Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/m9OEgG4Db3jlcD2fzsUmdcR0DTo.cer
File:                     m9OEgG4Db3jlcD2fzsUmdcR0DTo.cer (raw, json)
Hash identifier:          lBt8L/0626wkAbfgKZUz1qUlEHqMiwPPkOivITLRpjA=
Subject key identifier:   9B:D3:84:80:6E:03:6F:78:E5:70:3D:9F:CE:C5:26:75:C4:74:0D:3A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01856AF4F11F0D58314B80088034DEA8D5FE
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/9e/ff5826-0ce7-4986-adca-68d34bfd2a29/1/m9OEgG4Db3jlcD2fzsUmdcR0DTo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/9e/ff5826-0ce7-4986-adca-68d34bfd2a29/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Sun 01 Jan 2023 01:31:55 +0000
Certificate not after:    Mon 01 Jul 2024 00:00:00 +0000
Subordinate resources:    AS: 198682
                          IP: 45.88.140.0/22
                          IP: 109.71.136.0/21
                          IP: 109.205.0.0/21
                          IP: 185.71.148.0/22
                          IP: 185.220.72.0/22
                          IP: 185.230.96.0/22
                          IP: 193.176.64.0/22
                          IP: 2a00:1f10::/32
                          IP: 2a0b:f1c0::/32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6a:f4:f1:1f:0d:58:31:4b:80:08:80:34:de:a8:d5:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:31:55 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=9bd384806e036f78e5703d9fcec52675c4740d3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:3f:d8:f2:2d:33:f4:11:2a:4e:f2:02:78:14:
                    49:91:bc:0d:13:df:64:ec:7f:ce:1a:c2:44:6c:ef:
                    37:10:32:55:7b:b8:9b:02:6e:53:ee:ff:8b:09:71:
                    2c:2b:ec:93:cf:3d:9c:39:77:db:72:9d:d9:53:d1:
                    4a:ab:d4:26:cd:3d:7e:dc:19:17:da:db:71:6f:7b:
                    b5:a6:ef:9d:c2:67:b7:cc:19:ec:2c:a0:45:9b:84:
                    d7:ec:d8:53:0a:a2:28:eb:03:0b:8f:b9:47:d6:65:
                    5e:05:ce:cb:10:9c:d8:ac:39:ac:61:d4:83:28:d9:
                    15:f2:e0:f9:01:83:b1:d7:06:31:76:7f:14:af:f4:
                    c0:cb:ec:dc:34:e3:ca:10:e3:74:52:79:13:aa:58:
                    89:08:a0:30:d7:c8:a7:eb:58:35:3d:31:5b:86:05:
                    5b:a5:51:f4:b7:62:71:7f:6d:6b:c4:8e:2c:86:04:
                    d9:3f:c9:4b:39:ac:77:56:58:7b:b4:70:4c:b3:92:
                    d6:ac:8c:49:56:4f:14:9e:55:6f:c5:8d:30:cd:ff:
                    24:b4:76:1d:db:55:69:5f:46:bb:4f:e7:0b:05:ad:
                    20:f2:89:32:ea:61:c1:85:17:da:3e:31:43:da:3e:
                    62:6a:1e:95:cf:71:ab:b4:82:ed:53:8f:b7:77:4c:
                    69:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:D3:84:80:6E:03:6F:78:E5:70:3D:9F:CE:C5:26:75:C4:74:0D:3A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ff5826-0ce7-4986-adca-68d34bfd2a29/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ff5826-0ce7-4986-adca-68d34bfd2a29/1/m9OEgG4Db3jlcD2fzsUmdcR0DTo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.140.0/22
                  109.71.136.0/21
                  109.205.0.0/21
                  185.71.148.0/22
                  185.220.72.0/22
                  185.230.96.0/22
                  193.176.64.0/22
                IPv6:
                  2a00:1f10::/32
                  2a0b:f1c0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198682

    Signature Algorithm: sha256WithRSAEncryption
         9f:69:ec:85:92:4e:2a:2e:b2:7c:ce:7c:4f:42:3d:2e:a4:d6:
         ad:7b:08:21:74:1d:89:be:fd:e2:24:58:a8:46:88:d3:57:6c:
         73:dc:95:a4:aa:ef:a3:d1:46:c1:3c:a2:46:79:f3:36:59:d7:
         7a:0b:86:32:82:6a:45:42:f4:bc:98:76:1d:99:86:85:f1:87:
         69:c2:39:8b:70:2e:4a:67:25:58:e5:e7:94:c8:91:61:ce:98:
         4b:31:6d:45:b5:d6:e5:22:04:f4:8e:d9:b0:d6:4c:6c:19:5f:
         11:74:a3:e6:b7:51:9f:62:fd:13:80:e9:64:ab:cd:54:7f:20:
         8b:fd:ce:41:61:da:a0:c0:66:d0:67:5a:83:b5:a9:f2:ce:7c:
         44:95:d3:d2:16:9b:c0:46:be:44:0a:c9:eb:ae:2c:85:da:e6:
         9d:3d:01:2e:e6:b1:a5:eb:cd:ac:75:31:25:9f:81:ad:8a:de:
         89:d0:0d:88:09:28:03:b5:83:fb:91:77:92:cb:7c:9d:e7:9e:
         b6:43:96:29:2e:63:f5:c1:8f:5e:80:83:b9:80:49:b1:09:7c:
         5d:00:50:1e:ee:44:ae:08:48:84:9a:08:a8:ca:f6:93:14:31:
         91:19:fc:12:58:82:0f:9b:f5:1d:40:1d:d1:55:11:a7:2e:e2:
         90:bc:63:6d
-----BEGIN CERTIFICATE-----
MIIFzjCCBLagAwIBAgISAYVq9PEfDVgxS4AIgDTeqNX+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjMwMTAxMDEzMTU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmQzODQ4MDZlMDM2Zjc4ZTU3MDNkOWZjZWM1MjY3NWM0NzQwZDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlD/Y8i0z9BEqTvICeBRJkbwNE99k
7H/OGsJEbO83EDJVe7ibAm5T7v+LCXEsK+yTzz2cOXfbcp3ZU9FKq9QmzT1+3BkX
2ttxb3u1pu+dwme3zBnsLKBFm4TX7NhTCqIo6wMLj7lH1mVeBc7LEJzYrDmsYdSD
KNkV8uD5AYOx1wYxdn8Ur/TAy+zcNOPKEON0UnkTqliJCKAw18in61g1PTFbhgVb
pVH0t2Jxf21rxI4shgTZP8lLOax3Vlh7tHBMs5LWrIxJVk8UnlVvxY0wzf8ktHYd
21VpX0a7T+cLBa0g8oky6mHBhRfaPjFD2j5iah6Vz3GrtILtU4+3d0xpxwIDAQAB
o4IC2jCCAtYwHQYDVR0OBBYEFJvThIBuA2945XA9n87FJnXEdA06MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzllL2ZmNTgy
Ni0wY2U3LTQ5ODYtYWRjYS02OGQzNGJmZDJhMjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOWUvZmY1ODI2
LTBjZTctNDk4Ni1hZGNhLTY4ZDM0YmZkMmEyOS8xL205T0VnRzREYjNqbGNEMmZ6
c1VtZGNSMERUby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFkGCCsGAQUF
BwEHAQH/BEowSDAwBAIAATAqAwQCLViMAwQDbUeIAwQDbc0AAwQCuUeUAwQCudxI
AwQCueZgAwQCwbBAMBQEAgACMA4DBQAqAB8QAwUAKgvxwDAaBggrBgEFBQcBCAEB
/wQLMAmgBzAFAgMDCBowDQYJKoZIhvcNAQELBQADggEBAJ9p7IWSTiousnzOfE9C
PS6k1q17CCF0HYm+/eIkWKhGiNNXbHPclaSq76PRRsE8okZ58zZZ13oLhjKCakVC
9LyYdh2ZhoXxh2nCOYtwLkpnJVjl55TIkWHOmEsxbUW11uUiBPSO2bDWTGwZXxF0
o+a3UZ9i/ROA6WSrzVR/IIv9zkFh2qDAZtBnWoO1qfLOfESV09IWm8BGvkQKyeuu
LIXa5p09AS7msaXrzax1MSWfga2K3onQDYgJKAO1g/uRd5LLfJ3nnrZDlikuY/XB
j16Ag7mASbEJfF0AUB7uRK4ISISaCKjK9pMUMZEZ/BJYgg+b9R1AHdFVEacu4pC8
Y20=
-----END CERTIFICATE-----
Generated at Thu Feb 20 02:37:11 2025 by rpki-client