Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.cer
File:                     EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.cer (raw, json)
Hash identifier:          f5oN7xp9Uy2jus1e46XMflM4ymH1l4Kra3BdIlz3IYA=
Subject key identifier:   10:51:50:90:F8:50:E3:37:EB:3B:11:8A:15:7E:4E:39:08:3B:77:A6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A5F6080ADE1C9571A67C2DFD5C5DE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:43 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 39260
                          IP: 195.238.88.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Mar 2024 06:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:5f:60:80:ad:e1:c9:57:1a:67:c2:df:d5:c5:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10515090f850e337eb3b118a157e4e39083b77a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fe:07:3a:fa:b2:ce:f9:0a:2d:19:c0:ee:cb:
                    4c:b8:db:fb:cb:ca:99:22:04:71:4c:fe:b4:a4:8e:
                    c6:b3:3b:f1:2f:1d:87:d9:1c:56:60:b9:b2:78:59:
                    e3:f1:bb:e7:fa:c9:bc:df:7a:25:ac:70:70:7b:92:
                    01:52:34:45:b3:87:81:cf:dd:48:01:5d:fa:fb:91:
                    1d:57:47:69:e3:b7:67:47:70:3e:f0:fd:b7:97:5a:
                    fa:a2:39:1a:e7:2f:b5:89:b5:af:cb:09:91:be:1f:
                    d8:8e:72:d2:4e:ab:c0:f1:5c:92:a2:72:f5:0b:8d:
                    fb:e2:d6:2e:17:d7:66:2c:6f:82:0a:e2:97:43:3b:
                    2c:77:f2:7e:77:78:68:6c:27:f8:0c:bd:b7:db:93:
                    d2:24:3e:e7:d1:d6:b0:d3:3a:79:53:af:99:5f:ed:
                    32:e5:35:c1:87:50:b4:4d:64:dd:b2:fc:d4:04:94:
                    b4:63:4b:d7:ae:de:02:59:bf:38:cb:df:39:31:89:
                    65:77:79:41:3a:96:03:e5:f4:1e:40:4b:38:a4:3a:
                    ef:6c:17:29:08:57:a1:3c:93:3f:44:65:a0:8d:cf:
                    47:a4:9e:cb:df:e1:c1:3b:3d:99:8f:58:57:1c:54:
                    af:2c:ee:30:74:29:09:0e:ac:dc:82:61:37:ee:ce:
                    8c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:51:50:90:F8:50:E3:37:EB:3B:11:8A:15:7E:4E:39:08:3B:77:A6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/24822b-6184-46a0-bcc5-8f29f3d98214/1/EFFQkPhQ4zfrOxGKFX5OOQg7d6Y.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.238.88.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39260

    Signature Algorithm: sha256WithRSAEncryption
         2c:ae:ad:28:e1:2a:c6:e8:3e:9b:3f:f1:b9:e6:3c:17:aa:e9:
         7c:7f:0d:d6:79:a2:a8:d9:37:e2:fc:b9:90:3a:89:bb:04:9b:
         3a:75:8a:80:09:63:6f:30:b9:4d:41:36:55:67:66:7d:9b:a5:
         71:32:d1:6b:cc:e5:d8:cb:d5:a8:fa:19:38:03:19:84:60:36:
         31:17:5f:b2:46:1e:c7:15:1f:a4:9a:b2:8b:60:00:66:72:0b:
         c3:e1:ad:56:3b:4e:8f:c3:f1:1a:03:e1:28:03:c6:0a:c0:50:
         24:54:e0:8f:2f:48:66:55:96:5c:da:68:b8:b0:b5:4c:a4:95:
         28:f5:74:94:73:f4:b6:41:38:ee:00:10:51:18:bd:69:70:dd:
         4d:7c:19:af:58:4a:58:f7:78:77:f3:7d:f9:8a:cb:28:fc:46:
         72:2b:45:49:c5:f6:78:78:ca:6d:8b:5f:97:cd:95:cd:b4:16:
         96:bc:4f:28:5e:8b:3b:31:df:f2:a8:d1:78:2a:ba:ed:47:47:
         bb:6a:28:a1:a6:a6:67:14:7c:a7:d7:b1:75:d3:47:ee:bb:e2:
         37:05:50:db:a8:7a:37:25:f7:7a:0e:48:f2:10:b8:c5:27:9e:
         a3:7f:75:ec:97:27:a3:e2:ff:14:05:1d:ba:51:3e:4d:95:14:
         95:b7:13:03
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzKKl9ggK3hyVcaZ8Lf1cXeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDUxNTA5MGY4NTBlMzM3ZWIzYjExOGExNTdlNGUzOTA4M2I3N2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/4HOvqyzvkKLRnA7stMuNv7y8qZ
IgRxTP60pI7GszvxLx2H2RxWYLmyeFnj8bvn+sm833olrHBwe5IBUjRFs4eBz91I
AV36+5EdV0dp47dnR3A+8P23l1r6ojka5y+1ibWvywmRvh/YjnLSTqvA8VySonL1
C4374tYuF9dmLG+CCuKXQzssd/J+d3hobCf4DL2325PSJD7n0daw0zp5U6+ZX+0y
5TXBh1C0TWTdsvzUBJS0Y0vXrt4CWb84y985MYlld3lBOpYD5fQeQEs4pDrvbBcp
CFehPJM/RGWgjc9HpJ7L3+HBOz2Zj1hXHFSvLO4wdCkJDqzcgmE37s6M3QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBBRUJD4UOM36zsRihV+TjkIO3emMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU3LzI0ODIy
Yi02MTg0LTQ2YTAtYmNjNS04ZjI5ZjNkOTgyMTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTcvMjQ4MjJi
LTYxODQtNDZhMC1iY2M1LThmMjlmM2Q5ODIxNC8xL0VGRlFrUGhRNHpmck94R0tG
WDVPT1FnN2Q2WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBw+5YMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCZXDANBgkqhkiG9w0BAQsFAAOCAQEALK6tKOEqxug+mz/xueY8F6rpfH8N1nmi
qNk34vy5kDqJuwSbOnWKgAljbzC5TUE2VWdmfZulcTLRa8zl2MvVqPoZOAMZhGA2
MRdfskYexxUfpJqyi2AAZnILw+GtVjtOj8PxGgPhKAPGCsBQJFTgjy9IZlWWXNpo
uLC1TKSVKPV0lHP0tkE47gAQURi9aXDdTXwZr1hKWPd4d/N9+YrLKPxGcitFScX2
eHjKbYtfl82VzbQWlrxPKF6LOzHf8qjReCq67UdHu2oooaamZxR8p9exddNH7rvi
NwVQ26h6NyX3eg5I8hC4xSeeo3917Jcno+L/FAUdulE+TZUUlbcTAw==
-----END CERTIFICATE-----
Generated at Fri Mar 29 09:45:49 2024 by rpki-client on console-fra.rpki-client.org