Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HQx-e7J8UzqZfSd8rdQX7HvShPA.cer
File:                     HQx-e7J8UzqZfSd8rdQX7HvShPA.cer (raw, json)
Hash identifier:          GVre42iudKeQk/rSNOg7bJ7XqPCsk78pzavWj0PXKd0=
Subject key identifier:   1D:0C:7E:7B:B2:7C:53:3A:99:7D:27:7C:AD:D4:17:EC:7B:D2:84:F0
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA9944C9CA2A93190F06B4D4397F616B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/HQx-e7J8UzqZfSd8rdQX7HvShPA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:34:51 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 207614
                          IP: 45.128.236.0/22
                          IP: 185.133.4.0/22
                          IP: 185.238.84.0/22
                          IP: 2a0f:4200::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:44:c9:ca:2a:93:19:0f:06:b4:d4:39:7f:61:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:34:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d0c7e7bb27c533a997d277cadd417ec7bd284f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:d8:ed:46:01:0c:ab:63:12:1d:0e:09:c9:cd:
                    fb:0e:d8:da:ca:13:0d:b1:ac:54:8e:b7:20:f0:51:
                    d7:fe:fc:99:b3:96:2f:f3:c5:74:d5:23:aa:66:7d:
                    cf:45:2f:b2:b9:f7:cf:7b:a8:47:aa:94:cc:00:1f:
                    66:54:93:03:cc:97:0a:55:3a:59:c6:19:66:94:e9:
                    ea:18:90:a9:4b:f3:c4:0c:06:f0:f2:d8:16:83:d9:
                    cc:22:d8:c4:d0:42:3c:dd:a2:ed:a7:ae:24:ff:ff:
                    22:f4:76:64:9a:e7:bc:6e:c8:19:86:60:e1:a3:bb:
                    05:5f:af:08:98:fb:ac:13:04:30:49:0d:92:d3:9b:
                    9d:a6:34:e2:0c:5a:a1:11:04:c6:57:a1:03:10:64:
                    16:af:67:56:eb:89:6d:71:4b:01:5c:9f:dc:ad:e9:
                    ff:4a:51:37:78:5f:c7:92:9b:c7:aa:ba:75:cf:6c:
                    8d:26:b6:97:48:b2:92:df:a4:90:fb:f7:1a:c2:59:
                    25:86:c9:cb:cd:33:a4:65:e5:12:cd:2c:c9:7e:00:
                    fa:c8:d3:de:92:ba:72:1b:fe:db:d7:54:d5:45:c8:
                    13:ef:bc:b8:cc:2e:6b:39:c7:99:a5:ac:a2:0e:c0:
                    a1:21:16:f8:43:6f:eb:c0:23:ad:ee:ce:26:a9:09:
                    7b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:0C:7E:7B:B2:7C:53:3A:99:7D:27:7C:AD:D4:17:EC:7B:D2:84:F0
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/ddd349-ac50-43e5-a88a-b28f07b2f45b/1/HQx-e7J8UzqZfSd8rdQX7HvShPA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.236.0/22
                  185.133.4.0/22
                  185.238.84.0/22
                IPv6:
                  2a0f:4200::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  207614

    Signature Algorithm: sha256WithRSAEncryption
         27:a6:2d:c5:6b:e5:8c:bd:35:4d:a2:fa:df:13:6f:9f:64:a2:
         59:cc:78:0b:45:54:f3:e3:e4:0c:20:d7:12:7d:30:d8:b7:06:
         cc:e2:a3:f2:84:a1:39:e4:ea:99:b4:e4:82:13:52:26:47:31:
         07:7d:78:0c:68:7f:e9:fd:2c:9b:39:e0:e9:ff:9f:3c:0d:a6:
         03:b6:d0:3b:5a:99:61:1c:2f:20:dd:0a:f6:4f:32:10:5e:eb:
         ec:35:29:23:d9:a0:ff:80:ef:43:c8:9e:b3:d5:27:65:5b:ff:
         a5:ea:05:35:95:1d:37:22:4f:fb:63:6b:0a:21:fe:df:09:96:
         81:18:fc:6a:26:01:bf:33:d8:74:e4:a5:4d:56:8c:00:34:b8:
         c4:15:be:85:f3:43:84:31:5e:3b:86:23:7c:bd:ae:10:fb:df:
         a3:5c:f4:66:ac:61:a4:78:67:d0:8e:df:dc:69:4f:58:f0:ac:
         92:fc:a8:c9:41:8a:c9:e7:f4:ac:a6:a7:49:3a:76:d0:a9:5c:
         7e:e2:f4:8a:18:b8:f9:87:90:7e:1e:00:2d:41:3d:51:d9:18:
         f1:6d:79:b6:30:65:af:47:54:19:8f:32:a4:a1:f7:5f:5e:13:
         ed:50:63:5f:d9:99:67:fd:d8:41:d0:8a:4f:70:7c:f1:81:77:
         7a:07:8a:af
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgISAYzKmUTJyiqTGQ8GtNQ5f2FrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzNDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDBjN2U3YmIyN2M1MzNhOTk3ZDI3N2NhZGQ0MTdlYzdiZDI4NGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3tjtRgEMq2MSHQ4Jyc37DtjayhMN
saxUjrcg8FHX/vyZs5Yv88V01SOqZn3PRS+yuffPe6hHqpTMAB9mVJMDzJcKVTpZ
xhlmlOnqGJCpS/PEDAbw8tgWg9nMItjE0EI83aLtp64k//8i9HZkmue8bsgZhmDh
o7sFX68ImPusEwQwSQ2S05udpjTiDFqhEQTGV6EDEGQWr2dW64ltcUsBXJ/cren/
SlE3eF/HkpvHqrp1z2yNJraXSLKS36SQ+/cawlklhsnLzTOkZeUSzSzJfgD6yNPe
krpyG/7b11TVRcgT77y4zC5rOceZpayiDsChIRb4Q2/rwCOt7s4mqQl7JwIDAQAB
o4ICuzCCArcwHQYDVR0OBBYEFB0MfnuyfFM6mX0nfK3UF+x70oTwMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MwL2RkZDM0
OS1hYzUwLTQzZTUtYTg4YS1iMjhmMDdiMmY0NWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAvZGRkMzQ5
LWFjNTAtNDNlNS1hODhhLWIyOGYwN2IyZjQ1Yi8xL0hReC1lN0o4VXpxWmZTZDhy
ZFFYN0h2U2hQQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDoGCCsGAQUF
BwEHAQH/BCswKTAYBAIAATASAwQCLYDsAwQCuYUEAwQCue5UMA0EAgACMAcDBQMq
D0IAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMq/jANBgkqhkiG9w0BAQsFAAOC
AQEAJ6YtxWvljL01TaL63xNvn2SiWcx4C0VU8+PkDCDXEn0w2LcGzOKj8oShOeTq
mbTkghNSJkcxB314DGh/6f0smzng6f+fPA2mA7bQO1qZYRwvIN0K9k8yEF7r7DUp
I9mg/4DvQ8ies9UnZVv/peoFNZUdNyJP+2NrCiH+3wmWgRj8aiYBvzPYdOSlTVaM
ADS4xBW+hfNDhDFeO4YjfL2uEPvfo1z0ZqxhpHhn0I7f3GlPWPCskvyoyUGKyef0
rKanSTp20KlcfuL0ihi4+YeQfh4ALUE9UdkY8W15tjBlr0dUGY8ypKH3X14T7VBj
X9mZZ/3YQdCKT3B88YF3egeKrw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:17:08 2024 by rpki-client on console-fra.rpki-client.org