Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/LtMYuh6FQjEsR-mjUQuiGx76qNc.cer
File: LtMYuh6FQjEsR-mjUQuiGx76qNc.cer (raw, json)
Hash identifier: 4Wnsx3PAvG/joJRvSXJ/e7I9g4pa6CpRteRRkiGSYHI=
Subject key identifier: 2E:D3:18:BA:1E:85:42:31:2C:47:E9:A3:51:0B:A2:1B:1E:FA:A8:D7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 9AC01E4ACA
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/b1/d197da-9714-4227-a726-1cc6afb5fd92/1/LtMYuh6FQjEsR-mjUQuiGx76qNc.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/b1/d197da-9714-4227-a726-1cc6afb5fd92/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Sat 01 Jan 2022 01:58:03 +0000
Certificate not after: Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources: AS: 31653
IP: 217.149.0.0/20
Validation: Failed, certificate has expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 664648174282 (0x9ac01e4aca)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 1 01:58:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2ed318ba1e8542312c47e9a3510ba21b1efaa8d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:7c:27:86:eb:8b:8f:74:63:d0:bd:12:cb:0f:
b9:24:c7:91:23:5c:1d:72:c5:b7:2a:7d:99:88:6d:
67:32:9f:cb:49:2f:c2:31:46:f5:1d:13:9f:2d:97:
b4:0c:13:09:08:15:39:8e:bf:71:07:29:37:fe:00:
31:a8:86:36:b3:21:b1:06:bb:de:5e:41:50:b2:90:
bb:e0:53:c8:12:15:84:85:8d:a8:af:3f:20:76:d5:
58:d2:eb:ee:75:ef:7d:7c:41:ce:8e:06:44:91:b9:
75:e2:56:39:a6:5d:c5:ed:cf:35:7c:12:e0:4e:e2:
87:9b:f6:62:42:a1:19:b6:b3:f7:bb:6f:72:15:53:
f5:4c:8f:b8:fa:6f:2e:50:d9:f3:58:be:6b:b2:17:
4b:8b:df:6f:e0:cb:ea:24:17:2f:7a:35:f5:66:97:
93:48:cf:d4:2e:d7:9f:2e:25:53:ec:0b:f9:e5:49:
e1:54:21:78:ef:43:0e:30:34:06:60:e8:26:d8:ab:
2a:6c:a4:ec:55:3a:ab:ec:59:6b:70:81:f9:09:1a:
bd:61:ea:94:1c:de:c1:39:9e:61:6c:dc:af:bc:68:
27:1a:87:31:9d:f6:2a:89:65:a9:bc:a8:9f:ec:ce:
f6:c8:12:0e:a5:93:ff:55:77:78:be:7b:7c:3a:8b:
6f:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2E:D3:18:BA:1E:85:42:31:2C:47:E9:A3:51:0B:A2:1B:1E:FA:A8:D7
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/d197da-9714-4227-a726-1cc6afb5fd92/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/d197da-9714-4227-a726-1cc6afb5fd92/1/LtMYuh6FQjEsR-mjUQuiGx76qNc.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.149.0.0/20
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
31653
Signature Algorithm: sha256WithRSAEncryption
47:0a:82:5b:41:f8:cb:31:a2:eb:90:ca:02:f0:49:fe:42:0c:
02:5f:6b:c4:cc:f0:72:80:4b:6a:71:d4:f9:ac:33:0a:98:08:
e0:a3:6c:04:a5:7d:b7:51:e1:53:45:cc:cc:9b:03:a6:8c:c7:
5d:4c:e6:1e:17:d3:a9:4c:b5:1f:a1:fe:93:e8:98:f1:5d:4f:
d8:a3:36:ee:e8:40:31:04:62:22:87:e1:7b:f3:16:68:ef:f9:
e3:a4:b0:2b:37:32:ca:b0:79:71:3a:14:2c:61:44:bf:00:2f:
d9:73:25:be:a2:3a:8b:c5:4a:cf:57:7c:ff:f5:4f:6d:7c:2c:
28:0e:b0:ab:3d:7f:71:7f:39:77:d2:b4:ea:33:42:ad:4e:c3:
1b:34:15:e8:ac:4b:8e:0f:1d:e5:93:3b:ef:d8:00:41:c7:08:
49:1d:5b:22:5d:0d:cc:61:8d:23:d3:a6:fd:6a:63:35:e1:8d:
6c:15:7f:ae:87:6a:c2:95:8d:c2:61:0d:06:67:5d:7c:9b:e7:
b9:1e:86:85:0c:95:b0:1d:d5:52:1d:be:0f:e1:b4:e0:a1:79:
5a:5d:47:8d:16:8a:38:1e:78:c2:40:04:68:7b:ef:ae:e6:85:
90:26:54:15:1a:f6:cb:4f:88:4b:b9:51:21:d8:4d:25:68:c1:
27:2a:95:d7
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgIGAJrAHkrKMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMDE1ODAzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEygyZWQzMThiYTFl
ODU0MjMxMmM0N2U5YTM1MTBiYTIxYjFlZmFhOGQ3MIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAzXwnhuuLj3Rj0L0Syw+5JMeRI1wdcsW3Kn2ZiG1nMp/L
SS/CMUb1HROfLZe0DBMJCBU5jr9xByk3/gAxqIY2syGxBrveXkFQspC74FPIEhWE
hY2orz8gdtVY0uvude99fEHOjgZEkbl14lY5pl3F7c81fBLgTuKHm/ZiQqEZtrP3
u29yFVP1TI+4+m8uUNnzWL5rshdLi99v4MvqJBcvejX1ZpeTSM/ULtefLiVT7Av5
5UnhVCF470MOMDQGYOgm2KsqbKTsVTqr7FlrcIH5CRq9YeqUHN7BOZ5hbNyvvGgn
GocxnfYqiWWpvKif7M72yBIOpZP/VXd4vnt8Ootv8QIDAQABo4ICnzCCApswHQYD
VR0OBBYEFC7TGLoehUIxLEfpo1ELohse+qjXMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IxL2QxOTdkYS05NzE0LTQyMjct
YTcyNi0xY2M2YWZiNWZkOTIvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEvZDE5N2RhLTk3MTQtNDIyNy1h
NzI2LTFjYzZhZmI1ZmQ5Mi8xL0x0TVl1aDZGUWpFc1ItbWpVUXVpR3g3NnFOYy5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAM
BAIAATAGAwQE2ZUAMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQCAnulMA0GCSqGSIb3
DQEBCwUAA4IBAQBHCoJbQfjLMaLrkMoC8En+QgwCX2vEzPBygEtqcdT5rDMKmAjg
o2wEpX23UeFTRczMmwOmjMddTOYeF9OpTLUfof6T6JjxXU/Yozbu6EAxBGIih+F7
8xZo7/njpLArNzLKsHlxOhQsYUS/AC/ZcyW+ojqLxUrPV3z/9U9tfCwoDrCrPX9x
fzl30rTqM0KtTsMbNBXorEuODx3lkzvv2ABBxwhJHVsiXQ3MYY0j06b9amM14Y1s
FX+uh2rClY3CYQ0GZ118m+e5HoaFDJWwHdVSHb4P4bTgoXlaXUeNFoo4HnjCQARo
e++u5oWQJlQVGvbLT4hLuVEh2E0laMEnKpXX
-----END CERTIFICATE-----
Generated at Mon Apr 14 00:11:30 2025 by rpki-client