Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JygMxTRRbRwdnqAk6q-9Af3GjJc.cer
File:                     JygMxTRRbRwdnqAk6q-9Af3GjJc.cer (raw, json)
Hash identifier:          J1jFqpU3Us7adDTsAr4DkRnAUdPb0KLrxcYWuUfi0AQ=
Subject key identifier:   27:28:0C:C5:34:51:6D:1C:1D:9E:A0:24:EA:AF:BD:01:FD:C6:8C:97
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC349522801C368D77B134827ECF96018
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/JygMxTRRbRwdnqAk6q-9Af3GjJc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:30:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 39238
                          IP: 79.143.64.0/22
                          IP: 79.143.76.0/22
                          IP: 185.38.160.0/22
                          IP: 194.36.148.0/22
                          IP: 217.29.50.0 -- 217.29.63.255
                          IP: 2a0c:f540::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:52:28:01:c3:68:d7:7b:13:48:27:ec:f9:60:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27280cc534516d1c1d9ea024eaafbd01fdc68c97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:36:2a:4a:c8:9d:a5:84:20:59:e8:35:44:da:
                    ba:6a:ed:04:44:c7:3a:96:c0:bd:c8:54:71:25:de:
                    f8:d8:54:de:e6:34:f3:cd:1c:db:ab:58:79:65:7f:
                    ae:b1:e1:ca:e5:bf:6f:8b:5a:fb:0a:7f:fc:cb:50:
                    b6:99:dc:d3:f3:3c:cc:10:e7:da:58:24:f0:a1:2f:
                    74:bd:9e:39:6c:50:e5:61:45:f6:17:92:24:98:b1:
                    10:d0:ec:de:b4:20:96:f6:59:51:a3:89:6b:c3:1b:
                    a6:54:72:75:64:6e:27:a4:af:f5:e8:de:c3:01:2a:
                    d5:6f:35:ad:1b:e2:42:fc:6e:a0:3d:67:d3:38:24:
                    de:73:53:5c:68:f5:bf:9d:7f:6c:30:4c:0b:a4:14:
                    26:6c:3d:2e:65:07:00:9d:2f:cc:88:9b:e4:46:dc:
                    36:ff:d9:25:07:19:7e:92:be:54:3e:be:24:b9:d9:
                    21:6e:f2:0f:65:c9:4b:11:7f:b1:17:e3:c1:dc:48:
                    c5:92:53:6d:f5:d3:88:9e:fb:6a:d3:09:bc:be:46:
                    01:51:8a:9d:ff:1b:ab:dc:1c:05:fb:1d:4b:4f:69:
                    86:91:f8:cf:84:b8:57:ea:61:e5:f2:c8:7c:94:b7:
                    4b:f4:97:f7:7d:f7:10:27:2f:2b:89:04:00:ab:ab:
                    50:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:28:0C:C5:34:51:6D:1C:1D:9E:A0:24:EA:AF:BD:01:FD:C6:8C:97
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/0cc6b5-5477-490a-a295-15b79b02943e/1/JygMxTRRbRwdnqAk6q-9Af3GjJc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.143.64.0/22
                  79.143.76.0/22
                  185.38.160.0/22
                  194.36.148.0/22
                  217.29.50.0-217.29.63.255
                IPv6:
                  2a0c:f540::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  39238

    Signature Algorithm: sha256WithRSAEncryption
         0a:b4:a4:ec:67:27:3f:58:bc:87:6e:5c:44:bb:5e:f0:d4:84:
         6a:b3:26:22:eb:12:2c:bb:45:6e:fb:1e:07:43:8d:ba:8f:0b:
         82:ab:52:1f:8b:28:60:e8:64:d5:7f:61:c3:d7:05:2e:3a:d3:
         fa:d8:6c:ed:2a:d1:61:67:f6:c4:9a:a2:5d:6d:ea:69:77:a1:
         b6:4a:57:38:38:b9:5b:02:6d:22:3a:02:81:b4:28:b5:23:ce:
         a1:c2:58:c4:86:1f:aa:50:e6:ff:86:c9:67:1b:80:d5:48:4f:
         df:55:f1:58:9c:3e:97:35:ed:27:20:a6:d4:8d:f6:db:c8:e5:
         a1:2b:2c:0a:f7:c8:db:16:d8:b7:9a:86:e0:81:6b:ae:a2:60:
         79:4f:e0:cf:60:aa:22:40:3b:52:53:79:73:dd:a8:87:60:35:
         a4:39:c5:45:c6:79:96:a0:95:db:bd:17:9f:7e:95:84:51:53:
         aa:fb:b1:8c:58:27:f0:be:c0:41:35:0d:c8:df:50:8c:a7:c7:
         20:fd:e5:bf:dc:66:b5:94:90:3a:17:dc:ff:56:33:cf:1d:49:
         47:09:bd:b0:3a:0e:52:94:7a:b3:d5:9f:d7:b4:2a:4c:63:ef:
         ee:2e:2d:8b:93:d7:57:9a:7c:3f:da:00:d8:f9:ee:ae:d7:ee:
         4a:93:fd:ee
-----BEGIN CERTIFICATE-----
MIIFwzCCBKugAwIBAgISAYzDSVIoAcNo13sTSCfs+WAYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzI4MGNjNTM0NTE2ZDFjMWQ5ZWEwMjRlYWFmYmQwMWZkYzY4Yzk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zYqSsidpYQgWeg1RNq6au0ERMc6
lsC9yFRxJd742FTe5jTzzRzbq1h5ZX+useHK5b9vi1r7Cn/8y1C2mdzT8zzMEOfa
WCTwoS90vZ45bFDlYUX2F5IkmLEQ0OzetCCW9llRo4lrwxumVHJ1ZG4npK/16N7D
ASrVbzWtG+JC/G6gPWfTOCTec1NcaPW/nX9sMEwLpBQmbD0uZQcAnS/MiJvkRtw2
/9klBxl+kr5UPr4kudkhbvIPZclLEX+xF+PB3EjFklNt9dOInvtq0wm8vkYBUYqd
/xur3BwF+x1LT2mGkfjPhLhX6mHl8sh8lLdL9Jf3ffcQJy8riQQAq6tQMwIDAQAB
o4ICzzCCAsswHQYDVR0OBBYEFCcoDMU0UW0cHZ6gJOqvvQH9xoyXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEwLzBjYzZi
NS01NDc3LTQ5MGEtYTI5NS0xNWI3OWIwMjk0M2UvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAvMGNjNmI1
LTU0NzctNDkwYS1hMjk1LTE1Yjc5YjAyOTQzZS8xL0p5Z014VFJSYlJ3ZG5xQWs2
cS05QWYzR2pKYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CME4GCCsGAQUF
BwEHAQH/BD8wPTAsBAIAATAmAwQCT49AAwQCT49MAwQCuSagAwQCwiSUMAwDBAHZ
HTIDBAbZHQAwDQQCAAIwBwMFAyoM9UAwGgYIKwYBBQUHAQgBAf8ECzAJoAcwBQID
AJlGMA0GCSqGSIb3DQEBCwUAA4IBAQAKtKTsZyc/WLyHblxEu17w1IRqsyYi6xIs
u0Vu+x4HQ426jwuCq1Ifiyhg6GTVf2HD1wUuOtP62GztKtFhZ/bEmqJdbeppd6G2
Slc4OLlbAm0iOgKBtCi1I86hwljEhh+qUOb/hslnG4DVSE/fVfFYnD6XNe0nIKbU
jfbbyOWhKywK98jbFti3mobggWuuomB5T+DPYKoiQDtSU3lz3aiHYDWkOcVFxnmW
oJXbvReffpWEUVOq+7GMWCfwvsBBNQ3I31CMp8cg/eW/3Ga1lJA6F9z/VjPPHUlH
Cb2wOg5SlHqz1Z/XtCpMY+/uLi2Lk9dXmnw/2gDY+e6u1+5Kk/3u
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:14:27 2024 by rpki-client on console-ams.rpki-client.org