Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Q5OKPegDvWyR8UrZZ71BQbigKK8.cer
File:                     Q5OKPegDvWyR8UrZZ71BQbigKK8.cer (raw, json)
Hash identifier:          KEwXl5DQdM8t6/JRQtg8rJxaq6Fp2DBmCc197ARVSv8=
Subject key identifier:   43:93:8A:3D:E8:03:BD:6C:91:F1:4A:D9:67:BD:41:41:B8:A0:28:AF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D97805ECA1C42115B3140E31239B8B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/Q5OKPegDvWyR8UrZZ71BQbigKK8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:33 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 203254
                          IP: 185.129.12.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:78:05:ec:a1:c4:21:15:b3:14:0e:31:23:9b:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43938a3de803bd6c91f14ad967bd4141b8a028af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:93:20:38:35:a9:26:c2:a3:56:b7:14:8c:a4:
                    d3:b3:46:62:01:22:e5:1c:42:6a:07:61:ec:70:66:
                    24:61:97:ff:32:f6:19:17:fb:c2:a1:d2:3f:dc:f5:
                    d8:e7:e5:1e:1c:00:ee:97:4b:ab:9e:9b:19:a6:b5:
                    3b:b9:53:83:99:03:ac:86:0f:0c:34:31:00:d7:4e:
                    b0:03:71:eb:37:51:ff:4b:6c:1f:e8:d4:15:10:d0:
                    51:a4:14:eb:b6:5a:31:f7:79:0a:b4:32:88:00:69:
                    99:dc:f2:53:ec:74:00:73:de:d7:53:63:a5:09:97:
                    68:e1:8a:c8:3d:86:fe:6f:2c:7f:51:96:c0:f9:5b:
                    49:64:b5:f4:5e:c5:56:c9:1e:c9:0e:b3:04:6b:42:
                    48:71:fe:14:0c:01:42:e0:0b:6e:c0:6f:80:70:a0:
                    c6:44:fd:88:99:7a:7c:16:2a:75:6d:7d:2f:79:f3:
                    41:51:76:3f:25:c8:c0:03:56:b9:69:cb:de:2e:2f:
                    40:14:f5:b0:04:de:63:bc:e5:af:3c:9c:c2:9b:14:
                    ea:ac:2d:8c:34:5c:35:a4:88:52:e9:6c:b6:30:43:
                    78:a9:f7:0c:fc:1b:94:85:af:e6:af:8b:5f:a1:ee:
                    99:8b:56:a2:e3:b2:60:bd:27:d2:66:d1:62:37:a1:
                    78:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:93:8A:3D:E8:03:BD:6C:91:F1:4A:D9:67:BD:41:41:B8:A0:28:AF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/Q5OKPegDvWyR8UrZZ71BQbigKK8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.12.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203254

    Signature Algorithm: sha256WithRSAEncryption
         30:05:8a:5e:53:ad:a1:b2:a8:e8:6e:5a:a6:fc:a8:fe:10:0d:
         66:58:8f:b8:ca:f8:1c:89:61:6b:26:4f:02:5c:c3:0a:1f:87:
         17:95:00:93:c1:ca:ee:67:2a:e0:a8:1f:c0:43:8b:d2:bc:65:
         97:f8:e9:53:91:8f:40:8c:5a:49:fa:5f:be:56:ae:8c:58:f5:
         d4:68:14:6d:0a:d2:54:62:2b:b0:45:4b:d1:68:f2:be:9f:fc:
         04:61:f3:a9:d9:a2:ad:cd:fd:8d:21:5e:00:8b:13:59:9f:2f:
         20:89:7a:c3:c5:44:8e:58:38:db:5d:15:d7:80:69:99:2a:03:
         cc:dc:da:31:87:25:b3:05:59:f6:39:a5:7b:79:8c:48:05:d0:
         7b:b7:4a:b8:d9:bd:78:31:9d:3a:d5:a7:47:16:7c:0e:39:1b:
         b2:c4:a4:7d:97:14:4b:5f:2e:1c:69:2f:b1:8e:4a:5c:cb:04:
         e8:c7:0d:c2:1f:7a:79:40:99:9d:c7:5b:ec:51:9d:64:e6:b2:
         51:4a:b6:b5:ad:49:d6:bd:1f:9b:20:47:60:61:be:d6:6d:80:
         58:27:26:1f:7c:94:24:b0:4f:43:f2:25:eb:3e:ee:ba:f4:d5:
         1e:6e:b8:8e:41:fe:9b:4d:3a:3f:26:09:8b:b9:9d:80:0c:5b:
         42:8b:63:b0
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQm2XgF7KHEIRWzFA4xI5uLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzkzOGEzZGU4MDNiZDZjOTFmMTRhZDk2N2JkNDE0MWI4YTAyOGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypMgODWpJsKjVrcUjKTTs0ZiASLl
HEJqB2HscGYkYZf/MvYZF/vCodI/3PXY5+UeHADul0urnpsZprU7uVODmQOshg8M
NDEA106wA3HrN1H/S2wf6NQVENBRpBTrtlox93kKtDKIAGmZ3PJT7HQAc97XU2Ol
CZdo4YrIPYb+byx/UZbA+VtJZLX0XsVWyR7JDrMEa0JIcf4UDAFC4AtuwG+AcKDG
RP2ImXp8Fip1bX0vefNBUXY/JcjAA1a5acveLi9AFPWwBN5jvOWvPJzCmxTqrC2M
NFw1pIhS6Wy2MEN4qfcM/BuUha/mr4tfoe6Zi1ai47JgvSfSZtFiN6F4CwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEOTij3oA71skfFK2We9QUG4oCivMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJjL2VjZGEy
NC1kN2MzLTQ0NmEtYWYzNi1mZTU2MzRjMTdjYzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMvZWNkYTI0
LWQ3YzMtNDQ2YS1hZjM2LWZlNTYzNGMxN2NjOS8xL1E1T0tQZWdEdld5UjhVclpa
NzFCUWJpZ0tLOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCuYEMMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMZ9jANBgkqhkiG9w0BAQsFAAOCAQEAMAWKXlOtobKo6G5apvyo/hANZliPuMr4
HIlhayZPAlzDCh+HF5UAk8HK7mcq4KgfwEOL0rxll/jpU5GPQIxaSfpfvlaujFj1
1GgUbQrSVGIrsEVL0Wjyvp/8BGHzqdmirc39jSFeAIsTWZ8vIIl6w8VEjlg4210V
14BpmSoDzNzaMYclswVZ9jmle3mMSAXQe7dKuNm9eDGdOtWnRxZ8DjkbssSkfZcU
S18uHGkvsY5KXMsE6McNwh96eUCZncdb7FGdZOayUUq2ta1J1r0fmyBHYGG+1m2A
WCcmH3yUJLBPQ/Il6z7uuvTVHm64jkH+m006PyYJi7mdgAxbQotjsA==
-----END CERTIFICATE-----
Generated at Sun Feb 2 04:02:53 2025 by rpki-client