Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.cer
File:                     ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.cer (raw, json)
Hash identifier:          2EvlOGqnSv2LUB+kI4kyy7tcYE0k54JxFHxycyZt9GE=
Subject key identifier:   64:2C:7A:4E:9F:02:B2:F4:E6:64:D7:D0:D7:2A:52:E5:12:61:DE:54
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DCCBD67A3C9E34258D07D39B69D781
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:29:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 57473
                          IP: 185.115.136.0/22
                          IP: 194.60.250.0/24
                          IP: 2a06:76c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:cb:d6:7a:3c:9e:34:25:8d:07:d3:9b:69:d7:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=642c7a4e9f02b2f4e664d7d0d72a52e51261de54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b1:78:70:f2:55:a0:3b:14:5e:46:b4:67:d2:
                    c0:23:b3:6d:7b:21:c4:be:e2:3f:d2:4f:7e:2d:27:
                    5f:02:f0:56:75:1b:d0:4a:f4:7c:ac:c3:e9:4b:c0:
                    56:88:4a:5e:b3:cd:c0:e6:fc:c8:22:72:e8:bc:d4:
                    0e:cc:40:63:34:da:2e:29:87:b4:5c:23:50:33:67:
                    f8:49:53:43:1a:be:57:42:f5:13:73:16:89:1b:fc:
                    99:f2:ae:39:1f:1e:df:ad:b4:58:e5:1c:8e:b2:b8:
                    e2:bb:eb:8a:87:fc:5b:28:f7:a3:ea:3f:1d:3d:6d:
                    62:01:aa:e6:31:42:51:7c:3f:2f:cd:c5:a4:3c:7b:
                    a0:7a:37:13:c1:b8:00:2a:10:58:4d:34:53:2c:19:
                    e0:c7:6d:c5:7a:67:ae:72:e2:b2:ec:6c:fc:36:fd:
                    0f:b2:e7:b9:eb:56:db:cd:81:ee:5c:35:4b:b2:09:
                    02:9a:76:93:0b:92:a7:8e:60:a8:3f:21:ed:4f:f4:
                    4a:42:7e:08:5e:6e:9a:9e:44:97:df:64:41:df:d5:
                    79:a6:b9:82:f4:56:d1:31:f9:95:a7:e0:f5:94:23:
                    4e:fc:bc:4b:9f:2f:06:59:a4:32:6f:ed:6c:f1:de:
                    58:16:8e:35:5a:db:ec:7c:a9:08:cf:6b:14:27:6e:
                    20:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:2C:7A:4E:9F:02:B2:F4:E6:64:D7:D0:D7:2A:52:E5:12:61:DE:54
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/991fd8-2d85-4cf9-9036-5e02c4653e50/1/ZCx6Tp8CsvTmZNfQ1ypS5RJh3lQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.136.0/22
                  194.60.250.0/24
                IPv6:
                  2a06:76c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  57473

    Signature Algorithm: sha256WithRSAEncryption
         28:d9:47:7f:35:18:0d:13:2b:7d:c1:aa:3d:d3:58:8f:1e:d2:
         f7:42:0f:a9:db:ae:02:55:5b:52:3b:ad:41:81:8b:aa:b9:43:
         3c:98:ec:0d:11:d4:34:46:ff:90:20:92:1d:db:ea:ff:83:e6:
         d5:8e:96:dd:24:a6:18:1c:74:81:2c:59:37:8d:9e:04:8a:38:
         cd:63:a3:f4:02:d9:16:3e:66:c5:86:2b:4e:0e:b8:20:96:15:
         5d:02:52:9e:8b:a5:b6:78:13:fb:c3:9e:6a:fb:f0:04:ea:bb:
         d5:e7:ba:a2:49:70:39:a6:aa:46:f6:8b:93:93:b0:53:4a:0c:
         88:5d:25:c2:5c:f2:61:43:e0:7c:d2:d9:99:f7:3c:9c:e2:e6:
         65:96:a6:ec:d0:f6:4f:b7:fd:bf:9c:bd:8c:a3:12:a5:52:6c:
         23:34:5a:61:20:47:59:6e:4d:3a:cd:57:aa:f1:75:b4:5e:40:
         10:62:e7:c1:5f:5c:56:d0:db:ec:d7:c2:b1:cf:92:00:85:9b:
         5b:ce:e1:31:93:be:e2:2b:a5:04:f4:44:59:99:94:88:4b:3d:
         33:d8:13:2b:f8:10:db:e4:b3:af:f4:67:00:58:51:bd:80:b5:
         80:a5:8b:24:36:35:09:d6:35:76:67:80:b3:5e:28:9a:74:5b:
         25:56:c1:ff
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYzI3MvWejyeNCWNB9ObadeBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDJjN2E0ZTlmMDJiMmY0ZTY2NGQ3ZDBkNzJhNTJlNTEyNjFkZTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bF4cPJVoDsUXka0Z9LAI7NteyHE
vuI/0k9+LSdfAvBWdRvQSvR8rMPpS8BWiEpes83A5vzIInLovNQOzEBjNNouKYe0
XCNQM2f4SVNDGr5XQvUTcxaJG/yZ8q45Hx7frbRY5RyOsrjiu+uKh/xbKPej6j8d
PW1iAarmMUJRfD8vzcWkPHugejcTwbgAKhBYTTRTLBngx23FemeucuKy7Gz8Nv0P
sue561bbzYHuXDVLsgkCmnaTC5KnjmCoPyHtT/RKQn4IXm6ankSX32RB39V5prmC
9FbRMfmVp+D1lCNO/LxLny8GWaQyb+1s8d5YFo41WtvsfKkIz2sUJ24g/wIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFGQsek6fArL05mTX0NcqUuUSYd5UMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E3Lzk5MWZk
OC0yZDg1LTRjZjktOTAzNi01ZTAyYzQ2NTNlNTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcvOTkxZmQ4
LTJkODUtNGNmOS05MDM2LTVlMDJjNDY1M2U1MC8xL1pDeDZUcDhDc3ZUbVpOZlEx
eXBTNVJKaDNsUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQCuXOIAwQAwjz6MA0EAgACMAcDBQMqBnbAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwDggTANBgkqhkiG9w0BAQsFAAOCAQEAKNlH
fzUYDRMrfcGqPdNYjx7S90IPqduuAlVbUjutQYGLqrlDPJjsDRHUNEb/kCCSHdvq
/4Pm1Y6W3SSmGBx0gSxZN42eBIo4zWOj9ALZFj5mxYYrTg64IJYVXQJSnoultngT
+8OeavvwBOq71ee6oklwOaaqRvaLk5OwU0oMiF0lwlzyYUPgfNLZmfc8nOLmZZam
7ND2T7f9v5y9jKMSpVJsIzRaYSBHWW5NOs1XqvF1tF5AEGLnwV9cVtDb7NfCsc+S
AIWbW87hMZO+4iulBPREWZmUiEs9M9gTK/gQ2+Szr/RnAFhRvYC1gKWLJDY1CdY1
dmeAs14omnRbJVbB/w==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:10:49 2024 by rpki-client on console-fra.rpki-client.org