Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Iqs7vLPNUyaosST8ld7RRFN1L6I.cer
File:                     Iqs7vLPNUyaosST8ld7RRFN1L6I.cer (raw, json)
Hash identifier:          NcBvAUd+zdgDx3vt5xYeriuKpRDGUwjgNn3+hzR6jgw=
Subject key identifier:   22:AB:3B:BC:B3:CD:53:26:A8:B1:24:FC:95:DE:D1:44:53:75:2F:A2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94E51904E0284CEAEC41E7342F56832
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2c/392489-7337-4bd7-95ae-fa8a5e86b348/1/Iqs7vLPNUyaosST8ld7RRFN1L6I.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2c/392489-7337-4bd7-95ae-fa8a5e86b348/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:33:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 30931
                          IP: 91.223.203.0/24
                          IP: 91.223.218.0/24
                          IP: 193.30.41.0/24
                          IP: 194.107.118.0/24
                          IP: 195.234.39.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:51:90:4e:02:84:ce:ae:c4:1e:73:42:f5:68:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22ab3bbcb3cd5326a8b124fc95ded14453752fa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:47:f0:cd:95:77:3b:4a:90:ed:02:57:4b:ac:
                    fd:67:30:47:81:d5:fa:1c:20:db:c0:7e:76:c8:96:
                    2a:3b:39:36:c3:b0:c6:9a:a0:27:2d:d9:b9:f2:46:
                    7f:9c:89:8e:04:2f:54:af:03:87:58:b9:41:83:64:
                    9b:f5:89:24:41:64:d1:55:82:af:55:32:b3:3a:3c:
                    ad:51:77:4c:07:1e:87:ec:fa:9e:a7:be:46:25:f9:
                    f8:a6:da:a1:fe:27:4a:5b:05:9e:f2:49:64:18:f0:
                    9f:cf:ed:55:d7:76:61:39:32:5c:49:74:c3:e3:9e:
                    09:92:89:06:a7:2f:e7:f4:82:be:c9:0a:0f:f3:08:
                    3d:bf:78:bc:cd:b1:ae:9d:af:86:d2:67:f1:80:9c:
                    ad:9d:10:19:7c:ab:9b:0f:ac:a0:66:3c:d7:14:77:
                    ba:be:09:d5:20:7d:f1:8c:04:cd:35:20:ef:55:39:
                    78:fe:ad:e1:7d:ed:c4:e0:b0:63:7a:5a:64:43:ae:
                    f7:7c:68:17:2b:8f:23:6b:db:20:76:ca:38:8a:c0:
                    16:7e:ac:49:91:e6:8d:7a:b1:1b:3c:cb:9e:cf:ef:
                    97:ed:5d:01:22:db:0b:36:a5:26:2d:ad:51:e9:5a:
                    f5:2d:f2:13:ab:d2:1a:db:76:0f:e4:bd:41:e7:10:
                    db:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:AB:3B:BC:B3:CD:53:26:A8:B1:24:FC:95:DE:D1:44:53:75:2F:A2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/392489-7337-4bd7-95ae-fa8a5e86b348/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/392489-7337-4bd7-95ae-fa8a5e86b348/1/Iqs7vLPNUyaosST8ld7RRFN1L6I.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.203.0/24
                  91.223.218.0/24
                  193.30.41.0/24
                  194.107.118.0/24
                  195.234.39.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  30931

    Signature Algorithm: sha256WithRSAEncryption
         34:29:02:63:ac:1f:28:7d:42:7f:0d:33:69:e4:63:d1:ed:7a:
         91:a6:6e:fd:d5:99:4f:b6:9b:c3:92:06:75:89:76:11:b3:b2:
         6b:20:14:83:02:eb:c3:e0:f5:4e:9a:23:42:bd:85:08:64:1d:
         96:26:fa:a2:11:45:8a:6f:0e:1d:23:c1:80:6f:2f:42:55:39:
         dd:bc:8f:87:cf:59:5d:b0:76:f1:77:ca:bd:bc:2f:ad:5e:ee:
         0b:03:db:dc:61:5e:72:41:60:79:cc:cd:b3:11:21:f7:94:df:
         3c:f4:1d:e3:26:3d:b0:08:ea:4c:32:08:0e:d0:e1:22:40:aa:
         4a:f9:a6:9f:77:66:0e:62:58:cc:ad:56:ca:03:19:57:3f:a8:
         e2:80:66:55:b1:f1:2a:bb:cc:60:56:d1:0a:5f:c0:89:7b:c5:
         cc:8f:ce:78:f6:7e:aa:48:80:af:64:5f:0e:ad:31:21:b4:39:
         4b:d2:eb:5b:4f:29:b7:bc:58:d5:ab:9d:2c:4a:99:ae:9c:8f:
         32:4c:d6:8a:60:78:2f:bd:64:09:6d:1e:e1:45:d7:da:c3:5c:
         1d:27:96:f0:79:32:15:87:54:24:21:47:6c:a4:2f:05:72:f6:
         c9:be:52:a9:14:22:39:90:b0:19:f4:a6:e0:b6:e2:59:34:a6:
         f6:7a:4c:a3
-----BEGIN CERTIFICATE-----
MIIFqzCCBJOgAwIBAgISAYzJTlGQTgKEzq7EHnNC9WgyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmFiM2JiY2IzY2Q1MzI2YThiMTI0ZmM5NWRlZDE0NDUzNzUyZmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5UfwzZV3O0qQ7QJXS6z9ZzBHgdX6
HCDbwH52yJYqOzk2w7DGmqAnLdm58kZ/nImOBC9UrwOHWLlBg2Sb9YkkQWTRVYKv
VTKzOjytUXdMBx6H7Pqep75GJfn4ptqh/idKWwWe8klkGPCfz+1V13ZhOTJcSXTD
454JkokGpy/n9IK+yQoP8wg9v3i8zbGuna+G0mfxgJytnRAZfKubD6ygZjzXFHe6
vgnVIH3xjATNNSDvVTl4/q3hfe3E4LBjelpkQ673fGgXK48ja9sgdso4isAWfqxJ
keaNerEbPMuez++X7V0BItsLNqUmLa1R6Vr1LfITq9Ia23YP5L1B5xDb3QIDAQAB
o4ICtzCCArMwHQYDVR0OBBYEFCKrO7yzzVMmqLEk/JXe0URTdS+iMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJjLzM5MjQ4
OS03MzM3LTRiZDctOTVhZS1mYThhNWU4NmIzNDgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMvMzkyNDg5
LTczMzctNGJkNy05NWFlLWZhOGE1ZTg2YjM0OC8xL0lxczd2TFBOVXlhb3NTVDhs
ZDdSUkZOMUw2SS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDcGCCsGAQUF
BwEHAQH/BCgwJjAkBAIAATAeAwQAW9/LAwQAW9/aAwQAwR4pAwQAwmt2AwQAw+on
MBkGCCsGAQUFBwEIAQH/BAowCKAGMAQCAnjTMA0GCSqGSIb3DQEBCwUAA4IBAQA0
KQJjrB8ofUJ/DTNp5GPR7XqRpm791ZlPtpvDkgZ1iXYRs7JrIBSDAuvD4PVOmiNC
vYUIZB2WJvqiEUWKbw4dI8GAby9CVTndvI+Hz1ldsHbxd8q9vC+tXu4LA9vcYV5y
QWB5zM2zESH3lN889B3jJj2wCOpMMggO0OEiQKpK+aafd2YOYljMrVbKAxlXP6ji
gGZVsfEqu8xgVtEKX8CJe8XMj8549n6qSICvZF8OrTEhtDlL0utbTym3vFjVq50s
SpmunI8yTNaKYHgvvWQJbR7hRdfaw1wdJ5bweTIVh1QkIUdspC8FcvbJvlKpFCI5
kLAZ9KbgtuJZNKb2ekyj
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:48:07 2024 by rpki-client on console-ams.rpki-client.org