Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Kf8VWBu5BPG5BTh0IRiwH576pmI.cer
File:                     Kf8VWBu5BPG5BTh0IRiwH576pmI.cer (raw, json)
Hash identifier:          jstG9b5qTJALRB0P9Mx5+b/t9t1ctL1cvK9Np+0XjK8=
Subject key identifier:   29:FF:15:58:1B:B9:04:F1:B9:05:38:74:21:18:B0:1F:9E:FA:A6:62
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B0362962B00DB62A64CBBB2033943
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a7/db6231-3a7a-484d-8bee-3b8d8b76b7f6/1/Kf8VWBu5BPG5BTh0IRiwH576pmI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a7/db6231-3a7a-484d-8bee-3b8d8b76b7f6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:30:54 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 50931
                          IP: 91.223.91.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:03:62:96:2b:00:db:62:a6:4c:bb:b2:03:39:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29ff15581bb904f1b90538742118b01f9efaa662
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:39:d3:a4:57:91:dd:3b:aa:d0:3e:2a:05:0b:
                    40:dd:d9:5e:eb:12:2d:ae:18:9f:e5:7f:68:5b:5e:
                    ab:f4:74:3c:55:3a:ea:b8:4a:cc:2b:05:1b:ee:1d:
                    83:f2:2f:1c:a3:76:51:79:92:da:98:45:86:cb:ca:
                    b7:df:7e:7d:67:d3:68:cf:ab:2a:21:7b:a7:7c:69:
                    e2:1f:cd:2f:47:49:0a:02:45:14:de:b3:61:f1:01:
                    74:49:28:ed:ed:21:89:40:18:95:5a:ec:cd:b6:44:
                    08:cd:f2:40:7a:a3:68:13:a8:1f:f4:53:88:8d:88:
                    64:35:fd:6a:57:d7:1e:31:d4:16:a4:c4:af:4c:7d:
                    44:61:b5:5b:07:e2:94:69:89:29:58:12:98:f3:85:
                    90:e4:c8:b7:3a:2c:ef:96:bb:6a:36:23:b7:83:e7:
                    56:63:b6:15:7a:65:ee:c7:37:78:83:62:d9:f0:7f:
                    f6:21:98:b2:da:26:3b:fc:9f:d8:d1:7e:a0:60:96:
                    7f:a8:9e:62:d2:09:ec:2e:fc:76:af:16:a2:8f:b4:
                    ff:29:f3:04:45:93:8f:b5:4c:b9:0a:2f:8c:cf:e5:
                    fb:15:ac:8c:1c:1f:17:11:47:8a:5c:03:46:6a:82:
                    0a:88:b3:02:f8:72:fe:d3:1d:0d:40:15:05:75:5d:
                    19:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:FF:15:58:1B:B9:04:F1:B9:05:38:74:21:18:B0:1F:9E:FA:A6:62
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/db6231-3a7a-484d-8bee-3b8d8b76b7f6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/db6231-3a7a-484d-8bee-3b8d8b76b7f6/1/Kf8VWBu5BPG5BTh0IRiwH576pmI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.91.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50931

    Signature Algorithm: sha256WithRSAEncryption
         82:48:5f:4b:5a:fd:2a:6f:8c:d3:f4:bf:21:d9:de:ba:73:ea:
         3a:d1:a7:db:d4:25:e9:b6:04:5f:55:11:19:38:62:be:c9:c8:
         55:f9:a2:d5:ee:26:a6:f9:46:94:56:cf:3d:c4:41:76:fa:6d:
         5a:4f:06:66:a7:6e:10:df:68:cd:0c:5b:ac:0c:c9:2a:d7:cf:
         c4:c9:db:5c:e6:7b:17:13:06:58:d3:7a:7f:ae:51:b6:ab:aa:
         e3:a4:50:a0:da:1f:96:b0:60:f1:b2:63:8f:97:e5:77:e3:c9:
         09:30:78:69:1f:8a:31:f6:3c:28:bf:ba:84:29:27:6e:9e:86:
         b1:b5:72:7b:8e:09:5c:83:c6:f1:8c:bb:cf:8c:13:37:8f:52:
         7d:0c:8c:46:6c:7e:54:61:d8:96:8d:53:a0:04:a8:fc:b2:6e:
         e9:c3:1f:dc:b2:46:24:a4:b4:a9:74:91:fb:60:92:20:34:d7:
         4a:7c:68:47:dc:57:c4:ce:82:20:ec:63:bb:f4:ef:f8:55:f5:
         84:df:d7:64:db:34:66:19:ca:c7:ed:fc:cc:c1:13:bf:20:99:
         21:34:39:b1:27:7b:93:2c:8a:ef:bd:58:3e:0e:56:2c:a1:e2:
         c0:52:47:3c:5d:b0:17:69:2e:c1:24:9e:4b:23:f8:ac:e7:5f:
         e8:25:75:91
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzGSwNilisA22KmTLuyAzlDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWZmMTU1ODFiYjkwNGYxYjkwNTM4NzQyMTE4YjAxZjllZmFhNjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTnTpFeR3Tuq0D4qBQtA3dle6xIt
rhif5X9oW16r9HQ8VTrquErMKwUb7h2D8i8co3ZReZLamEWGy8q33359Z9Noz6sq
IXunfGniH80vR0kKAkUU3rNh8QF0SSjt7SGJQBiVWuzNtkQIzfJAeqNoE6gf9FOI
jYhkNf1qV9ceMdQWpMSvTH1EYbVbB+KUaYkpWBKY84WQ5Mi3OizvlrtqNiO3g+dW
Y7YVemXuxzd4g2LZ8H/2IZiy2iY7/J/Y0X6gYJZ/qJ5i0gnsLvx2rxaij7T/KfME
RZOPtUy5Ci+Mz+X7FayMHB8XEUeKXANGaoIKiLMC+HL+0x0NQBUFdV0ZCwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFCn/FVgbuQTxuQU4dCEYsB+e+qZiMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E3L2RiNjIz
MS0zYTdhLTQ4NGQtOGJlZS0zYjhkOGI3NmI3ZjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcvZGI2MjMx
LTNhN2EtNDg0ZC04YmVlLTNiOGQ4Yjc2YjdmNi8xL0tmOFZXQnU1QlBHNUJUaDBJ
Uml3SDU3NnBtSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW99bMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDG8zANBgkqhkiG9w0BAQsFAAOCAQEAgkhfS1r9Km+M0/S/IdneunPqOtGn29Ql
6bYEX1URGThivsnIVfmi1e4mpvlGlFbPPcRBdvptWk8GZqduEN9ozQxbrAzJKtfP
xMnbXOZ7FxMGWNN6f65Rtquq46RQoNoflrBg8bJjj5fld+PJCTB4aR+KMfY8KL+6
hCknbp6GsbVye44JXIPG8Yy7z4wTN49SfQyMRmx+VGHYlo1ToASo/LJu6cMf3LJG
JKS0qXSR+2CSIDTXSnxoR9xXxM6CIOxju/Tv+FX1hN/XZNs0ZhnKx+38zMETvyCZ
ITQ5sSd7kyyK771YPg5WLKHiwFJHPF2wF2kuwSSeSyP4rOdf6CV1kQ==
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:27:15 2024 by rpki-client on console-ams.rpki-client.org