Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6KMuimrG9uw3hg7nwH6435MUd3k.cer
File:                     6KMuimrG9uw3hg7nwH6435MUd3k.cer (raw, json)
Hash identifier:          gmtv3ne4IP/33gOaQZNU/WuzrTUHqGz9vFNasiFYYO8=
Subject key identifier:   E8:A3:2E:8A:6A:C6:F6:EC:37:86:0E:E7:C0:7E:B8:DF:93:14:77:79
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56E230F8D44430D4DE963D1A61B42DE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/6KMuimrG9uw3hg7nwH6435MUd3k.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.142.112.0/20
                          IP: 185.143.148.0/22
                          IP: 2a00:17b0::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:23:0f:8d:44:43:0d:4d:e9:63:d1:a6:1b:42:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8a32e8a6ac6f6ec37860ee7c07eb8df93147779
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:45:d4:34:82:08:d8:90:3e:30:8b:3a:d7:ac:
                    ac:c4:af:47:d6:6e:de:2f:ac:2d:02:92:10:e5:ed:
                    ac:d7:58:74:66:fc:ee:72:e6:ed:fd:5c:e3:e8:c6:
                    5a:08:1e:d0:ff:37:3c:4e:3d:ad:8f:e3:dd:ef:f2:
                    37:7c:0b:a9:4a:c0:07:67:fc:85:37:44:57:d1:ed:
                    0c:ff:b3:12:1a:84:13:f8:5e:ef:5a:f1:e7:92:11:
                    f1:85:04:9e:f9:41:2a:5d:62:45:e1:72:6e:54:d6:
                    58:d6:68:79:57:2b:a6:96:75:ed:f9:08:b8:eb:f8:
                    39:b1:6a:33:2b:1a:42:63:17:e6:2d:b6:f0:db:9d:
                    5d:ce:3d:1f:e1:27:0e:c6:82:d0:c0:c3:a1:33:5b:
                    dd:6f:be:a1:18:eb:60:4e:dc:2b:11:d5:ce:e1:24:
                    e5:4c:67:b6:28:d2:f0:63:ef:dc:2a:48:b5:d7:34:
                    e9:2a:9d:2d:46:97:93:b8:02:9b:84:21:cd:ac:13:
                    de:c2:93:10:8e:8f:2d:f3:96:1d:f8:53:cf:71:a3:
                    ad:dd:76:f5:c8:ef:94:ec:18:e1:56:41:f9:06:92:
                    74:bc:0f:7f:fd:e5:d1:cc:1f:9b:5a:eb:82:99:d5:
                    27:67:c0:a7:e4:bc:25:3c:a9:64:44:15:c7:c6:f7:
                    73:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A3:2E:8A:6A:C6:F6:EC:37:86:0E:E7:C0:7E:B8:DF:93:14:77:79
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/c4bfd4-a0a1-4334-860a-4fa537dbe2e9/1/6KMuimrG9uw3hg7nwH6435MUd3k.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.142.112.0/20
                  185.143.148.0/22
                IPv6:
                  2a00:17b0::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:e1:3e:49:14:68:6c:8b:c8:50:3f:bc:b4:35:16:08:80:c4:
         bd:78:46:1b:44:9a:86:26:ca:c7:bf:dc:25:6b:a8:c6:92:52:
         6c:f1:3f:49:2b:88:09:7a:92:8b:28:eb:37:24:a9:3f:30:6a:
         9c:a7:58:a4:ae:1d:ec:d1:6a:a2:b8:69:11:21:c0:b9:df:be:
         2b:c5:9a:fc:8d:36:9d:a0:5a:36:98:15:03:99:75:ad:e9:d4:
         e1:c8:b8:53:4e:8d:69:e0:e5:68:51:46:4f:9a:d4:40:a5:96:
         1a:c4:f5:41:63:05:55:b7:3c:0e:51:11:71:d9:fc:aa:bc:9c:
         db:88:a2:22:47:b6:b7:0c:dd:08:ac:06:f2:41:a3:d2:7b:53:
         32:a5:ab:44:14:62:30:d8:1f:af:13:0e:0f:3e:2c:26:f6:21:
         cc:b3:da:8b:f9:f4:3c:f8:e6:c5:dd:17:2f:77:ed:03:2b:19:
         31:db:51:d9:d4:7e:89:77:f7:51:e6:dd:88:a2:31:08:d0:fe:
         1d:4a:ea:f2:22:f6:3e:7f:5b:27:b5:eb:fc:a4:59:00:bc:d6:
         a2:18:b6:bc:ec:38:3c:95:d2:c3:1a:17:9d:e8:40:56:d8:76:
         89:4d:c9:04:61:c4:f3:09:24:e8:36:85:2f:78:af:9c:fd:9d:
         33:c8:95:66
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgISAYzFbiMPjURDDU3pY9GmG0LeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGEzMmU4YTZhYzZmNmVjMzc4NjBlZTdjMDdlYjhkZjkzMTQ3Nzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvkXUNIII2JA+MIs616ysxK9H1m7e
L6wtApIQ5e2s11h0Zvzucubt/Vzj6MZaCB7Q/zc8Tj2tj+Pd7/I3fAupSsAHZ/yF
N0RX0e0M/7MSGoQT+F7vWvHnkhHxhQSe+UEqXWJF4XJuVNZY1mh5VyumlnXt+Qi4
6/g5sWozKxpCYxfmLbbw251dzj0f4ScOxoLQwMOhM1vdb76hGOtgTtwrEdXO4STl
TGe2KNLwY+/cKki11zTpKp0tRpeTuAKbhCHNrBPewpMQjo8t85Yd+FPPcaOt3Xb1
yO+U7BjhVkH5BpJ0vA9//eXRzB+bWuuCmdUnZ8Cn5LwlPKlkRBXHxvdz9QIDAQAB
o4ICmTCCApUwHQYDVR0OBBYEFOijLopqxvbsN4YO58B+uN+TFHd5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EzL2M0YmZk
NC1hMGExLTQzMzQtODYwYS00ZmE1MzdkYmUyZTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTMvYzRiZmQ0
LWEwYTEtNDMzNC04NjBhLTRmYTUzN2RiZTJlOS8xLzZLTXVpbXJHOXV3M2hnN253
SDY0MzVNVWQzay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQEW45wAwQCuY+UMA0EAgACMAcDBQAqABewMA0G
CSqGSIb3DQEBCwUAA4IBAQBF4T5JFGhsi8hQP7y0NRYIgMS9eEYbRJqGJsrHv9wl
a6jGklJs8T9JK4gJepKLKOs3JKk/MGqcp1ikrh3s0WqiuGkRIcC5374rxZr8jTad
oFo2mBUDmXWt6dThyLhTTo1p4OVoUUZPmtRApZYaxPVBYwVVtzwOURFx2fyqvJzb
iKIiR7a3DN0IrAbyQaPSe1MypatEFGIw2B+vEw4PPiwm9iHMs9qL+fQ8+ObF3Rcv
d+0DKxkx21HZ1H6Jd/dR5t2IojEI0P4dSuryIvY+f1sntev8pFkAvNaiGLa87Dg8
ldLDGhed6EBW2HaJTckEYcTzCSToNoUveK+c/Z0zyJVm
-----END CERTIFICATE-----
Generated at Thu Mar 28 19:28:25 2024 by rpki-client on console-ams.rpki-client.org