Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
File:                     KQn__NgaZryYtinUwFeSR2RfD-Q.cer (raw, json)
Hash identifier:          GUqZcMwwaGwZH36OA/d9EO/NvEE30U9H+sDfjLZzx0E=
Subject key identifier:   29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D29B5397451DB90EA4AE3DD41AC2D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:43 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 29290
                          AS: 35744
                          AS: 43345
                          AS: 48635
                          AS: 200549
                          AS: 200746
                          AS: 200837
                          AS: 202861
                          AS: 205631
                          IP: 2.57.56.0/22
                          IP: 5.157.80.0/21
                          IP: 31.25.96.0/21
                          IP: 31.186.168.0/21
                          IP: 62.221.248.0/21
                          IP: 79.99.128.0/21
                          IP: 92.63.168.0/21
                          IP: 93.180.64.0/21
                          IP: 93.187.220.0/22
                          IP: 109.72.80.0/20
                          IP: 109.106.160.0/19
                          IP: 145.131.0.0 -- 145.131.47.255
                          IP: 185.27.172.0/22
                          IP: 185.37.68.0/22
                          IP: 185.56.144.0/22
                          IP: 185.66.248.0/22
                          IP: 185.87.184.0/22
                          IP: 185.94.228.0/22
                          IP: 185.95.28.0/22
                          IP: 185.103.156.0/22
                          IP: 185.103.240.0/22
                          IP: 185.107.212.0/22
                          IP: 185.107.224.0/22
                          IP: 185.109.216.0 -- 185.109.227.255
                          IP: 185.159.240.0/22
                          IP: 185.175.200.0/22
                          IP: 185.182.56.0/22
                          IP: 185.187.12.0/22
                          IP: 185.223.32.0/22
                          IP: 185.224.88.0/22
                          IP: 185.233.28.0/22
                          IP: 195.39.204.0/23
                          IP: 195.39.214.0/23
                          IP: 195.238.74.0/23
                          IP: 2a00:f10::/29
                          IP: 2a01:b940::/29
                          IP: 2a02:40c0::/29
                          IP: 2a03:3060::/29
                          IP: 2a04:6bc0::/29
                          IP: 2a04:76c0::/29
                          IP: 2a05:1500::/29
                          IP: 2a06:4040::/29
                          IP: 2a06:4080::/29
                          IP: 2a06:5200::/29
                          IP: 2a0b:7280::/29
                          IP: 2a0b:8f80::/29
                          IP: 2a0c:84c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:29:b5:39:74:51:db:90:ea:4a:e3:dd:41:ac:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:52:29:71:00:05:18:f4:5e:71:9e:70:d4:af:
                    37:43:20:af:cb:b1:48:83:0f:27:d5:de:3f:f4:ab:
                    08:76:c3:0e:10:0c:04:5a:7d:88:7a:98:88:71:69:
                    c3:b2:0b:a2:89:f6:da:3b:dd:e3:2b:da:09:89:24:
                    0a:10:67:06:0a:31:4c:f5:e6:34:3d:a2:73:dc:33:
                    6c:e3:93:f4:08:26:12:72:d3:d9:b8:e9:d2:eb:89:
                    b1:1c:13:84:24:86:40:6c:07:31:07:c3:f5:57:3e:
                    87:b6:d9:22:03:d8:98:a7:fb:12:84:ff:4e:62:24:
                    24:fc:37:48:81:03:52:38:64:73:b4:a3:28:b1:97:
                    2a:6b:7c:e6:75:67:64:e1:74:7c:ef:ba:08:9e:c5:
                    a3:ef:46:11:cc:82:23:20:09:c9:25:ed:b6:4d:73:
                    6c:56:32:56:37:17:74:38:da:07:36:1e:29:7c:1a:
                    e3:82:e6:f4:41:04:4c:80:62:d3:2a:3e:2c:c8:a0:
                    c0:4a:5a:86:47:de:28:6b:a6:79:b3:d2:b7:75:e3:
                    d9:04:93:a6:a8:35:7b:00:bd:eb:51:72:77:d7:1d:
                    6c:60:58:8c:c6:2d:ab:d3:de:df:14:05:be:1b:35:
                    da:a1:00:b9:96:1f:c8:a4:cd:7b:34:00:ba:97:ee:
                    cb:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.56.0/22
                  5.157.80.0/21
                  31.25.96.0/21
                  31.186.168.0/21
                  62.221.248.0/21
                  79.99.128.0/21
                  92.63.168.0/21
                  93.180.64.0/21
                  93.187.220.0/22
                  109.72.80.0/20
                  109.106.160.0/19
                  145.131.0.0-145.131.47.255
                  185.27.172.0/22
                  185.37.68.0/22
                  185.56.144.0/22
                  185.66.248.0/22
                  185.87.184.0/22
                  185.94.228.0/22
                  185.95.28.0/22
                  185.103.156.0/22
                  185.103.240.0/22
                  185.107.212.0/22
                  185.107.224.0/22
                  185.109.216.0-185.109.227.255
                  185.159.240.0/22
                  185.175.200.0/22
                  185.182.56.0/22
                  185.187.12.0/22
                  185.223.32.0/22
                  185.224.88.0/22
                  185.233.28.0/22
                  195.39.204.0/23
                  195.39.214.0/23
                  195.238.74.0/23
                IPv6:
                  2a00:f10::/29
                  2a01:b940::/29
                  2a02:40c0::/29
                  2a03:3060::/29
                  2a04:6bc0::/29
                  2a04:76c0::/29
                  2a05:1500::/29
                  2a06:4040::/29
                  2a06:4080::/29
                  2a06:5200::/29
                  2a0b:7280::/29
                  2a0b:8f80::/29
                  2a0c:84c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  29290
                  35744
                  43345
                  48635
                  200549
                  200746
                  200837
                  202861
                  205631

    Signature Algorithm: sha256WithRSAEncryption
         97:f2:6c:49:48:35:d2:6c:69:f9:49:45:37:56:e1:85:5c:de:
         1b:a8:51:8d:a0:35:26:2b:17:8c:aa:c9:2e:c8:a5:b9:7a:0d:
         14:09:f9:52:11:0a:f0:f7:91:28:39:2e:21:a1:b6:0b:79:8c:
         d7:11:7d:74:46:cd:4d:55:8e:c2:f9:12:a0:ec:c9:dc:8e:19:
         bb:e3:f4:9c:10:ed:bd:76:1c:28:20:4c:e7:ba:96:3c:92:ce:
         44:d3:e0:6c:59:4d:34:2b:26:99:46:a8:d8:bc:b4:4a:05:ca:
         06:17:f3:02:fa:cd:8e:4b:85:c2:e0:ae:ee:98:21:9c:c4:ca:
         51:6c:b7:84:83:63:cf:2b:82:a9:c1:ac:17:f1:3c:28:29:fd:
         17:c5:04:1d:14:db:20:74:b6:63:78:78:4d:55:cb:9e:c5:bf:
         a3:d2:c8:f5:b4:80:f8:38:20:a8:4f:4e:f4:1c:ac:18:7f:61:
         1a:03:0b:cd:db:63:4c:ef:54:89:01:fb:8d:24:35:d5:8d:03:
         f3:1a:fe:05:88:20:77:78:eb:e9:65:39:be:b1:20:9f:a8:df:
         83:fa:f4:5d:78:1d:60:52:f1:ac:75:2a:42:4e:a6:88:5b:c0:
         79:c1:66:34:34:b9:17:13:65:8b:fb:c7:cb:25:8a:f5:8d:86:
         9a:97:96:12
-----BEGIN CERTIFICATE-----
MIIG+zCCBeOgAwIBAgISAYzCbSm1OXRR25DqSuPdQawtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTA5ZmZmY2Q4MWE2NmJjOThiNjI5ZDRjMDU3OTI0NzY0NWYwZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVIpcQAFGPRecZ5w1K83QyCvy7FI
gw8n1d4/9KsIdsMOEAwEWn2IepiIcWnDsguiifbaO93jK9oJiSQKEGcGCjFM9eY0
PaJz3DNs45P0CCYSctPZuOnS64mxHBOEJIZAbAcxB8P1Vz6HttkiA9iYp/sShP9O
YiQk/DdIgQNSOGRztKMosZcqa3zmdWdk4XR877oInsWj70YRzIIjIAnJJe22TXNs
VjJWNxd0ONoHNh4pfBrjgub0QQRMgGLTKj4syKDASlqGR94oa6Z5s9K3dePZBJOm
qDV7AL3rUXJ31x1sYFiMxi2r097fFAW+GzXaoQC5lh/IpM17NAC6l+7LyQIDAQAB
o4IEBzCCBAMwHQYDVR0OBBYEFCkJ//zYGma8mLYp1MBXkkdkXw/kMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJmL2RlMzA0
MS05NTM2LTQ5MmUtYTljZC1mMmFlN2JjN2VjYzUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmYvZGUzMDQx
LTk1MzYtNDkyZS1hOWNkLWYyYWU3YmM3ZWNjNS8xL0tRbl9fTmdhWnJ5WXRpblV3
RmVTUjJSZkQtUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIBXQYIKwYB
BQUHAQcBAf8EggFMMIIBSDCB4gQCAAEwgdsDBAICOTgDBAMFnVADBAMfGWADBAMf
uqgDBAM+3fgDBANPY4ADBANcP6gDBANdtEADBAJdu9wDBARtSFADBAVtaqAwCwMD
AJGDAwQEkYMgAwQCuRusAwQCuSVEAwQCuTiQAwQCuUL4AwQCuVe4AwQCuV7kAwQC
uV8cAwQCuWecAwQCuWfwAwQCuWvUAwQCuWvgMAwDBAO5bdgDBAK5beADBAK5n/AD
BAK5r8gDBAK5tjgDBAK5uwwDBAK53yADBAK54FgDBAK56RwDBAHDJ8wDBAHDJ9YD
BAHD7kowYQQCAAIwWwMFAyoADxADBQMqAblAAwUDKgJAwAMFAyoDMGADBQMqBGvA
AwUDKgR2wAMFAyoFFQADBQMqBkBAAwUDKgZAgAMFAyoGUgADBQMqC3KAAwUDKguP
gAMFAyoMhMAwQQYIKwYBBQUHAQgBAf8EMjAwoC4wLAICcmoCAwCLoAIDAKlRAgMA
vfsCAwMPZQIDAxAqAgMDEIUCAwMYbQIDAyM/MA0GCSqGSIb3DQEBCwUAA4IBAQCX
8mxJSDXSbGn5SUU3VuGFXN4bqFGNoDUmKxeMqskuyKW5eg0UCflSEQrw95EoOS4h
obYLeYzXEX10Rs1NVY7C+RKg7Mncjhm74/ScEO29dhwoIEznupY8ks5E0+BsWU00
KyaZRqjYvLRKBcoGF/MC+s2OS4XC4K7umCGcxMpRbLeEg2PPK4KpwawX8TwoKf0X
xQQdFNsgdLZjeHhNVcuexb+j0sj1tID4OCCoT070HKwYf2EaAwvN22NM71SJAfuN
JDXVjQPzGv4FiCB3eOvpZTm+sSCfqN+D+vRdeB1gUvGsdSpCTqaIW8B5wWY0NLkX
E2WL+8fLJYr1jYaal5YS
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:41:54 2024 by rpki-client on console-fra.rpki-client.org