Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CZ2ga4D6dJBoAotZe-PlDosRh4Y.cer
File:                     CZ2ga4D6dJBoAotZe-PlDosRh4Y.cer (raw, json)
Hash identifier:          D8j47M+ue+Y/6XQNBokvcHrlBoAgAmYpMEnsHr/LMRo=
Subject key identifier:   09:9D:A0:6B:80:FA:74:90:68:02:8B:59:7B:E3:E5:0E:8B:11:87:86
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01905F27029BD052ACAC97EF7BAF392BDEC5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e5/b404c7-bd3d-4752-8ade-31fcc455575e/1/CZ2ga4D6dJBoAotZe-PlDosRh4Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e5/b404c7-bd3d-4752-8ade-31fcc455575e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Fri 28 Jun 2024 14:01:50 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 42034
                          IP: 185.135.32.0/22
                          IP: 193.24.27.0/24
                          IP: 193.108.181.0/24
                          IP: 2001:67c:274c::/48
                          IP: 2a06:f140::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5f:27:02:9b:d0:52:ac:ac:97:ef:7b:af:39:2b:de:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 28 14:01:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=099da06b80fa749068028b597be3e50e8b118786
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:12:c3:45:f0:a5:74:44:52:e8:b1:0e:c4:e7:
                    7f:48:d8:0a:85:73:2e:cb:be:5a:c6:dc:95:16:d8:
                    4a:fe:4a:d4:b6:9f:0d:1a:5a:97:4c:76:eb:e4:0d:
                    c1:ef:2c:4c:65:7c:43:0d:81:ff:e5:9b:aa:dc:eb:
                    72:00:90:8b:53:27:55:e6:9f:3b:ea:6f:2f:f9:99:
                    1c:da:58:55:76:06:18:a5:47:11:8c:e3:ab:53:85:
                    fb:f3:d6:df:58:83:83:b9:bc:e7:3d:4e:f5:b5:1c:
                    29:38:81:e5:31:e3:41:c5:ac:a7:fe:1c:6d:18:ad:
                    5c:6b:f7:18:3d:99:8f:54:98:8f:41:e5:2d:fc:48:
                    4c:c9:2e:c8:2d:63:0e:8a:39:06:f8:17:80:28:5d:
                    b7:22:52:20:0d:26:22:44:91:82:9a:bf:dd:21:1d:
                    0d:f6:9c:99:a1:fb:ea:c6:11:8f:09:d3:2e:b3:96:
                    7a:a5:ff:2a:4a:58:bf:10:26:31:1e:10:9c:1f:b8:
                    b5:8f:1e:b4:9f:0b:41:70:bd:88:d0:d6:ba:bb:a9:
                    51:06:8c:54:8d:ca:4c:59:b9:e6:b9:c5:70:71:19:
                    96:ea:26:7a:f6:e8:d7:a3:41:ee:ca:15:8a:22:72:
                    47:b6:35:92:8f:d4:88:f1:dc:51:85:f4:a0:7b:78:
                    2b:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:9D:A0:6B:80:FA:74:90:68:02:8B:59:7B:E3:E5:0E:8B:11:87:86
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b404c7-bd3d-4752-8ade-31fcc455575e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b404c7-bd3d-4752-8ade-31fcc455575e/1/CZ2ga4D6dJBoAotZe-PlDosRh4Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.32.0/22
                  193.24.27.0/24
                  193.108.181.0/24
                IPv6:
                  2001:67c:274c::/48
                  2a06:f140::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  42034

    Signature Algorithm: sha256WithRSAEncryption
         45:d4:cb:ce:26:5c:76:78:45:2b:56:b0:90:66:cd:4c:9e:f5:
         e3:9f:6f:b4:47:59:07:16:49:11:ef:ae:fb:8a:89:a8:c9:43:
         23:e7:dd:81:02:71:81:b3:0d:3c:14:a0:ff:ac:d7:1f:dd:15:
         03:ee:ed:d4:ef:01:d2:cd:b6:0d:08:0e:09:12:63:27:5b:17:
         9b:66:a9:c4:4f:11:33:38:49:db:87:7d:86:e6:f9:be:90:60:
         bc:7c:61:87:02:d3:1d:01:f9:ed:71:df:47:78:48:cc:4f:12:
         8b:eb:0b:44:05:8a:45:de:36:94:d6:c1:6a:5b:61:7e:ef:99:
         25:e7:4f:34:5b:7b:0e:8a:92:89:0e:52:dc:d1:5b:3b:9d:b5:
         89:ec:f3:71:1f:dc:2e:77:08:ac:95:fe:05:af:b9:c5:ea:39:
         6f:f5:ad:fc:24:5b:c1:2f:1f:f0:6f:3f:cb:69:20:c0:b0:0c:
         db:f6:d6:94:2b:97:6d:2b:02:7f:94:88:ca:f7:58:bf:41:0a:
         64:ed:5e:a7:f5:bb:4b:c9:77:72:39:8d:fe:8e:38:9e:e2:61:
         b6:72:09:a5:ad:81:aa:ab:12:3e:69:69:57:e5:69:49:41:f4:
         fd:5b:bd:c1:6a:b9:74:92:07:32:1d:ac:ec:1e:c7:a7:9b:62:
         03:01:c5:0b
-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgISAZBfJwKb0FKsrJfve685K97FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjI4MTQwMTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTlkYTA2YjgwZmE3NDkwNjgwMjhiNTk3YmUzZTUwZThiMTE4Nzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hLDRfCldERS6LEOxOd/SNgKhXMu
y75axtyVFthK/krUtp8NGlqXTHbr5A3B7yxMZXxDDYH/5Zuq3OtyAJCLUydV5p87
6m8v+Zkc2lhVdgYYpUcRjOOrU4X789bfWIODubznPU71tRwpOIHlMeNBxayn/hxt
GK1ca/cYPZmPVJiPQeUt/EhMyS7ILWMOijkG+BeAKF23IlIgDSYiRJGCmr/dIR0N
9pyZofvqxhGPCdMus5Z6pf8qSli/ECYxHhCcH7i1jx60nwtBcL2I0Na6u6lRBoxU
jcpMWbnmucVwcRmW6iZ69ujXo0HuyhWKInJHtjWSj9SI8dxRhfSge3griQIDAQAB
o4ICxDCCAsAwHQYDVR0OBBYEFAmdoGuA+nSQaAKLWXvj5Q6LEYeGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U1L2I0MDRj
Ny1iZDNkLTQ3NTItOGFkZS0zMWZjYzQ1NTU3NWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTUvYjQwNGM3
LWJkM2QtNDc1Mi04YWRlLTMxZmNjNDU1NTc1ZS8xL0NaMmdhNEQ2ZEpCb0FvdFpl
LVBsRG9zUmg0WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEMGCCsGAQUF
BwEHAQH/BDQwMjAYBAIAATASAwQCuYcgAwQAwRgbAwQAwWy1MBYEAgACMBADBwAg
AQZ8J0wDBQMqBvFAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCkMjANBgkqhkiG
9w0BAQsFAAOCAQEARdTLziZcdnhFK1awkGbNTJ71459vtEdZBxZJEe+u+4qJqMlD
I+fdgQJxgbMNPBSg/6zXH90VA+7t1O8B0s22DQgOCRJjJ1sXm2apxE8RMzhJ24d9
hub5vpBgvHxhhwLTHQH57XHfR3hIzE8Si+sLRAWKRd42lNbBalthfu+ZJedPNFt7
DoqSiQ5S3NFbO521iezzcR/cLncIrJX+Ba+5xeo5b/Wt/CRbwS8f8G8/y2kgwLAM
2/bWlCuXbSsCf5SIyvdYv0EKZO1ep/W7S8l3cjmN/o44nuJhtnIJpa2BqqsSPmlp
V+VpSUH0/Vu9wWq5dJIHMh2s7B7Hp5tiAwHFCw==
-----END CERTIFICATE-----
Generated at Thu Dec 26 17:02:17 2024 by rpki-client on console-fra.rpki-client.org