Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/FGKkl-_gvJK37ZJSnrvjnLGdMwo.cer
File:                     FGKkl-_gvJK37ZJSnrvjnLGdMwo.cer (raw, json)
Hash identifier:          mGmcGOS7VmFGasPjfCj04Vl/vEsiS7LJrYMcheZFKtk=
Subject key identifier:   14:62:A4:97:EF:E0:BC:92:B7:ED:92:52:9E:BB:E3:9C:B1:9D:33:0A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC49326A8B783E6F6997905A3BAB77021
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e0/be1171-1202-4df8-8c30-d36935ebc6ad/1/FGKkl-_gvJK37ZJSnrvjnLGdMwo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e0/be1171-1202-4df8-8c30-d36935ebc6ad/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:30:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 34767
                          IP: 80.75.240.0/20
                          IP: 185.53.180.0/22
                          IP: 2a00:7a80::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 30 Mar 2024 06:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:26:a8:b7:83:e6:f6:99:79:05:a3:ba:b7:70:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1462a497efe0bc92b7ed92529ebbe39cb19d330a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b9:bb:98:0e:3a:dc:b4:5e:af:70:83:ec:94:
                    23:93:f0:15:b5:8a:a7:24:b0:70:24:f0:2a:a9:9a:
                    ec:e0:b2:f4:b0:21:72:be:44:95:0d:a7:a8:ae:22:
                    c6:10:77:a9:9a:bd:b0:27:c7:a1:d0:b6:14:15:57:
                    1e:91:5d:5b:c8:1e:ff:b6:41:b5:ca:44:ba:19:a4:
                    0e:c0:9f:2a:23:fb:69:a7:63:65:e2:2e:82:2f:db:
                    66:5f:d6:00:85:4b:a2:7c:be:2e:7c:77:7c:8c:d4:
                    06:fe:63:97:24:92:76:16:0b:e5:01:87:26:95:0d:
                    83:50:cb:c0:2e:8d:d0:56:71:44:e5:df:b2:d2:f4:
                    65:22:90:54:0a:8c:f0:00:82:18:0e:27:c6:d4:11:
                    37:87:84:c5:64:f8:21:15:bd:8b:68:ca:ba:d9:46:
                    2e:36:8b:d4:e8:c9:44:74:c8:44:14:e3:8b:66:1d:
                    a6:d9:bd:9e:87:62:5b:a3:58:c4:a4:e0:f5:ed:08:
                    c5:a4:c2:43:bc:98:f8:80:c7:b5:b0:7e:3f:64:6c:
                    13:96:ef:e6:74:89:8b:3b:76:6b:b5:68:1b:26:9b:
                    86:83:02:ed:0c:e0:ec:96:5a:6c:5b:30:4b:80:9d:
                    88:fa:20:06:a5:d6:d6:53:d6:b2:83:47:1c:7a:df:
                    aa:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:62:A4:97:EF:E0:BC:92:B7:ED:92:52:9E:BB:E3:9C:B1:9D:33:0A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/be1171-1202-4df8-8c30-d36935ebc6ad/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/be1171-1202-4df8-8c30-d36935ebc6ad/1/FGKkl-_gvJK37ZJSnrvjnLGdMwo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.75.240.0/20
                  185.53.180.0/22
                IPv6:
                  2a00:7a80::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34767

    Signature Algorithm: sha256WithRSAEncryption
         54:dc:a4:82:36:26:2d:00:ec:9f:38:26:1d:c7:2c:74:bb:5d:
         49:50:fa:5f:7b:be:36:2d:df:26:79:e4:15:3c:4b:66:f2:2e:
         0b:43:1f:ec:c6:38:8c:82:11:79:b9:b7:9d:50:d7:c0:dd:52:
         9d:71:cc:67:ad:d1:b1:e3:68:12:f3:4e:3c:78:d2:6b:7a:94:
         8e:57:28:0e:13:ef:56:74:af:81:f3:d1:80:5b:a5:9e:fd:4b:
         eb:35:3f:0a:bb:2c:76:9c:ed:d3:38:ff:64:a6:97:d8:9c:65:
         2d:bb:2e:a1:40:9e:f9:61:63:9a:f2:18:ee:2a:29:8f:f6:ca:
         c1:d7:ef:96:5b:a9:4d:9d:6b:9d:5d:70:0d:2d:4b:21:f9:25:
         af:38:d7:57:32:54:3c:06:6c:92:a4:13:94:a5:b0:c7:48:b5:
         32:ec:5a:79:89:fb:e8:f8:6b:95:13:60:ae:87:aa:26:e8:cf:
         b2:95:7d:1c:17:af:07:6e:75:ea:50:e8:dc:a7:43:07:8a:f1:
         ff:14:f7:8b:94:c1:c2:51:5e:db:59:e3:1f:94:4b:61:a7:51:
         25:23:bb:6a:35:2f:1d:86:b2:28:04:70:4c:af:49:5e:20:61:
         53:53:03:a4:e5:ac:18:46:95:04:f1:67:35:0f:71:25:01:fe:
         12:96:ce:6c
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYzEkyaot4Pm9pl5BaO6t3AhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDYyYTQ5N2VmZTBiYzkyYjdlZDkyNTI5ZWJiZTM5Y2IxOWQzMzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrm7mA463LRer3CD7JQjk/AVtYqn
JLBwJPAqqZrs4LL0sCFyvkSVDaeoriLGEHepmr2wJ8eh0LYUFVcekV1byB7/tkG1
ykS6GaQOwJ8qI/tpp2Nl4i6CL9tmX9YAhUuifL4ufHd8jNQG/mOXJJJ2FgvlAYcm
lQ2DUMvALo3QVnFE5d+y0vRlIpBUCozwAIIYDifG1BE3h4TFZPghFb2LaMq62UYu
NovU6MlEdMhEFOOLZh2m2b2eh2Jbo1jEpOD17QjFpMJDvJj4gMe1sH4/ZGwTlu/m
dImLO3ZrtWgbJpuGgwLtDODsllpsWzBLgJ2I+iAGpdbWU9ayg0ccet+q1QIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFBRipJfv4LySt+2SUp6745yxnTMKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UwL2JlMTE3
MS0xMjAyLTRkZjgtOGMzMC1kMzY5MzVlYmM2YWQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTAvYmUxMTcx
LTEyMDItNGRmOC04YzMwLWQzNjkzNWViYzZhZC8xL0ZHS2tsLV9ndkpLMzdaSlNu
cnZqbkxHZE13by5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQEUEvwAwQCuTW0MA0EAgACMAcDBQAqAHqAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwCHzzANBgkqhkiG9w0BAQsFAAOCAQEAVNyk
gjYmLQDsnzgmHccsdLtdSVD6X3u+Ni3fJnnkFTxLZvIuC0Mf7MY4jIIRebm3nVDX
wN1SnXHMZ63RseNoEvNOPHjSa3qUjlcoDhPvVnSvgfPRgFulnv1L6zU/Crssdpzt
0zj/ZKaX2JxlLbsuoUCe+WFjmvIY7iopj/bKwdfvllupTZ1rnV1wDS1LIfklrzjX
VzJUPAZskqQTlKWwx0i1MuxaeYn76PhrlRNgroeqJujPspV9HBevB2516lDo3KdD
B4rx/xT3i5TBwlFe21njH5RLYadRJSO7ajUvHYayKARwTK9JXiBhU1MDpOWsGEaV
BPFnNQ9xJQH+EpbObA==
-----END CERTIFICATE-----
Generated at Fri Mar 29 13:51:33 2024 by rpki-client on console-fra.rpki-client.org