Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/kVijd10MXrOPIPDvmjYRBhpRlbM.cer
File:                     kVijd10MXrOPIPDvmjYRBhpRlbM.cer (raw, json)
Hash identifier:          OrltC/KhrlizcYlIVsYIKRMJCsaMN27sVQJg/e6aJjE=
Subject key identifier:   91:58:A3:77:5D:0C:5E:B3:8F:20:F0:EF:9A:36:11:06:1A:51:95:B3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86F3C0FC410DD432BFE5D99ED82367D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d8/5c765c-83f3-45d1-8930-8d04f8779423/1/kVijd10MXrOPIPDvmjYRBhpRlbM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d8/5c765c-83f3-45d1-8930-8d04f8779423/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:29:42 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 21188
                          IP: 193.17.128.0 -- 193.17.169.255
                          IP: 193.30.24.0/22
                          IP: 193.32.106.0 -- 193.32.109.255
                          IP: 193.176.56.0 -- 193.176.60.255
                          IP: 194.60.96.0/20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3c:0f:c4:10:dd:43:2b:fe:5d:99:ed:82:36:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9158a3775d0c5eb38f20f0ef9a3611061a5195b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:43:e7:8e:37:d2:19:eb:37:cc:f2:75:b7:73:
                    df:4c:f1:8c:de:bd:48:01:60:03:06:bb:11:67:87:
                    d8:0e:f7:fd:7a:f0:fe:f5:77:5a:1e:98:60:a4:26:
                    ed:7c:ba:b0:90:24:74:a5:cb:80:72:88:f1:02:6d:
                    c7:c8:3e:c1:1e:da:52:02:c8:d9:df:8c:de:9f:23:
                    d2:44:ab:ae:7a:d2:bc:03:7a:df:38:89:04:fb:27:
                    b3:b1:f9:18:14:34:03:86:44:a4:71:a9:1f:21:81:
                    66:b3:b2:26:41:e7:af:2b:b3:20:ff:6f:d3:12:26:
                    30:66:7a:51:6f:9b:fd:83:de:83:84:f2:4e:d9:13:
                    26:7e:f8:f2:ec:87:fc:7e:90:79:9b:0a:02:54:35:
                    d5:98:bf:74:5e:25:84:27:4f:5e:81:5e:a1:24:8d:
                    42:77:57:48:6d:37:9a:ce:36:dc:e6:35:9e:83:18:
                    e4:82:da:22:2f:17:79:79:de:79:84:cd:bc:1d:bb:
                    25:a8:30:0e:fa:e7:ce:3d:2a:9c:74:47:b1:ce:c9:
                    62:c3:c9:8e:c1:4a:39:70:3e:d2:0b:65:a0:a7:6a:
                    c3:14:83:81:42:64:31:38:ae:35:35:96:c0:45:ff:
                    83:1b:9e:98:05:9e:7f:c3:53:e7:83:8b:27:06:75:
                    ae:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:58:A3:77:5D:0C:5E:B3:8F:20:F0:EF:9A:36:11:06:1A:51:95:B3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5c765c-83f3-45d1-8930-8d04f8779423/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/5c765c-83f3-45d1-8930-8d04f8779423/1/kVijd10MXrOPIPDvmjYRBhpRlbM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.128.0-193.17.169.255
                  193.30.24.0/22
                  193.32.106.0-193.32.109.255
                  193.176.56.0-193.176.60.255
                  194.60.96.0/20

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  21188

    Signature Algorithm: sha256WithRSAEncryption
         80:52:a6:36:47:1b:35:59:ac:6a:a0:eb:02:24:92:cf:1b:b5:
         37:56:63:60:3e:2d:f5:b9:71:f3:c1:a4:f3:b9:3d:1b:f6:8e:
         9b:8d:f5:ba:57:bd:e5:84:22:eb:9b:44:81:34:97:82:57:4d:
         89:4e:1d:25:75:20:c7:15:df:e3:3c:48:a9:3e:79:a6:91:0a:
         68:d5:c2:a3:54:3b:29:45:a8:30:7a:74:60:25:51:eb:70:ff:
         59:cb:b2:4e:49:53:4f:c3:24:cf:19:49:5c:ad:e4:77:11:ce:
         09:a8:30:54:54:de:8f:49:da:40:dd:93:52:46:c7:7d:4b:86:
         d8:5c:36:7f:17:56:00:60:02:13:b8:e0:87:9f:b4:fb:ba:8b:
         fc:66:93:c5:be:8a:66:7d:8f:fc:2d:95:19:18:48:86:c6:bd:
         ce:62:20:24:79:27:c6:36:3c:cf:76:02:27:94:39:98:79:9d:
         2e:3f:91:3d:49:2e:ca:b0:e6:a3:c1:0d:bc:21:e0:c8:b1:8f:
         8c:2a:2a:bc:ad:93:14:37:38:fd:37:b4:72:ab:be:18:33:14:
         cf:3b:69:4c:c8:b6:56:b5:dc:e1:da:63:7d:f4:2e:d4:ed:08:
         89:52:84:5e:75:7f:a1:3f:ac:d5:0e:f5:66:79:1f:9b:13:5c:
         27:f9:0d:14
-----BEGIN CERTIFICATE-----
MIIFwzCCBKugAwIBAgISAYzIbzwPxBDdQyv+XZntgjZ9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTU4YTM3NzVkMGM1ZWIzOGYyMGYwZWY5YTM2MTEwNjFhNTE5NWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEPnjjfSGes3zPJ1t3PfTPGM3r1I
AWADBrsRZ4fYDvf9evD+9XdaHphgpCbtfLqwkCR0pcuAcojxAm3HyD7BHtpSAsjZ
34zenyPSRKuuetK8A3rfOIkE+yezsfkYFDQDhkSkcakfIYFms7ImQeevK7Mg/2/T
EiYwZnpRb5v9g96DhPJO2RMmfvjy7If8fpB5mwoCVDXVmL90XiWEJ09egV6hJI1C
d1dIbTeazjbc5jWegxjkgtoiLxd5ed55hM28HbslqDAO+ufOPSqcdEexzsliw8mO
wUo5cD7SC2Wgp2rDFIOBQmQxOK41NZbARf+DG56YBZ5/w1Png4snBnWu/QIDAQAB
o4ICzzCCAsswHQYDVR0OBBYEFJFYo3ddDF6zjyDw75o2EQYaUZWzMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q4LzVjNzY1
Yy04M2YzLTQ1ZDEtODkzMC04ZDA0Zjg3Nzk0MjMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDgvNWM3NjVj
LTgzZjMtNDVkMS04OTMwLThkMDRmODc3OTQyMy8xL2tWaWpkMTBNWHJPUElQRHZt
allSQmhwUmxiTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CME8GCCsGAQUF
BwEHAQH/BEAwPjA8BAIAATA2MAwDBAfBEYADBAHBEagDBALBHhgwDAMEAcEgagME
AcEgbDAMAwQDwbA4AwQAwbA8AwQEwjxgMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AlLEMA0GCSqGSIb3DQEBCwUAA4IBAQCAUqY2Rxs1WaxqoOsCJJLPG7U3VmNgPi31
uXHzwaTzuT0b9o6bjfW6V73lhCLrm0SBNJeCV02JTh0ldSDHFd/jPEipPnmmkQpo
1cKjVDspRagwenRgJVHrcP9Zy7JOSVNPwyTPGUlcreR3Ec4JqDBUVN6PSdpA3ZNS
Rsd9S4bYXDZ/F1YAYAITuOCHn7T7uov8ZpPFvopmfY/8LZUZGEiGxr3OYiAkeSfG
NjzPdgInlDmYeZ0uP5E9SS7KsOajwQ28IeDIsY+MKiq8rZMUNzj9N7Ryq74YMxTP
O2lMyLZWtdzh2mN99C7U7QiJUoRedX+hP6zVDvVmeR+bE1wn+Q0U
-----END CERTIFICATE-----
Generated at Tue Nov 26 21:33:49 2024 by rpki-client on console-fra.rpki-client.org