Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/_CCxsZfwnRMN0qpfTiPfaU6aEEI.cer
File: _CCxsZfwnRMN0qpfTiPfaU6aEEI.cer (raw, json)
Hash identifier: xqInFHuuLx5n3LTPjq7vPdLnJpCBZMIVUbnxLjJgBys=
Subject key identifier: FC:20:B1:B1:97:F0:9D:13:0D:D2:AA:5F:4E:23:DF:69:4E:9A:10:42
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: A80A2D13DA
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/a2/b20fb4-a8b3-4ee8-9af7-74b390f35a73/1/_CCxsZfwnRMN0qpfTiPfaU6aEEI.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/a2/b20fb4-a8b3-4ee8-9af7-74b390f35a73/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Sat 01 Jan 2022 13:07:44 +0000
Certificate not after: Sat 01 Jul 2023 00:00:00 +0000
Subordinate resources: AS: 52210
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 721725232090 (0xa80a2d13da)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 1 13:07:44 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=fc20b1b197f09d130dd2aa5f4e23df694e9a1042
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:fa:7d:aa:62:ce:8b:dd:f6:fa:6d:a0:f3:0c:
54:57:23:7e:48:8f:21:e7:1b:aa:0f:4f:48:1b:08:
81:bc:09:26:53:7f:2f:14:46:3f:4c:11:f5:13:ef:
e3:cd:d4:62:85:15:8a:0f:2b:53:51:97:ac:dd:35:
6c:35:7a:fb:f3:b5:18:fc:8e:3d:5a:03:14:b4:cf:
80:20:82:ab:ba:a1:4a:58:2c:a5:3a:0b:63:ff:d3:
be:35:6e:26:e4:b9:90:db:06:fb:5f:d0:63:2b:80:
7c:4e:e4:6a:a8:e8:fe:e6:21:e5:99:85:0b:16:28:
cc:02:45:e6:dc:73:b1:58:bc:7d:e0:6c:ea:c3:49:
bc:8e:6b:fa:1c:ec:06:36:d8:f9:7f:5f:39:75:ae:
83:55:59:a1:fb:43:db:23:34:ee:8c:56:a4:da:d9:
3f:b6:e2:1e:a0:c1:d5:3f:5f:b6:d5:da:b8:3a:0b:
84:f1:88:cc:84:8a:73:c9:05:e1:9b:10:c4:6f:8c:
8b:aa:8f:7b:5b:0c:06:02:33:44:6f:11:8c:21:02:
f6:6b:cc:f3:2a:2f:68:7c:dc:88:9d:92:f5:0f:cf:
49:45:0b:64:f4:f7:55:e8:c5:10:92:b9:54:25:f2:
03:69:f2:a2:be:e9:1c:4b:ac:22:f1:a1:ff:2a:ee:
d8:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:20:B1:B1:97:F0:9D:13:0D:D2:AA:5F:4E:23:DF:69:4E:9A:10:42
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b20fb4-a8b3-4ee8-9af7-74b390f35a73/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/b20fb4-a8b3-4ee8-9af7-74b390f35a73/1/_CCxsZfwnRMN0qpfTiPfaU6aEEI.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-autonomousSysNum: critical
Autonomous System Numbers:
52210
Signature Algorithm: sha256WithRSAEncryption
9c:35:c0:65:c7:c3:58:a3:91:99:8b:79:d0:02:ba:db:62:97:
0d:5f:c5:2f:d1:9a:aa:5b:f2:e2:23:d9:91:9b:a9:33:98:f9:
2c:1a:29:2f:a0:9e:1e:13:ad:1d:23:48:28:56:86:c2:42:e7:
e6:ad:c6:81:f4:b7:ca:34:ef:a7:ee:95:1d:5a:29:bd:02:8a:
5a:51:4d:16:db:bd:34:01:42:b6:6f:e4:b0:c4:c9:f1:1a:2c:
bf:06:ef:f4:63:5d:8d:11:c9:7f:10:0c:87:43:18:ad:7b:3b:
bf:bd:da:b5:1b:e2:11:3e:50:23:ef:ae:e8:e8:ae:ef:21:10:
b8:b6:c3:d8:31:a8:72:2d:1f:3b:0b:f6:24:22:73:01:b9:e0:
5a:0e:bf:cd:e0:e5:64:e1:65:36:fc:12:7d:1c:8e:92:83:19:
8b:2f:6b:43:fc:b0:64:e3:69:70:16:94:ed:01:04:f6:65:58:
aa:26:b1:48:f3:16:e3:b3:78:96:72:56:7a:06:74:23:13:02:
32:2f:a5:37:dd:da:f3:48:52:7a:f0:bc:71:cf:5d:3b:9e:67:
c7:9b:7b:07:fb:27:ac:07:f3:bd:32:38:15:75:22:0e:09:14:
4f:8e:b1:9b:d0:10:03:d8:80:68:78:a2:71:60:eb:40:c0:b1:
16:eb:09:19
-----BEGIN CERTIFICATE-----
MIIFZzCCBE+gAwIBAgIGAKgKLRPaMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMT
KDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRkZGU2NjkwHhcNMjIw
MTAxMTMwNzQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhmYzIwYjFiMTk3
ZjA5ZDEzMGRkMmFhNWY0ZTIzZGY2OTRlOWExMDQyMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEApvp9qmLOi932+m2g8wxUVyN+SI8h5xuqD09IGwiBvAkm
U38vFEY/TBH1E+/jzdRihRWKDytTUZes3TVsNXr787UY/I49WgMUtM+AIIKruqFK
WCylOgtj/9O+NW4m5LmQ2wb7X9BjK4B8TuRqqOj+5iHlmYULFijMAkXm3HOxWLx9
4Gzqw0m8jmv6HOwGNtj5f185da6DVVmh+0PbIzTujFak2tk/tuIeoMHVP1+21dq4
OguE8YjMhIpzyQXhmxDEb4yLqo97WwwGAjNEbxGMIQL2a8zzKi9ofNyInZL1D89J
RQtk9PdV6MUQkrlUJfIDafKivukcS6wi8aH/Ku7Y1QIDAQABo4ICfzCCAnswHQYD
VR0OBBYEFPwgsbGX8J0TDdKqX04j32lOmhBCMB8GA1UdIwQYMBaAFCqUqN1VSucB
ByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMGAG
CCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9ycGtpLnJpcGUubmV0
L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jZXIw
ggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFyc3luYzovL3Jwa2ku
cmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EyL2IyMGZiNC1hOGIzLTRlZTgt
OWFmNy03NGIzOTBmMzVhNzMvMS8wfAYIKwYBBQUHMAqGcHJzeW5jOi8vcnBraS5y
aXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTIvYjIwZmI0LWE4YjMtNGVlOC05
YWY3LTc0YjM5MGYzNWE3My8xL19DQ3hzWmZ3blJNTjBxcGZUaVBmYVU2YUVFSS5t
ZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5ldC9ub3RpZmljYXRp
b24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9y
ZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMyUUhWVjNkNW1rLmNy
bDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwDL8jANBgkqhkiG9w0BAQsFAAOCAQEAnDXAZcfDWKORmYt50AK622KXDV/F
L9Gaqlvy4iPZkZupM5j5LBopL6CeHhOtHSNIKFaGwkLn5q3GgfS3yjTvp+6VHVop
vQKKWlFNFtu9NAFCtm/ksMTJ8Rosvwbv9GNdjRHJfxAMh0MYrXs7v73atRviET5Q
I++u6Oiu7yEQuLbD2DGoci0fOwv2JCJzAbngWg6/zeDlZOFlNvwSfRyOkoMZiy9r
Q/ywZONpcBaU7QEE9mVYqiaxSPMW47N4lnJWegZ0IxMCMi+lN93a80hSevC8cc9d
O55nx5t7B/snrAfzvTI4FXUiDgkUT46xm9AQA9iAaHiicWDrQMCxFusJGQ==
-----END CERTIFICATE-----
Generated at Wed Mar 12 17:16:27 2025 by rpki-client