Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7FraDckAoTyDtwrD9Yf7jC4d8DA.cer
File:                     7FraDckAoTyDtwrD9Yf7jC4d8DA.cer (raw, json)
Hash identifier:          3qAiAfSF6H3yILFLWisLOt/pOWoebXWC4n74gdripJg=
Subject key identifier:   EC:5A:DA:0D:C9:00:A1:3C:83:B7:0A:C3:F5:87:FB:8C:2E:1D:F0:30
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018E3BAFA9A4E0777B92A6DEFB657F4B88BD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ea/ca734b-5a0b-4a03-8131-cfefeaee865e/1/7FraDckAoTyDtwrD9Yf7jC4d8DA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ea/ca734b-5a0b-4a03-8131-cfefeaee865e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 14 Mar 2024 06:39:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 31611
                          AS: 51580
                          IP: 5.172.100.0 -- 5.172.127.255
                          IP: 31.193.16.0/20
                          IP: 46.17.152.0/21
                          IP: 80.66.208.0/20
                          IP: 81.173.100.0/22
                          IP: 89.105.76.0 -- 89.105.87.255
                          IP: 109.238.16.0/20
                          IP: 141.105.152.0/21
                          IP: 145.14.160.0/19
                          IP: 178.218.148.0/22
                          IP: 178.250.64.0/21
                          IP: 185.5.180.0/22
                          IP: 185.55.88.0/22
                          IP: 185.121.148.0/22
                          IP: 185.139.28.0/22
                          IP: 185.180.180.0/23
                          IP: 194.110.56.0/22
                          IP: 2a01:8440::/32
                          IP: 2a02:4860::/32
                          IP: 2a03:5300::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3b:af:a9:a4:e0:77:7b:92:a6:de:fb:65:7f:4b:88:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar 14 06:39:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec5ada0dc900a13c83b70ac3f587fb8c2e1df030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:a5:1c:db:39:85:cb:23:6e:da:f2:26:c1:2f:
                    c2:f5:ee:02:1d:8c:96:f7:7e:73:9d:fe:fa:33:c9:
                    db:c9:a9:39:53:89:78:81:c8:2e:55:d4:48:ad:cd:
                    23:34:b6:37:a3:6b:d4:0c:bd:e0:6a:f7:28:74:b0:
                    98:d0:6b:71:6a:ea:e1:8b:1d:7c:3f:cb:67:63:fa:
                    6f:2e:55:a3:95:09:85:76:8a:de:a3:4f:fb:7b:fd:
                    13:68:fd:a2:ed:da:15:d2:3e:a8:85:51:48:e1:e6:
                    a6:aa:db:88:55:02:c9:a3:ae:bb:44:15:d9:ef:12:
                    1b:9c:0a:9a:a4:41:06:22:1e:56:3f:c1:70:79:bf:
                    11:e2:75:bf:92:a6:20:03:e3:f7:1e:39:56:d2:62:
                    9a:a5:93:fe:b2:ea:cb:09:03:65:ca:86:0f:df:e8:
                    77:88:d9:ea:35:d3:3c:2b:c2:a9:e1:d7:36:76:ce:
                    12:ea:24:65:ad:3c:6f:6b:5c:c2:33:97:ec:cd:f2:
                    10:d7:0e:f1:0f:ee:31:b7:de:26:b8:d1:cc:43:9b:
                    ce:91:bb:77:dd:73:c7:c3:2d:b9:a8:cb:8f:8b:0e:
                    1d:08:4a:a0:4a:ee:bf:1e:9e:e9:d7:70:22:84:c9:
                    7d:9d:39:73:d6:0a:3c:4a:19:20:9b:e2:34:cb:12:
                    0b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:5A:DA:0D:C9:00:A1:3C:83:B7:0A:C3:F5:87:FB:8C:2E:1D:F0:30
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca734b-5a0b-4a03-8131-cfefeaee865e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/ca734b-5a0b-4a03-8131-cfefeaee865e/1/7FraDckAoTyDtwrD9Yf7jC4d8DA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.172.100.0-5.172.127.255
                  31.193.16.0/20
                  46.17.152.0/21
                  80.66.208.0/20
                  81.173.100.0/22
                  89.105.76.0-89.105.87.255
                  109.238.16.0/20
                  141.105.152.0/21
                  145.14.160.0/19
                  178.218.148.0/22
                  178.250.64.0/21
                  185.5.180.0/22
                  185.55.88.0/22
                  185.121.148.0/22
                  185.139.28.0/22
                  185.180.180.0/23
                  194.110.56.0/22
                IPv6:
                  2a01:8440::/32
                  2a02:4860::/32
                  2a03:5300::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  31611
                  51580

    Signature Algorithm: sha256WithRSAEncryption
         61:ee:fc:2b:3d:98:b6:f9:a5:bc:fd:ae:6a:b5:95:9f:62:fe:
         10:db:9e:93:25:79:2d:c1:3b:ce:db:af:2d:0c:e4:1b:45:16:
         03:23:e2:9a:4b:ab:70:f0:c6:5f:67:89:71:ae:df:18:1e:4e:
         c7:12:71:66:5d:89:26:c3:4d:9d:9f:31:c8:c0:60:43:f3:4f:
         69:55:9a:78:7b:ca:48:9a:b1:46:d1:ce:81:cd:fb:e3:60:2b:
         6c:89:c8:58:d4:f9:18:c3:97:01:09:0d:f1:1c:bd:10:d7:1f:
         8e:37:20:12:39:91:e7:c2:03:da:c1:6b:d0:3a:15:6a:b5:8f:
         fa:5f:aa:f5:8f:94:0b:31:5b:bd:b0:f1:67:24:c4:d6:a9:43:
         bc:91:8c:fd:ad:4e:e9:3a:b5:04:c0:16:2f:22:83:72:1e:4a:
         96:c9:f2:41:7c:57:fb:b1:48:6a:2f:3f:e0:e4:eb:69:f0:bd:
         b4:f8:45:e1:16:f2:a0:6c:4e:01:47:72:de:b2:7e:64:f7:a1:
         ae:8c:1e:b7:fc:c2:f4:b8:04:e8:65:28:24:2b:31:22:b5:77:
         e0:5e:7c:e3:01:57:74:48:1a:03:f6:53:39:a1:58:91:3f:9f:
         67:b0:55:7a:58:65:c6:bc:b0:e4:56:70:83:e6:7f:ed:76:3f:
         3a:d4:93:d4
-----BEGIN CERTIFICATE-----
MIIGKDCCBRCgAwIBAgISAY47r6mk4Hd7kqbe+2V/S4i9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMzE0MDYzOTExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzVhZGEwZGM5MDBhMTNjODNiNzBhYzNmNTg3ZmI4YzJlMWRmMDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArqUc2zmFyyNu2vImwS/C9e4CHYyW
935znf76M8nbyak5U4l4gcguVdRIrc0jNLY3o2vUDL3gavcodLCY0Gtxaurhix18
P8tnY/pvLlWjlQmFdoreo0/7e/0TaP2i7doV0j6ohVFI4eamqtuIVQLJo667RBXZ
7xIbnAqapEEGIh5WP8Fweb8R4nW/kqYgA+P3HjlW0mKapZP+surLCQNlyoYP3+h3
iNnqNdM8K8Kp4dc2ds4S6iRlrTxva1zCM5fszfIQ1w7xD+4xt94muNHMQ5vOkbt3
3XPHwy25qMuPiw4dCEqgSu6/Hp7p13AihMl9nTlz1go8Shkgm+I0yxILOQIDAQAB
o4IDNDCCAzAwHQYDVR0OBBYEFOxa2g3JAKE8g7cKw/WH+4wuHfAwMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VhL2NhNzM0
Yi01YTBiLTRhMDMtODEzMS1jZmVmZWFlZTg2NWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWEvY2E3MzRi
LTVhMGItNGEwMy04MTMxLWNmZWZlYWVlODY1ZS8xLzdGcmFEY2tBb1R5RHR3ckQ5
WWY3akM0ZDhEQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIGuBggrBgEF
BQcBBwEB/wSBnjCBmzB8BAIAATB2MAwDBAIFrGQDBAcFrAADBAQfwRADBAMuEZgD
BARQQtADBAJRrWQwDAMEAllpTAMEA1lpUAMEBG3uEAMEA41pmAMEBZEOoAMEArLa
lAMEA7L6QAMEArkFtAMEArk3WAMEArl5lAMEArmLHAMEAbm0tAMEAsJuODAbBAIA
AjAVAwUAKgGEQAMFACoCSGADBQMqA1MAMB4GCCsGAQUFBwEIAQH/BA8wDaALMAkC
Ant7AgMAyXwwDQYJKoZIhvcNAQELBQADggEBAGHu/Cs9mLb5pbz9rmq1lZ9i/hDb
npMleS3BO87bry0M5BtFFgMj4ppLq3Dwxl9niXGu3xgeTscScWZdiSbDTZ2fMcjA
YEPzT2lVmnh7ykiasUbRzoHN++NgK2yJyFjU+RjDlwEJDfEcvRDXH443IBI5kefC
A9rBa9A6FWq1j/pfqvWPlAsxW72w8WckxNapQ7yRjP2tTuk6tQTAFi8ig3IeSpbJ
8kF8V/uxSGovP+Dk62nwvbT4ReEW8qBsTgFHct6yfmT3oa6MHrf8wvS4BOhlKCQr
MSK1d+BefOMBV3RIGgP2UzmhWJE/n2ewVXpYZca8sORWcIPmf+12PzrUk9Q=
-----END CERTIFICATE-----
Generated at Thu Mar 28 12:04:35 2024 by rpki-client on console-fra.rpki-client.org