Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/IoNxG9erE9o9EfJbtXpPSDwfmaw.cer
File:                     IoNxG9erE9o9EfJbtXpPSDwfmaw.cer (raw, json)
Hash identifier:          6fUIkn+MJpAq0x0/cB+AoY5/Rt3EK13qF3vJ0Wl8XnQ=
Subject key identifier:   22:83:71:1B:D7:AB:13:DA:3D:11:F2:5B:B5:7A:4F:48:3C:1F:99:AC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94CCDE06379087A8429773B0538300A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/IoNxG9erE9o9EfJbtXpPSDwfmaw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:31:43 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.8.52.0/22
                          IP: 185.139.244.0/22
                          IP: 2a02:d940::/29
                          IP: 2a07:18c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:cd:e0:63:79:08:7a:84:29:77:3b:05:38:30:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:31:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2283711bd7ab13da3d11f25bb57a4f483c1f99ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a7:6a:bb:a3:bb:d4:8f:d7:3a:95:d3:c8:6e:
                    c8:6b:e1:af:06:a4:4d:92:fb:e9:9d:23:50:9c:1b:
                    76:66:ba:fd:38:a5:b7:57:7d:f8:b6:8c:d4:e7:11:
                    ba:6a:0a:1e:c5:3c:c9:21:1c:28:51:61:78:9a:cc:
                    ca:c5:f9:03:01:ff:fe:41:95:76:9c:03:50:0e:78:
                    0a:a1:3f:62:ae:97:6a:5a:92:4b:8b:b2:73:8c:73:
                    08:dc:31:42:07:b6:5e:88:a2:21:d0:b2:18:28:24:
                    69:86:75:3e:a7:8b:5f:ff:90:0d:bc:61:08:11:2f:
                    cd:9e:98:63:97:c4:bf:33:be:65:44:35:fd:8d:34:
                    fe:98:20:04:61:33:d1:98:d5:a3:12:d7:4b:63:5e:
                    d8:37:4c:1f:25:79:d2:50:23:d5:5e:46:6e:8f:32:
                    d8:78:1a:b3:8b:6b:90:39:bb:52:60:c4:a8:29:44:
                    71:5a:82:ca:eb:21:09:cc:b0:3f:a1:61:99:15:62:
                    89:83:56:53:e0:85:16:aa:2c:4c:e2:5c:92:62:56:
                    64:1d:e8:ed:a3:73:1f:fe:5a:56:f9:4c:16:1b:9c:
                    f4:c4:60:fb:d0:99:8d:dd:fd:b9:59:58:eb:69:dd:
                    78:23:f8:bb:5a:39:e5:8f:93:a5:4b:08:41:c2:94:
                    87:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:83:71:1B:D7:AB:13:DA:3D:11:F2:5B:B5:7A:4F:48:3C:1F:99:AC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/9cbe88-3e75-42ef-b871-5ee76f0f64e2/1/IoNxG9erE9o9EfJbtXpPSDwfmaw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.8.52.0/22
                  185.139.244.0/22
                IPv6:
                  2a02:d940::/29
                  2a07:18c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:63:12:be:5c:9f:14:f7:3d:e7:5f:98:9d:39:6a:4b:aa:40:
         ad:6e:45:38:6f:05:11:47:d3:af:97:e5:c9:81:2e:06:c4:ce:
         d2:e1:54:30:f1:04:cc:16:0d:63:ce:93:10:cb:a4:98:af:64:
         49:5f:10:8e:75:d6:45:8d:aa:08:a8:3c:09:96:17:83:34:63:
         03:bf:82:1e:a5:09:dc:fb:40:ba:b0:4d:1f:8d:5a:7c:21:36:
         ba:bc:6d:74:27:fd:5f:05:6f:20:1b:9f:84:2a:27:44:c6:36:
         41:4e:85:3a:42:b8:3a:e6:79:5b:84:88:db:df:3d:24:29:48:
         e2:4b:ca:4c:99:95:07:60:2e:73:31:51:a5:64:c6:9b:48:85:
         96:af:78:c1:da:d0:e7:60:81:63:29:97:1e:92:ef:02:a2:5f:
         02:fe:48:c6:b0:9c:e1:18:57:8f:bd:b5:ca:38:e0:32:1d:2d:
         fe:05:0a:fc:e2:90:a1:4d:9f:ad:b7:5b:43:aa:0d:9d:33:cf:
         c9:76:bd:bc:b8:f6:53:97:eb:6f:40:1d:80:69:5c:74:73:70:
         fe:1d:62:a4:73:36:13:8f:b0:3d:17:03:f9:cb:6c:50:60:fc:
         14:bc:5d:a7:5f:3a:bb:4f:70:f1:de:5e:d5:7b:4d:ed:62:1a:
         43:5b:84:9f
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzJTM3gY3kIeoQpdzsFODAKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjgzNzExYmQ3YWIxM2RhM2QxMWYyNWJiNTdhNGY0ODNjMWY5OWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6dqu6O71I/XOpXTyG7Ia+GvBqRN
kvvpnSNQnBt2Zrr9OKW3V334tozU5xG6agoexTzJIRwoUWF4mszKxfkDAf/+QZV2
nANQDngKoT9irpdqWpJLi7JzjHMI3DFCB7ZeiKIh0LIYKCRphnU+p4tf/5ANvGEI
ES/Nnphjl8S/M75lRDX9jTT+mCAEYTPRmNWjEtdLY17YN0wfJXnSUCPVXkZujzLY
eBqzi2uQObtSYMSoKURxWoLK6yEJzLA/oWGZFWKJg1ZT4IUWqixM4lySYlZkHejt
o3Mf/lpW+UwWG5z0xGD70JmN3f25WVjrad14I/i7Wjnlj5OlSwhBwpSHCwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFCKDcRvXqxPaPRHyW7V6T0g8H5msMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI1LzljYmU4
OC0zZTc1LTQyZWYtYjg3MS01ZWU3NmYwZjY0ZTIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUvOWNiZTg4
LTNlNzUtNDJlZi1iODcxLTVlZTc2ZjBmNjRlMi8xL0lvTnhHOWVyRTlvOUVmSmJ0
WHBQU0R3Zm1hdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDsGCCsGAQUF
BwEHAQH/BCwwKjASBAIAATAMAwQCuQg0AwQCuYv0MBQEAgACMA4DBQMqAtlAAwUD
KgcYwDANBgkqhkiG9w0BAQsFAAOCAQEAZWMSvlyfFPc951+YnTlqS6pArW5FOG8F
EUfTr5flyYEuBsTO0uFUMPEEzBYNY86TEMukmK9kSV8QjnXWRY2qCKg8CZYXgzRj
A7+CHqUJ3PtAurBNH41afCE2urxtdCf9XwVvIBufhConRMY2QU6FOkK4OuZ5W4SI
2989JClI4kvKTJmVB2AuczFRpWTGm0iFlq94wdrQ52CBYymXHpLvAqJfAv5IxrCc
4RhXj721yjjgMh0t/gUK/OKQoU2frbdbQ6oNnTPPyXa9vLj2U5frb0AdgGlcdHNw
/h1ipHM2E4+wPRcD+ctsUGD8FLxdp186u09w8d5e1XtN7WIaQ1uEnw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:14:09 2024 by rpki-client on console-ams.rpki-client.org