Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
File:                     A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer (raw, json)
Hash identifier:          D5lSVdmi2/Llqir8MbPkBorW9T6wdRzKiPh6sY9Q58U=
Subject key identifier:   03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942067F30281DD054008A235ACA79EEB89
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:50 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 2.57.176.0/22
                          IP: 45.135.248.0/22
                          IP: 45.140.236.0/22
                          IP: 45.142.236.0/22
                          IP: 45.146.80.0/22
                          IP: 45.148.36.0/22
                          IP: 45.149.100.0/22
                          IP: 45.149.184.0/22
                          IP: 45.151.44.0/22
                          IP: 45.152.240.0/22
                          IP: 45.153.4.0/22
                          IP: 45.154.104.0/22
                          IP: 45.155.16.0/22
                          IP: 45.157.16.0/22
                          IP: 45.158.8.0/22
                          IP: 45.158.168.0/22
                          IP: 91.198.66.0/24
                          IP: 91.198.77.0/24
                          IP: 91.198.115.0/24
                          IP: 91.198.123.0/24
                          IP: 91.199.163.0/24
                          IP: 91.199.166.0/24
                          IP: 91.199.168.0/24
                          IP: 91.199.172.0/24
                          IP: 91.206.2.0/24
                          IP: 141.98.156.0/22
                          IP: 147.78.120.0/22
                          IP: 152.89.248.0/22
                          IP: 176.105.224.0/22
                          IP: 185.155.220.0/22
                          IP: 192.166.82.0/23
                          IP: 192.166.114.0/23
                          IP: 193.0.234.0/23
                          IP: 193.5.10.0/23
                          IP: 193.25.207.0/24
                          IP: 193.29.96.0/22
                          IP: 193.111.116.0/23
                          IP: 193.111.124.0/23
                          IP: 193.142.4.0/24
                          IP: 193.142.6.0/24
                          IP: 193.142.18.0/24
                          IP: 193.142.22.0/24
                          IP: 193.151.180.0/22
                          IP: 193.161.206.0/24
                          IP: 193.161.245.0/24
                          IP: 193.164.1.0/24
                          IP: 193.164.10.0/24
                          IP: 193.176.54.0/23
                          IP: 193.176.128.0/23
                          IP: 194.5.146.0 -- 194.5.149.255
                          IP: 194.104.156.0/24
                          IP: 194.104.158.0/24
                          IP: 194.105.5.0/24
                          IP: 194.105.21.0/24
                          IP: 194.113.222.0/23
                          IP: 194.113.226.0/23
                          IP: 194.147.4.0/22
                          IP: 195.20.98.0/23
                          IP: 195.20.104.0/23
                          IP: 195.206.230.0/23
                          IP: 195.206.234.0/23
                          IP: 212.80.192.0/22
                          IP: 2a03:8b80::/29
                          IP: 2a03:f100::/29
                          IP: 2a04:7a80::/29
                          IP: 2a04:f3c0::/29
                          IP: 2a04:f700::/29
                          IP: 2a05:5040::/29
                          IP: 2a05:b600::/29
                          IP: 2a05:c580::/29
                          IP: 2a06:7680::/29
                          IP: 2a06:99c0::/29
                          IP: 2a07:6a40::/29
                          IP: 2a07:fc40::/29
                          IP: 2a09:40::/29
                          IP: 2a09:c0::/29
                          IP: 2a09:1c0::/29
                          IP: 2a09:240::/29
                          IP: 2a09:2240::/29
                          IP: 2a09:22c0::/29
                          IP: 2a09:fe80::/29
                          IP: 2a0a:5700::/29
                          IP: 2a0b:2e40::/29
                          IP: 2a0b:ca00::/29
                          IP: 2a0c:1c00::/29
                          IP: 2a0c:2cc0::/29
                          IP: 2a0c:43c0::/29
                          IP: 2a0c:4e00::/29
                          IP: 2a10:8740::/29
                          IP: 2a10:e180::/29
                          IP: 2a10:e280::/29
                          IP: 2a10:ec80::/29
                          IP: 2a10:ed80::/29
                          IP: 2a10:ee80::/29
                          IP: 2a10:ef80::/29
                          IP: 2a10:f080::/29
                          IP: 2a10:f100::/29
                          IP: 2a10:f180::/29
                          IP: 2a10:f280::/29
                          IP: 2a10:fd80::/29
                          IP: 2a10:fe80::/29
                          IP: 2a10:ff80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Jan 2025 05:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f3:02:81:dd:05:40:08:a2:35:ac:a7:9e:eb:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:83:a8:2c:77:f2:4d:58:33:ad:08:cc:e4:30:
                    32:31:68:8f:e3:db:12:44:7a:23:b7:72:53:9e:de:
                    ec:6c:a8:35:e8:ff:09:bb:fd:54:80:0a:18:de:ce:
                    69:55:d9:da:6b:a0:f0:62:19:34:ba:05:d7:06:d5:
                    b2:ab:32:aa:5a:53:21:1b:16:22:63:ae:b6:e2:ff:
                    3d:92:ce:9f:f3:b0:4e:c6:53:bd:5b:70:5f:11:fb:
                    09:fc:b2:6d:fd:3f:82:46:d5:1f:8f:06:1a:9a:2f:
                    1a:25:c1:6c:68:e6:92:a4:31:86:12:6a:8e:de:f0:
                    74:7b:45:be:ba:25:7f:e0:62:0d:ec:da:a1:fe:3b:
                    82:af:70:23:0a:e9:19:44:24:7f:2e:ce:06:77:06:
                    d2:f6:44:b5:57:31:01:02:77:e5:50:ff:ad:2f:8f:
                    a9:01:73:83:f1:a0:b8:ae:44:49:7c:2d:8b:3c:0c:
                    3e:79:e3:1b:c3:05:b7:80:ac:98:a3:b2:11:a2:98:
                    29:22:06:10:b7:24:e6:6c:c2:05:7b:63:a2:98:ea:
                    09:2a:a5:c5:ed:8a:fe:93:fe:c9:b6:74:39:49:eb:
                    2e:82:22:24:e5:e0:e0:9e:80:a6:1c:a1:df:1b:ba:
                    b0:3d:62:09:f2:f5:d3:f7:20:e1:1d:ed:2e:a8:9e:
                    13:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.176.0/22
                  45.135.248.0/22
                  45.140.236.0/22
                  45.142.236.0/22
                  45.146.80.0/22
                  45.148.36.0/22
                  45.149.100.0/22
                  45.149.184.0/22
                  45.151.44.0/22
                  45.152.240.0/22
                  45.153.4.0/22
                  45.154.104.0/22
                  45.155.16.0/22
                  45.157.16.0/22
                  45.158.8.0/22
                  45.158.168.0/22
                  91.198.66.0/24
                  91.198.77.0/24
                  91.198.115.0/24
                  91.198.123.0/24
                  91.199.163.0/24
                  91.199.166.0/24
                  91.199.168.0/24
                  91.199.172.0/24
                  91.206.2.0/24
                  141.98.156.0/22
                  147.78.120.0/22
                  152.89.248.0/22
                  176.105.224.0/22
                  185.155.220.0/22
                  192.166.82.0/23
                  192.166.114.0/23
                  193.0.234.0/23
                  193.5.10.0/23
                  193.25.207.0/24
                  193.29.96.0/22
                  193.111.116.0/23
                  193.111.124.0/23
                  193.142.4.0/24
                  193.142.6.0/24
                  193.142.18.0/24
                  193.142.22.0/24
                  193.151.180.0/22
                  193.161.206.0/24
                  193.161.245.0/24
                  193.164.1.0/24
                  193.164.10.0/24
                  193.176.54.0/23
                  193.176.128.0/23
                  194.5.146.0-194.5.149.255
                  194.104.156.0/24
                  194.104.158.0/24
                  194.105.5.0/24
                  194.105.21.0/24
                  194.113.222.0/23
                  194.113.226.0/23
                  194.147.4.0/22
                  195.20.98.0/23
                  195.20.104.0/23
                  195.206.230.0/23
                  195.206.234.0/23
                  212.80.192.0/22
                IPv6:
                  2a03:8b80::/29
                  2a03:f100::/29
                  2a04:7a80::/29
                  2a04:f3c0::/29
                  2a04:f700::/29
                  2a05:5040::/29
                  2a05:b600::/29
                  2a05:c580::/29
                  2a06:7680::/29
                  2a06:99c0::/29
                  2a07:6a40::/29
                  2a07:fc40::/29
                  2a09:40::/29
                  2a09:c0::/29
                  2a09:1c0::/29
                  2a09:240::/29
                  2a09:2240::/29
                  2a09:22c0::/29
                  2a09:fe80::/29
                  2a0a:5700::/29
                  2a0b:2e40::/29
                  2a0b:ca00::/29
                  2a0c:1c00::/29
                  2a0c:2cc0::/29
                  2a0c:43c0::/29
                  2a0c:4e00::/29
                  2a10:8740::/29
                  2a10:e180::/29
                  2a10:e280::/29
                  2a10:ec80::/29
                  2a10:ed80::/29
                  2a10:ee80::/29
                  2a10:ef80::/29
                  2a10:f080::/29
                  2a10:f100::/29
                  2a10:f180::/29
                  2a10:f280::/29
                  2a10:fd80::/29
                  2a10:fe80::/29
                  2a10:ff80::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:16:46:d7:29:53:b6:7f:90:a9:eb:38:44:97:12:1f:70:3f:
         ea:31:49:e2:09:9c:f8:d3:90:ca:80:c2:c7:3b:7b:93:04:01:
         91:5c:32:1b:a4:63:55:06:d3:96:cc:44:dc:c7:c7:04:96:2e:
         53:32:aa:aa:d4:bd:0c:e3:bf:e2:0a:f7:74:89:b9:f5:d6:ea:
         5c:80:16:43:3a:ec:77:55:7f:1f:bd:cc:ca:b0:72:bd:90:c5:
         54:ff:0e:42:78:56:d6:09:d1:ab:8e:b9:7b:a6:a7:11:e9:1f:
         d5:90:5a:81:de:ac:d3:aa:c2:f3:dc:37:68:fa:50:c9:53:b1:
         f7:44:8a:c2:72:5c:47:9f:d0:e6:46:c6:2d:36:70:36:73:96:
         7d:c3:fd:c6:ef:da:5c:fc:9c:00:0b:30:1d:d3:76:3f:e5:96:
         87:17:8e:09:c5:6e:ff:08:76:4a:15:e4:34:ed:5f:cf:97:61:
         61:e4:5a:4a:68:92:80:52:d5:29:5c:e2:88:86:ed:9e:45:aa:
         92:ed:9e:62:2b:74:aa:ac:a0:e1:52:67:7b:16:72:f2:65:fe:
         78:d6:6c:79:56:85:7d:81:c1:67:35:06:6b:6d:ae:a6:b6:7b:
         05:59:8c:48:3c:2e:f6:57:7d:aa:0d:9b:4b:be:60:a1:ab:f3:
         e8:ea:86:8f
-----BEGIN CERTIFICATE-----
MIIIODCCByCgAwIBAgISAZQgZ/MCgd0FQAiiNaynnuuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2IxYmEzZmRiOTFkOGQ5ZWE3NmM1Nzc2MzIwZWI3ZWIyZDZlZDlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YOoLHfyTVgzrQjM5DAyMWiP49sS
RHojt3JTnt7sbKg16P8Ju/1UgAoY3s5pVdnaa6DwYhk0ugXXBtWyqzKqWlMhGxYi
Y6624v89ks6f87BOxlO9W3BfEfsJ/LJt/T+CRtUfjwYami8aJcFsaOaSpDGGEmqO
3vB0e0W+uiV/4GIN7Nqh/juCr3AjCukZRCR/Ls4GdwbS9kS1VzEBAnflUP+tL4+p
AXOD8aC4rkRJfC2LPAw+eeMbwwW3gKyYo7IRopgpIgYQtyTmbMIFe2OimOoJKqXF
7Yr+k/7JtnQ5SesugiIk5eDgnoCmHKHfG7qwPWIJ8vXT9yDhHe0uqJ4TywIDAQAB
o4IFRDCCBUAwHQYDVR0OBBYEFAOxuj/bkdjZ6nbFd2Mg636y1u2dMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBm
NTU1LWRiYTctNDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvN2Zm
MGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJiODRlLzAvMDNCMUJBM0ZEQjkx
RDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjCCAsEGCCsGAQUFBwEHAQH/BIICsDCCAqwwggGE
BAIAATCCAXwDBAICObADBAIth/gDBAItjOwDBAItjuwDBAItklADBAItlCQDBAIt
lWQDBAItlbgDBAItlywDBAItmPADBAItmQQDBAItmmgDBAItmxADBAItnRADBAIt
nggDBAItnqgDBABbxkIDBABbxk0DBABbxnMDBABbxnsDBABbx6MDBABbx6YDBABb
x6gDBABbx6wDBABbzgIDBAKNYpwDBAKTTngDBAKYWfgDBAKwaeADBAK5m9wDBAHA
plIDBAHApnIDBAHBAOoDBAHBBQoDBADBGc8DBALBHWADBAHBb3QDBAHBb3wDBADB
jgQDBADBjgYDBADBjhIDBADBjhYDBALBl7QDBADBoc4DBADBofUDBADBpAEDBADB
pAoDBAHBsDYDBAHBsIAwDAMEAcIFkgMEAcIFlAMEAMJonAMEAMJongMEAMJpBQME
AMJpFQMEAcJx3gMEAcJx4gMEAsKTBAMEAcMUYgMEAcMUaAMEAcPO5gMEAcPO6gME
AtRQwDCCASAEAgACMIIBGAMFAyoDi4ADBQMqA/EAAwUDKgR6gAMFAyoE88ADBQMq
BPcAAwUDKgVQQAMFAyoFtgADBQMqBcWAAwUDKgZ2gAMFAyoGmcADBQMqB2pAAwUD
Kgf8QAMFAyoJAEADBQMqCQDAAwUDKgkBwAMFAyoJAkADBQMqCSJAAwUDKgkiwAMF
AyoJ/oADBQMqClcAAwUDKgsuQAMFAyoLygADBQMqDBwAAwUDKgwswAMFAyoMQ8AD
BQMqDE4AAwUDKhCHQAMFAyoQ4YADBQMqEOKAAwUDKhDsgAMFAyoQ7YADBQMqEO6A
AwUDKhDvgAMFAyoQ8IADBQMqEPEAAwUDKhDxgAMFAyoQ8oADBQMqEP2AAwUDKhD+
gAMFAyoQ/4AwDQYJKoZIhvcNAQELBQADggEBAHkWRtcpU7Z/kKnrOESXEh9wP+ox
SeIJnPjTkMqAwsc7e5MEAZFcMhukY1UG05bMRNzHxwSWLlMyqqrUvQzjv+IK93SJ
ufXW6lyAFkM67HdVfx+9zMqwcr2QxVT/DkJ4VtYJ0auOuXumpxHpH9WQWoHerNOq
wvPcN2j6UMlTsfdEisJyXEef0OZGxi02cDZzln3D/cbv2lz8nAALMB3Tdj/llocX
jgnFbv8IdkoV5DTtX8+XYWHkWkpokoBS1Slc4oiG7Z5FqpLtnmIrdKqsoOFSZ3sW
cvJl/njWbHlWhX2BwWc1Bmttrqa2ewVZjEg8LvZXfaoNm0u+YKGr8+jqho8=
-----END CERTIFICATE-----
Generated at Sun Jan 19 10:20:40 2025 by rpki-client on console-ams.rpki-client.org