Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/YDJcIdL6_nQzmNweVXRDMoARBGk.cer
File:                     YDJcIdL6_nQzmNweVXRDMoARBGk.cer (raw, json)
Hash identifier:          2fiu6P8ODl3GhRWKehYnjR2SJUD2EqK3MbgrPuXh3YY=
Subject key identifier:   60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6707618D31E8E6349B42ABEDA83EB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 195.10.217.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:70:76:18:d3:1e:8e:63:49:b4:2a:be:da:83:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60325c21d2fafe743398dc1e5574433280110469
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:0e:be:1f:0d:ff:5d:b5:99:9c:7b:1c:34:05:
                    05:b8:f1:3b:20:a2:f7:e0:ce:7c:fe:07:49:f1:74:
                    6a:9e:09:cc:0e:ca:fd:7c:ea:93:5d:d3:40:88:1d:
                    71:92:2b:4e:7d:3c:a1:cf:c0:ad:cc:df:9a:18:c8:
                    e8:cc:10:d1:24:e7:f4:0e:94:09:a6:8d:35:7c:a7:
                    6f:2c:14:15:28:a6:72:77:30:95:9e:1a:35:d6:ba:
                    64:a4:b1:ad:7b:7c:f8:ed:98:c0:9a:9a:4d:50:a0:
                    63:da:ce:15:61:d1:4e:f8:d0:31:f6:99:82:10:47:
                    35:e2:02:37:57:cf:68:71:26:b1:67:c0:f5:cb:7c:
                    93:1c:53:28:7c:81:63:64:4b:5f:95:84:92:d4:29:
                    36:50:59:04:58:fb:c7:c0:3e:24:b4:20:b7:bc:33:
                    c6:0a:2e:64:81:ad:ef:9d:da:fa:d3:bd:17:61:31:
                    80:96:ad:02:a2:f5:d8:e6:e1:d5:ed:f6:43:3a:0d:
                    b1:e8:45:cc:46:96:47:d9:07:db:38:e0:d5:50:8d:
                    f8:f6:2b:d6:9e:3d:7b:aa:d5:24:0c:ef:f9:6e:81:
                    e4:ae:a3:d8:d9:8f:b4:68:66:c8:ca:01:3a:0c:b7:
                    63:70:e7:67:7c:91:2c:28:e7:90:de:e2:40:ee:1d:
                    a9:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:32:5C:21:D2:FA:FE:74:33:98:DC:1E:55:74:43:32:80:11:04:69
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/f2770b-da19-4790-a494-c58e95cd4277/1/YDJcIdL6_nQzmNweVXRDMoARBGk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:67:2c:14:63:1f:c1:8a:2b:85:71:a1:7c:b8:12:c5:74:ca:
         14:21:3e:9b:23:e9:92:2b:4f:78:5e:ee:09:d3:c6:4a:b1:ca:
         61:a0:85:ce:6a:d3:b1:5c:b4:b1:96:89:c5:99:eb:54:ac:65:
         06:9f:2d:a5:e9:9d:7a:f4:14:8b:33:f8:aa:8c:71:27:fa:f2:
         fa:3d:ab:9f:40:07:a9:83:14:26:74:cd:55:20:02:7a:f7:f5:
         54:87:04:5a:5e:04:eb:2d:82:30:23:0c:f7:07:f1:0b:e6:61:
         ca:1b:e5:d4:5e:60:64:84:c4:64:ff:b8:b2:95:e4:a3:86:5b:
         7d:ff:5b:f3:de:93:c1:28:21:3c:24:93:7f:21:d8:40:a7:5a:
         eb:eb:38:1a:bf:cd:20:c7:e9:c6:39:04:3b:14:50:fd:5f:62:
         28:ef:0d:94:85:59:e4:78:d9:d2:66:53:13:75:56:45:2c:59:
         4a:a1:4f:c1:67:58:5e:51:f7:31:32:b4:81:a7:70:be:97:dc:
         4a:b8:f1:71:21:7f:80:2d:9b:10:1d:44:f6:b7:f8:41:0e:c1:
         1d:8d:a2:c6:01:49:c5:41:00:3e:57:a6:e7:d6:4d:4c:72:97:
         29:3e:04:7f:ec:e9:7d:7a:77:dd:ec:25:4a:94:32:d4:cc:ac:
         50:66:79:84
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzDtnB2GNMejmNJtCq+2oPrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDMyNWMyMWQyZmFmZTc0MzM5OGRjMWU1NTc0NDMzMjgwMTEwNDY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwg6+Hw3/XbWZnHscNAUFuPE7IKL3
4M58/gdJ8XRqngnMDsr9fOqTXdNAiB1xkitOfTyhz8CtzN+aGMjozBDRJOf0DpQJ
po01fKdvLBQVKKZydzCVnho11rpkpLGte3z47ZjAmppNUKBj2s4VYdFO+NAx9pmC
EEc14gI3V89ocSaxZ8D1y3yTHFMofIFjZEtflYSS1Ck2UFkEWPvHwD4ktCC3vDPG
Ci5kga3vndr6070XYTGAlq0CovXY5uHV7fZDOg2x6EXMRpZH2QfbOODVUI349ivW
nj17qtUkDO/5boHkrqPY2Y+0aGbIygE6DLdjcOdnfJEsKOeQ3uJA7h2pYwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGAyXCHS+v50M5jcHlV0QzKAEQRpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQwL2YyNzcw
Yi1kYTE5LTQ3OTAtYTQ5NC1jNThlOTVjZDQyNzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAvZjI3NzBi
LWRhMTktNDc5MC1hNDk0LWM1OGU5NWNkNDI3Ny8xL1lESmNJZEw2X25Rem1Od2VW
WFJETW9BUkJHay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwwrZMA0GCSqGSIb3DQEBCwUAA4IBAQBqZywU
Yx/BiiuFcaF8uBLFdMoUIT6bI+mSK094Xu4J08ZKscphoIXOatOxXLSxlonFmetU
rGUGny2l6Z169BSLM/iqjHEn+vL6PaufQAepgxQmdM1VIAJ69/VUhwRaXgTrLYIw
Iwz3B/EL5mHKG+XUXmBkhMRk/7iyleSjhlt9/1vz3pPBKCE8JJN/IdhAp1rr6zga
v80gx+nGOQQ7FFD9X2Io7w2UhVnkeNnSZlMTdVZFLFlKoU/BZ1heUfcxMrSBp3C+
l9xKuPFxIX+ALZsQHUT2t/hBDsEdjaLGAUnFQQA+V6bn1k1McpcpPgR/7Ol9enfd
7CVKlDLUzKxQZnmE
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:25:42 2024 by rpki-client on console-ams.rpki-client.org