Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CgbwM1N7vYY7vKK2IJLY3jYR9lE.cer
File:                     CgbwM1N7vYY7vKK2IJLY3jYR9lE.cer (raw, json)
Hash identifier:          CAeQq68aaQEHyAVeCR2WHMwPurGFXtJahH+P1IgZg3Q=
Subject key identifier:   0A:06:F0:33:53:7B:BD:86:3B:BC:A2:B6:20:92:D8:DE:36:11:F6:51
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56DF07C048A07FC27BEC84F402B2816
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/CgbwM1N7vYY7vKK2IJLY3jYR9lE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:25 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 207919
                          IP: 45.133.52.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f0:7c:04:8a:07:fc:27:be:c8:4f:40:2b:28:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a06f033537bbd863bbca2b62092d8de3611f651
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c7:ee:ef:a5:ce:d2:0b:cf:df:5f:5e:3f:15:
                    9a:ab:8c:e8:f8:59:d8:4d:6f:7f:70:99:b8:ba:53:
                    10:e1:68:62:d2:5b:ca:d6:2d:15:5d:29:39:d1:46:
                    0c:9b:82:57:a5:b1:0b:38:ac:e6:d1:b9:20:1f:94:
                    bf:f5:77:9a:96:1f:17:13:9c:8e:10:b8:5e:d9:03:
                    53:1e:0c:7d:0f:97:e4:cb:af:f3:a5:0f:7b:94:68:
                    c3:fd:e1:5c:e1:12:80:af:7d:4c:a4:13:f1:04:e0:
                    bd:e5:f2:3b:0b:6e:2e:74:24:69:a7:77:62:79:6a:
                    cb:ef:de:b7:76:c4:c9:47:43:f9:d0:68:1e:79:1e:
                    9e:5f:93:de:62:93:46:a0:00:8f:76:c6:3f:29:42:
                    ef:62:4e:c1:a8:db:68:8b:4a:ad:32:7b:c3:9f:f7:
                    fe:1e:92:aa:54:f6:9a:0b:52:6c:d9:7c:c9:90:1e:
                    8c:ad:66:4f:49:e2:21:2b:90:e7:39:2a:6d:1a:92:
                    72:62:ae:c2:c2:62:72:20:c0:65:a3:6e:d3:66:78:
                    59:e1:a8:08:4e:54:48:f4:6b:e7:a6:eb:fd:29:df:
                    ba:d7:e6:64:29:ae:32:6d:2e:fc:1a:e8:bd:65:b3:
                    66:e8:0d:63:7d:64:56:ae:7b:e1:b0:34:2e:fe:60:
                    7b:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:06:F0:33:53:7B:BD:86:3B:BC:A2:B6:20:92:D8:DE:36:11:F6:51
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/CgbwM1N7vYY7vKK2IJLY3jYR9lE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.52.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207919

    Signature Algorithm: sha256WithRSAEncryption
         0e:2f:86:7c:a8:4e:71:b9:c9:f8:db:2b:3c:74:49:f6:67:a5:
         9a:ad:0e:f2:3f:1e:b2:96:3d:80:64:3c:cb:0a:9a:3b:6e:84:
         49:c5:17:b6:e9:34:1a:38:81:5d:cd:9b:0f:bc:0f:54:84:60:
         11:c6:75:14:2d:2f:e1:0e:10:4a:c2:8b:1a:c9:50:da:95:dd:
         ae:f4:1c:71:c6:63:fd:fe:73:40:34:37:b9:7e:46:94:1b:11:
         4c:79:9a:c6:14:6f:e1:73:d7:81:7c:09:4e:4b:d1:a1:22:2c:
         c8:a6:7f:7c:eb:c7:34:a0:b4:d9:bf:2b:53:8b:f1:fd:48:67:
         d0:05:0c:f9:12:c1:1f:7f:8a:0f:69:ea:a1:7b:55:de:d1:97:
         c4:64:1b:de:ac:70:24:09:3a:72:d3:f4:ec:b4:ef:68:54:f3:
         e3:b0:09:bb:cb:50:a5:1a:1c:ad:1f:ac:30:d0:96:60:98:6f:
         9c:ea:4a:39:c6:e6:f7:38:d0:f4:f0:29:88:9c:11:27:e8:a5:
         a6:ed:a1:e6:e8:9f:aa:23:bb:e1:d8:cc:fd:ec:14:0e:5a:f0:
         72:9f:83:15:fd:9a:80:11:11:15:9f:b9:95:84:37:b7:df:41:
         c4:a8:2e:33:53:d1:7d:71:02:e1:45:5d:cf:f2:42:2b:40:d4:
         08:49:ea:3b
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFbfB8BIoH/Ce+yE9AKygWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTA2ZjAzMzUzN2JiZDg2M2JiY2EyYjYyMDkyZDhkZTM2MTFmNjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcfu76XO0gvP319ePxWaq4zo+FnY
TW9/cJm4ulMQ4Whi0lvK1i0VXSk50UYMm4JXpbELOKzm0bkgH5S/9Xealh8XE5yO
ELhe2QNTHgx9D5fky6/zpQ97lGjD/eFc4RKAr31MpBPxBOC95fI7C24udCRpp3di
eWrL7963dsTJR0P50GgeeR6eX5PeYpNGoACPdsY/KULvYk7BqNtoi0qtMnvDn/f+
HpKqVPaaC1Js2XzJkB6MrWZPSeIhK5DnOSptGpJyYq7CwmJyIMBlo27TZnhZ4agI
TlRI9Gvnpuv9Kd+61+ZkKa4ybS78Gui9ZbNm6A1jfWRWrnvhsDQu/mB7WQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFAoG8DNTe72GO7yitiCS2N42EfZRMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2FjLzRjZDE2
Yi0yYTIzLTQ4YTktOWVlYi0yYTQ4MTNhMTMxMjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYWMvNGNkMTZi
LTJhMjMtNDhhOS05ZWViLTJhNDgxM2ExMzEyMC8xL0NnYndNMU43dllZN3ZLSzJJ
SkxZM2pZUjlsRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLYU0MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMsLzANBgkqhkiG9w0BAQsFAAOCAQEADi+GfKhOcbnJ+NsrPHRJ9melmq0O8j8e
spY9gGQ8ywqaO26EScUXtuk0GjiBXc2bD7wPVIRgEcZ1FC0v4Q4QSsKLGslQ2pXd
rvQcccZj/f5zQDQ3uX5GlBsRTHmaxhRv4XPXgXwJTkvRoSIsyKZ/fOvHNKC02b8r
U4vx/Uhn0AUM+RLBH3+KD2nqoXtV3tGXxGQb3qxwJAk6ctP07LTvaFTz47AJu8tQ
pRocrR+sMNCWYJhvnOpKOcbm9zjQ9PApiJwRJ+ilpu2h5uifqiO74djM/ewUDlrw
cp+DFf2agBERFZ+5lYQ3t99BxKguM1PRfXEC4UVdz/JCK0DUCEnqOw==
-----END CERTIFICATE-----
Generated at Fri Mar 29 00:48:24 2024 by rpki-client on console-fra.rpki-client.org