Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/O5olHl0dO6vkxXnJHrPgrDf3vyo.cer
File:                     O5olHl0dO6vkxXnJHrPgrDf3vyo.cer (raw, json)
Hash identifier:          xGXzRkRNMLOA1ZMMhd1noSFkwfb9S9Hf2El7yr++Fq4=
Subject key identifier:   3B:9A:25:1E:5D:1D:3B:AB:E4:C5:79:C9:1E:B3:E0:AC:37:F7:BF:2A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DB4563F8D33EB13204339903C6C5D4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/O5olHl0dO6vkxXnJHrPgrDf3vyo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:59 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 205020
                          IP: 94.142.252.0/24
                          IP: 2a12:76c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:45:63:f8:d3:3e:b1:32:04:33:99:03:c6:c5:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b9a251e5d1d3babe4c579c91eb3e0ac37f7bf2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:f4:73:5a:65:69:42:91:3a:f7:e4:94:56:ab:
                    6d:a1:13:15:23:ed:ec:5f:88:93:1a:9a:ee:c9:09:
                    8e:df:99:3d:c9:8b:f3:dc:17:df:49:4d:87:76:09:
                    d1:83:ed:74:d8:a0:07:92:ed:81:f5:3c:14:72:c1:
                    49:b1:4a:5e:77:32:02:0c:a2:ae:92:7d:a5:90:b5:
                    23:b0:e5:fd:9c:f5:19:8c:f0:39:5c:eb:4f:77:0c:
                    19:3e:dd:09:e7:de:d6:9f:48:d2:ac:88:42:e9:fd:
                    6f:cc:1e:f6:3a:50:dc:f0:f0:a0:5a:78:e4:b2:1b:
                    d7:89:8b:ee:88:48:88:3d:ee:49:ad:c9:2b:d9:23:
                    cb:4c:b4:bd:e2:bf:6d:02:a7:6a:3b:d6:a2:90:82:
                    de:35:e3:3c:6f:ca:43:0a:ad:fa:14:b8:67:fc:e4:
                    b4:27:00:c7:2f:ef:97:0e:c3:f4:14:07:f3:2c:13:
                    fd:8a:e2:53:fa:fa:32:58:53:9a:39:f7:0f:4c:bb:
                    93:50:56:05:7a:6b:14:1c:e1:ef:90:81:32:dc:28:
                    88:de:77:f8:b7:2f:be:4d:1c:c0:ef:38:a3:1b:e4:
                    35:16:8a:12:5e:d3:6b:68:2d:e2:0e:4e:a9:e5:6d:
                    9d:36:45:98:4b:6a:da:70:0f:b3:52:95:c6:50:76:
                    0f:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:9A:25:1E:5D:1D:3B:AB:E4:C5:79:C9:1E:B3:E0:AC:37:F7:BF:2A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/O5olHl0dO6vkxXnJHrPgrDf3vyo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.252.0/24
                IPv6:
                  2a12:76c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205020

    Signature Algorithm: sha256WithRSAEncryption
         2b:89:5b:73:b9:eb:fa:7c:97:75:02:f2:ac:18:9a:1f:96:02:
         b3:92:1b:90:25:85:f6:b0:71:4e:c6:99:8c:d7:55:6e:20:fa:
         5d:7d:e5:b1:87:96:fa:43:79:b6:f2:0a:1f:5b:69:a2:97:1a:
         bd:e9:34:0d:37:03:ac:01:05:14:a9:39:e9:64:22:33:3a:be:
         ac:28:24:b2:91:09:b8:6c:72:3d:44:88:b4:45:38:4f:cf:f4:
         50:f2:5d:d4:88:fe:57:45:aa:66:a1:6b:63:97:ef:16:5a:b0:
         cc:35:7c:5a:3e:45:94:66:bd:db:18:b2:77:bc:d0:d3:3d:64:
         0c:83:ca:8f:0d:56:2c:e4:11:ed:77:c6:88:cd:f5:90:20:8c:
         e3:9b:8d:ff:b3:a5:2e:94:1c:f0:92:e4:cb:1f:c5:2a:e9:c2:
         e9:81:1f:78:62:c8:84:f1:5b:51:04:26:de:c5:aa:22:8d:97:
         41:63:f3:34:9f:f7:bd:2e:ea:2a:28:10:ec:0c:54:4f:6a:e2:
         f8:87:74:a7:db:af:6b:61:0b:cd:58:2c:cb:cd:c4:6f:9b:30:
         a3:c8:54:b3:11:51:1e:5a:91:f0:7d:0c:ba:8b:02:8d:57:3e:
         e1:24:b7:77:c1:1f:9f:44:77:a3:88:0b:13:c0:f0:23:0a:97:
         e0:fc:76:c5
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAYzC20Vj+NM+sTIEM5kDxsXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjlhMjUxZTVkMWQzYmFiZTRjNTc5YzkxZWIzZTBhYzM3ZjdiZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyfRzWmVpQpE69+SUVqttoRMVI+3s
X4iTGpruyQmO35k9yYvz3BffSU2HdgnRg+102KAHku2B9TwUcsFJsUpedzICDKKu
kn2lkLUjsOX9nPUZjPA5XOtPdwwZPt0J597Wn0jSrIhC6f1vzB72OlDc8PCgWnjk
shvXiYvuiEiIPe5Jrckr2SPLTLS94r9tAqdqO9aikILeNeM8b8pDCq36FLhn/OS0
JwDHL++XDsP0FAfzLBP9iuJT+voyWFOaOfcPTLuTUFYFemsUHOHvkIEy3CiI3nf4
ty++TRzA7zijG+Q1FooSXtNraC3iDk6p5W2dNkWYS2racA+zUpXGUHYP+wIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFDuaJR5dHTur5MV5yR6z4Kw3978qMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ1LzBkZGZm
My05ZTcwLTRkNjMtYjVhMC1jNjYzMmNjMDE0YjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvMGRkZmYz
LTllNzAtNGQ2My1iNWEwLWM2NjMyY2MwMTRiMC8xL081b2xIbDBkTzZ2a3hYbkpI
clBnckRmM3Z5by5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAXo78MA0EAgACMAcDBQMqEnbAMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMg3DANBgkqhkiG9w0BAQsFAAOCAQEAK4lbc7nr+nyX
dQLyrBiaH5YCs5IbkCWF9rBxTsaZjNdVbiD6XX3lsYeW+kN5tvIKH1tpopcavek0
DTcDrAEFFKk56WQiMzq+rCgkspEJuGxyPUSItEU4T8/0UPJd1Ij+V0WqZqFrY5fv
FlqwzDV8Wj5FlGa92xiyd7zQ0z1kDIPKjw1WLOQR7XfGiM31kCCM45uN/7OlLpQc
8JLkyx/FKunC6YEfeGLIhPFbUQQm3sWqIo2XQWPzNJ/3vS7qKigQ7AxUT2ri+Id0
p9uva2ELzVgsy83Eb5swo8hUsxFRHlqR8H0MuosCjVc+4SS3d8Efn0R3o4gLE8Dw
IwqX4Px2xQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:23:16 2024 by rpki-client on console-ams.rpki-client.org