Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/OKN8JN3KNH1xPteU0zzUqBqLSYo.cer
File:                     OKN8JN3KNH1xPteU0zzUqBqLSYo.cer (raw, json)
Hash identifier:          Hnza7m5zMPMLqg3GQiuOn/ofGIqe+xfK8aFH1ZCTLRg=
Subject key identifier:   38:A3:7C:24:DD:CA:34:7D:71:3E:D7:94:D3:3C:D4:A8:1A:8B:49:8A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B70AA3AC8FA71035222DE7E59257B1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/OKN8JN3KNH1xPteU0zzUqBqLSYo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:30:02 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 34978
                          IP: 81.29.224.0/20
                          IP: 185.52.8.0/22
                          IP: 2a04:c640::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0a:a3:ac:8f:a7:10:35:22:2d:e7:e5:92:57:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=38a37c24ddca347d713ed794d33cd4a81a8b498a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d5:df:34:62:81:54:47:b4:9b:ca:9f:03:34:
                    9d:27:ad:c8:e6:f2:0a:12:26:11:05:07:40:2b:ab:
                    73:ff:8d:8a:34:4a:d2:89:88:37:c8:66:59:72:69:
                    91:f8:96:50:34:4b:be:df:12:d7:08:40:61:4c:83:
                    51:0d:ba:5f:d7:b7:c9:03:8e:73:76:83:02:12:88:
                    aa:a0:42:c6:c1:d4:fe:2d:2c:f2:e1:f9:51:bd:9b:
                    66:15:57:03:b2:e7:c8:73:59:b9:c9:0d:18:93:85:
                    9e:23:0c:96:bd:97:94:c9:7e:24:ed:08:73:aa:91:
                    ea:9a:85:0c:52:7f:e8:b5:29:f6:b0:6d:6c:c3:02:
                    d9:76:d4:c3:69:7f:84:85:8f:5a:97:b2:22:6b:a2:
                    8c:f5:fe:43:a6:05:02:5e:39:c5:75:7e:ab:fa:28:
                    06:c1:1b:22:79:25:08:88:15:22:74:a8:75:ec:cf:
                    9a:a1:9a:56:64:ac:25:a1:69:52:5f:6c:3c:5b:c9:
                    38:63:11:18:fd:98:5d:21:4a:e4:21:3a:a4:89:d9:
                    d0:c7:23:c4:9a:e6:52:3f:68:73:dd:56:c5:67:9b:
                    a1:cc:40:6e:79:3a:88:a0:be:c0:81:a9:bd:17:0c:
                    65:22:67:c8:bb:b4:ef:0c:9e:e8:b2:82:ce:eb:c5:
                    15:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:A3:7C:24:DD:CA:34:7D:71:3E:D7:94:D3:3C:D4:A8:1A:8B:49:8A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1e33c3-d197-45f2-828e-44a49d263700/1/OKN8JN3KNH1xPteU0zzUqBqLSYo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.29.224.0/20
                  185.52.8.0/22
                IPv6:
                  2a04:c640::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34978

    Signature Algorithm: sha256WithRSAEncryption
         16:02:d1:4d:ef:89:38:2f:8f:ef:8a:ba:1d:7c:f9:1a:63:1f:
         00:9c:a3:ca:61:a0:70:1d:64:88:bb:a0:42:3f:0a:da:87:fc:
         db:07:e4:d5:d5:2a:f4:1a:9a:b2:95:66:b9:75:a1:c8:76:da:
         56:c4:99:19:4a:39:d6:46:53:c0:32:9b:a8:50:30:eb:54:12:
         19:50:00:24:df:93:9d:bc:57:91:87:9d:1f:bc:6b:d6:6e:a9:
         6a:63:06:94:70:84:c5:dd:97:85:f6:89:30:00:d7:66:c6:ba:
         1e:a0:fd:f2:d6:94:2e:18:fd:02:62:2f:37:4f:10:5e:1c:4c:
         03:a0:5a:5c:4e:f0:d2:d4:db:2e:b4:53:91:fe:42:ed:26:84:
         35:37:f5:ec:53:47:61:36:61:b0:10:1e:62:17:b1:aa:cd:ee:
         0b:cc:0c:48:a3:2f:50:76:0d:2c:a3:f9:7b:5e:44:0f:3a:fc:
         a5:7b:d5:77:7c:c2:e1:50:e4:b5:ca:37:93:43:49:64:cf:bc:
         58:26:01:d3:50:0b:e9:44:36:91:1d:be:6c:8f:3c:c1:30:05:
         12:78:2d:6f:99:e5:26:96:a1:d0:99:4a:22:a0:b5:95:af:ed:
         9b:f0:b1:45:f3:57:4c:c9:9e:d1:81:6a:0f:60:60:05:17:cc:
         49:2a:a5:d5
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYzDtwqjrI+nEDUiLeflklexMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGEzN2MyNGRkY2EzNDdkNzEzZWQ3OTRkMzNjZDRhODFhOGI0OThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdXfNGKBVEe0m8qfAzSdJ63I5vIK
EiYRBQdAK6tz/42KNErSiYg3yGZZcmmR+JZQNEu+3xLXCEBhTINRDbpf17fJA45z
doMCEoiqoELGwdT+LSzy4flRvZtmFVcDsufIc1m5yQ0Yk4WeIwyWvZeUyX4k7Qhz
qpHqmoUMUn/otSn2sG1swwLZdtTDaX+EhY9al7Iia6KM9f5DpgUCXjnFdX6r+igG
wRsieSUIiBUidKh17M+aoZpWZKwloWlSX2w8W8k4YxEY/ZhdIUrkITqkidnQxyPE
muZSP2hz3VbFZ5uhzEBueTqIoL7Agam9FwxlImfIu7TvDJ7osoLO68UVJQIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFDijfCTdyjR9cT7XlNM81Kgai0mKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZlLzFlMzNj
My1kMTk3LTQ1ZjItODI4ZS00NGE0OWQyNjM3MDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUvMWUzM2Mz
LWQxOTctNDVmMi04MjhlLTQ0YTQ5ZDI2MzcwMC8xL09LTjhKTjNLTkgxeFB0ZVUw
enpVcUJxTFNZby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQEUR3gAwQCuTQIMA0EAgACMAcDBQMqBMZAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwCIojANBgkqhkiG9w0BAQsFAAOCAQEAFgLR
Te+JOC+P74q6HXz5GmMfAJyjymGgcB1kiLugQj8K2of82wfk1dUq9BqaspVmuXWh
yHbaVsSZGUo51kZTwDKbqFAw61QSGVAAJN+TnbxXkYedH7xr1m6pamMGlHCExd2X
hfaJMADXZsa6HqD98taULhj9AmIvN08QXhxMA6BaXE7w0tTbLrRTkf5C7SaENTf1
7FNHYTZhsBAeYhexqs3uC8wMSKMvUHYNLKP5e15EDzr8pXvVd3zC4VDktco3k0NJ
ZM+8WCYB01AL6UQ2kR2+bI88wTAFEngtb5nlJpah0JlKIqC1la/tm/CxRfNXTMme
0YFqD2BgBRfMSSql1Q==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:49:26 2024 by rpki-client on console-ams.rpki-client.org