Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Gj6XDtYncTQ6CW_7Lvwmq7ftaK8.cer
File:                     Gj6XDtYncTQ6CW_7Lvwmq7ftaK8.cer (raw, json)
Hash identifier:          KdDBNYu+2s+GXzzH9jyFU+d23qiOfHTp4pJ2wnZUuCM=
Subject key identifier:   1A:3E:97:0E:D6:27:71:34:3A:09:6F:FB:2E:FC:26:AB:B7:ED:68:AF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC40A89958CEEE22E8137F08C0D814
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/1b/0f7092-e3a4-470b-85a5-d489094c6604/1/Gj6XDtYncTQ6CW_7Lvwmq7ftaK8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/1b/0f7092-e3a4-470b-85a5-d489094c6604/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 39771
                          IP: 193.227.136.0/21
                          IP: 194.4.72.0 -- 194.4.99.255
                          IP: 195.42.0.0/18

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:40:a8:99:58:ce:ee:22:e8:13:7f:08:c0:d8:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a3e970ed62771343a096ffb2efc26abb7ed68af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d8:1d:dc:6d:6d:a2:39:5b:40:7e:15:7a:89:
                    72:55:02:ca:15:de:60:99:85:94:6b:d9:76:08:37:
                    a1:88:f3:d5:97:d5:e1:d9:df:08:95:45:d1:e2:7d:
                    ee:78:fc:24:c1:f0:0d:2b:27:ba:7e:34:40:33:bb:
                    85:27:99:42:6b:ff:ef:48:2b:32:b6:c7:e1:c3:28:
                    8b:6e:f1:4a:0c:29:3e:1f:60:3f:8c:3b:c2:05:34:
                    96:69:e7:3f:8e:42:e2:08:5d:0b:ab:e6:35:b1:86:
                    7b:f1:d5:c0:f0:ee:ff:71:2c:17:10:5e:d9:2d:54:
                    77:ae:7f:7c:87:62:7b:f8:52:77:a7:6a:0f:5d:cc:
                    40:61:da:b6:fa:5d:91:e8:29:9e:fd:5c:ee:84:52:
                    67:40:4f:33:c8:68:c6:cf:33:4c:1e:8e:70:20:90:
                    3c:9f:c9:37:f1:21:59:e0:be:02:b6:6d:30:5b:bc:
                    e8:c4:c9:87:14:2b:5a:a8:32:43:bc:c5:32:79:ba:
                    55:45:bc:3a:f6:4b:25:1b:8b:ae:cd:03:11:68:d4:
                    00:74:46:08:f6:ae:ef:3b:e1:62:55:91:41:d5:91:
                    6d:04:15:af:ac:9c:c4:1c:b4:08:f6:25:60:2a:41:
                    90:fd:9e:49:a9:ba:0a:a0:e2:2a:6e:cb:ec:68:00:
                    ab:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:3E:97:0E:D6:27:71:34:3A:09:6F:FB:2E:FC:26:AB:B7:ED:68:AF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/0f7092-e3a4-470b-85a5-d489094c6604/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/0f7092-e3a4-470b-85a5-d489094c6604/1/Gj6XDtYncTQ6CW_7Lvwmq7ftaK8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.227.136.0/21
                  194.4.72.0-194.4.99.255
                  195.42.0.0/18

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39771

    Signature Algorithm: sha256WithRSAEncryption
         8f:d3:94:41:5d:ad:70:b6:0d:05:41:c5:16:ca:05:77:a1:81:
         0d:98:8a:e1:a2:e9:6b:78:46:1f:63:81:55:4c:d8:20:02:5a:
         60:4d:39:ed:f6:db:a6:d9:66:ac:1c:bc:4f:f4:63:0c:cf:12:
         7a:f6:4f:2a:99:32:c5:2c:32:dd:ce:49:31:e6:ed:fe:fc:96:
         55:5d:13:9b:ba:3d:08:55:e4:d4:30:e3:f1:0e:98:4c:ac:7e:
         7e:f4:44:9b:56:fe:f5:97:2a:a8:54:c6:35:e2:e4:94:b7:c3:
         19:1b:ff:9d:48:32:7f:33:b1:96:60:fe:2d:ff:3e:65:92:e4:
         88:c3:ed:04:86:b1:6f:a0:d0:da:01:2e:04:72:3c:f0:02:25:
         26:95:e9:36:35:a7:76:00:45:bc:a1:9c:eb:10:f3:5d:65:93:
         b0:f3:26:af:10:cf:78:25:4a:f1:e8:22:ba:0c:f0:84:7e:38:
         05:d8:a2:ec:73:59:7c:f8:07:04:6d:45:de:1e:28:07:40:02:
         2f:87:20:5d:4c:dd:89:58:47:9b:3f:7d:32:d6:30:3a:81:2b:
         48:a7:e3:37:dc:d6:e6:73:04:ea:43:fb:88:d1:51:32:45:80:
         5c:a6:15:f8:5e:16:ec:4e:97:04:b1:c2:9c:5c:5c:c9:05:05:
         db:38:74:8b
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAYzF3EComVjO7iLoE38IwNgUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTNlOTcwZWQ2Mjc3MTM0M2EwOTZmZmIyZWZjMjZhYmI3ZWQ2OGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA49gd3G1tojlbQH4VeolyVQLKFd5g
mYWUa9l2CDehiPPVl9Xh2d8IlUXR4n3uePwkwfANKye6fjRAM7uFJ5lCa//vSCsy
tsfhwyiLbvFKDCk+H2A/jDvCBTSWaec/jkLiCF0Lq+Y1sYZ78dXA8O7/cSwXEF7Z
LVR3rn98h2J7+FJ3p2oPXcxAYdq2+l2R6Cme/VzuhFJnQE8zyGjGzzNMHo5wIJA8
n8k38SFZ4L4Ctm0wW7zoxMmHFCtaqDJDvMUyebpVRbw69kslG4uuzQMRaNQAdEYI
9q7vO+FiVZFB1ZFtBBWvrJzEHLQI9iVgKkGQ/Z5JqboKoOIqbsvsaACrPwIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFBo+lw7WJ3E0Oglv+y78Jqu37WivMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzFiLzBmNzA5
Mi1lM2E0LTQ3MGItODVhNS1kNDg5MDk0YzY2MDQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWIvMGY3MDky
LWUzYTQtNDcwYi04NWE1LWQ0ODkwOTRjNjYwNC8xL0dqNlhEdFluY1RRNkNXXzdM
dndtcTdmdGFLOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDMGCCsGAQUF
BwEHAQH/BCQwIjAgBAIAATAaAwQDweOIMAwDBAPCBEgDBALCBGADBAbDKgAwGgYI
KwYBBQUHAQgBAf8ECzAJoAcwBQIDAJtbMA0GCSqGSIb3DQEBCwUAA4IBAQCP05RB
Xa1wtg0FQcUWygV3oYENmIrhoulreEYfY4FVTNggAlpgTTnt9tum2WasHLxP9GMM
zxJ69k8qmTLFLDLdzkkx5u3+/JZVXRObuj0IVeTUMOPxDphMrH5+9ESbVv71lyqo
VMY14uSUt8MZG/+dSDJ/M7GWYP4t/z5lkuSIw+0EhrFvoNDaAS4EcjzwAiUmlek2
Nad2AEW8oZzrEPNdZZOw8yavEM94JUrx6CK6DPCEfjgF2KLsc1l8+AcEbUXeHigH
QAIvhyBdTN2JWEebP30y1jA6gStIp+M33NbmcwTqQ/uI0VEyRYBcphX4XhbsTpcE
scKcXFzJBQXbOHSL
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:28:44 2024 by rpki-client on console-fra.rpki-client.org