Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer
File:                     gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.cer (raw, json)
Hash identifier:          zlRrvA3seZTgQAQHHOLWFeDGvj/k2yhg6JjbqrkEfco=
Subject key identifier:   82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942445642503703762F2463FF3DF38A6A4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 23:48:34 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 5060 -- 5061
                          AS: 6152
                          AS: 9504
                          AS: 16087
                          AS: 52132
                          AS: 52138
                          AS: 58089
                          AS: 61161
                          IP: 92.50.0.0/18
                          IP: 107.150.170.0/24
                          IP: 147.136.64.0/19
                          IP: 168.199.0.0/16
                          IP: 170.246.64.0/22
                          IP: 185.17.72.0/22
                          IP: 185.100.56.0/22
                          IP: 185.101.244.0/22
                          IP: 185.101.252.0/22
                          IP: 185.102.4.0/22
                          IP: 185.170.68.0/22
                          IP: 185.171.252.0/22
                          IP: 185.226.204.0/22
                          IP: 192.95.80.0/20
                          IP: 2001:678:8b4::/48
                          IP: 2001:678:8b8::/48
                          IP: 2001:678:8bc::/48
                          IP: 2001:678:8c0::/48
                          IP: 2001:678:8c4::/48
                          IP: 2001:678:8c8::/48
                          IP: 2001:67c:12d8::/48
                          IP: 2a04:600::/29
                          IP: 2a0d:3200::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Jan 2025 05:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:64:25:03:70:37:62:f2:46:3f:f3:df:38:a6:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 23:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=826605b4d27f13968e8794e6ef091223748817d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3a:1e:90:c7:2c:01:13:a4:cd:27:42:b2:40:
                    fe:94:e0:84:66:21:de:c6:3a:90:e3:2d:3f:a5:54:
                    e3:4c:db:d3:0d:0e:91:7b:8e:48:78:45:b0:60:07:
                    41:3c:2a:14:8b:18:16:ab:9c:92:07:8c:ae:46:f0:
                    da:82:12:fb:c6:87:a9:8a:61:7c:48:90:92:24:fc:
                    f2:c5:5c:72:5c:7c:54:5a:3f:62:7e:2f:45:e5:38:
                    78:0d:44:2b:c3:8d:de:63:43:9e:0c:b4:ef:b0:bf:
                    03:e4:3e:3e:14:31:37:30:b3:70:a9:7f:b5:fd:33:
                    13:d9:53:8d:f3:91:12:e4:00:f0:0c:62:c6:fa:83:
                    ec:f6:6c:ed:f0:61:3b:75:c5:b6:27:ec:f8:dd:ad:
                    43:d0:15:74:54:94:ee:d3:db:48:be:26:68:6a:fa:
                    5e:e6:a4:69:49:74:a3:0c:37:38:50:4f:6c:24:b1:
                    a9:a7:41:bf:5f:5a:e7:7a:9e:f0:9e:4e:3c:6a:3b:
                    35:2e:6f:ad:75:a3:cd:f8:58:56:9a:fe:a5:23:5d:
                    b4:db:fb:a9:cd:5a:90:75:52:dc:a1:8d:f3:f1:5b:
                    67:70:c1:ef:7f:97:17:8f:ea:31:60:40:e6:6e:02:
                    10:c3:23:bf:50:b1:25:55:b6:92:c6:a4:5a:7b:4a:
                    c8:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:66:05:B4:D2:7F:13:96:8E:87:94:E6:EF:09:12:23:74:88:17:D8
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/fbcc32-33c8-41ff-89fa-2d1918ba1c0e/1/gmYFtNJ_E5aOh5Tm7wkSI3SIF9g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.50.0.0/18
                  107.150.170.0/24
                  147.136.64.0/19
                  168.199.0.0/16
                  170.246.64.0/22
                  185.17.72.0/22
                  185.100.56.0/22
                  185.101.244.0/22
                  185.101.252.0/22
                  185.102.4.0/22
                  185.170.68.0/22
                  185.171.252.0/22
                  185.226.204.0/22
                  192.95.80.0/20
                IPv6:
                  2001:678:8b4::/48
                  2001:678:8b8::/48
                  2001:678:8bc::/48
                  2001:678:8c0::/48
                  2001:678:8c4::/48
                  2001:678:8c8::/48
                  2001:67c:12d8::/48
                  2a04:600::/29
                  2a0d:3200::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  5060-5061
                  6152
                  9504
                  16087
                  52132
                  52138
                  58089
                  61161

    Signature Algorithm: sha256WithRSAEncryption
         ae:49:05:22:d2:91:42:2c:eb:7f:4e:83:42:6e:c9:27:b1:49:
         d5:78:88:57:45:8b:70:25:ce:fb:5b:aa:f3:19:da:57:53:7c:
         f3:f2:fe:6c:39:79:ff:57:f1:b6:1c:91:aa:93:2f:38:c9:0f:
         20:a4:ed:49:8f:d3:99:4b:db:26:be:f5:d2:19:35:fd:39:3c:
         95:12:8b:7d:e9:d1:ab:61:27:28:f5:ac:d4:6a:4e:35:f2:69:
         ee:a5:8b:ee:16:5a:05:a5:45:be:49:dc:63:ef:56:60:2d:49:
         10:31:84:0f:75:da:cb:a9:9a:4a:64:5d:e2:a8:d2:28:e0:fd:
         88:6f:b9:5e:7b:3d:ce:17:33:e5:cc:bc:6e:7d:34:93:71:f3:
         4f:a2:f1:bf:6d:52:2d:bd:9e:92:84:ad:b4:b1:46:90:31:a8:
         c8:95:af:31:5e:7d:50:73:3d:d0:67:a3:e8:31:dc:cc:d9:ac:
         94:2f:86:27:66:32:69:3c:95:e8:f1:64:e1:90:90:97:88:dd:
         37:4f:4f:b0:a8:4a:5d:a5:f0:d0:57:ae:a2:95:50:1b:80:4c:
         fd:91:7e:5c:52:84:e5:29:0b:07:5f:71:bf:9d:dd:5f:35:85:
         dc:ba:86:e8:e9:61:33:b1:fe:25:72:c6:e2:bb:71:e0:24:a0:
         50:de:bd:f8
-----BEGIN CERTIFICATE-----
MIIGXjCCBUagAwIBAgISAZQkRWQlA3A3YvJGP/PfOKakMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjY2MDViNGQyN2YxMzk2OGU4Nzk0ZTZlZjA5MTIyMzc0ODgxN2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDoekMcsAROkzSdCskD+lOCEZiHe
xjqQ4y0/pVTjTNvTDQ6Re45IeEWwYAdBPCoUixgWq5ySB4yuRvDaghL7xoepimF8
SJCSJPzyxVxyXHxUWj9ifi9F5Th4DUQrw43eY0OeDLTvsL8D5D4+FDE3MLNwqX+1
/TMT2VON85ES5ADwDGLG+oPs9mzt8GE7dcW2J+z43a1D0BV0VJTu09tIviZoavpe
5qRpSXSjDDc4UE9sJLGpp0G/X1rnep7wnk48ajs1Lm+tdaPN+FhWmv6lI1202/up
zVqQdVLcoY3z8VtncMHvf5cXj+oxYEDmbgIQwyO/ULElVbaSxqRae0rI4QIDAQAB
o4IDajCCA2YwHQYDVR0OBBYEFIJmBbTSfxOWjoeU5u8JEiN0iBfYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzg3L2ZiY2Mz
Mi0zM2M4LTQxZmYtODlmYS0yZDE5MThiYTFjMGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODcvZmJjYzMy
LTMzYzgtNDFmZi04OWZhLTJkMTkxOGJhMWMwZS8xL2dtWUZ0TkpfRTVhT2g1VG03
d2tTSTNTSUY5Zy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIHDBggrBgEF
BQcBBwEB/wSBszCBsDBZBAIAATBTAwQGXDIAAwQAa5aqAwQFk4hAAwMAqMcDBAKq
9kADBAK5EUgDBAK5ZDgDBAK5ZfQDBAK5ZfwDBAK5ZgQDBAK5qkQDBAK5q/wDBAK5
4swDBATAX1AwUwQCAAIwTQMHACABBngItAMHACABBngIuAMHACABBngIvAMHACAB
BngIwAMHACABBngIxAMHACABBngIyAMHACABBnwS2AMFAyoEBgADBQMqDTIAMD8G
CCsGAQUFBwEIAQH/BDAwLqAsMCowCAICE8QCAhPFAgIYCAICJSACAj7XAgMAy6QC
AwDLqgIDAOLpAgMA7ukwDQYJKoZIhvcNAQELBQADggEBAK5JBSLSkUIs639Og0Ju
ySexSdV4iFdFi3AlzvtbqvMZ2ldTfPPy/mw5ef9X8bYckaqTLzjJDyCk7UmP05lL
2ya+9dIZNf05PJUSi33p0athJyj1rNRqTjXyae6li+4WWgWlRb5J3GPvVmAtSRAx
hA912supmkpkXeKo0ijg/YhvuV57Pc4XM+XMvG59NJNx80+i8b9tUi29npKErbSx
RpAxqMiVrzFefVBzPdBno+gx3MzZrJQvhidmMmk8lejxZOGQkJeI3TdPT7CoSl2l
8NBXrqKVUBuATP2RflxShOUpCwdfcb+d3V81hdy6hujpYTOx/iVyxuK7ceAkoFDe
vfg=
-----END CERTIFICATE-----
Generated at Sun Jan 19 10:56:42 2025 by rpki-client on console-fra.rpki-client.org