Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/BGelYhGyHprHzcj7Y58xCpLCEEw.cer
File:                     BGelYhGyHprHzcj7Y58xCpLCEEw.cer (raw, json)
Hash identifier:          iDAlPofmUfGXXi8xdj0idjhoaydcYwvRgMFvlVzSMMU=
Subject key identifier:   04:67:A5:62:11:B2:1E:9A:C7:CD:C8:FB:63:9F:31:0A:92:C2:10:4C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801AB5F3E12CD031C77916EC9694656
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3d/045c4b-c0d7-4778-9f44-823ad2c2f5f1/1/BGelYhGyHprHzcj7Y58xCpLCEEw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3d/045c4b-c0d7-4778-9f44-823ad2c2f5f1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:01 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49535
                          IP: 185.151.124.0/22
                          IP: 188.94.192.0/21
                          IP: 2a07:73c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:ab:5f:3e:12:cd:03:1c:77:91:6e:c9:69:46:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0467a56211b21e9ac7cdc8fb639f310a92c2104c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:19:79:8a:95:33:68:22:8a:99:63:a3:dd:26:
                    91:3c:7c:56:5d:2e:e5:96:e4:ee:e8:25:f6:09:11:
                    40:b6:83:a1:3e:bb:97:28:1f:06:4b:f9:e5:b6:f1:
                    02:78:2e:56:bc:35:d1:65:9d:b0:e7:57:7e:f1:11:
                    28:ed:fe:15:81:71:9b:b2:bd:04:86:24:ef:91:5e:
                    f7:58:79:b5:58:ed:07:e4:73:37:58:69:da:09:a7:
                    5b:4a:a6:2f:6b:27:56:db:97:59:40:8b:45:0c:2d:
                    91:19:99:a1:81:e7:30:67:0a:87:f7:4c:81:71:79:
                    83:b4:1b:86:04:71:ed:18:33:8f:7b:c8:38:c6:6e:
                    0e:73:14:bc:dd:ba:f0:42:61:4b:08:d4:1c:c9:26:
                    79:53:bd:2d:21:30:97:77:9e:7a:ba:79:83:8f:f3:
                    76:c9:e0:8c:ed:8e:22:d2:74:ff:d9:a6:6e:8f:4b:
                    fa:31:29:98:07:69:e8:92:9b:38:96:8f:c7:b6:4e:
                    b6:3c:27:b8:ca:03:fc:db:7b:71:49:be:e6:4f:fa:
                    01:9d:1b:2d:13:7c:67:02:10:d9:b6:b5:73:2a:17:
                    4a:aa:72:57:8c:07:7d:bd:79:2c:a0:fe:35:4d:81:
                    a7:d8:ba:8a:28:e1:58:b9:ed:75:23:9e:87:c4:41:
                    b1:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:67:A5:62:11:B2:1E:9A:C7:CD:C8:FB:63:9F:31:0A:92:C2:10:4C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/045c4b-c0d7-4778-9f44-823ad2c2f5f1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/045c4b-c0d7-4778-9f44-823ad2c2f5f1/1/BGelYhGyHprHzcj7Y58xCpLCEEw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.124.0/22
                  188.94.192.0/21
                IPv6:
                  2a07:73c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49535

    Signature Algorithm: sha256WithRSAEncryption
         1a:dc:f5:aa:ef:5d:9e:ea:b4:cb:97:8b:b6:b9:63:08:23:e1:
         cf:d7:ec:3a:ce:dd:4b:83:98:3e:28:73:8b:b5:32:f3:38:bb:
         72:df:83:69:74:73:02:88:eb:82:4c:dd:02:16:37:07:d9:5b:
         ae:95:3a:0d:24:2f:ff:09:42:52:0d:0d:c3:fd:89:1b:d7:1a:
         98:a6:6f:b0:ac:eb:0e:e8:95:08:11:01:ac:43:0a:d5:26:cf:
         73:ce:31:18:bf:b7:a0:8f:18:a9:4d:4c:da:8e:08:4b:82:5c:
         85:83:23:10:ce:5e:1e:0d:e7:da:f6:24:3d:4d:a5:eb:01:80:
         a3:a0:e4:26:84:bb:33:e8:79:43:bf:c9:8a:d2:59:e1:ff:e5:
         f2:ac:63:51:c6:58:10:14:9c:d7:92:9a:4b:61:9a:02:ee:3c:
         b5:90:81:86:a8:ae:d0:89:97:da:c5:cd:77:d8:ab:51:f9:97:
         61:4e:00:9b:f6:97:a5:29:bf:95:03:1b:4b:73:58:6f:76:fc:
         e5:05:cd:5b:77:0d:9b:e4:b8:1a:cb:bc:bf:ce:ab:67:ad:6b:
         1f:c8:c2:63:67:a3:bf:88:8d:e8:7b:a6:de:2b:61:07:f4:37:
         82:1c:76:95:e6:4a:f0:fe:60:f1:dd:d9:78:c1:70:70:25:4c:
         c3:e3:f5:52
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYzIAatfPhLNAxx3kW7JaUZWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDY3YTU2MjExYjIxZTlhYzdjZGM4ZmI2MzlmMzEwYTkyYzIxMDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xl5ipUzaCKKmWOj3SaRPHxWXS7l
luTu6CX2CRFAtoOhPruXKB8GS/nltvECeC5WvDXRZZ2w51d+8REo7f4VgXGbsr0E
hiTvkV73WHm1WO0H5HM3WGnaCadbSqYvaydW25dZQItFDC2RGZmhgecwZwqH90yB
cXmDtBuGBHHtGDOPe8g4xm4OcxS83brwQmFLCNQcySZ5U70tITCXd556unmDj/N2
yeCM7Y4i0nT/2aZuj0v6MSmYB2nokps4lo/Htk62PCe4ygP823txSb7mT/oBnRst
E3xnAhDZtrVzKhdKqnJXjAd9vXksoP41TYGn2LqKKOFYue11I56HxEGx4QIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFARnpWIRsh6ax83I+2OfMQqSwhBMMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNkLzA0NWM0
Yi1jMGQ3LTQ3NzgtOWY0NC04MjNhZDJjMmY1ZjEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2QvMDQ1YzRi
LWMwZDctNDc3OC05ZjQ0LTgyM2FkMmMyZjVmMS8xL0JHZWxZaEd5SHBySHpjajdZ
NTh4Q3BMQ0VFdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQCuZd8AwQDvF7AMA0EAgACMAcDBQMqB3PAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwDBfzANBgkqhkiG9w0BAQsFAAOCAQEAGtz1
qu9dnuq0y5eLtrljCCPhz9fsOs7dS4OYPihzi7Uy8zi7ct+DaXRzAojrgkzdAhY3
B9lbrpU6DSQv/wlCUg0Nw/2JG9camKZvsKzrDuiVCBEBrEMK1SbPc84xGL+3oI8Y
qU1M2o4IS4JchYMjEM5eHg3n2vYkPU2l6wGAo6DkJoS7M+h5Q7/JitJZ4f/l8qxj
UcZYEBSc15KaS2GaAu48tZCBhqiu0ImX2sXNd9irUfmXYU4Am/aXpSm/lQMbS3NY
b3b85QXNW3cNm+S4Gsu8v86rZ61rH8jCY2ejv4iN6Hum3ithB/Q3ghx2leZK8P5g
8d3ZeMFwcCVMw+P1Ug==
-----END CERTIFICATE-----
Generated at Thu Mar 28 20:36:02 2024 by rpki-client on console-fra.rpki-client.org