Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
File:                     Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer (raw, json)
Hash identifier:          l7JkdB8ylFoVTodvDAdi/6NkMjYOPeEsms1+gUWbodw=
Subject key identifier:   1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B917C67B142B1635A723656D747EA4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:31:08 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 204171
                          IP: 2.59.180.0/22
                          IP: 45.156.144.0/22
                          IP: 185.103.120.0/22
                          IP: 2a06:2bc0::/29
                          IP: 2a09:f740::/29
                          IP: 2a0f:2280::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 Mar 2024 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:17:c6:7b:14:2b:16:35:a7:23:65:6d:74:7e:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d5:ba:da:7f:53:76:e0:4d:d5:ed:80:29:e0:
                    4b:e6:de:34:2a:92:d4:f2:0e:5e:82:42:38:0b:48:
                    e2:ba:06:bf:cb:7d:dc:cc:b6:77:f8:37:52:17:19:
                    1f:2e:07:75:ca:a5:fa:5e:61:72:a3:98:0d:96:42:
                    f9:d6:a4:5e:70:6f:29:fe:17:52:2f:8e:bd:4d:57:
                    e1:72:a9:2d:3b:5d:90:d9:fe:ae:6b:1d:33:0b:2d:
                    49:83:9d:68:80:46:da:d3:f4:a5:d1:b5:15:ae:3d:
                    54:8a:74:ff:34:09:d7:ef:f2:de:9f:44:c9:11:7d:
                    9c:2c:70:98:73:99:4a:8d:ec:87:8c:a9:9f:6d:f5:
                    32:20:19:ce:48:21:7e:99:62:97:60:06:92:c4:9c:
                    86:56:8e:37:ba:db:6e:c3:ce:d5:7a:cc:10:48:f1:
                    66:3b:13:1b:60:9f:dd:3d:ec:e3:75:ee:a9:6b:94:
                    d3:63:68:b5:2d:9b:b0:7c:dc:e7:67:66:f9:9a:c5:
                    20:e7:a4:5f:7a:61:de:7b:f1:02:1a:d0:33:4d:7a:
                    9b:3e:b5:4d:35:96:34:84:f2:d9:42:6b:c1:63:ae:
                    2c:38:28:0d:4e:48:9e:01:f7:bd:af:4a:a1:2b:34:
                    5a:fa:7f:80:03:22:4e:79:e0:8e:19:6a:35:8d:2c:
                    5b:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.59.180.0/22
                  45.156.144.0/22
                  185.103.120.0/22
                IPv6:
                  2a06:2bc0::/29
                  2a09:f740::/29
                  2a0f:2280::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204171

    Signature Algorithm: sha256WithRSAEncryption
         84:1a:5f:80:3b:b4:7a:6c:8a:b8:e4:48:b2:54:9f:46:e9:1c:
         b4:08:8f:14:88:ea:eb:34:a7:68:80:af:52:c9:6f:f6:47:9a:
         59:fe:44:66:ba:ed:ba:38:07:73:e7:cf:1b:8a:31:9f:e0:4f:
         94:af:c2:75:d0:c9:c9:34:d4:a6:f2:88:35:cb:85:b6:c9:aa:
         f5:60:58:20:c5:5a:ec:cb:0d:bd:81:75:1a:72:bc:07:18:4a:
         0d:0c:ad:c9:12:d3:32:9d:9e:b9:43:0e:65:24:2b:98:31:e3:
         eb:9d:3d:5b:58:f5:b1:61:01:2a:83:8e:92:c5:68:09:c1:cb:
         c2:17:fb:88:f1:6c:19:78:ca:33:21:8a:cf:d9:24:da:60:3a:
         c2:1a:fe:ce:58:fa:16:1f:16:b0:81:75:12:af:9d:d0:09:9b:
         b3:92:27:fa:3b:72:fe:d7:21:9c:f0:07:d6:b1:76:55:41:aa:
         06:cd:20:6c:47:0e:41:c9:4e:a8:a6:3b:3b:52:78:a3:78:d1:
         21:26:b4:27:10:bd:f5:cd:ab:00:fa:7c:83:17:1c:dc:f2:f4:
         5d:93:89:02:d3:60:cd:0e:d0:a8:65:07:06:53:9d:a4:1b:79:
         da:02:1f:0d:ec:b6:b8:4f:3d:33:38:ea:cf:d1:c2:04:38:b7:
         56:25:e1:6f
-----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgISAYzGuRfGexQrFjWnI2VtdH6kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTdmMDM2ZTI1OTIzOTFmYjQ1YTNkZDMzY2FmMGIwNzk1Njk3M2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtW62n9TduBN1e2AKeBL5t40KpLU
8g5egkI4C0jiuga/y33czLZ3+DdSFxkfLgd1yqX6XmFyo5gNlkL51qRecG8p/hdS
L469TVfhcqktO12Q2f6uax0zCy1Jg51ogEba0/Sl0bUVrj1UinT/NAnX7/Len0TJ
EX2cLHCYc5lKjeyHjKmfbfUyIBnOSCF+mWKXYAaSxJyGVo43uttuw87VeswQSPFm
OxMbYJ/dPezjde6pa5TTY2i1LZuwfNznZ2b5msUg56RfemHee/ECGtAzTXqbPrVN
NZY0hPLZQmvBY64sOCgNTkieAfe9r0qhKzRa+n+AAyJOeeCOGWo1jSxbCwIDAQAB
o4ICyTCCAsUwHQYDVR0OBBYEFBp/A24lkjkftFo90zyvCweVaXPPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VkLzI0YmUx
YS0xNmRhLTQ4MWMtOGJjYi0zNDBkNjI1YzZkYmEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvMjRiZTFh
LTE2ZGEtNDgxYy04YmNiLTM0MGQ2MjVjNmRiYS8xL0duOERiaVdTT1ItMFdqM1RQ
SzhMQjVWcGM4OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEgGCCsGAQUF
BwEHAQH/BDkwNzAYBAIAATASAwQCAju0AwQCLZyQAwQCuWd4MBsEAgACMBUDBQMq
BivAAwUDKgn3QAMFAyoPIoAwGgYIKwYBBQUHAQgBAf8ECzAJoAcwBQIDAx2LMA0G
CSqGSIb3DQEBCwUAA4IBAQCEGl+AO7R6bIq45EiyVJ9G6Ry0CI8UiOrrNKdogK9S
yW/2R5pZ/kRmuu26OAdz588bijGf4E+Ur8J10MnJNNSm8og1y4W2yar1YFggxVrs
yw29gXUacrwHGEoNDK3JEtMynZ65Qw5lJCuYMePrnT1bWPWxYQEqg46SxWgJwcvC
F/uI8WwZeMozIYrP2STaYDrCGv7OWPoWHxawgXUSr53QCZuzkif6O3L+1yGc8AfW
sXZVQaoGzSBsRw5ByU6opjs7UnijeNEhJrQnEL31zasA+nyDFxzc8vRdk4kC02DN
DtCoZQcGU52kG3naAh8N7La4Tz0zOOrP0cIEOLdWJeFv
-----END CERTIFICATE-----
Generated at Thu Mar 28 06:33:02 2024 by rpki-client on console-ams.rpki-client.org