Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Y4xQnLd7AUm29m9QGfhYs6z5Quk.cer
File:                     Y4xQnLd7AUm29m9QGfhYs6z5Quk.cer (raw, json)
Hash identifier:          Wz+j/a4XvfQLn6DGjC6j6kFGiaqJbURJT+QYGK9IrH4=
Subject key identifier:   63:8C:50:9C:B7:7B:01:49:B6:F6:6F:50:19:F8:58:B3:AC:F9:42:E9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B7CA3292FE4741BB6A49A42EA3BE52
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d8/860a5e-e0d0-44f5-9c54-3cc4ff9aa1bc/1/Y4xQnLd7AUm29m9QGfhYs6z5Quk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d8/860a5e-e0d0-44f5-9c54-3cc4ff9aa1bc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:29:42 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 29562
                          IP: 5.10.48.0/20
                          IP: 5.56.176.0 -- 5.56.255.255
                          IP: 5.158.128.0/18
                          IP: 37.49.0.0/17
                          IP: 37.209.0.0/17
                          IP: 46.5.0.0/16
                          IP: 46.223.0.0/16
                          IP: 46.237.192.0/18
                          IP: 78.42.0.0/15
                          IP: 82.212.0.0/18
                          IP: 85.216.0.0/17
                          IP: 91.89.0.0/16
                          IP: 95.208.0.0/16
                          IP: 109.192.0.0/15
                          IP: 134.3.0.0/16
                          IP: 149.172.0.0/16
                          IP: 185.2.140.0/22
                          IP: 217.8.48.0/20
                          IP: 2a02:8070::/31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:ca:32:92:fe:47:41:bb:6a:49:a4:2e:a3:be:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=638c509cb77b0149b6f66f5019f858b3acf942e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:57:bb:ae:9c:e9:a0:4f:29:0f:42:f3:7b:0a:
                    10:17:31:30:d5:9e:69:16:d9:8b:7b:8a:74:d6:72:
                    d1:f2:66:ff:6d:75:de:25:3f:9c:d7:c1:58:4d:f1:
                    11:d6:16:b1:14:37:5e:26:c6:94:37:37:49:07:c6:
                    57:5a:11:3a:32:0d:6d:a4:88:45:47:83:bc:3f:d2:
                    63:3b:58:1c:58:4a:d2:c5:ef:d0:fe:cd:54:ad:83:
                    34:73:0f:44:25:7b:f2:29:50:03:57:e8:03:21:ec:
                    79:c6:b5:12:cf:0d:9d:6e:a4:17:3e:d6:d2:1b:cf:
                    76:bd:d4:15:99:60:46:3a:c0:3a:90:76:4e:82:50:
                    6f:43:65:88:b5:43:f0:46:ad:7f:80:3f:f1:77:3e:
                    58:b6:72:88:db:46:9b:5e:39:69:a2:75:3e:83:ea:
                    ae:43:db:4d:02:d8:e6:ce:d7:81:f5:8f:d7:a3:e1:
                    c6:9e:c5:0c:0e:5a:f4:13:d3:89:5d:06:84:b3:a9:
                    18:94:6e:5f:8f:00:09:fd:cb:58:c8:06:74:31:d4:
                    a1:b7:00:b7:bb:f2:b7:25:ea:5e:90:ff:e0:11:5c:
                    81:5e:53:15:af:f0:f2:04:ff:3d:c4:09:ce:e9:69:
                    26:48:2d:03:1a:e3:1b:3d:f3:9a:9f:04:64:30:a1:
                    c5:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:8C:50:9C:B7:7B:01:49:B6:F6:6F:50:19:F8:58:B3:AC:F9:42:E9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/860a5e-e0d0-44f5-9c54-3cc4ff9aa1bc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/860a5e-e0d0-44f5-9c54-3cc4ff9aa1bc/1/Y4xQnLd7AUm29m9QGfhYs6z5Quk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.48.0/20
                  5.56.176.0-5.56.255.255
                  5.158.128.0/18
                  37.49.0.0/17
                  37.209.0.0/17
                  46.5.0.0/16
                  46.223.0.0/16
                  46.237.192.0/18
                  78.42.0.0/15
                  82.212.0.0/18
                  85.216.0.0/17
                  91.89.0.0/16
                  95.208.0.0/16
                  109.192.0.0/15
                  134.3.0.0/16
                  149.172.0.0/16
                  185.2.140.0/22
                  217.8.48.0/20
                IPv6:
                  2a02:8070::/31

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  29562

    Signature Algorithm: sha256WithRSAEncryption
         97:2c:b0:df:ed:a8:b8:d5:74:16:08:49:3a:87:5b:3c:cf:04:
         ca:29:32:ee:e9:cd:aa:af:c4:55:c5:df:00:a2:05:45:07:fa:
         c4:fa:17:80:87:5c:ac:c9:33:ae:f2:99:c2:2d:1a:85:04:ea:
         c2:0d:d9:2c:21:46:48:8b:ca:92:a2:cb:78:7b:b5:26:d2:7d:
         0a:6e:de:c9:f4:d2:71:7f:9f:04:cf:16:23:9a:c3:b3:fb:b5:
         c5:fe:50:50:9e:d0:6a:18:4b:8e:d2:ab:7b:3c:c0:f4:eb:fb:
         75:31:69:fc:cc:bd:37:0f:ce:3e:1d:a9:c3:a2:ff:11:50:bf:
         3d:3c:0d:15:b4:27:d7:42:fb:51:50:f5:3f:2c:8d:9f:d3:20:
         a6:56:9e:02:ac:dc:81:de:57:61:7f:3c:c0:db:8e:65:63:e5:
         78:13:3b:45:5d:a3:4c:da:32:1f:53:5b:11:04:41:50:63:2a:
         72:b5:c5:4e:3d:3e:1e:6b:37:8a:51:d1:28:bf:03:04:9a:16:
         31:6e:b7:fe:59:b8:8d:6e:4b:49:0b:8c:65:f9:e2:b2:23:cf:
         b1:9d:22:79:72:c7:b7:ef:51:55:a1:f8:c3:0f:e7:f5:45:44:
         6f:3c:77:86:45:e3:a8:7b:a8:12:c0:95:36:98:fc:35:82:5c:
         4a:bc:7e:47
-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgISAYzGt8oykv5HQbtqSaQuo75SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzhjNTA5Y2I3N2IwMTQ5YjZmNjZmNTAxOWY4NThiM2FjZjk0MmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1e7rpzpoE8pD0LzewoQFzEw1Z5p
FtmLe4p01nLR8mb/bXXeJT+c18FYTfER1haxFDdeJsaUNzdJB8ZXWhE6Mg1tpIhF
R4O8P9JjO1gcWErSxe/Q/s1UrYM0cw9EJXvyKVADV+gDIex5xrUSzw2dbqQXPtbS
G892vdQVmWBGOsA6kHZOglBvQ2WItUPwRq1/gD/xdz5YtnKI20abXjlponU+g+qu
Q9tNAtjmzteB9Y/Xo+HGnsUMDlr0E9OJXQaEs6kYlG5fjwAJ/ctYyAZ0MdShtwC3
u/K3JepekP/gEVyBXlMVr/DyBP89xAnO6WkmSC0DGuMbPfOanwRkMKHFBQIDAQAB
o4IDFjCCAxIwHQYDVR0OBBYEFGOMUJy3ewFJtvZvUBn4WLOs+ULpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q4Lzg2MGE1
ZS1lMGQwLTQ0ZjUtOWM1NC0zY2M0ZmY5YWExYmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDgvODYwYTVl
LWUwZDAtNDRmNS05YzU0LTNjYzRmZjlhYTFiYy8xL1k0eFFuTGQ3QVVtMjltOVFH
ZmhZczZ6NVF1ay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIGVBggrBgEF
BQcBBwEB/wSBhTCBgjBxBAIAATBrAwQEBQowMAsDBAQFOLADAwAFOAMEBgWegAME
ByUxAAMEByXRAAMDAC4FAwMALt8DBAYu7cADAwFOKgMEBlLUAAMEB1XYAAMDAFtZ
AwMAX9ADAwFtwAMDAIYDAwMAlawDBAK5AowDBATZCDAwDQQCAAIwBwMFASoCgHAw
GQYIKwYBBQUHAQgBAf8ECjAIoAYwBAICc3owDQYJKoZIhvcNAQELBQADggEBAJcs
sN/tqLjVdBYISTqHWzzPBMopMu7pzaqvxFXF3wCiBUUH+sT6F4CHXKzJM67ymcIt
GoUE6sIN2SwhRkiLypKiy3h7tSbSfQpu3sn00nF/nwTPFiOaw7P7tcX+UFCe0GoY
S47Sq3s8wPTr+3UxafzMvTcPzj4dqcOi/xFQvz08DRW0J9dC+1FQ9T8sjZ/TIKZW
ngKs3IHeV2F/PMDbjmVj5XgTO0Vdo0zaMh9TWxEEQVBjKnK1xU49Ph5rN4pR0Si/
AwSaFjFut/5ZuI1uS0kLjGX54rIjz7GdInlyx7fvUVWh+MMP5/VFRG88d4ZF46h7
qBLAlTaY/DWCXEq8fkc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:20:39 2024 by rpki-client on console-fra.rpki-client.org