Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DqPJxEl8H6SF6d0XWK-fAA4r1L8.cer
File:                     DqPJxEl8H6SF6d0XWK-fAA4r1L8.cer (raw, json)
Hash identifier:          wcb3JJDIo/6l5cXeUjdyYo+ZVVfAa8ASSxUi4l28Oww=
Subject key identifier:   0E:A3:C9:C4:49:7C:1F:A4:85:E9:DD:17:58:AF:9F:00:0E:2B:D4:BF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DF0B0586C70FA7024261616235B950
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b1/aad27b-69ba-49ed-bb7e-a990f9064a57/1/DqPJxEl8H6SF6d0XWK-fAA4r1L8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b1/aad27b-69ba-49ed-bb7e-a990f9064a57/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:31:49 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.111.87.0/24
                          IP: 195.88.166.0/23
                          IP: 2001:67c:2420::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Mar 2024 06:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:0b:05:86:c7:0f:a7:02:42:61:61:62:35:b9:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ea3c9c4497c1fa485e9dd1758af9f000e2bd4bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c7:ab:0b:0c:c7:7b:7c:9a:9a:8a:62:a4:7d:
                    ea:9e:f0:4f:38:b7:43:e8:a5:3d:86:54:b2:89:8d:
                    3e:bd:0c:78:59:36:85:32:75:20:52:66:d8:3e:7d:
                    48:00:c2:68:8b:75:aa:1f:2d:15:aa:23:92:d3:3a:
                    e7:80:e7:5e:2a:47:4a:3b:4f:04:c0:3f:d3:88:78:
                    12:0f:19:d5:31:1d:f6:aa:1a:3a:12:db:86:f8:8b:
                    1d:fd:9c:cd:be:99:7d:c7:b7:3a:78:f2:b3:85:98:
                    7d:ee:e8:d9:5b:76:14:5e:17:76:f7:aa:9d:7e:ea:
                    11:bb:73:4f:5d:64:97:5d:b6:66:6b:a1:ef:90:32:
                    48:1e:6a:02:ec:a5:7f:a3:5b:6a:fa:4c:dc:73:b7:
                    fe:5d:d1:22:20:ee:c6:28:fc:24:18:57:0c:bc:7c:
                    b0:59:c0:eb:83:75:64:33:9d:b4:d9:c1:79:10:77:
                    62:c2:ad:0a:ca:bb:f5:43:37:03:0a:15:31:c7:d2:
                    16:de:50:f7:a7:25:aa:17:2a:af:2d:46:28:ed:37:
                    89:1c:8a:41:ca:ca:05:f1:a8:ff:61:e4:0d:70:43:
                    25:d4:90:a9:e7:94:09:c3:a5:df:32:9f:0e:b9:69:
                    43:89:92:06:a4:d1:42:c2:9a:f8:8c:b3:d6:18:8f:
                    e7:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:A3:C9:C4:49:7C:1F:A4:85:E9:DD:17:58:AF:9F:00:0E:2B:D4:BF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/aad27b-69ba-49ed-bb7e-a990f9064a57/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/aad27b-69ba-49ed-bb7e-a990f9064a57/1/DqPJxEl8H6SF6d0XWK-fAA4r1L8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.87.0/24
                  195.88.166.0/23
                IPv6:
                  2001:67c:2420::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:ec:c5:9b:20:34:d9:ac:b5:cf:cb:ab:a7:41:b8:0b:90:33:
         74:ea:d5:db:0d:ad:f9:25:9e:c7:16:17:89:d7:b4:d8:b4:14:
         da:2e:6a:20:ee:1b:fa:46:5a:c3:c7:6a:54:09:c7:de:7e:9a:
         b8:8a:a5:b6:37:d9:3d:7b:f8:cd:43:4d:d9:de:94:24:93:d6:
         b0:10:86:ee:ea:32:1e:22:ef:86:d7:9b:50:61:f3:78:f4:09:
         e9:e6:0e:76:91:15:12:df:1c:f0:4a:c3:5e:d3:7a:a9:b2:8e:
         11:db:12:c9:a3:82:dc:39:e6:5a:4c:d6:9d:c5:2d:ce:46:c1:
         cf:4e:9f:8c:79:25:64:61:62:d6:95:60:f3:5e:1d:38:0c:81:
         e3:a1:af:76:ac:c4:65:c9:11:42:81:26:77:d8:49:a1:11:1c:
         73:c5:31:fd:8b:4c:19:45:e6:31:d1:06:db:bc:2f:79:a1:be:
         83:11:bf:71:24:4b:15:ac:58:34:3a:2f:d2:e9:59:d5:9d:53:
         2a:a6:e5:05:81:5f:22:3a:a5:cb:ab:bd:31:c8:5e:cc:79:c9:
         d3:8a:f6:6c:cc:ac:ff:95:3f:12:91:aa:81:79:8c:da:52:81:
         45:70:9e:f5:fb:b0:b6:a0:e8:69:1f:73:a0:13:71:fa:31:d0:
         a1:0f:3e:73
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAYzI3wsFhscPpwJCYWFiNblQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWEzYzljNDQ5N2MxZmE0ODVlOWRkMTc1OGFmOWYwMDBlMmJkNGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8erCwzHe3yamopipH3qnvBPOLdD
6KU9hlSyiY0+vQx4WTaFMnUgUmbYPn1IAMJoi3WqHy0VqiOS0zrngOdeKkdKO08E
wD/TiHgSDxnVMR32qho6EtuG+Isd/ZzNvpl9x7c6ePKzhZh97ujZW3YUXhd296qd
fuoRu3NPXWSXXbZma6HvkDJIHmoC7KV/o1tq+kzcc7f+XdEiIO7GKPwkGFcMvHyw
WcDrg3VkM5202cF5EHdiwq0Kyrv1QzcDChUxx9IW3lD3pyWqFyqvLUYo7TeJHIpB
ysoF8aj/YeQNcEMl1JCp55QJw6XfMp8OuWlDiZIGpNFCwpr4jLPWGI/nxwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFA6jycRJfB+khendF1ivnwAOK9S/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IxL2FhZDI3
Yi02OWJhLTQ5ZWQtYmI3ZS1hOTkwZjkwNjRhNTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEvYWFkMjdi
LTY5YmEtNDllZC1iYjdlLWE5OTBmOTA2NGE1Ny8xL0RxUEp4RWw4SDZTRjZkMFhX
Sy1mQUE0cjFMOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDYGCCsGAQUF
BwEHAQH/BCcwJTASBAIAATAMAwQAwW9XAwQBw1imMA8EAgACMAkDBwAgAQZ8JCAw
DQYJKoZIhvcNAQELBQADggEBAE3sxZsgNNmstc/Lq6dBuAuQM3Tq1dsNrfklnscW
F4nXtNi0FNouaiDuG/pGWsPHalQJx95+mriKpbY32T17+M1DTdnelCST1rAQhu7q
Mh4i74bXm1Bh83j0CenmDnaRFRLfHPBKw17TeqmyjhHbEsmjgtw55lpM1p3FLc5G
wc9On4x5JWRhYtaVYPNeHTgMgeOhr3asxGXJEUKBJnfYSaERHHPFMf2LTBlF5jHR
Btu8L3mhvoMRv3EkSxWsWDQ6L9LpWdWdUyqm5QWBXyI6pcurvTHIXsx5ydOK9mzM
rP+VPxKRqoF5jNpSgUVwnvX7sLag6Gkfc6ATcfox0KEPPnM=
-----END CERTIFICATE-----
Generated at Fri Mar 29 09:45:27 2024 by rpki-client on console-fra.rpki-client.org