Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Oz2u-JMGp18LiBkUQHQqcgr7PyA.cer
File:                     Oz2u-JMGp18LiBkUQHQqcgr7PyA.cer (raw, json)
Hash identifier:          HO2kPjW6tDRoLM7BIIECGgTlvjyQMqVqInFYnWFDiBQ=
Subject key identifier:   3B:3D:AE:F8:93:06:A7:5F:0B:88:19:14:40:74:2A:72:0A:FB:3F:20
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56EE49CA26A11ED84D1672328936FE7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/Oz2u-JMGp18LiBkUQHQqcgr7PyA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 24796
                          AS: 196959
                          AS: 201462
                          AS: 206122
                          IP: 185.0.9.0/24
                          IP: 185.1.218.0/24
                          IP: 185.33.108.0/22
                          IP: 193.24.29.0/24
                          IP: 193.201.28.0/23
                          IP: 193.201.40.0/24
                          IP: 2001:7f8:10::/48
                          IP: 2001:7f8:11b::/48
                          IP: 2001:7f8:13f::/48
                          IP: 2a0f:80::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:e4:9c:a2:6a:11:ed:84:d1:67:23:28:93:6f:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b3daef89306a75f0b88191440742a720afb3f20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b9:8d:60:92:93:e2:bb:2a:91:a7:02:35:54:
                    dc:5c:80:15:84:33:10:4e:29:12:1c:5d:5c:15:86:
                    06:c0:13:db:d3:78:58:a4:4c:66:b4:3c:e3:23:24:
                    28:e8:e6:1e:cc:8b:c2:a5:2a:a8:b4:9a:1c:1d:1e:
                    d0:69:2c:63:57:b1:1a:1a:d9:19:2d:08:47:09:bc:
                    23:2b:66:2e:78:50:d3:a9:c9:9e:ae:51:73:c1:31:
                    b5:0a:11:20:e2:7c:97:97:6a:40:9b:39:80:13:ec:
                    8d:6d:ce:99:11:e8:80:0c:ea:35:e3:d3:1b:14:6b:
                    19:68:7a:34:c7:11:d7:1d:39:57:3e:3f:3f:44:75:
                    9b:45:85:62:49:98:38:53:9b:0c:c0:4d:3f:3f:0b:
                    b8:98:2c:56:ac:0e:06:74:84:5c:0b:8b:c0:c6:82:
                    7b:25:a1:38:1d:02:12:b4:03:28:ae:74:47:26:4a:
                    dd:cf:a6:e6:7c:90:73:90:43:59:d0:25:fb:6d:ce:
                    e9:74:a3:5a:ea:39:e0:ea:28:3b:15:60:34:9f:db:
                    06:45:00:3d:cb:a3:ed:b4:a8:65:64:29:05:ce:ad:
                    b3:fc:6a:78:86:58:a1:39:34:aa:0c:4b:53:a8:32:
                    cc:14:c2:63:b8:ce:f6:f4:95:d7:df:f0:b5:e3:e5:
                    5a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:3D:AE:F8:93:06:A7:5F:0B:88:19:14:40:74:2A:72:0A:FB:3F:20
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/f150b1-43b9-4911-a005-aacad86c617d/1/Oz2u-JMGp18LiBkUQHQqcgr7PyA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.0.9.0/24
                  185.1.218.0/24
                  185.33.108.0/22
                  193.24.29.0/24
                  193.201.28.0/23
                  193.201.40.0/24
                IPv6:
                  2001:7f8:10::/48
                  2001:7f8:11b::/48
                  2001:7f8:13f::/48
                  2a0f:80::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  24796
                  196959
                  201462
                  206122

    Signature Algorithm: sha256WithRSAEncryption
         57:56:12:bd:ea:20:c1:2f:38:26:e8:96:d9:c2:c1:4c:aa:c8:
         68:1e:86:2f:cc:c8:f9:17:56:33:30:0f:8a:a8:1b:11:17:a6:
         55:47:96:48:3f:a4:99:4b:3d:e7:6b:f0:05:df:c2:90:20:90:
         60:5d:68:8b:26:ad:65:2d:35:2e:3a:14:5b:87:ba:d8:a8:bc:
         96:a9:c7:3b:a5:73:97:35:9b:77:e7:90:e7:91:5c:3e:9d:84:
         a8:4c:3c:ae:73:47:87:52:49:57:7b:e9:78:fb:53:fd:f9:c1:
         d2:37:30:1b:2c:50:fb:58:05:44:c7:ed:1b:eb:cf:18:50:a2:
         56:21:59:83:1b:b6:1f:a4:19:4e:87:53:9f:60:42:37:f4:af:
         8b:ba:94:0d:53:00:83:02:31:fa:a5:97:be:f6:6c:1a:2e:3c:
         38:4d:5d:98:e4:37:9e:09:e0:4a:4d:22:25:2a:99:97:f7:27:
         32:da:ab:db:b9:4b:14:39:25:61:92:36:dc:f9:ad:9d:58:d6:
         53:69:f5:0b:58:02:2f:00:7a:b1:dc:0f:c4:6e:88:bc:6c:93:
         89:ed:80:48:9a:af:91:c4:2a:c6:ab:a1:07:a8:f0:7b:c7:42:
         49:70:46:3e:32:12:cf:80:1c:d1:5c:56:7c:ef:46:09:34:d2:
         0c:4b:33:60
-----BEGIN CERTIFICATE-----
MIIF6jCCBNKgAwIBAgISAYzFbuScomoR7YTRZyMok2/nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjNkYWVmODkzMDZhNzVmMGI4ODE5MTQ0MDc0MmE3MjBhZmIzZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurmNYJKT4rsqkacCNVTcXIAVhDMQ
TikSHF1cFYYGwBPb03hYpExmtDzjIyQo6OYezIvCpSqotJocHR7QaSxjV7EaGtkZ
LQhHCbwjK2YueFDTqcmerlFzwTG1ChEg4nyXl2pAmzmAE+yNbc6ZEeiADOo149Mb
FGsZaHo0xxHXHTlXPj8/RHWbRYViSZg4U5sMwE0/Pwu4mCxWrA4GdIRcC4vAxoJ7
JaE4HQIStAMornRHJkrdz6bmfJBzkENZ0CX7bc7pdKNa6jng6ig7FWA0n9sGRQA9
y6PttKhlZCkFzq2z/Gp4hlihOTSqDEtTqDLMFMJjuM729JXX3/C14+Va4QIDAQAB
o4IC9jCCAvIwHQYDVR0OBBYEFDs9rviTBqdfC4gZFEB0KnIK+z8gMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJkL2YxNTBi
MS00M2I5LTQ5MTEtYTAwNS1hYWNhZDg2YzYxN2QvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmQvZjE1MGIx
LTQzYjktNDkxMS1hMDA1LWFhY2FkODZjNjE3ZC8xL096MnUtSk1HcDE4TGlCa1VR
SFFxY2dyN1B5QS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGcGCCsGAQUF
BwEHAQH/BFgwVjAqBAIAATAkAwQAuQAJAwQAuQHaAwQCuSFsAwQAwRgdAwQBwckc
AwQAwckoMCgEAgACMCIDBwAgAQf4ABADBwAgAQf4ARsDBwAgAQf4AT8DBQAqDwCA
MCgGCCsGAQUFBwEIAQH/BBkwF6AVMBMCAmDcAgMDAV8CAwMS9gIDAyUqMA0GCSqG
SIb3DQEBCwUAA4IBAQBXVhK96iDBLzgm6JbZwsFMqshoHoYvzMj5F1YzMA+KqBsR
F6ZVR5ZIP6SZSz3na/AF38KQIJBgXWiLJq1lLTUuOhRbh7rYqLyWqcc7pXOXNZt3
55DnkVw+nYSoTDyuc0eHUklXe+l4+1P9+cHSNzAbLFD7WAVEx+0b688YUKJWIVmD
G7YfpBlOh1OfYEI39K+LupQNUwCDAjH6pZe+9mwaLjw4TV2Y5DeeCeBKTSIlKpmX
9ycy2qvbuUsUOSVhkjbc+a2dWNZTafULWAIvAHqx3A/Eboi8bJOJ7YBImq+RxCrG
q6EHqPB7x0JJcEY+MhLPgBzRXFZ870YJNNIMSzNg
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:43:03 2024 by rpki-client on console-fra.rpki-client.org