Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JOU3iL1O-iOxqCB7fnSo4cxnewA.cer
File:                     JOU3iL1O-iOxqCB7fnSo4cxnewA.cer (raw, json)
Hash identifier:          wR8BbNel/fUENcJOkoo3H3mcT5fMhZbTQxDGLj7dF9Q=
Subject key identifier:   24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4268CF7CDAA2F7F15A59A9B516C55FD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:31:49 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 44838
                          IP: 46.183.24.0/21
                          IP: 91.203.40.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:26:8c:f7:cd:aa:2f:7f:15:a5:9a:9b:51:6c:55:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:31:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=24e53788bd4efa23b1a8207b7e74a8e1cc677b00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fb:bc:72:7c:8b:16:47:fe:62:30:c8:4c:26:
                    04:f7:cf:83:16:08:b1:f0:14:53:b7:7c:5c:d4:15:
                    97:51:d2:74:29:b5:68:b3:51:0a:c7:e7:f8:66:a0:
                    33:84:72:aa:f0:3f:36:f6:6d:ac:7f:bc:a2:23:c4:
                    da:a5:d5:27:68:24:e4:af:43:6a:78:76:a6:7b:f3:
                    09:7f:d1:ea:45:4a:cf:54:9b:39:8f:54:16:0f:7a:
                    53:04:81:a0:42:48:29:6e:ac:02:f3:07:2b:59:30:
                    6d:b9:f5:45:83:eb:ce:b1:73:c2:b8:33:8a:0f:56:
                    4e:d7:38:25:a2:1c:13:fc:83:0a:b1:28:ce:7c:b9:
                    ea:5c:ef:dc:fa:5c:9d:01:90:c5:b9:13:a2:b3:d0:
                    38:2f:ec:ef:7a:bb:dc:d3:64:fa:ee:3e:3b:1f:cd:
                    69:87:7c:cf:38:bc:d4:76:46:08:8c:3b:0c:4b:0b:
                    e9:7e:12:3a:7a:f5:28:94:9e:57:fd:e0:13:e0:88:
                    d2:7a:3f:de:ce:0a:15:12:a6:02:a9:af:5f:16:e8:
                    09:6a:73:06:a9:ca:01:20:33:4e:31:5b:f3:6f:0c:
                    a7:44:0a:66:f0:98:9a:62:eb:9c:45:0d:77:10:01:
                    8a:1a:3e:46:22:df:de:4e:aa:df:ff:cd:5b:19:70:
                    d1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:E5:37:88:BD:4E:FA:23:B1:A8:20:7B:7E:74:A8:E1:CC:67:7B:00
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/16acb9a0-6d1e-4ae4-9177-d938e9804395/0/24E53788BD4EFA23B1A8207B7E74A8E1CC677B00.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.24.0/21
                  91.203.40.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  44838

    Signature Algorithm: sha256WithRSAEncryption
         0b:70:a8:7c:37:ed:0b:c5:93:cb:dc:57:91:f5:1c:8b:53:1e:
         f6:c3:89:ec:36:58:0f:2f:4b:2a:f3:1c:5f:b6:9c:ea:ed:72:
         9f:f6:d7:13:62:6b:59:59:22:cb:7f:4d:3a:5c:a7:21:4a:b3:
         77:c5:e4:43:dc:60:30:df:28:f5:7c:2c:02:91:29:e5:67:6d:
         55:c4:8b:0f:04:f6:aa:19:d6:41:c3:2d:68:a9:31:f1:fa:74:
         76:28:cc:d6:5a:fe:b4:c0:19:b9:5b:a3:9e:a8:43:33:28:5a:
         24:67:75:e2:1d:b7:f8:3d:2f:10:2c:20:71:a0:4f:32:99:15:
         5d:6a:d6:8d:90:8f:54:8b:1f:32:ff:eb:58:43:04:8e:43:26:
         78:a6:b4:60:09:60:06:12:a9:de:25:b2:28:cb:11:e3:f3:d1:
         b4:2c:77:30:4c:02:9c:46:26:1b:2e:4a:9a:9d:40:aa:39:82:
         f5:e2:57:ec:94:1e:a4:71:e5:72:90:bd:c7:0c:43:b1:00:c2:
         3e:03:a0:0e:35:64:cd:f6:d9:a2:2d:03:dc:b9:fc:4b:bc:47:
         5c:2f:85:27:40:51:86:6b:a3:b1:57:33:2d:1c:1c:0f:53:8a:
         99:1c:ec:cd:83:fe:72:f8:0e:01:4d:c6:bc:d2:ab:44:9d:3e:
         30:9b:99:23
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgISAYzEJoz3zaovfxWlmptRbFX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgzMTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGU1Mzc4OGJkNGVmYTIzYjFhODIwN2I3ZTc0YThlMWNjNjc3YjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/u8cnyLFkf+YjDITCYE98+DFgix
8BRTt3xc1BWXUdJ0KbVos1EKx+f4ZqAzhHKq8D829m2sf7yiI8TapdUnaCTkr0Nq
eHame/MJf9HqRUrPVJs5j1QWD3pTBIGgQkgpbqwC8wcrWTBtufVFg+vOsXPCuDOK
D1ZO1zglohwT/IMKsSjOfLnqXO/c+lydAZDFuROis9A4L+zvervc02T67j47H81p
h3zPOLzUdkYIjDsMSwvpfhI6evUolJ5X/eAT4IjSej/ezgoVEqYCqa9fFugJanMG
qcoBIDNOMVvzbwynRApm8JiaYuucRQ13EAGKGj5GIt/eTqrf/81bGXDR7wIDAQAB
o4ICwjCCAr4wHQYDVR0OBBYEFCTlN4i9Tvojsagge350qOHMZ3sAMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzE2YWNi
OWEwLTZkMWUtNGFlNC05MTc3LWQ5MzhlOTgwNDM5NS8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMTZh
Y2I5YTAtNmQxZS00YWU0LTkxNzctZDkzOGU5ODA0Mzk1LzAvMjRFNTM3ODhCRDRF
RkEyM0IxQTgyMDdCN0U3NEE4RTFDQzY3N0IwMC5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAME
Ay63GAMEAlvLKDAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMAryYwDQYJKoZIhvcN
AQELBQADggEBAAtwqHw37QvFk8vcV5H1HItTHvbDiew2WA8vSyrzHF+2nOrtcp/2
1xNia1lZIst/TTpcpyFKs3fF5EPcYDDfKPV8LAKRKeVnbVXEiw8E9qoZ1kHDLWip
MfH6dHYozNZa/rTAGblbo56oQzMoWiRndeIdt/g9LxAsIHGgTzKZFV1q1o2Qj1SL
HzL/61hDBI5DJnimtGAJYAYSqd4lsijLEePz0bQsdzBMApxGJhsuSpqdQKo5gvXi
V+yUHqRx5XKQvccMQ7EAwj4DoA41ZM322aItA9y5/Eu8R1wvhSdAUYZro7FXMy0c
HA9Tipkc7M2D/nL4DgFNxrzSq0SdPjCbmSM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:22:11 2024 by rpki-client on console-ams.rpki-client.org