Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9WPabrO3oH_cRSWIMASXDWQLA2s.cer
File:                     9WPabrO3oH_cRSWIMASXDWQLA2s.cer (raw, json)
Hash identifier:          ruvhFCpnGssrbjHdW72LAF2WSgZeN+a56UhYlboKA6w=
Subject key identifier:   F5:63:DA:6E:B3:B7:A0:7F:DC:45:25:88:30:04:97:0D:64:0B:03:6B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DFAF0C652CD2EC0AF8F9A30688EF9E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a3/63564f-aca1-463d-be1e-e5520aa7ba37/1/9WPabrO3oH_cRSWIMASXDWQLA2s.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a3/63564f-aca1-463d-be1e-e5520aa7ba37/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:32:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 6661
                          AS: 60319
                          IP: 37.157.152.0/21
                          IP: 78.141.128.0/18
                          IP: 83.99.0.0/17
                          IP: 87.240.192.0/18
                          IP: 88.207.128.0/17
                          IP: 107.183.0.0/17
                          IP: 146.0.58.0/23
                          IP: 146.0.128.0/18
                          IP: 146.0.212.0 -- 146.0.223.255
                          IP: 178.254.64.0/18
                          IP: 185.9.244.0/22
                          IP: 185.32.236.0/22
                          IP: 188.115.0.0/18
                          IP: 194.154.192.0/19
                          IP: 195.46.224.0/19
                          IP: 213.135.224.0/19
                          IP: 213.166.32.0/19
                          IP: 2001:7e8::/29
                          IP: 2a00:ca60::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:af:0c:65:2c:d2:ec:0a:f8:f9:a3:06:88:ef:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:32:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f563da6eb3b7a07fdc4525883004970d640b036b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c0:a5:c6:eb:45:f0:84:ab:13:2c:c3:54:b9:
                    86:cd:83:b3:b3:4d:04:08:d9:dd:f5:c4:95:5a:da:
                    14:4d:22:3d:58:bb:14:7d:94:b2:ba:1b:ba:37:fa:
                    ec:89:d9:12:a2:ab:30:4f:ac:91:60:69:2b:da:32:
                    ea:80:9e:bc:cd:b3:f3:5a:0a:fe:6c:26:1d:e1:aa:
                    f5:fb:4a:f2:94:27:6b:6a:12:64:a7:3e:7d:be:62:
                    18:cd:23:fb:e2:d6:ca:6c:41:87:a2:66:87:0b:ec:
                    2c:45:d9:8e:da:a4:6d:3b:f8:0c:fa:33:0d:6c:85:
                    e0:43:e2:65:0b:5f:d7:1c:db:5c:eb:0a:89:5e:3e:
                    09:bf:e6:b1:1b:03:08:22:b6:18:7d:9b:31:3d:db:
                    d7:df:97:9c:4f:4b:4c:b4:95:c1:f0:46:a8:06:e8:
                    17:bc:74:07:50:f7:d9:48:31:47:3f:40:6f:25:d1:
                    e5:a3:a4:df:92:5a:f4:75:d4:c2:55:c8:6e:40:2d:
                    05:09:75:23:89:6b:d6:e6:79:2b:b3:89:9e:79:9b:
                    82:7c:85:10:a9:9c:21:53:56:27:93:8c:ae:d7:fb:
                    11:67:e1:4f:8f:7c:46:79:99:41:57:3c:93:4e:a3:
                    7d:15:c9:66:22:9c:e4:5b:38:73:6a:7d:b4:eb:0a:
                    16:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:63:DA:6E:B3:B7:A0:7F:DC:45:25:88:30:04:97:0D:64:0B:03:6B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/63564f-aca1-463d-be1e-e5520aa7ba37/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/63564f-aca1-463d-be1e-e5520aa7ba37/1/9WPabrO3oH_cRSWIMASXDWQLA2s.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.157.152.0/21
                  78.141.128.0/18
                  83.99.0.0/17
                  87.240.192.0/18
                  88.207.128.0/17
                  107.183.0.0/17
                  146.0.58.0/23
                  146.0.128.0/18
                  146.0.212.0-146.0.223.255
                  178.254.64.0/18
                  185.9.244.0/22
                  185.32.236.0/22
                  188.115.0.0/18
                  194.154.192.0/19
                  195.46.224.0/19
                  213.135.224.0/19
                  213.166.32.0/19
                IPv6:
                  2001:7e8::/29
                  2a00:ca60::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  6661
                  60319

    Signature Algorithm: sha256WithRSAEncryption
         5c:b6:c9:eb:6d:ef:4a:99:cb:3a:3c:e8:e7:a2:9d:c1:46:83:
         7a:d2:07:82:f5:af:b4:8d:82:7e:b4:c4:4c:b0:4a:cb:ae:6f:
         ca:5d:dc:2a:09:66:bd:08:42:36:d2:9d:ba:2e:26:85:4c:4e:
         6f:65:d6:62:2d:1c:2d:d6:84:7d:3e:84:f1:56:6b:7d:1c:78:
         11:81:f4:bc:41:b8:f9:85:e7:c6:9c:57:e4:97:c0:8f:d2:af:
         ff:94:59:a8:79:df:0d:44:3b:d9:9e:79:25:9f:d8:6c:c5:8d:
         c2:31:62:e4:39:97:ed:4e:d1:b4:50:42:e7:3f:8e:bb:3c:b0:
         63:41:8f:51:bb:51:86:9e:1c:ec:53:2a:aa:03:77:a9:ea:5c:
         20:29:b5:78:74:da:6d:cc:0a:a5:15:b1:96:bf:8a:3b:01:c5:
         fb:8c:50:bc:bb:29:6f:5f:49:df:a5:02:41:e1:f6:98:2d:b0:
         d3:7f:42:d8:76:33:e7:d6:9a:91:bf:49:5a:61:e3:80:41:9c:
         65:fe:12:4a:66:d6:68:5b:a4:3a:1c:9a:8f:5f:b0:cd:13:33:
         aa:6a:4d:24:4b:e0:c2:d1:00:b2:32:20:66:50:68:78:82:f8:
         45:8c:f8:85:39:bf:83:5b:a6:1d:a3:4c:5a:fc:8e:68:26:1b:
         ed:cd:11:44
-----BEGIN CERTIFICATE-----
MIIGGTCCBQGgAwIBAgISAYzI368MZSzS7Ar4+aMGiO+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTYzZGE2ZWIzYjdhMDdmZGM0NTI1ODgzMDA0OTcwZDY0MGIwMzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8ClxutF8ISrEyzDVLmGzYOzs00E
CNnd9cSVWtoUTSI9WLsUfZSyuhu6N/rsidkSoqswT6yRYGkr2jLqgJ68zbPzWgr+
bCYd4ar1+0rylCdrahJkpz59vmIYzSP74tbKbEGHomaHC+wsRdmO2qRtO/gM+jMN
bIXgQ+JlC1/XHNtc6wqJXj4Jv+axGwMIIrYYfZsxPdvX35ecT0tMtJXB8EaoBugX
vHQHUPfZSDFHP0BvJdHlo6Tfklr0ddTCVchuQC0FCXUjiWvW5nkrs4meeZuCfIUQ
qZwhU1Ynk4yu1/sRZ+FPj3xGeZlBVzyTTqN9FclmIpzkWzhzan206woW3QIDAQAB
o4IDJTCCAyEwHQYDVR0OBBYEFPVj2m6zt6B/3EUliDAElw1kCwNrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EzLzYzNTY0
Zi1hY2ExLTQ2M2QtYmUxZS1lNTUyMGFhN2JhMzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTMvNjM1NjRm
LWFjYTEtNDYzZC1iZTFlLWU1NTIwYWE3YmEzNy8xLzlXUGFick8zb0hfY1JTV0lN
QVNYRFdRTEEycy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIGfBggrBgEF
BQcBBwEB/wSBjzCBjDB0BAIAATBuAwQDJZ2YAwQGTo2AAwQHU2MAAwQGV/DAAwQH
WM+AAwQHa7cAAwQBkgA6AwQGkgCAMAwDBAKSANQDBAWSAMADBAay/kADBAK5CfQD
BAK5IOwDBAa8cwADBAXCmsADBAXDLuADBAXVh+ADBAXVpiAwFAQCAAIwDgMFAyAB
B+gDBQMqAMpgMB4GCCsGAQUFBwEIAQH/BA8wDaALMAkCAhoFAgMA658wDQYJKoZI
hvcNAQELBQADggEBAFy2yett70qZyzo86OeincFGg3rSB4L1r7SNgn60xEywSsuu
b8pd3CoJZr0IQjbSnbouJoVMTm9l1mItHC3WhH0+hPFWa30ceBGB9LxBuPmF58ac
V+SXwI/Sr/+UWah53w1EO9meeSWf2GzFjcIxYuQ5l+1O0bRQQuc/jrs8sGNBj1G7
UYaeHOxTKqoDd6nqXCAptXh02m3MCqUVsZa/ijsBxfuMULy7KW9fSd+lAkHh9pgt
sNN/Qth2M+fWmpG/SVph44BBnGX+Ekpm1mhbpDocmo9fsM0TM6pqTSRL4MLRALIy
IGZQaHiC+EWM+IU5v4Nbph2jTFr8jmgmG+3NEUQ=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:45:38 2024 by rpki-client on console-ams.rpki-client.org