Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/MPjiwMh-k3meIyhPNrhhXbeHg6s.cer
File:                     MPjiwMh-k3meIyhPNrhhXbeHg6s.cer (raw, json)
Hash identifier:          0j+agdrFnx/J6ed/JAlQ4CVW8IoLTeLkZohUcf8DKLw=
Subject key identifier:   30:F8:E2:C0:C8:7E:93:79:9E:23:28:4F:36:B8:61:5D:B7:87:83:AB
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BCA25AB42FE4EC0F2AC1054AF06DB0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9b/99be4d-f8ec-4430-a9cd-7e12b87d06c2/1/MPjiwMh-k3meIyhPNrhhXbeHg6s.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9b/99be4d-f8ec-4430-a9cd-7e12b87d06c2/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:33:51 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 206420
                          IP: 185.186.248.0/22
                          IP: 185.212.12.0/22
                          IP: 2a0b:70c0::/32
                          IP: 2a0b:8c80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a2:5a:b4:2f:e4:ec:0f:2a:c1:05:4a:f0:6d:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=30f8e2c0c87e93799e23284f36b8615db78783ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c3:c1:f7:47:25:d7:03:ec:62:b8:24:f4:de:
                    bd:b1:59:80:d1:d1:3c:a1:0c:09:b0:48:1a:fe:89:
                    14:a6:47:ab:48:fb:8a:7a:dc:fa:19:f8:85:e0:c3:
                    f2:75:f2:21:c3:8e:ad:0e:17:63:fd:15:71:62:f7:
                    45:e7:47:3a:80:dc:ad:10:ff:1a:34:fa:81:bb:1a:
                    59:b6:d6:c1:11:19:a2:9c:2f:16:e1:c1:78:d5:44:
                    05:3c:08:ed:69:59:08:1f:db:b6:f4:da:4c:09:f4:
                    f6:05:51:42:8e:5e:4b:4c:86:f8:48:72:b8:f6:7e:
                    53:43:45:51:23:e9:a7:35:bc:f0:dd:a0:09:5b:15:
                    b5:44:83:ec:cf:71:7b:30:2e:a9:f2:99:6b:37:18:
                    20:a0:e1:d8:cc:7f:79:5c:6d:7b:95:1f:83:0f:23:
                    a8:45:ff:82:57:74:79:c4:5a:9d:23:a3:46:f4:be:
                    86:5a:f1:26:17:c5:b3:6a:64:01:ff:05:94:9d:c0:
                    61:a1:7d:c2:e4:3c:2e:6b:e7:3a:cd:c5:66:0b:f0:
                    01:b7:f2:e5:37:4e:e1:b5:37:66:9e:78:9c:6e:d9:
                    64:f6:7d:b9:1b:89:df:8f:04:c4:2e:52:ec:51:27:
                    0f:6e:d1:99:f0:37:4b:57:c5:45:78:81:14:00:2f:
                    22:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:F8:E2:C0:C8:7E:93:79:9E:23:28:4F:36:B8:61:5D:B7:87:83:AB
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/99be4d-f8ec-4430-a9cd-7e12b87d06c2/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/99be4d-f8ec-4430-a9cd-7e12b87d06c2/1/MPjiwMh-k3meIyhPNrhhXbeHg6s.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.248.0/22
                  185.212.12.0/22
                IPv6:
                  2a0b:70c0::/32
                  2a0b:8c80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  206420

    Signature Algorithm: sha256WithRSAEncryption
         20:1b:5c:38:8a:54:ea:5b:b0:50:16:0a:f6:11:b5:ed:c1:d6:
         1e:f3:e5:27:01:6b:e9:83:74:03:68:0a:43:60:30:b7:7d:d0:
         86:15:c1:03:79:4b:5d:c3:20:e0:8e:5d:8b:24:0e:1e:0f:b8:
         9f:db:b5:5c:bd:0c:65:fa:94:ec:65:62:9a:4a:62:b8:6b:4e:
         f0:19:36:02:b0:f5:b0:2d:e6:66:83:7b:05:11:87:17:ed:39:
         ee:db:79:d4:4a:89:c3:19:4b:8e:e2:71:1b:4c:b0:68:26:ab:
         bb:0d:5b:6d:1b:91:d2:0f:fa:f4:c9:f8:60:51:df:0b:82:3b:
         a4:81:84:76:ff:4f:c7:a2:75:37:88:d2:86:8c:26:20:67:72:
         8c:1c:d4:da:df:06:cd:17:cc:e7:5d:0e:6d:c8:3e:af:55:5b:
         26:38:d6:37:5a:af:43:0a:c3:b0:3e:35:c0:99:5e:99:ce:ce:
         d3:5c:8c:de:51:c1:d6:9a:04:e4:e1:9d:02:76:d0:66:5d:06:
         53:9f:58:e1:de:c1:b3:91:3d:2a:dc:71:0d:81:6f:9e:7b:45:
         7d:77:6e:11:8a:05:a6:f8:ec:36:77:cd:76:e7:93:be:e2:13:
         1d:13:6c:6d:5c:50:3a:68:8c:74:37:bd:47:82:d9:23:58:86:
         7c:74:7e:cd
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgISAYzJvKJatC/k7A8qwQVK8G2wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGY4ZTJjMGM4N2U5Mzc5OWUyMzI4NGYzNmI4NjE1ZGI3ODc4M2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsPB90cl1wPsYrgk9N69sVmA0dE8
oQwJsEga/okUpkerSPuKetz6GfiF4MPydfIhw46tDhdj/RVxYvdF50c6gNytEP8a
NPqBuxpZttbBERminC8W4cF41UQFPAjtaVkIH9u29NpMCfT2BVFCjl5LTIb4SHK4
9n5TQ0VRI+mnNbzw3aAJWxW1RIPsz3F7MC6p8plrNxggoOHYzH95XG17lR+DDyOo
Rf+CV3R5xFqdI6NG9L6GWvEmF8WzamQB/wWUncBhoX3C5Dwua+c6zcVmC/ABt/Ll
N07htTdmnnicbtlk9n25G4nfjwTELlLsUScPbtGZ8DdLV8VFeIEUAC8iIwIDAQAB
o4ICvDCCArgwHQYDVR0OBBYEFDD44sDIfpN5niMoTza4YV23h4OrMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzliLzk5YmU0
ZC1mOGVjLTQ0MzAtYTljZC03ZTEyYjg3ZDA2YzIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWIvOTliZTRk
LWY4ZWMtNDQzMC1hOWNkLTdlMTJiODdkMDZjMi8xL01Qaml3TWgtazNtZUl5aFBO
cmhoWGJlSGc2cy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDsGCCsGAQUF
BwEHAQH/BCwwKjASBAIAATAMAwQCubr4AwQCudQMMBQEAgACMA4DBQAqC3DAAwUD
KguMgDAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDJlQwDQYJKoZIhvcNAQELBQAD
ggEBACAbXDiKVOpbsFAWCvYRte3B1h7z5ScBa+mDdANoCkNgMLd90IYVwQN5S13D
IOCOXYskDh4PuJ/btVy9DGX6lOxlYppKYrhrTvAZNgKw9bAt5maDewURhxftOe7b
edRKicMZS47icRtMsGgmq7sNW20bkdIP+vTJ+GBR3wuCO6SBhHb/T8eidTeI0oaM
JiBncowc1NrfBs0XzOddDm3IPq9VWyY41jdar0MKw7A+NcCZXpnOztNcjN5Rwdaa
BOThnQJ20GZdBlOfWOHewbORPSrccQ2Bb557RX13bhGKBab47DZ3zXbnk77iEx0T
bG1cUDpojHQ3vUeC2SNYhnx0fs0=
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:07:40 2024 by rpki-client on console-fra.rpki-client.org