Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer
File:                     JeSu0-9yvuMUFmDRFJ4W0HkgXzw.cer (raw, json)
Hash identifier:          5K0fLFn3hgW2+CZ6zKAs+p5/ZREqW3UroDJ3sMTLKbo=
Subject key identifier:   25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5003445860223641E0BE122EE2F3D95
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:34 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 34388
                          AS: 51559
                          IP: 31.192.208.0/21
                          IP: 37.1.144.0/21
                          IP: 89.43.28.0/22
                          IP: 89.43.64.0/22
                          IP: 89.252.128.0 -- 89.252.177.255
                          IP: 93.113.60.0/22
                          IP: 93.115.76.0/22
                          IP: 94.102.0.0/20
                          IP: 95.173.160.0/19
                          IP: 159.253.32.0/20
                          IP: 185.21.5.0/24
                          IP: 185.88.133.0 -- 185.88.135.255
                          IP: 185.95.84.0/22
                          IP: 185.172.48.0/22
                          IP: 2a02:f80::/32
                          IP: 2a03:2100::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:34:45:86:02:23:64:1e:0b:e1:22:ee:2f:3d:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25e4aed3ef72bee3141660d1149e16d079205f3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2a:9a:9f:02:bd:5f:7b:b7:62:b7:5f:f3:18:
                    41:b4:aa:4a:d5:2d:3f:f5:94:af:be:46:d0:c1:36:
                    07:11:13:a8:ee:2d:bf:74:12:69:1f:cd:bd:6c:30:
                    c1:d4:de:46:5c:1c:01:f2:a8:2c:6d:09:44:ad:f6:
                    6c:2a:29:08:74:10:c2:fe:70:ae:b3:8b:20:30:b2:
                    07:ce:48:1c:77:87:4f:65:ed:7d:ac:08:1b:6d:d1:
                    ad:fd:19:c5:70:b6:21:11:cd:d6:f0:27:03:c6:86:
                    54:07:1f:57:06:2c:e7:19:16:b1:2e:c0:c4:59:6f:
                    37:d4:9b:3e:35:6a:e3:cd:37:5e:33:1e:63:3b:1c:
                    5f:70:c4:ac:8e:1b:94:f7:07:91:0f:85:ca:48:00:
                    7d:12:cb:5d:5d:9c:ea:f9:7b:43:fb:bc:8f:02:b7:
                    9a:3e:62:a9:b3:aa:85:a2:01:4d:2f:85:ae:f9:d0:
                    01:1f:d1:87:04:c4:cd:d0:4b:85:96:9e:30:1f:ba:
                    76:95:a9:1a:00:bb:91:a1:18:ff:00:65:1a:80:dd:
                    3e:1f:cc:82:8b:d1:cf:e0:ea:ea:c0:56:51:6e:b7:
                    31:96:4b:bc:e7:aa:62:73:25:88:f5:c4:d9:69:ea:
                    7f:c3:76:71:0c:eb:00:da:01:9e:6f:a0:3c:8f:c0:
                    ff:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:E4:AE:D3:EF:72:BE:E3:14:16:60:D1:14:9E:16:D0:79:20:5F:3C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/6336d0-9494-46d3-9861-ed3e38f9577f/1/JeSu0-9yvuMUFmDRFJ4W0HkgXzw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.192.208.0/21
                  37.1.144.0/21
                  89.43.28.0/22
                  89.43.64.0/22
                  89.252.128.0-89.252.177.255
                  93.113.60.0/22
                  93.115.76.0/22
                  94.102.0.0/20
                  95.173.160.0/19
                  159.253.32.0/20
                  185.21.5.0/24
                  185.88.133.0-185.88.135.255
                  185.95.84.0/22
                  185.172.48.0/22
                IPv6:
                  2a02:f80::/32
                  2a03:2100::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34388
                  51559

    Signature Algorithm: sha256WithRSAEncryption
         2f:5d:ce:8b:0e:69:e1:2f:20:8e:70:6e:ed:30:4f:d3:55:0d:
         c3:76:9d:54:71:34:e5:fe:87:12:af:0e:7a:7d:41:b3:04:9b:
         7a:20:13:f6:b3:e1:96:e9:95:99:62:3d:17:fb:15:84:ce:f1:
         4e:7a:ec:ac:c8:08:8e:a6:be:a1:21:16:b0:b7:c0:ec:96:ee:
         b9:45:1f:e0:5e:35:f8:53:6a:25:3b:fe:7d:55:9c:e1:26:82:
         a0:2f:ab:29:f2:d0:28:68:b8:d0:39:c0:d3:2e:01:52:c1:5c:
         fe:bd:80:bf:98:84:ba:1a:e4:c7:f7:34:d0:30:4e:67:2a:69:
         6f:cd:67:a0:02:68:bd:0f:d9:62:ae:d4:77:4d:88:02:c1:c9:
         fa:f8:cb:32:82:9f:b8:07:e5:21:45:56:45:59:f2:f1:b3:53:
         08:0b:db:27:93:48:a0:b5:06:30:54:e3:a0:71:c8:eb:29:ca:
         a2:76:19:af:a4:9a:57:4e:d4:70:51:ba:f0:ee:55:0a:38:c6:
         4b:cb:27:71:bd:f9:1b:6b:fc:6e:37:b5:e5:9c:09:de:a9:54:
         46:d2:f9:7d:49:78:30:c8:82:b1:f5:8c:0c:42:6e:52:48:3f:
         f7:6f:d0:85:ec:b0:58:2f:be:1b:71:6b:29:38:8f:06:b4:c5:
         01:8f:f5:24
-----BEGIN CERTIFICATE-----
MIIGEDCCBPigAwIBAgISAYzFADRFhgIjZB4L4SLuLz2VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWU0YWVkM2VmNzJiZWUzMTQxNjYwZDExNDllMTZkMDc5MjA1ZjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCqanwK9X3u3Yrdf8xhBtKpK1S0/
9ZSvvkbQwTYHEROo7i2/dBJpH829bDDB1N5GXBwB8qgsbQlErfZsKikIdBDC/nCu
s4sgMLIHzkgcd4dPZe19rAgbbdGt/RnFcLYhEc3W8CcDxoZUBx9XBiznGRaxLsDE
WW831Js+NWrjzTdeMx5jOxxfcMSsjhuU9weRD4XKSAB9EstdXZzq+XtD+7yPArea
PmKps6qFogFNL4Wu+dABH9GHBMTN0EuFlp4wH7p2lakaALuRoRj/AGUagN0+H8yC
i9HP4OrqwFZRbrcxlku856picyWI9cTZaep/w3ZxDOsA2gGeb6A8j8D/TwIDAQAB
o4IDHDCCAxgwHQYDVR0OBBYEFCXkrtPvcr7jFBZg0RSeFtB5IF88MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q5LzYzMzZk
MC05NDk0LTQ2ZDMtOTg2MS1lZDNlMzhmOTU3N2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDkvNjMzNmQw
LTk0OTQtNDZkMy05ODYxLWVkM2UzOGY5NTc3Zi8xL0plU3UwLTl5dnVNVUZtRFJG
SjRXMEhrZ1h6dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIGVBggrBgEF
BQcBBwEB/wSBhTCBgjBqBAIAATBkAwQDH8DQAwQDJQGQAwQCWSscAwQCWStAMAwD
BAdZ/IADBAFZ/LADBAJdcTwDBAJdc0wDBAReZgADBAVfraADBASf/SADBAC5FQUw
DAMEALlYhQMEA7lYgAMEArlfVAMEArmsMDAUBAIAAjAOAwUAKgIPgAMFAyoDIQAw
HwYIKwYBBQUHAQgBAf8EEDAOoAwwCgIDAIZUAgMAyWcwDQYJKoZIhvcNAQELBQAD
ggEBAC9dzosOaeEvII5wbu0wT9NVDcN2nVRxNOX+hxKvDnp9QbMEm3ogE/az4Zbp
lZliPRf7FYTO8U567KzICI6mvqEhFrC3wOyW7rlFH+BeNfhTaiU7/n1VnOEmgqAv
qyny0ChouNA5wNMuAVLBXP69gL+YhLoa5Mf3NNAwTmcqaW/NZ6ACaL0P2WKu1HdN
iALByfr4yzKCn7gH5SFFVkVZ8vGzUwgL2yeTSKC1BjBU46BxyOspyqJ2Ga+kmldO
1HBRuvDuVQo4xkvLJ3G9+Rtr/G43teWcCd6pVEbS+X1JeDDIgrH1jAxCblJIP/dv
0IXssFgvvhtxayk4jwa0xQGP9SQ=
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:22:14 2024 by rpki-client on console-ams.rpki-client.org