Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
File:                     gz4OSAQRuciOkW3vkPw6kBAmOUo.cer (raw, json)
Hash identifier:          JkehFir29ZYUfp11b848vRHXd43sdZrkkY4v8U2iLEc=
Subject key identifier:   83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56DFE6360E54FAF5AEC4D4159EF2332
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:29:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 34173
                          IP: 185.7.72.0/22
                          IP: 193.105.43.0/24
                          IP: 195.64.164.0/23
                          IP: 2a03:1780::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:fe:63:60:e5:4f:af:5a:ec:4d:41:59:ef:23:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=833e0e480411b9c88e916def90fc3a901026394a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:68:9f:91:9c:25:79:a9:6b:e2:3b:85:b2:47:
                    02:cd:35:13:92:09:cb:ac:91:4d:45:51:27:ef:13:
                    66:b6:f5:dd:74:9d:54:5e:4f:b6:ae:9c:c1:ad:5f:
                    dd:ee:80:ba:a6:85:ac:5d:3f:f2:5f:9c:da:21:da:
                    5e:3c:36:94:4f:70:51:0b:99:29:fb:2f:f7:ef:f8:
                    83:56:a9:d9:cf:13:4d:b1:5d:ed:5d:54:16:be:9e:
                    df:91:5f:58:da:43:7a:7d:0c:fa:90:fe:37:86:46:
                    bc:e8:ca:40:41:aa:83:f1:39:d2:ce:07:1c:be:f9:
                    9a:f8:db:26:c0:be:6a:7b:cd:9c:8c:1e:1f:ee:a0:
                    32:cf:64:de:b3:f2:4d:c8:cf:a4:9b:86:ad:da:8e:
                    e9:a7:72:bd:5a:aa:7e:7a:ca:9c:28:b0:71:23:ee:
                    b5:64:e2:24:b0:70:13:5c:47:a6:be:8b:c5:62:90:
                    0d:12:4f:be:fb:06:5f:8a:c5:e6:ad:d3:02:85:1e:
                    f9:94:ed:23:51:29:88:03:f3:c2:2b:0c:74:79:cd:
                    38:85:db:94:22:34:2f:79:b0:04:5f:29:d6:78:f4:
                    b9:0a:c0:76:b0:80:a0:49:a8:a5:aa:a3:30:1a:71:
                    37:dc:53:4c:10:5e:12:b6:74:d5:63:e5:ac:b8:72:
                    56:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.72.0/22
                  193.105.43.0/24
                  195.64.164.0/23
                IPv6:
                  2a03:1780::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  34173

    Signature Algorithm: sha256WithRSAEncryption
         8e:09:46:f5:6c:49:d8:aa:06:7c:05:b4:b4:62:84:0c:3e:3f:
         64:af:cf:37:53:f3:9b:7b:73:b6:40:e1:be:b4:ce:7d:a5:65:
         fd:0d:89:7a:98:9e:5f:6d:0d:29:0f:47:18:02:ae:70:3e:ba:
         8f:2c:ca:c9:7f:9a:78:e6:d7:90:9c:1e:d1:1e:90:91:e8:69:
         2c:1d:61:e7:30:32:b8:53:b4:bb:af:05:d1:da:06:ee:7e:99:
         a2:ec:c5:c9:3f:22:66:95:ec:ac:74:e8:de:f3:77:90:e8:12:
         e0:e1:4d:48:a1:97:60:c1:bb:6b:00:0b:a6:09:b3:3a:f7:10:
         86:2f:e5:a2:a1:3a:d3:c2:c0:21:d2:0a:1a:58:fc:42:8d:9e:
         c7:f8:49:37:2f:56:b1:5e:d2:47:03:fa:fa:db:2c:90:88:fa:
         28:1c:b9:87:7d:51:df:cc:3e:68:4f:3a:fd:a5:c5:9f:fa:c8:
         f1:c1:e9:84:22:54:3a:2c:b9:ff:c8:ea:8d:af:8b:54:46:fb:
         b4:3a:f2:45:91:83:ab:3f:12:4c:eb:a7:07:14:be:a9:35:d9:
         86:c7:28:d0:50:32:c0:33:51:0d:a3:08:63:d7:42:5e:a2:18:
         95:83:6f:16:58:f1:b0:bb:80:62:fe:f7:1d:f7:ab:77:00:5c:
         0f:f7:9a:69
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgISAYzFbf5jYOVPr1rsTUFZ7yMyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzNlMGU0ODA0MTFiOWM4OGU5MTZkZWY5MGZjM2E5MDEwMjYzOTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzGifkZwlealr4juFskcCzTUTkgnL
rJFNRVEn7xNmtvXddJ1UXk+2rpzBrV/d7oC6poWsXT/yX5zaIdpePDaUT3BRC5kp
+y/37/iDVqnZzxNNsV3tXVQWvp7fkV9Y2kN6fQz6kP43hka86MpAQaqD8TnSzgcc
vvma+NsmwL5qe82cjB4f7qAyz2Tes/JNyM+km4at2o7pp3K9Wqp+esqcKLBxI+61
ZOIksHATXEemvovFYpANEk+++wZfisXmrdMChR75lO0jUSmIA/PCKwx0ec04hduU
IjQvebAEXynWePS5CsB2sICgSailqqMwGnE33FNMEF4StnTVY+WsuHJWxwIDAQAB
o4ICuzCCArcwHQYDVR0OBBYEFIM+DkgEEbnIjpFt75D8OpAQJjlKMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI5L2E3ODJj
Yy0xZTA5LTQ0ODAtYTZkYy02YzIwZWJhZjMwYTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjkvYTc4MmNj
LTFlMDktNDQ4MC1hNmRjLTZjMjBlYmFmMzBhOS8xL2d6NE9TQVFSdWNpT2tXM3Zr
UHc2a0JBbU9Vby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDoGCCsGAQUF
BwEHAQH/BCswKTAYBAIAATASAwQCuQdIAwQAwWkrAwQBw0CkMA0EAgACMAcDBQAq
AxeAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwCFfTANBgkqhkiG9w0BAQsFAAOC
AQEAjglG9WxJ2KoGfAW0tGKEDD4/ZK/PN1Pzm3tztkDhvrTOfaVl/Q2JepieX20N
KQ9HGAKucD66jyzKyX+aeObXkJwe0R6QkehpLB1h5zAyuFO0u68F0doG7n6ZouzF
yT8iZpXsrHTo3vN3kOgS4OFNSKGXYMG7awALpgmzOvcQhi/loqE608LAIdIKGlj8
Qo2ex/hJNy9WsV7SRwP6+tsskIj6KBy5h31R38w+aE86/aXFn/rI8cHphCJUOiy5
/8jqja+LVEb7tDryRZGDqz8STOunBxS+qTXZhsco0FAywDNRDaMIY9dCXqIYlYNv
FljxsLuAYv73HferdwBcD/eaaQ==
-----END CERTIFICATE-----
Generated at Sun Nov 24 23:42:53 2024 by rpki-client on console-ams.rpki-client.org