Certificate
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kVXdXhoA_xsJY2BcHe7x448jMZs.cer
File: kVXdXhoA_xsJY2BcHe7x448jMZs.cer (raw, json)
Hash identifier: j4aHRFFHYcnt2Of1zUy+upC76OGX44wBTVR+upztiC4=
Subject key identifier: 91:55:DD:5E:1A:00:FF:1B:09:63:60:5C:1D:EE:F1:E3:8F:23:31:9B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer: /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial: 0185EC0D90642B9CBB2B3FDE5CBAD024E679
Authority info access: rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest: rsync://rpki.ripe.net/repository/DEFAULT/97/d5c377-6441-4f42-8fc1-2bd5bc46a1dd/1/kVXdXhoA_xsJY2BcHe7x448jMZs.mft
caRepository: rsync://rpki.ripe.net/repository/DEFAULT/97/d5c377-6441-4f42-8fc1-2bd5bc46a1dd/1/
Notify URL: https://rrdp.ripe.net/notification.xml
Certificate not before: Thu 26 Jan 2023 03:09:50 +0000
Certificate not after: Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources: IP: 213.139.232.0/22
IP: 2a09:3680::/29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:ec:0d:90:64:2b:9c:bb:2b:3f:de:5c:ba:d0:24:e6:79
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
Validity
Not Before: Jan 26 03:09:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9155dd5e1a00ff1b0963605c1deef1e38f23319b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f8:54:0e:62:86:18:ff:fc:92:c9:11:25:a9:c4:
89:21:e6:68:4a:35:d3:8e:1e:86:38:37:06:59:94:
a7:fa:c2:15:7e:6e:89:09:9d:3a:37:ef:c7:c4:d3:
65:40:01:f6:dc:7a:b5:1e:26:ca:c1:d2:50:76:c6:
50:b7:f2:8a:ee:a2:f7:cc:82:4f:b0:1b:ae:eb:08:
48:9f:c8:44:f7:c8:42:e7:5d:0c:2c:ba:d1:4f:fe:
cb:6d:8c:1c:06:39:a9:e8:34:cd:4e:82:68:ff:92:
52:b3:85:a6:30:af:c6:c3:51:25:0c:24:3c:e7:a4:
2e:1c:bb:bd:ef:d8:6a:b6:fc:15:65:64:11:ae:e5:
89:58:b1:78:9b:c7:39:c5:d2:aa:f1:29:29:d9:26:
7e:7c:60:70:99:f9:b1:03:38:eb:29:ac:58:45:f0:
1d:f0:22:d4:4b:09:b5:ae:2b:6f:51:9f:4f:9f:a9:
2d:6c:f2:89:63:f1:99:f3:fc:b2:d4:e8:eb:bc:43:
4a:38:06:ff:aa:39:73:5c:0a:16:55:d0:36:15:93:
34:16:c6:b2:b0:3c:2b:9b:ea:54:e2:b8:eb:d0:e4:
4d:1f:0c:27:ae:cd:bb:2f:84:0b:57:de:c8:b9:2f:
4e:10:40:8f:7f:33:24:04:7d:0a:f8:b6:8a:30:84:
d4:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:55:DD:5E:1A:00:FF:1B:09:63:60:5C:1D:EE:F1:E3:8F:23:31:9B
X509v3 Authority Key Identifier:
keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Subject Information Access:
CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/d5c377-6441-4f42-8fc1-2bd5bc46a1dd/1/
RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/d5c377-6441-4f42-8fc1-2bd5bc46a1dd/1/kVXdXhoA_xsJY2BcHe7x448jMZs.mft
RPKI Notify - URI:https://rrdp.ripe.net/notification.xml
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.139.232.0/22
IPv6:
2a09:3680::/29
Signature Algorithm: sha256WithRSAEncryption
2b:a5:cf:f9:86:ca:65:25:ad:2e:ac:78:16:86:02:ba:8c:70:
04:95:8c:28:28:80:d9:8f:af:db:5f:9d:ab:64:1e:f4:84:34:
05:5c:0c:7b:01:e8:e5:dc:ee:1e:dd:72:b6:5a:13:84:91:c9:
ad:92:b2:a0:94:09:01:2a:54:e7:da:97:01:ce:38:25:1e:cd:
38:78:f8:c6:a5:3e:87:84:8b:25:de:84:81:8f:7b:d1:27:ba:
94:9c:ad:f7:f4:70:26:41:a9:b6:dc:f9:91:4c:9b:39:cf:89:
2a:15:d7:93:20:00:f3:33:e0:b3:c7:e5:a4:b1:f0:bf:55:ed:
9a:58:e5:21:56:a6:c7:9d:08:e1:78:58:59:3d:b8:ab:af:af:
3c:c0:da:e0:a9:91:ab:8b:63:a5:38:e6:59:1a:bb:4e:89:31:
39:43:cf:90:aa:bb:0a:07:78:c1:fe:c6:af:64:41:a8:1a:2a:
42:c4:5b:fe:6a:75:50:7b:56:53:64:a7:6d:f6:d1:05:83:1b:
6f:ab:94:9c:53:09:74:df:03:9b:ea:0f:be:3f:7b:e3:b1:3d:
99:31:c1:70:3d:3c:dd:6c:81:14:4e:ef:6e:54:85:9d:2a:33:
07:5a:3a:3d:d8:8e:26:a9:f9:6c:ee:d6:9d:88:c9:3e:f4:c8:
58:49:c0:41
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYXsDZBkK5y7Kz/eXLrQJOZ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTI2MDMwOTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTU1ZGQ1ZTFhMDBmZjFiMDk2MzYwNWMxZGVlZjFlMzhmMjMzMTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+FQOYoYY//ySyRElqcSJIeZoSjXT
jh6GODcGWZSn+sIVfm6JCZ06N+/HxNNlQAH23Hq1HibKwdJQdsZQt/KK7qL3zIJP
sBuu6whIn8hE98hC510MLLrRT/7LbYwcBjmp6DTNToJo/5JSs4WmMK/Gw1ElDCQ8
56QuHLu979hqtvwVZWQRruWJWLF4m8c5xdKq8Skp2SZ+fGBwmfmxAzjrKaxYRfAd
8CLUSwm1ritvUZ9Pn6ktbPKJY/GZ8/yy1OjrvENKOAb/qjlzXAoWVdA2FZM0Fsay
sDwrm+pU4rjr0ORNHwwnrs27L4QLV97IuS9OEECPfzMkBH0K+LaKMITUwwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFJFV3V4aAP8bCWNgXB3u8eOPIzGbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk3L2Q1YzM3
Ny02NDQxLTRmNDItOGZjMS0yYmQ1YmM0NmExZGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTcvZDVjMzc3
LTY0NDEtNGY0Mi04ZmMxLTJiZDViYzQ2YTFkZC8xL2tWWGRYaG9BX3hzSlkyQmNI
ZTd4NDQ4ak1acy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQC1YvoMA0EAgACMAcDBQMqCTaAMA0GCSqGSIb3
DQEBCwUAA4IBAQArpc/5hsplJa0urHgWhgK6jHAElYwoKIDZj6/bX52rZB70hDQF
XAx7Aejl3O4e3XK2WhOEkcmtkrKglAkBKlTn2pcBzjglHs04ePjGpT6HhIsl3oSB
j3vRJ7qUnK339HAmQam23PmRTJs5z4kqFdeTIADzM+Czx+WksfC/Ve2aWOUhVqbH
nQjheFhZPbirr688wNrgqZGri2OlOOZZGrtOiTE5Q8+QqrsKB3jB/savZEGoGipC
xFv+anVQe1ZTZKdt9tEFgxtvq5ScUwl03wOb6g++P3vjsT2ZMcFwPTzdbIEUTu9u
VIWdKjMHWjo92I4mqfls7tadiMk+9MhYScBB
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:58 2024 by rpki-client on console-fra.rpki-client.org