Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer
File:                     U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.cer (raw, json)
Hash identifier:          zC4JybUut4X+4Ink2rp4Z0y6/cFUrmN1kyU2Ic+82KU=
Subject key identifier:   53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B725AB20D7B0DCB7A5B8BA379AC111
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:30:09 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 205842
                          AS: 207096
                          IP: 185.166.40.0/22
                          IP: 185.176.204.0/22
                          IP: 185.202.72.0/22
                          IP: 185.239.188.0/22
                          IP: 2a0a:7600::/29
                          IP: 2a0a:d2c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:25:ab:20:d7:b0:dc:b7:a5:b8:ba:37:9a:c1:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53d0359f9f8b20815ce4d988e109bf82306e4c74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8a:06:62:c5:7a:77:cf:1d:63:0f:06:82:86:
                    53:3d:dd:46:3c:61:f3:8b:8e:4d:86:16:f1:07:73:
                    d3:91:aa:53:f2:2e:61:4b:4f:61:23:3f:7a:fe:4b:
                    af:3c:54:43:f2:c3:e8:47:7c:8b:2e:99:c3:de:e9:
                    cb:4a:10:b4:6e:dd:43:6b:00:c5:3e:0d:bb:63:72:
                    e8:a5:6b:de:0a:38:a5:23:a1:e1:78:c9:bc:82:5b:
                    7d:d7:63:52:d4:1f:7e:f0:b6:11:bb:e1:89:43:32:
                    b7:5b:37:cc:e1:50:80:bd:82:5a:72:65:c5:d1:80:
                    8c:d3:a0:34:44:2b:72:7a:39:fe:d8:f6:36:23:3b:
                    7a:df:4f:e6:cf:87:35:d7:b2:17:ed:bb:82:35:f6:
                    8a:6e:4e:88:55:ea:73:0a:07:6a:40:73:bc:5a:62:
                    66:75:89:c3:6a:ff:f7:03:50:2a:9c:78:42:59:31:
                    9a:ac:d1:d7:7b:c9:95:0a:be:de:ff:7e:33:20:55:
                    a6:37:35:e6:a4:a2:18:ac:e7:3b:73:9d:5f:91:6d:
                    b4:4d:0b:a2:8f:77:60:3b:51:e1:9e:13:5a:96:0e:
                    36:73:96:3b:fb:b9:45:d7:be:4c:c4:56:c2:dd:2e:
                    36:fe:fb:3f:c4:89:b4:d4:49:75:7c:a9:cd:25:a1:
                    4f:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:D0:35:9F:9F:8B:20:81:5C:E4:D9:88:E1:09:BF:82:30:6E:4C:74
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/493571-210e-4d1a-8819-a6c49ce90756/1/U9A1n5-LIIFc5NmI4Qm_gjBuTHQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.166.40.0/22
                  185.176.204.0/22
                  185.202.72.0/22
                  185.239.188.0/22
                IPv6:
                  2a0a:7600::/29
                  2a0a:d2c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205842
                  207096

    Signature Algorithm: sha256WithRSAEncryption
         55:0c:84:9b:db:8f:69:6f:bb:0d:c6:f7:80:ab:81:43:ed:4b:
         af:a1:31:6f:3d:12:00:48:ce:b3:71:c3:3b:34:c2:8a:42:06:
         01:89:8b:8e:69:b8:1a:e2:2a:fc:c4:a1:e4:6a:fe:f3:1b:27:
         1a:96:63:56:fc:67:60:7b:34:1b:3a:2e:c3:25:7b:4f:4d:26:
         43:64:e3:16:fa:81:56:f0:d1:0a:0f:89:37:0d:2f:5a:1c:3f:
         a1:ef:a5:20:20:17:ed:9b:00:ce:aa:91:57:3c:61:cf:fe:f7:
         37:5f:99:f5:c0:a2:09:95:e2:a2:9b:3b:71:3f:db:b3:aa:07:
         73:70:b4:f6:49:72:ae:58:bc:ba:7c:7c:41:f7:27:01:c0:ce:
         a8:13:d7:c0:e5:64:4c:86:da:e2:73:2d:58:4f:b8:9f:45:9e:
         06:a0:a6:18:c5:7c:59:06:c5:40:65:76:9b:41:6e:ab:ee:4c:
         f7:cb:78:df:49:6a:8a:e5:35:80:41:ae:0d:35:71:72:c6:81:
         61:78:d4:15:92:36:55:1c:e3:b4:19:ef:f3:b6:8a:28:2b:ab:
         22:f8:88:02:4d:90:05:52:a1:29:bf:f5:20:c8:a9:2d:98:fe:
         a8:5a:fb:aa:5c:a0:06:45:e0:35:ec:87:77:b8:f1:af:47:95:
         9c:4b:4d:f3
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAYzDtyWrINew3LeluLo3msERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2QwMzU5ZjlmOGIyMDgxNWNlNGQ5ODhlMTA5YmY4MjMwNmU0Yzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlooGYsV6d88dYw8GgoZTPd1GPGHz
i45NhhbxB3PTkapT8i5hS09hIz96/kuvPFRD8sPoR3yLLpnD3unLShC0bt1DawDF
Pg27Y3LopWveCjilI6HheMm8glt912NS1B9+8LYRu+GJQzK3WzfM4VCAvYJacmXF
0YCM06A0RCtyejn+2PY2Izt630/mz4c117IX7buCNfaKbk6IVepzCgdqQHO8WmJm
dYnDav/3A1AqnHhCWTGarNHXe8mVCr7e/34zIFWmNzXmpKIYrOc7c51fkW20TQui
j3dgO1HhnhNalg42c5Y7+7lF175MxFbC3S42/vs/xIm01El1fKnNJaFPBwIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFFPQNZ+fiyCBXOTZiOEJv4Iwbkx0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q0LzQ5MzU3
MS0yMTBlLTRkMWEtODgxOS1hNmM0OWNlOTA3NTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDQvNDkzNTcx
LTIxMGUtNGQxYS04ODE5LWE2YzQ5Y2U5MDc1Ni8xL1U5QTFuNS1MSUlGYzVObUk0
UW1fZ2pCdVRIUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEcGCCsGAQUF
BwEHAQH/BDgwNjAeBAIAATAYAwQCuaYoAwQCubDMAwQCucpIAwQCue+8MBQEAgAC
MA4DBQMqCnYAAwUDKgrSwDAfBggrBgEFBQcBCAEB/wQQMA6gDDAKAgMDJBICAwMo
+DANBgkqhkiG9w0BAQsFAAOCAQEAVQyEm9uPaW+7Dcb3gKuBQ+1Lr6Exbz0SAEjO
s3HDOzTCikIGAYmLjmm4GuIq/MSh5Gr+8xsnGpZjVvxnYHs0GzouwyV7T00mQ2Tj
FvqBVvDRCg+JNw0vWhw/oe+lICAX7ZsAzqqRVzxhz/73N1+Z9cCiCZXiops7cT/b
s6oHc3C09klyrli8unx8QfcnAcDOqBPXwOVkTIba4nMtWE+4n0WeBqCmGMV8WQbF
QGV2m0Fuq+5M98t430lqiuU1gEGuDTVxcsaBYXjUFZI2VRzjtBnv87aKKCurIviI
Ak2QBVKhKb/1IMipLZj+qFr7qlygBkXgNeyHd7jxr0eVnEtN8w==
-----END CERTIFICATE-----
Generated at Fri Nov 22 00:44:21 2024 by rpki-client on console-fra.rpki-client.org