Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/h64K8oLdTpvBuCGUrtOxlpPYcpg.cer
File:                     h64K8oLdTpvBuCGUrtOxlpPYcpg.cer (raw, json)
Hash identifier:          zOWaaF6DVXkSW1Iue27gvQ9zrZJF0e4+bqQzmnjls/Y=
Subject key identifier:   87:AE:0A:F2:82:DD:4E:9B:C1:B8:21:94:AE:D3:B1:96:93:D8:72:98
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC49986F4EE800C0AD2CD8F0F08B33
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/h64K8oLdTpvBuCGUrtOxlpPYcpg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:57 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 43204
                          IP: 78.108.112.0/20
                          IP: 185.36.20.0/22
                          IP: 2a04:6660::/30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:49:98:6f:4e:e8:00:c0:ad:2c:d8:f0:f0:8b:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=87ae0af282dd4e9bc1b82194aed3b19693d87298
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ad:7d:9c:0b:dc:d2:b5:ea:9d:8d:c1:ad:e8:
                    8f:0b:7e:3d:e9:6d:41:d3:0a:15:d0:55:d7:20:24:
                    47:06:bf:df:ee:a3:ef:95:17:2c:2c:76:ad:72:af:
                    85:a5:55:f9:1a:d7:73:e9:f5:56:0d:b7:59:32:bd:
                    68:82:85:b2:5e:8f:dd:6f:b1:22:b3:92:25:d8:0d:
                    33:41:44:4d:34:92:42:cb:fc:4f:30:84:a8:d3:2e:
                    32:fc:dd:a8:38:ec:4e:d0:4a:28:68:13:cf:38:da:
                    63:b2:94:44:bf:e0:c0:9b:33:a3:7c:f9:4b:d9:eb:
                    8d:b2:9e:03:53:26:1b:e8:5f:b7:4b:51:1a:12:de:
                    3b:e1:95:d8:7a:57:a1:ee:20:ad:9a:6e:68:a4:41:
                    09:cb:8e:d4:c2:6b:63:24:dd:0c:15:70:86:54:82:
                    93:ae:e7:04:60:cc:cd:df:9c:34:e3:c5:61:df:06:
                    9a:81:da:59:24:6f:8b:d0:37:cc:de:a7:46:e7:a7:
                    c6:db:74:89:a4:2d:8a:8f:61:3c:73:ff:4c:79:3d:
                    22:7e:89:d5:59:7b:3b:c4:36:30:73:48:b2:6e:77:
                    33:8b:5f:93:85:a1:77:f4:d4:b9:e6:d6:61:08:a2:
                    cd:df:c9:ff:a5:e1:04:9b:ac:e0:14:4e:61:b8:ac:
                    86:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:AE:0A:F2:82:DD:4E:9B:C1:B8:21:94:AE:D3:B1:96:93:D8:72:98
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/5cfc47-2210-4739-a964-cef01362c4a8/1/h64K8oLdTpvBuCGUrtOxlpPYcpg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.108.112.0/20
                  185.36.20.0/22
                IPv6:
                  2a04:6660::/30

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43204

    Signature Algorithm: sha256WithRSAEncryption
         71:10:b2:65:90:fc:d2:1c:9b:a6:3a:53:11:86:ff:ca:ad:e5:
         07:df:02:01:3a:3b:ff:80:6f:80:fe:61:8e:e6:f1:47:72:7d:
         ca:82:25:6f:3b:86:77:0f:e3:93:e0:53:f9:9d:40:ba:72:52:
         40:80:e4:3e:47:49:12:d4:6e:bc:28:d9:3c:68:29:7f:1a:ba:
         08:d2:a1:5c:65:bb:4a:3f:5c:6f:83:d5:b5:d4:54:df:ea:20:
         b0:36:e5:5f:57:2b:55:2c:ac:71:19:44:c7:ed:6c:89:ba:12:
         07:f2:56:24:7c:c9:95:36:89:58:df:37:e4:e1:60:ad:d4:70:
         b2:89:72:60:52:83:0c:b1:11:59:fe:79:dd:bb:f2:ab:53:f7:
         85:2f:1f:fb:46:39:dc:ca:34:4c:ad:62:7b:5f:aa:7c:b8:5f:
         2a:ee:e5:24:0e:d6:3d:50:dc:b8:0e:e6:b7:4b:ec:73:23:86:
         09:a1:6d:40:4a:41:8f:82:b2:4c:25:dc:c2:19:73:3a:1c:5d:
         eb:f6:91:a2:58:41:b0:cc:00:6f:65:e7:ce:16:f9:6a:66:5d:
         1f:c1:af:2e:68:95:60:66:80:ba:20:f7:e9:c5:94:4c:55:9a:
         ee:ff:2a:a5:d1:a1:86:7b:e4:4e:f4:1b:c6:40:41:eb:96:a2:
         b6:e1:c9:29
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYzF3EmYb07oAMCtLNjw8IszMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2FlMGFmMjgyZGQ0ZTliYzFiODIxOTRhZWQzYjE5NjkzZDg3Mjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoa19nAvc0rXqnY3BreiPC3496W1B
0woV0FXXICRHBr/f7qPvlRcsLHatcq+FpVX5Gtdz6fVWDbdZMr1ogoWyXo/db7Ei
s5Il2A0zQURNNJJCy/xPMISo0y4y/N2oOOxO0EooaBPPONpjspREv+DAmzOjfPlL
2euNsp4DUyYb6F+3S1EaEt474ZXYeleh7iCtmm5opEEJy47UwmtjJN0MFXCGVIKT
rucEYMzN35w048Vh3waagdpZJG+L0DfM3qdG56fG23SJpC2Kj2E8c/9MeT0ifonV
WXs7xDYwc0iybnczi1+ThaF39NS55tZhCKLN38n/peEEm6zgFE5huKyGuQIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFIeuCvKC3U6bwbghlK7TsZaT2HKYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VlLzVjZmM0
Ny0yMjEwLTQ3MzktYTk2NC1jZWYwMTM2MmM0YTgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWUvNWNmYzQ3
LTIyMTAtNDczOS1hOTY0LWNlZjAxMzYyYzRhOC8xL2g2NEs4b0xkVHB2QnVDR1Vy
dE94bHBQWWNwZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQETmxwAwQCuSQUMA0EAgACMAcDBQIqBGZgMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwCoxDANBgkqhkiG9w0BAQsFAAOCAQEAcRCy
ZZD80hybpjpTEYb/yq3lB98CATo7/4BvgP5hjubxR3J9yoIlbzuGdw/jk+BT+Z1A
unJSQIDkPkdJEtRuvCjZPGgpfxq6CNKhXGW7Sj9cb4PVtdRU3+ogsDblX1crVSys
cRlEx+1siboSB/JWJHzJlTaJWN835OFgrdRwsolyYFKDDLERWf553bvyq1P3hS8f
+0Y53Mo0TK1ie1+qfLhfKu7lJA7WPVDcuA7mt0vscyOGCaFtQEpBj4KyTCXcwhlz
Ohxd6/aRolhBsMwAb2Xnzhb5amZdH8GvLmiVYGaAuiD36cWUTFWa7v8qpdGhhnvk
TvQbxkBB65aituHJKQ==
-----END CERTIFICATE-----
Generated at Fri Nov 22 18:29:22 2024 by rpki-client on console-fra.rpki-client.org