Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
File:                     LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer (raw, json)
Hash identifier:          Q5vWfYTeSRPU6lWXBt/epNX3/2/TDEhtkZughc9NjCQ=
Subject key identifier:   2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2B9DE4540319F63FD4BBEA24FE3029
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:35:05 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 9098
                          AS: 30788
                          AS: 50175
                          IP: 5.181.12.0/22
                          IP: 45.82.80.0/22
                          IP: 45.145.52.0/22
                          IP: 45.150.48.0/22
                          IP: 45.159.180.0/22
                          IP: 94.199.7.0/24
                          IP: 194.34.244.0/22
                          IP: 2a06:7840::/29
                          IP: 2a0b:2a80::/29
                          IP: 2a0d:4440::/29
                          IP: 2a0f:f00::/29
                          IP: 2a0f:59c0::/29
                          IP: 2a0f:a380::/29
                          IP: 2a13:5200::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:9d:e4:54:03:19:f6:3f:d4:bb:ea:24:fe:30:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:35:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:27:7d:94:c5:a9:4a:ea:0d:5f:b9:2c:db:85:
                    12:91:e6:f9:4f:73:e0:e4:97:7e:ce:e1:e5:a3:6c:
                    d0:44:5d:41:06:d7:3c:22:af:e8:dc:93:e1:6c:00:
                    7e:50:dd:f8:89:df:db:5d:1d:c9:ff:de:bf:ea:83:
                    6a:48:cd:18:f5:ec:0e:5d:bd:40:9d:01:5e:36:0c:
                    db:97:ee:3e:75:d4:37:1d:a3:2e:7e:ad:82:4f:c5:
                    55:5c:80:c4:1b:26:d5:c2:1a:3f:67:b2:7a:8b:1a:
                    7b:ad:13:b3:c7:9c:0d:a7:61:57:c7:9c:8f:62:16:
                    87:9f:c5:1b:20:e7:5a:ea:ab:1d:bd:3f:e3:79:a7:
                    e6:e6:18:1c:8f:39:80:25:23:68:5b:18:7a:03:96:
                    7b:85:cb:68:2e:d5:e4:fe:fd:9c:75:b0:f4:62:04:
                    00:c4:4a:58:06:b4:87:52:36:5f:85:4f:d1:64:db:
                    95:7d:c1:ef:42:48:44:d0:c7:84:0e:9f:99:24:ec:
                    32:ab:e9:f3:7f:07:1e:bd:a8:6f:9b:5a:91:cc:7d:
                    73:79:90:97:03:07:b5:64:9e:ee:94:0e:7c:10:2b:
                    ad:5a:b6:ee:12:a5:f6:b4:2d:14:aa:96:fd:1b:51:
                    d7:c1:09:ca:fa:ef:8f:c3:10:ec:7f:7b:75:99:96:
                    c4:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.12.0/22
                  45.82.80.0/22
                  45.145.52.0/22
                  45.150.48.0/22
                  45.159.180.0/22
                  94.199.7.0/24
                  194.34.244.0/22
                IPv6:
                  2a06:7840::/29
                  2a0b:2a80::/29
                  2a0d:4440::/29
                  2a0f:f00::/29
                  2a0f:59c0::/29
                  2a0f:a380::/29
                  2a13:5200::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  9098
                  30788
                  50175

    Signature Algorithm: sha256WithRSAEncryption
         2e:cc:e9:b2:2b:23:bf:7f:82:79:04:7a:44:4e:3e:19:19:49:
         9a:8a:e9:01:2d:4b:92:b8:e2:20:8c:58:c4:43:14:da:e5:17:
         54:14:09:ad:d0:39:23:9b:9d:4b:23:43:43:12:a4:76:5e:ac:
         61:f3:75:1d:cc:59:fb:b0:c8:98:bd:f1:c7:a1:e8:13:41:0b:
         cd:e2:68:ad:6d:e4:aa:3f:01:c1:65:4a:fd:10:8a:10:ed:c9:
         11:ef:bc:00:82:77:e7:10:32:46:36:0b:3d:e7:0f:a3:94:d8:
         13:ba:89:fa:d9:91:3d:f6:08:e5:3e:d7:d8:50:69:89:bc:94:
         13:aa:f6:7d:5d:d7:59:9c:95:ce:d5:2a:9c:a7:3f:9a:d1:74:
         5c:51:cb:b7:63:70:ad:11:39:0a:68:15:5a:af:f0:bd:7e:c0:
         7c:fb:7d:ef:5d:01:af:77:94:70:fa:f5:b7:db:32:30:61:a9:
         d1:ab:06:1d:79:92:3f:af:11:9a:1f:59:c7:7b:df:4c:62:22:
         82:e2:dd:36:d2:d0:89:a3:38:11:c4:33:06:f8:30:91:08:99:
         8c:a1:a7:94:6b:4a:e2:f1:41:dd:44:5f:f3:15:b5:bb:7d:96:
         3d:02:33:c2:95:db:23:6f:3c:58:46:de:7c:5d:0d:64:dd:70:
         5b:1d:a5:0a
-----BEGIN CERTIFICATE-----
MIIF+TCCBOGgAwIBAgISAYzKK53kVAMZ9j/Uu+ok/jApMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzNTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTExNjRhOWI1MDEzZDYyZjA1MTM0NGY2ZGY5MWYxM2JjN2VjYjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSd9lMWpSuoNX7ks24USkeb5T3Pg
5Jd+zuHlo2zQRF1BBtc8Iq/o3JPhbAB+UN34id/bXR3J/96/6oNqSM0Y9ewOXb1A
nQFeNgzbl+4+ddQ3HaMufq2CT8VVXIDEGybVwho/Z7J6ixp7rROzx5wNp2FXx5yP
YhaHn8UbIOda6qsdvT/jeafm5hgcjzmAJSNoWxh6A5Z7hctoLtXk/v2cdbD0YgQA
xEpYBrSHUjZfhU/RZNuVfcHvQkhE0MeEDp+ZJOwyq+nzfwcevahvm1qRzH1zeZCX
Awe1ZJ7ulA58ECutWrbuEqX2tC0Uqpb9G1HXwQnK+u+PwxDsf3t1mZbEJQIDAQAB
o4IDBTCCAwEwHQYDVR0OBBYEFC4RZKm1AT1i8FE0T235HxO8fssPMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU0L2ZiNDY5
Ni02NzhmLTRkNDUtYTA5MS1mZDdmMTdiYjFhNWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTQvZmI0Njk2
LTY3OGYtNGQ0NS1hMDkxLWZkN2YxN2JiMWE1Yy8xL0xoRmtxYlVCUFdMd1VUUlBi
ZmtmRTd4LXl3OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMHwGCCsGAQUF
BwEHAQH/BG0wazAwBAIAATAqAwQCBbUMAwQCLVJQAwQCLZE0AwQCLZYwAwQCLZ+0
AwQAXscHAwQCwiL0MDcEAgACMDEDBQMqBnhAAwUDKgsqgAMFAyoNREADBQMqDw8A
AwUDKg9ZwAMFAyoPo4ADBQMqE1IAMCIGCCsGAQUFBwEIAQH/BBMwEaAPMA0CAiOK
AgJ4RAIDAMP/MA0GCSqGSIb3DQEBCwUAA4IBAQAuzOmyKyO/f4J5BHpETj4ZGUma
iukBLUuSuOIgjFjEQxTa5RdUFAmt0Dkjm51LI0NDEqR2Xqxh83UdzFn7sMiYvfHH
oegTQQvN4mitbeSqPwHBZUr9EIoQ7ckR77wAgnfnEDJGNgs95w+jlNgTuon62ZE9
9gjlPtfYUGmJvJQTqvZ9XddZnJXO1Sqcpz+a0XRcUcu3Y3CtETkKaBVar/C9fsB8
+33vXQGvd5Rw+vW32zIwYanRqwYdeZI/rxGaH1nHe99MYiKC4t020tCJozgRxDMG
+DCRCJmMoaeUa0ri8UHdRF/zFbW7fZY9AjPCldsjbzxYRt58XQ1k3XBbHaUK
-----END CERTIFICATE-----
Generated at Fri Nov 22 12:01:57 2024 by rpki-client on console-fra.rpki-client.org