Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/jhF58KNc8HwWKWcmYoZsoAH3W9M.cer
File:                     jhF58KNc8HwWKWcmYoZsoAH3W9M.cer (raw, json)
Hash identifier:          hzGFoD1We9ldGmI1jB2ikftxDaf4F24WsvsLeXuMbNM=
Subject key identifier:   8E:11:79:F0:A3:5C:F0:7C:16:29:67:26:62:86:6C:A0:01:F7:5B:D3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC348F4D7AE601B7DAF7BFCE16DF47F80
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/be/ee8f90-ef2b-43c0-b0c0-4cbc67219b4a/1/jhF58KNc8HwWKWcmYoZsoAH3W9M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/be/ee8f90-ef2b-43c0-b0c0-4cbc67219b4a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:47 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 48595
                          IP: 31.131.128.0 -- 31.131.139.255

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:f4:d7:ae:60:1b:7d:af:7b:fc:e1:6d:f4:7f:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8e1179f0a35cf07c1629672662866ca001f75bd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e5:33:1f:0a:ef:6b:5c:fd:4d:4f:6b:48:ff:
                    4d:59:87:16:22:9b:d8:19:eb:e8:54:61:2f:b6:ed:
                    13:3a:9e:a1:1f:2e:ba:3d:54:8f:33:4c:0a:17:fe:
                    99:ac:df:72:96:d3:63:75:fc:63:56:da:4c:0e:d5:
                    03:06:bf:da:4e:df:7a:f1:d6:b2:00:0c:d4:b3:f7:
                    22:a5:04:4e:aa:04:46:cb:da:19:36:17:ce:b0:1f:
                    bb:45:f7:3a:0d:c1:be:4a:ef:de:e3:ab:45:d9:1e:
                    05:f4:bd:33:be:c3:72:6a:f5:5f:98:b6:ec:f7:f0:
                    ea:db:8a:14:27:de:6f:25:d9:22:2e:77:d9:e8:44:
                    e9:7f:90:10:85:3a:bc:e1:7a:9e:7b:7b:c0:27:7b:
                    30:1f:cf:29:16:73:fc:28:39:56:15:de:4e:c7:71:
                    6c:dd:25:38:a9:e0:bb:d1:4d:b3:34:a7:9f:b6:77:
                    e6:bc:6e:ee:b8:89:cf:57:e3:49:94:5c:79:b5:cc:
                    a3:6d:3e:2a:33:0d:74:41:72:02:f1:36:a4:ad:44:
                    7b:03:5d:c6:c2:37:6d:50:50:74:b9:31:27:26:bd:
                    a5:93:c3:a1:de:7b:dd:94:54:54:bd:a3:56:9f:e7:
                    5d:15:ea:9b:79:fd:fd:93:a5:35:7c:bb:4e:72:3d:
                    58:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:11:79:F0:A3:5C:F0:7C:16:29:67:26:62:86:6C:A0:01:F7:5B:D3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ee8f90-ef2b-43c0-b0c0-4cbc67219b4a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/ee8f90-ef2b-43c0-b0c0-4cbc67219b4a/1/jhF58KNc8HwWKWcmYoZsoAH3W9M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.131.128.0-31.131.139.255

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48595

    Signature Algorithm: sha256WithRSAEncryption
         96:ce:de:04:85:df:03:14:9f:fc:f2:e9:1c:85:8d:ce:19:6d:
         c4:51:ea:6c:a7:6e:a1:e1:1f:1c:69:b7:b2:e1:cb:3a:c8:66:
         52:3f:d4:88:34:f5:11:aa:be:02:1e:6f:1a:63:83:56:c1:63:
         eb:8c:75:c6:34:f5:34:ce:1e:0c:aa:91:80:ae:0d:5c:6a:5c:
         a3:f0:e9:a4:f6:a1:99:f4:67:0d:9c:30:d8:f0:35:85:41:4d:
         c3:23:8a:54:62:04:5f:d2:a4:c4:d0:c4:27:72:d8:20:d0:ee:
         24:5e:74:0a:15:4b:3f:9d:31:51:3d:44:b9:e4:be:ea:99:89:
         f7:ae:88:b6:0c:5d:23:4c:74:fd:c1:56:7f:8f:d3:ee:ca:a4:
         d9:72:c1:cc:74:f5:44:a7:e9:10:a4:a4:8f:6f:b1:d8:64:b1:
         a8:f1:ac:38:b1:1d:d4:38:f2:a3:3d:44:f6:9e:7f:a5:4a:dc:
         cc:e3:b6:22:3b:9d:c6:78:8c:04:84:07:65:5a:3b:dc:f9:43:
         79:78:77:7c:21:ef:03:41:4c:cc:f3:bc:d2:83:b5:0c:44:88:
         72:77:c8:ff:c7:6f:d9:6c:da:76:a1:f7:7b:62:d3:30:42:60:
         0a:0a:bd:e6:c5:ee:7e:16:6f:61:3a:7d:3f:7b:e7:53:a5:5e:
         0c:22:5d:9b
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAYzDSPTXrmAbfa97/OFt9H+AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTExNzlmMGEzNWNmMDdjMTYyOTY3MjY2Mjg2NmNhMDAxZjc1YmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uUzHwrva1z9TU9rSP9NWYcWIpvY
GevoVGEvtu0TOp6hHy66PVSPM0wKF/6ZrN9yltNjdfxjVtpMDtUDBr/aTt968day
AAzUs/cipQROqgRGy9oZNhfOsB+7Rfc6DcG+Su/e46tF2R4F9L0zvsNyavVfmLbs
9/Dq24oUJ95vJdkiLnfZ6ETpf5AQhTq84Xqee3vAJ3swH88pFnP8KDlWFd5Ox3Fs
3SU4qeC70U2zNKeftnfmvG7uuInPV+NJlFx5tcyjbT4qMw10QXIC8TakrUR7A13G
wjdtUFB0uTEnJr2lk8Oh3nvdlFRUvaNWn+ddFeqbef39k6U1fLtOcj1YbQIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFI4RefCjXPB8FilnJmKGbKAB91vTMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JlL2VlOGY5
MC1lZjJiLTQzYzAtYjBjMC00Y2JjNjcyMTliNGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmUvZWU4Zjkw
LWVmMmItNDNjMC1iMGMwLTRjYmM2NzIxOWI0YS8xL2poRjU4S05jOEh3V0tXY21Z
b1pzb0FIM1c5TS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUF
BwEHAQH/BBgwFjAUBAIAATAOMAwDBAcfg4ADBAIfg4gwGgYIKwYBBQUHAQgBAf8E
CzAJoAcwBQIDAL3TMA0GCSqGSIb3DQEBCwUAA4IBAQCWzt4Ehd8DFJ/88ukchY3O
GW3EUepsp26h4R8cabey4cs6yGZSP9SINPURqr4CHm8aY4NWwWPrjHXGNPU0zh4M
qpGArg1calyj8Omk9qGZ9GcNnDDY8DWFQU3DI4pUYgRf0qTE0MQnctgg0O4kXnQK
FUs/nTFRPUS55L7qmYn3roi2DF0jTHT9wVZ/j9PuyqTZcsHMdPVEp+kQpKSPb7HY
ZLGo8aw4sR3UOPKjPUT2nn+lStzM47YiO53GeIwEhAdlWjvc+UN5eHd8Ie8DQUzM
87zSg7UMRIhyd8j/x2/ZbNp2ofd7YtMwQmAKCr3mxe5+Fm9hOn0/e+dTpV4MIl2b
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:03:06 2024 by rpki-client on console-ams.rpki-client.org