Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer
File:                     fRSfYkR4U2icEvsoiv62toHP68E.cer (raw, json)
Hash identifier:          0VpYXaoDrAleRBqI2rtBeMWA27YSxE3vdbMu76ati24=
Subject key identifier:   7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56E38C0845665FB4D34AE9E7AA73901
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 28737
                          IP: 87.252.224.0/19
                          IP: 91.149.128.0/18
                          IP: 93.125.0.0/17
                          IP: 178.172.128.0/17
                          IP: 185.70.12.0/22
                          IP: 213.184.224.0/19
                          IP: 217.21.32.0/19
                          IP: 2a04:2e80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:38:c0:84:56:65:fb:4d:34:ae:9e:7a:a7:39:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7d149f62447853689c12fb288afeb6b681cfebc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:40:3b:2f:8f:0e:c2:e3:22:1f:61:bd:1c:c2:
                    5a:21:83:a3:dd:d3:18:06:70:b7:c3:9c:f5:e8:d1:
                    73:35:c8:f4:26:ef:78:86:bd:8a:92:74:ca:ad:f6:
                    eb:aa:3c:43:0f:e0:4b:53:ca:7b:ba:c9:53:8f:51:
                    b1:3c:ef:bd:8c:29:b1:32:ce:07:a2:23:1d:04:6a:
                    fb:ad:b7:8c:fc:c8:81:f8:d4:76:b5:d1:52:3b:63:
                    2a:97:28:9f:6a:0c:3f:c3:35:00:08:8c:91:1a:80:
                    d8:88:43:b5:3b:e9:92:8b:90:09:91:18:fe:cf:4e:
                    e8:b2:4e:20:f6:33:db:e3:50:9a:ac:2f:62:92:29:
                    02:10:52:27:85:2a:5a:f9:2c:27:c0:e8:a7:d7:2d:
                    bf:2b:3f:75:5c:37:62:56:a5:f7:d4:59:4a:9a:be:
                    80:ea:c1:57:02:c7:5c:11:22:75:0b:95:3a:4f:38:
                    66:a6:95:8f:91:e2:ba:d7:94:52:d1:d7:76:3a:74:
                    d2:b1:57:32:7e:aa:e5:0d:9b:72:c6:27:54:78:b2:
                    1f:d3:1c:51:a8:af:87:d7:62:d9:6f:22:38:b4:f8:
                    3c:7e:51:f5:9a:ca:86:83:69:b7:b0:47:f4:c9:89:
                    4b:66:28:b5:77:36:c5:59:01:c1:df:a3:df:d4:49:
                    26:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.252.224.0/19
                  91.149.128.0/18
                  93.125.0.0/17
                  178.172.128.0/17
                  185.70.12.0/22
                  213.184.224.0/19
                  217.21.32.0/19
                IPv6:
                  2a04:2e80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  28737

    Signature Algorithm: sha256WithRSAEncryption
         70:06:f6:ce:16:1e:d4:a5:8d:05:c8:39:48:37:22:da:6f:90:
         81:91:11:d7:54:7a:a5:a2:00:8c:4f:f7:3a:87:30:c6:80:46:
         66:db:c2:fc:92:3b:a6:19:44:12:31:84:44:8f:56:9d:22:74:
         b3:32:07:a1:07:f7:2a:fc:29:23:4a:dc:52:af:5b:44:ef:54:
         2f:53:51:11:d9:14:22:aa:2c:98:6d:11:a7:16:3c:fe:cc:22:
         18:c4:40:f4:cc:d7:27:86:1f:6d:d4:4e:ac:cd:9b:a7:0c:a9:
         c1:66:8d:35:9e:d9:c2:c0:aa:10:44:0c:ec:7c:0f:ee:34:9e:
         f7:7f:b0:9c:40:85:93:c7:57:c6:ec:27:09:55:eb:71:1c:77:
         de:8b:01:2e:3d:90:3c:d7:df:7b:e5:7a:66:9f:fa:a4:8d:95:
         a1:47:fa:04:79:dd:44:2f:f6:23:61:32:6e:85:cf:c4:2d:a9:
         9c:7f:b7:b6:c4:5c:95:75:73:5b:ea:a2:c1:c4:50:72:f3:e0:
         b5:7d:b3:ef:1c:a9:21:6c:72:bb:be:38:6c:16:47:79:24:ce:
         3c:5e:09:a2:86:93:1f:e3:0c:6f:fa:c1:d0:86:e6:4e:cf:4d:
         35:f2:2e:b9:a0:d4:dc:58:9f:7a:a5:41:4a:16:35:84:e3:c7:
         b6:c5:32:40
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgISAYzFbjjAhFZl+000rp56pzkBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDE0OWY2MjQ0Nzg1MzY4OWMxMmZiMjg4YWZlYjZiNjgxY2ZlYmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0A7L48OwuMiH2G9HMJaIYOj3dMY
BnC3w5z16NFzNcj0Ju94hr2KknTKrfbrqjxDD+BLU8p7uslTj1GxPO+9jCmxMs4H
oiMdBGr7rbeM/MiB+NR2tdFSO2Mqlyifagw/wzUACIyRGoDYiEO1O+mSi5AJkRj+
z07osk4g9jPb41CarC9ikikCEFInhSpa+SwnwOin1y2/Kz91XDdiVqX31FlKmr6A
6sFXAsdcESJ1C5U6TzhmppWPkeK615RS0dd2OnTSsVcyfqrlDZtyxidUeLIf0xxR
qK+H12LZbyI4tPg8flH1msqGg2m3sEf0yYlLZii1dzbFWQHB36Pf1EkmaQIDAQAB
o4IC0jCCAs4wHQYDVR0OBBYEFH0Un2JEeFNonBL7KIr+traBz+vBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdkLzZhNTRi
Zi1mMDBmLTQ2N2EtYmY1Ny1hYWIwZTQxNGNjNjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2QvNmE1NGJm
LWYwMGYtNDY3YS1iZjU3LWFhYjBlNDE0Y2M2My8xL2ZSU2ZZa1I0VTJpY0V2c29p
djYydG9IUDY4RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFIGCCsGAQUF
BwEHAQH/BEMwQTAwBAIAATAqAwQFV/zgAwQGW5WAAwQHXX0AAwQHsqyAAwQCuUYM
AwQF1bjgAwQF2RUgMA0EAgACMAcDBQMqBC6AMBkGCCsGAQUFBwEIAQH/BAowCKAG
MAQCAnBBMA0GCSqGSIb3DQEBCwUAA4IBAQBwBvbOFh7UpY0FyDlINyLab5CBkRHX
VHqlogCMT/c6hzDGgEZm28L8kjumGUQSMYREj1adInSzMgehB/cq/CkjStxSr1tE
71QvU1ER2RQiqiyYbRGnFjz+zCIYxED0zNcnhh9t1E6szZunDKnBZo01ntnCwKoQ
RAzsfA/uNJ73f7CcQIWTx1fG7CcJVetxHHfeiwEuPZA819975Xpmn/qkjZWhR/oE
ed1EL/YjYTJuhc/ELamcf7e2xFyVdXNb6qLBxFBy8+C1fbPvHKkhbHK7vjhsFkd5
JM48XgmihpMf4wxv+sHQhuZOz0018i65oNTcWJ96pUFKFjWE48e2xTJA
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:27:34 2024 by rpki-client on console-ams.rpki-client.org