Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/iq2cDOW6OQW0GXCgTlGXYHbGfgA.cer
File:                     iq2cDOW6OQW0GXCgTlGXYHbGfgA.cer (raw, json)
Hash identifier:          CtCtYSrGHDnqbBRgX0pF7TdO8koOFu1QFTNIzwM7hsE=
Subject key identifier:   8A:AD:9C:0C:E5:BA:39:05:B4:19:70:A0:4E:51:97:60:76:C6:7E:00
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC34952A63330C08E79E8441B0124AF21
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/iq2cDOW6OQW0GXCgTlGXYHbGfgA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:30:11 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 49837
                          IP: 193.135.40.0/21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:52:a6:33:30:c0:8e:79:e8:44:1b:01:24:af:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8aad9c0ce5ba3905b41970a04e51976076c67e00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:56:85:70:82:c1:20:e0:50:52:31:c8:61:89:
                    da:a1:89:dc:5e:9a:5a:4b:a0:71:f9:f9:db:8f:67:
                    16:11:bb:60:13:59:0c:96:70:59:f1:04:04:fa:67:
                    00:bc:6a:19:be:a6:ca:58:67:bb:a3:5b:4c:01:b9:
                    37:ca:4f:ca:fe:5a:f9:89:01:3d:05:72:ba:58:3f:
                    af:19:c2:59:be:1c:df:a5:7f:a2:6a:60:ec:85:06:
                    25:43:cb:6c:91:a4:c3:04:69:c5:f8:ed:7a:aa:b3:
                    5f:1d:43:93:3f:ef:ec:63:83:f8:6b:67:de:eb:e7:
                    af:c1:1a:34:9a:a7:2b:e0:e3:6d:d4:4a:a3:9d:f0:
                    ee:e2:70:9e:e8:a1:1d:97:d1:f8:27:ce:a2:9a:2e:
                    07:35:13:e2:61:95:c2:ec:1a:d2:07:b2:00:2e:26:
                    d2:32:37:99:ed:35:8f:a4:25:96:62:5a:6c:9f:30:
                    ba:51:72:e5:47:6e:4e:00:85:69:1b:31:fd:48:84:
                    fd:ef:75:38:8b:cf:c1:2c:58:3a:1d:d0:d1:cd:6f:
                    ed:08:fc:41:bc:58:bd:cd:9d:6f:b7:37:3d:0a:68:
                    93:b8:a1:9f:1e:61:c0:20:48:0f:f0:3c:df:b8:5b:
                    74:c6:da:66:72:57:db:82:56:5e:38:ed:13:36:36:
                    93:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:AD:9C:0C:E5:BA:39:05:B4:19:70:A0:4E:51:97:60:76:C6:7E:00
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/e445e4-26bd-48c9-83db-7a0ece9c0af8/1/iq2cDOW6OQW0GXCgTlGXYHbGfgA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.135.40.0/21

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  49837

    Signature Algorithm: sha256WithRSAEncryption
         43:a1:8f:fa:40:ab:b7:64:9c:fd:61:ff:7e:8f:57:89:07:e1:
         c3:f3:1d:08:54:50:07:06:82:40:6e:44:22:6e:38:34:ad:ea:
         b5:7d:62:3a:d8:c1:58:cd:8c:ab:ff:5a:34:83:f1:38:b9:b9:
         2c:a4:27:f9:88:76:67:e9:bb:f6:e6:58:ec:f6:19:a0:d1:bf:
         64:36:02:32:d6:9d:94:30:9b:90:09:77:4b:08:57:e1:bd:87:
         ad:e4:b2:7c:4e:17:11:7f:0c:f5:31:a3:a0:4c:d9:5d:92:cb:
         d7:b6:ed:e6:5c:72:b9:0b:92:6e:20:b9:8e:de:b9:5a:f1:c1:
         b6:5b:65:38:79:7c:ee:0a:36:a4:87:45:7f:bc:3a:4b:0f:ac:
         3c:c6:1a:80:18:a6:fa:60:e8:6d:59:26:ea:6b:50:45:19:ea:
         4d:c4:d2:85:55:ce:34:65:bc:70:02:80:03:94:0e:53:75:00:
         18:bc:f9:6c:b9:23:d6:86:35:5f:cc:e8:33:74:0a:da:24:e3:
         aa:18:c6:72:63:9f:a5:df:b9:9f:bc:e7:4f:38:40:30:cd:80:
         d7:b3:e8:8b:e6:37:e5:1a:d4:9a:ea:d7:5a:16:d5:4b:20:78:
         de:53:55:46:a8:4a:4e:61:53:02:d6:8d:56:03:82:c1:0e:fc:
         c1:0a:e6:fb
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzDSVKmMzDAjnnoRBsBJK8hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWFkOWMwY2U1YmEzOTA1YjQxOTcwYTA0ZTUxOTc2MDc2YzY3ZTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAplaFcILBIOBQUjHIYYnaoYncXppa
S6Bx+fnbj2cWEbtgE1kMlnBZ8QQE+mcAvGoZvqbKWGe7o1tMAbk3yk/K/lr5iQE9
BXK6WD+vGcJZvhzfpX+iamDshQYlQ8tskaTDBGnF+O16qrNfHUOTP+/sY4P4a2fe
6+evwRo0mqcr4ONt1EqjnfDu4nCe6KEdl9H4J86imi4HNRPiYZXC7BrSB7IALibS
MjeZ7TWPpCWWYlpsnzC6UXLlR25OAIVpGzH9SIT973U4i8/BLFg6HdDRzW/tCPxB
vFi9zZ1vtzc9CmiTuKGfHmHAIEgP8DzfuFt0xtpmclfbglZeOO0TNjaTPwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFIqtnAzlujkFtBlwoE5Rl2B2xn4AMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIyL2U0NDVl
NC0yNmJkLTQ4YzktODNkYi03YTBlY2U5YzBhZjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjIvZTQ0NWU0
LTI2YmQtNDhjOS04M2RiLTdhMGVjZTljMGFmOC8xL2lxMmNET1c2T1FXMEdYQ2dU
bEdYWUhiR2ZnQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQDwYcoMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDCrTANBgkqhkiG9w0BAQsFAAOCAQEAQ6GP+kCrt2Sc/WH/fo9XiQfhw/MdCFRQ
BwaCQG5EIm44NK3qtX1iOtjBWM2Mq/9aNIPxOLm5LKQn+Yh2Z+m79uZY7PYZoNG/
ZDYCMtadlDCbkAl3SwhX4b2HreSyfE4XEX8M9TGjoEzZXZLL17bt5lxyuQuSbiC5
jt65WvHBtltlOHl87go2pIdFf7w6Sw+sPMYagBim+mDobVkm6mtQRRnqTcTShVXO
NGW8cAKAA5QOU3UAGLz5bLkj1oY1X8zoM3QK2iTjqhjGcmOfpd+5n7znTzhAMM2A
17Poi+Y35RrUmurXWhbVSyB43lNVRqhKTmFTAtaNVgOCwQ78wQrm+w==
-----END CERTIFICATE-----
Generated at Mon Nov 25 09:37:24 2024 by rpki-client on console-fra.rpki-client.org