Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
File:                     hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer (raw, json)
Hash identifier:          5D7tYP6RGNQElsD0PBVwqZqN09KqmJ4mGl+5R0XxlKk=
Subject key identifier:   85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC72733E139FD804EF93A55C300AD2A33
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 2.57.248.0/22
                          IP: 5.183.240.0/22
                          IP: 45.11.240.0/22
                          IP: 45.14.80.0/22
                          IP: 45.80.96.0/22
                          IP: 45.85.128.0/22
                          IP: 45.86.24.0/22
                          IP: 45.90.204.0/22
                          IP: 45.129.220.0/22
                          IP: 45.158.192.0/22
                          IP: 92.119.24.0/22
                          IP: 171.22.60.0/22
                          IP: 185.45.92.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:33:e1:39:fd:80:4e:f9:3a:55:c3:00:ad:2a:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a3:13:72:1d:ba:db:21:bb:3c:a4:d8:0d:3c:
                    3f:54:0f:93:93:a1:a9:5d:fc:d6:d6:11:bf:d1:20:
                    61:54:fb:55:ee:38:f6:0f:6b:32:b2:bb:6b:7e:d1:
                    dd:40:f6:69:28:fb:69:fc:10:97:78:4e:a9:d4:2b:
                    13:85:24:24:26:75:ed:5c:73:09:ea:a8:b5:95:7d:
                    3a:69:e3:6e:bf:f7:34:69:c4:e8:75:7c:cb:8e:d0:
                    8b:88:6f:f1:30:2e:b7:f2:8c:02:79:6f:30:53:b6:
                    10:e4:13:f0:0b:ad:25:55:60:18:51:de:de:b4:f6:
                    c1:00:c8:5f:81:57:3a:20:ea:16:5a:ef:11:34:e7:
                    43:f1:99:e9:b2:c0:b1:4a:6d:24:36:61:52:0f:6f:
                    c1:c5:e8:42:30:0c:d0:1f:46:e4:fc:7d:1f:01:9f:
                    90:bd:05:0c:6e:55:6f:63:cb:32:d2:0b:e2:2b:1c:
                    78:bc:34:f9:4c:e8:f1:bd:e5:ac:67:a5:4a:b1:9a:
                    c9:36:6f:c3:a4:07:8e:88:6a:ca:b4:47:1b:b1:3e:
                    e1:bf:1a:9e:5c:f9:4c:38:0d:3b:27:6f:fc:54:5a:
                    86:5b:a1:d3:7f:3a:d1:36:47:08:43:04:4a:27:52:
                    59:c8:a9:1e:1c:2b:1d:65:01:4c:8b:c2:31:c6:8f:
                    0a:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.248.0/22
                  5.183.240.0/22
                  45.11.240.0/22
                  45.14.80.0/22
                  45.80.96.0/22
                  45.85.128.0/22
                  45.86.24.0/22
                  45.90.204.0/22
                  45.129.220.0/22
                  45.158.192.0/22
                  92.119.24.0/22
                  171.22.60.0/22
                  185.45.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:f1:ec:4f:f9:62:29:e0:33:35:30:4e:67:25:48:25:9a:11:
         1d:7a:5b:16:55:fa:3a:03:3f:8a:33:b1:40:ad:2a:d9:32:44:
         fb:93:4a:b8:10:5a:33:e4:88:3d:26:d1:5a:8c:55:fc:94:23:
         85:fc:07:89:1e:a2:4c:60:ae:72:0b:39:cf:7b:91:19:7e:17:
         41:1b:21:bf:68:14:89:00:3e:f7:63:7e:2f:75:c5:5e:e6:82:
         e5:98:41:7d:ea:8a:2b:9c:2c:19:66:f5:b1:e7:d1:aa:19:e9:
         90:ef:09:e0:4e:30:cf:17:fb:64:a5:09:e9:99:31:f8:d9:4e:
         6e:ed:fc:0a:b7:72:7a:5b:1a:22:4d:e4:56:9e:d5:8e:d8:1b:
         79:7d:db:90:ec:f7:bc:51:07:43:c6:5b:1c:33:13:65:0b:1a:
         d9:ff:60:f2:d5:45:11:99:9c:72:07:30:95:f2:bd:1c:78:9d:
         35:33:91:01:07:43:a7:15:4f:82:10:96:3e:bb:15:3e:69:0a:
         b2:5a:0e:3a:88:02:ea:5f:cc:7a:bd:59:b3:e0:fd:1b:ac:ac:
         c8:4c:42:cd:cd:cc:dd:f3:02:ef:7f:fd:eb:a5:cf:23:7a:fd:
         66:53:35:77:a6:1e:f9:cc:08:b9:dd:4f:86:b4:f4:e4:e3:1f:
         3d:83:c6:db
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAYzHJzPhOf2ATvk6VcMArSozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTMzZWY0NjExNmZkOWQyMWJmYjUzM2U0NGJkZTUxNzg5MGMyNGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqMTch262yG7PKTYDTw/VA+Tk6Gp
XfzW1hG/0SBhVPtV7jj2D2sysrtrftHdQPZpKPtp/BCXeE6p1CsThSQkJnXtXHMJ
6qi1lX06aeNuv/c0acTodXzLjtCLiG/xMC638owCeW8wU7YQ5BPwC60lVWAYUd7e
tPbBAMhfgVc6IOoWWu8RNOdD8ZnpssCxSm0kNmFSD2/BxehCMAzQH0bk/H0fAZ+Q
vQUMblVvY8sy0gviKxx4vDT5TOjxveWsZ6VKsZrJNm/DpAeOiGrKtEcbsT7hvxqe
XPlMOA07J2/8VFqGW6HTfzrRNkcIQwRKJ1JZyKkeHCsdZQFMi8Ixxo8KxQIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFIUz70YRb9nSG/tTPkS95ReJDCTcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAzL2UwNDcy
YS0zYWRmLTQzY2QtYmYzMC03MzkyM2RhZWYxMTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMvZTA0NzJh
LTNhZGYtNDNjZC1iZjMwLTczOTIzZGFlZjExNC8xL2hUUHZSaEZ2MmRJYi0xTS1S
TDNsRjRrTUpOdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMGcGCCsGAQUF
BwEHAQH/BFgwVjBUBAIAATBOAwQCAjn4AwQCBbfwAwQCLQvwAwQCLQ5QAwQCLVBg
AwQCLVWAAwQCLVYYAwQCLVrMAwQCLYHcAwQCLZ7AAwQCXHcYAwQCqxY8AwQCuS1c
MA0GCSqGSIb3DQEBCwUAA4IBAQB88exP+WIp4DM1ME5nJUglmhEdelsWVfo6Az+K
M7FArSrZMkT7k0q4EFoz5Ig9JtFajFX8lCOF/AeJHqJMYK5yCznPe5EZfhdBGyG/
aBSJAD73Y34vdcVe5oLlmEF96oornCwZZvWx59GqGemQ7wngTjDPF/tkpQnpmTH4
2U5u7fwKt3J6WxoiTeRWntWO2Bt5fduQ7Pe8UQdDxlscMxNlCxrZ/2Dy1UURmZxy
BzCV8r0ceJ01M5EBB0OnFU+CEJY+uxU+aQqyWg46iALqX8x6vVmz4P0brKzITELN
zczd8wLvf/3rpc8jev1mUzV3ph75zAi53U+GtPTk4x89g8bb
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:36:00 2024 by rpki-client on console-ams.rpki-client.org