Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8r7tTfIHw2Ca397YDd3ZMW8Km0U.cer
File:                     8r7tTfIHw2Ca397YDd3ZMW8Km0U.cer (raw, json)
Hash identifier:          ePvTpsORmPDqyUItrU4+s8P7CdU4tUd7SxZsgwV/44M=
Subject key identifier:   F2:BE:ED:4D:F2:07:C3:60:9A:DF:DE:D8:0D:DD:D9:31:6F:0A:9B:45
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB38BD72ED7D501DAA819A732DD320
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/8r7tTfIHw2Ca397YDd3ZMW8Km0U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:56 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 202619
                          IP: 94.158.32.0/20
                          IP: 176.109.176.0/20
                          IP: 176.109.224.0/19
                          IP: 185.33.140.0/22
                          IP: 193.192.36.0/23
                          IP: 194.246.92.0/22
                          IP: 2a03:a9c0::/29
                          IP: 2a0d:ec0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:38:bd:72:ed:7d:50:1d:aa:81:9a:73:2d:d3:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2beed4df207c3609adfded80dddd9316f0a9b45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e4:c1:47:6d:ee:7d:38:e3:97:bf:98:55:a7:
                    7c:df:16:56:0b:f5:ad:43:5f:6c:25:49:fa:4a:1c:
                    e7:e8:94:bc:c1:8e:d1:1a:c5:92:d4:b7:5a:cf:34:
                    de:f5:98:a8:d4:a8:68:a4:92:d9:c8:1a:6b:f0:33:
                    c2:48:a5:ab:c5:18:4d:8d:18:95:c8:9c:f5:fe:9c:
                    03:f8:ad:61:9c:cb:3e:bf:02:f8:d1:b3:3a:c8:28:
                    42:6a:48:ca:d3:b5:7d:86:27:88:65:08:58:18:d3:
                    6e:82:b9:c3:a2:d6:04:dd:ec:c5:5c:1e:dd:ae:4c:
                    be:ed:3d:0a:88:5b:aa:a5:e2:5a:cf:10:c2:c9:4a:
                    b6:08:56:2a:5b:30:c3:8a:21:b0:53:c3:e5:84:e5:
                    ee:b3:e3:3e:c7:bf:ca:f3:1f:12:50:80:bd:fa:2e:
                    69:1c:aa:f0:8d:b8:87:f7:93:d2:f1:19:7d:a3:0c:
                    21:7c:28:bd:c2:49:ac:99:39:1a:87:18:fd:10:b8:
                    8e:76:5e:c1:21:a1:a2:cf:c3:78:9d:a7:83:09:45:
                    17:96:2e:3c:8b:ce:1d:78:27:62:51:7a:31:11:25:
                    6a:6f:aa:2e:1b:84:df:b6:ed:fa:c7:d7:32:be:46:
                    03:81:0f:f9:97:aa:81:a7:d6:fc:8b:b9:49:cc:48:
                    77:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:BE:ED:4D:F2:07:C3:60:9A:DF:DE:D8:0D:DD:D9:31:6F:0A:9B:45
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/c6bcba-a996-4bb5-ba4a-a46153145cf8/1/8r7tTfIHw2Ca397YDd3ZMW8Km0U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.158.32.0/20
                  176.109.176.0/20
                  176.109.224.0/19
                  185.33.140.0/22
                  193.192.36.0/23
                  194.246.92.0/22
                IPv6:
                  2a03:a9c0::/29
                  2a0d:ec0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202619

    Signature Algorithm: sha256WithRSAEncryption
         09:1f:40:f7:af:a4:e3:cd:a7:8e:2f:1a:c7:90:b5:57:8a:d9:
         99:bb:ac:fa:ef:be:82:fd:64:0a:ce:5e:d2:1c:d8:86:74:cd:
         f9:13:10:ee:51:c8:0f:7c:72:21:12:88:da:64:45:ce:3c:ef:
         7b:22:66:27:ba:d8:a1:ff:88:4d:19:bb:b5:26:5c:43:eb:36:
         2b:bc:77:e3:e4:4e:7a:94:91:14:72:8f:33:6e:e2:01:2c:e9:
         6f:f5:05:82:2d:35:6e:b4:5a:c6:42:75:53:ab:72:17:5c:3f:
         72:38:1d:9a:f3:6e:e5:65:9b:28:32:a9:1e:8e:2e:1f:db:53:
         d2:bf:fe:16:85:a8:54:4b:ac:7f:ef:65:30:1f:4d:71:66:9a:
         3e:22:9d:ae:0e:e2:36:fa:81:2d:68:51:da:33:98:63:d3:51:
         cb:79:b9:72:9b:6c:ec:41:4e:ef:af:d4:32:33:2b:8b:79:8a:
         01:45:a0:ef:87:61:f6:7f:bb:38:e6:f5:82:bc:a6:ef:1c:c3:
         50:d1:05:7e:86:81:90:e4:24:6c:a9:a2:6b:f2:99:7a:28:5e:
         ee:c1:eb:0a:3d:bc:ce:18:2e:58:73:04:db:f0:18:bd:23:69:
         5f:0e:c9:dd:10:6d:bb:f1:82:21:ab:d0:99:28:d5:5c:50:d3:
         69:73:8c:81
-----BEGIN CERTIFICATE-----
MIIFyDCCBLCgAwIBAgISAYzC2zi9cu19UB2qgZpzLdMgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmJlZWQ0ZGYyMDdjMzYwOWFkZmRlZDgwZGRkZDkzMTZmMGE5YjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+TBR23ufTjjl7+YVad83xZWC/Wt
Q19sJUn6Shzn6JS8wY7RGsWS1LdazzTe9Zio1KhopJLZyBpr8DPCSKWrxRhNjRiV
yJz1/pwD+K1hnMs+vwL40bM6yChCakjK07V9hieIZQhYGNNugrnDotYE3ezFXB7d
rky+7T0KiFuqpeJazxDCyUq2CFYqWzDDiiGwU8PlhOXus+M+x7/K8x8SUIC9+i5p
HKrwjbiH95PS8Rl9owwhfCi9wkmsmTkahxj9ELiOdl7BIaGiz8N4naeDCUUXli48
i84deCdiUXoxESVqb6ouG4Tftu36x9cyvkYDgQ/5l6qBp9b8i7lJzEh3ewIDAQAB
o4IC1DCCAtAwHQYDVR0OBBYEFPK+7U3yB8Ngmt/e2A3d2TFvCptFMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U3L2M2YmNi
YS1hOTk2LTRiYjUtYmE0YS1hNDYxNTMxNDVjZjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTcvYzZiY2Jh
LWE5OTYtNGJiNS1iYTRhLWE0NjE1MzE0NWNmOC8xLzhyN3RUZklIdzJDYTM5N1lE
ZDNaTVc4S20wVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFMGCCsGAQUF
BwEHAQH/BEQwQjAqBAIAATAkAwQEXp4gAwQEsG2wAwQFsG3gAwQCuSGMAwQBwcAk
AwQCwvZcMBQEAgACMA4DBQMqA6nAAwUDKg0OwDAaBggrBgEFBQcBCAEB/wQLMAmg
BzAFAgMDF3swDQYJKoZIhvcNAQELBQADggEBAAkfQPevpOPNp44vGseQtVeK2Zm7
rPrvvoL9ZArOXtIc2IZ0zfkTEO5RyA98ciESiNpkRc4873siZie62KH/iE0Zu7Um
XEPrNiu8d+PkTnqUkRRyjzNu4gEs6W/1BYItNW60WsZCdVOrchdcP3I4HZrzbuVl
mygyqR6OLh/bU9K//haFqFRLrH/vZTAfTXFmmj4ina4O4jb6gS1oUdozmGPTUct5
uXKbbOxBTu+v1DIzK4t5igFFoO+HYfZ/uzjm9YK8pu8cw1DRBX6GgZDkJGypomvy
mXooXu7B6wo9vM4YLlhzBNvwGL0jaV8Oyd0QbbvxgiGr0Jko1VxQ02lzjIE=
-----END CERTIFICATE-----
Generated at Thu Mar 28 17:48:13 2024 by rpki-client on console-fra.rpki-client.org