8:
                    a4:eb:41:80:ba:1a:b6:88:d8:1d:41:7f:4f:b6:dc:
                    12:d6:c1:b1:ba:b5:85:2f:cc:13:e1:06:cc:d0:77:
                    bb:fd:81:6a:74:f6:20:3c:55:8c:2a:b9:2a:7b:29:
                    33:75:3d:df:be:68:79:e4:d1:59:e7:af:08:bf:fd:
                    b9:14:4e:09:22:78:79:c7:1d:44:82:2b:b8:02:44:
                    34:22:52:29:dc:0d:33:f6:6c:1a:e8:5c:4c:33:cc:
                    21:f0:52:7e:f2:2b:ad:72:4f:fa:e4:ea:1f:d6:92:
                    68:66:43:90:f9:62:f2:c4:71:72:9d:f1:aa:b4:ab:
                    31:f3:72:2f:bc:35:28:bd:c6:ae:96:47:ee:d5:48:
                    0a:b1:bf:41:48:bb:b3:ea:dd:0e:e0:0e:63:fe:fc:
                    b6:33:49:1e:a6:90:a8:f3:0c:f0:7a:b0:ea:f2:b0:
                    ef:b4:21:29:16:65:28:83:b8:ba:e3:81:8b:0c:ba:
                    10:ad:ef:bd:77:43:1b:93:57:2e:ca:00:77:79:55:
                    33:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:7B:C1:2B:36:85:71:6D:8E:F6:56:7E:21:90:41:94:37:7B:E1:E5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/6afa85-367a-4efd-a311-41172b249740/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/6afa85-367a-4efd-a311-41172b249740/1/5nvBKzaFcW2O9lZ-IZBBlDd74eU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.148.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207074

    Signature Algorithm: sha256WithRSAEncryption
         36:dc:33:9a:1b:72:2c:5d:a5:39:2c:72:93:bf:25:6d:b3:b7:
         db:27:d7:d6:ce:44:b0:e0:4d:a5:fe:9f:e1:a4:6c:fb:d0:fc:
         7e:fd:28:64:1c:66:1c:b2:5a:f1:a2:8e:65:8f:68:af:f6:52:
         93:42:fb:c7:e7:6f:cd:bd:48:1e:c8:25:7f:5a:f1:0f:0a:3f:
         41:18:ec:7c:e5:7a:7e:e3:ec:0d:2b:19:78:b7:6d:17:a2:4e:
         5f:63:bf:22:0a:b2:c4:e3:43:d6:24:54:33:f8:fa:46:e3:79:
         24:f7:ac:fd:38:c8:13:f3:6e:c6:a8:3f:7b:63:78:0e:bd:f0:
         b3:45:13:32:24:82:29:6f:c2:7c:05:c9:a2:e3:db:7a:49:e8:
         1f:d1:03:39:63:85:47:60:77:c4:7a:fd:bf:d7:79:31:a5:c7:
         62:b2:27:36:22:43:37:5c:2d:ce:40:92:43:8a:9b:a3:03:ef:
         8a:61:f4:ee:b5:62:2c:78:e3:eb:60:77:50:7f:26:2a:cb:95:
         7f:b0:8b:c4:4a:6c:e0:6d:bb:40:80:db:f0:c3:c8:53:f0:30:
         b9:f4:1b:8a:19:ff:18:1c:c7:f7:5c:10:ac:e8:0b:f2:e1:03:
         66:fa:1e:46:9d:6e:d1:15:d4:45:6b:66:36:81:63:51:76:14:
         fc:85:d9:5c
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzJSuFeiAZptkmNGIhtRsOqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjdiYzEyYjM2ODU3MTZkOGVmNjU2N2UyMTkwNDE5NDM3N2JlMWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8/7G5/SLJRY6JfwTrM/1NXmqqtg
84aI7RfijhfwwpFUwGu+ZzUDA1n+zjeIuNsHWq3j9j25cYM2OPik60GAuhq2iNgd
QX9PttwS1sGxurWFL8wT4QbM0He7/YFqdPYgPFWMKrkqeykzdT3fvmh55NFZ568I
v/25FE4JInh5xx1Egiu4AkQ0IlIp3A0z9mwa6FxMM8wh8FJ+8iutck/65Oof1pJo
ZkOQ+WLyxHFynfGqtKsx83IvvDUovcaulkfu1UgKsb9BSLuz6t0O4A5j/vy2M0ke
ppCo8wzwerDq8rDvtCEpFmUog7i644GLDLoQre+9d0Mbk1cuygB3eVUzMwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFOZ7wSs2hXFtjvZWfiGQQZQ3e+HlMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UxLzZhZmE4
NS0zNjdhLTRlZmQtYTMxMS00MTE3MmIyNDk3NDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTEvNmFmYTg1
LTM2N2EtNGVmZC1hMzExLTQxMTcyYjI0OTc0MC8xLzVudkJLemFGY1cyTzlsWi1J
WkJCbERkNzRlVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCuaaUMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMo4jANBgkqhkiG9w0BAQsFAAOCAQEANtwzmhtyLF2lOSxyk78lbbO32yfX1s5E
sOBNpf6f4aRs+9D8fv0oZBxmHLJa8aKOZY9or/ZSk0L7x+dvzb1IHsglf1rxDwo/
QRjsfOV6fuPsDSsZeLdtF6JOX2O/IgqyxOND1iRUM/j6RuN5JPes/TjIE/Nuxqg/
e2N4Dr3ws0UTMiSCKW/CfAXJouPbeknoH9EDOWOFR2B3xHr9v9d5MaXHYrInNiJD
N1wtzkCSQ4qbowPvimH07rViLHjj62B3UH8mKsuVf7CLxEps4G27QIDb8MPIU/Aw
ufQbihn/GBzH91wQrOgL8uEDZvoeRp1u0RXURWtmNoFjUXYU/IXZXA==
-----END CERTIFICATE-----
Generated at Fri Mar 29 09:24:46 2024 by rpki-client on console-fra.rpki-client.org