Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/o1E9KI2r3n3uBpvbY2Vzzpw-y2A.cer
File:                     o1E9KI2r3n3uBpvbY2Vzzpw-y2A.cer (raw, json)
Hash identifier:          fheArFtzC5tvMVb31//d0H4tz0k6zqhYhkbQ5qi0b90=
Subject key identifier:   A3:51:3D:28:8D:AB:DE:7D:EE:06:9B:DB:63:65:73:CE:9C:3E:CB:60
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA96DF03D2EFA0BF4C885431747162AC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e9/792113-e13c-43ee-84d7-e0d7dd5e2e6f/1/o1E9KI2r3n3uBpvbY2Vzzpw-y2A.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e9/792113-e13c-43ee-84d7-e0d7dd5e2e6f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 14:32:14 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 5.249.160.0/21
                          IP: 45.141.36.0/23
                          IP: 45.146.252.0/22
                          IP: 88.214.56.0/22
                          IP: 92.42.44.0/22
                          IP: 134.255.216.0/22
                          IP: 134.255.231.0 -- 134.255.234.255
                          IP: 147.189.168.0/21
                          IP: 185.223.28.0/22
                          IP: 185.239.236.0/22
                          IP: 185.249.196.0/22
                          IP: 193.23.126.0/23
                          IP: 193.23.160.0/23
                          IP: 193.34.69.0/24
                          IP: 193.203.238.0/24
                          IP: 194.156.88.0/22
                          IP: 2a0c:3580::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:df:03:d2:ef:a0:bf:4c:88:54:31:74:71:62:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 14:32:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a3513d288dabde7dee069bdb636573ce9c3ecb60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d5:62:ed:af:c2:df:48:f9:52:21:48:56:e4:
                    0c:83:3a:5f:97:80:3c:d0:a2:e0:b5:79:f1:4e:cc:
                    16:94:bf:64:b4:e9:87:a0:59:8e:e4:ed:46:6d:eb:
                    a8:5d:b0:05:04:19:16:d3:29:00:4e:44:8e:1b:21:
                    67:28:f1:f4:38:02:c9:24:c5:94:50:5e:c1:35:fc:
                    9c:d1:45:53:71:82:b7:8f:2e:f1:91:83:21:8b:c0:
                    c8:bf:e6:7b:b3:bc:18:9e:3c:dc:89:d2:9d:73:af:
                    7f:34:8f:26:eb:5d:f1:3c:46:39:76:16:07:f1:92:
                    00:5e:a0:74:b1:7e:68:ed:1e:bd:58:0a:24:f3:b6:
                    1e:0e:5b:31:19:6d:3a:fd:6a:c6:6f:05:3e:52:84:
                    e9:0a:81:39:ba:37:07:5d:20:ee:8c:ce:e2:57:b3:
                    c6:f3:27:81:ba:d5:1b:c1:62:ce:75:8f:ef:cb:06:
                    af:4c:32:bd:fd:8e:97:06:c0:ca:71:1d:d3:06:f7:
                    a4:02:ff:04:a7:f3:01:82:6f:a8:8f:87:dc:83:72:
                    c2:d5:df:a2:c4:80:34:dc:88:a4:77:0a:ce:d4:73:
                    0a:24:27:d0:0b:65:f2:94:e5:24:57:08:3e:0f:53:
                    00:e9:81:88:14:b7:48:a6:56:9c:94:ab:be:e5:a5:
                    e3:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:51:3D:28:8D:AB:DE:7D:EE:06:9B:DB:63:65:73:CE:9C:3E:CB:60
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/792113-e13c-43ee-84d7-e0d7dd5e2e6f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/792113-e13c-43ee-84d7-e0d7dd5e2e6f/1/o1E9KI2r3n3uBpvbY2Vzzpw-y2A.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.249.160.0/21
                  45.141.36.0/23
                  45.146.252.0/22
                  88.214.56.0/22
                  92.42.44.0/22
                  134.255.216.0/22
                  134.255.231.0-134.255.234.255
                  147.189.168.0/21
                  185.223.28.0/22
                  185.239.236.0/22
                  185.249.196.0/22
                  193.23.126.0/23
                  193.23.160.0/23
                  193.34.69.0/24
                  193.203.238.0/24
                  194.156.88.0/22
                IPv6:
                  2a0c:3580::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:1d:bb:34:7b:e1:79:23:e9:90:93:53:34:23:ef:cc:d5:17:
         8d:21:60:ef:bd:e6:4a:ee:c2:1a:fc:c7:44:7f:08:6d:98:f3:
         58:c7:f2:1c:76:81:4f:c1:2f:76:f6:0c:c0:c2:0f:99:8b:c3:
         61:7a:36:1e:b2:5e:90:98:db:a0:6c:3e:69:0a:9b:2e:ef:f0:
         07:62:10:cf:87:8e:96:71:e5:51:50:60:c1:a7:30:3f:9d:52:
         1d:d9:02:78:c2:de:95:17:ee:a9:c2:09:a7:58:d9:f8:da:7f:
         56:46:53:b5:4e:5e:9d:83:78:d9:56:06:8d:74:6d:96:2f:ea:
         a5:29:24:cc:e7:ef:55:3d:20:c3:90:10:84:3f:f8:c4:e2:8d:
         05:cd:6e:64:15:db:05:f6:1a:01:41:78:ae:a4:81:a8:72:d2:
         74:57:5a:03:6d:49:eb:f5:df:9e:52:b4:f7:77:bf:b3:05:26:
         90:55:6d:53:e6:76:c7:75:f1:09:26:cc:60:8b:f3:55:a4:91:
         60:3d:7c:dd:b9:5d:1d:fa:19:35:1d:d6:d0:df:3d:07:e5:a3:
         c7:31:da:41:86:4c:8a:46:fa:6f:a9:da:ef:88:e0:ed:11:e4:
         96:de:26:80:31:d4:6b:ef:74:ac:97:7c:c7:52:9d:db:34:91:
         54:ea:3e:9b
-----BEGIN CERTIFICATE-----
MIIF6zCCBNOgAwIBAgISAYzKlt8D0u+gv0yIVDF0cWKsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTQzMjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzUxM2QyODhkYWJkZTdkZWUwNjliZGI2MzY1NzNjZTljM2VjYjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9Vi7a/C30j5UiFIVuQMgzpfl4A8
0KLgtXnxTswWlL9ktOmHoFmO5O1GbeuoXbAFBBkW0ykATkSOGyFnKPH0OALJJMWU
UF7BNfyc0UVTcYK3jy7xkYMhi8DIv+Z7s7wYnjzcidKdc69/NI8m613xPEY5dhYH
8ZIAXqB0sX5o7R69WAok87YeDlsxGW06/WrGbwU+UoTpCoE5ujcHXSDujM7iV7PG
8yeButUbwWLOdY/vywavTDK9/Y6XBsDKcR3TBvekAv8Ep/MBgm+oj4fcg3LC1d+i
xIA03IikdwrO1HMKJCfQC2XylOUkVwg+D1MA6YGIFLdIplaclKu+5aXjgQIDAQAB
o4IC9zCCAvMwHQYDVR0OBBYEFKNRPSiNq9597gab22Nlc86cPstgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U5Lzc5MjEx
My1lMTNjLTQzZWUtODRkNy1lMGQ3ZGQ1ZTJlNmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTkvNzkyMTEz
LWUxM2MtNDNlZS04NGQ3LWUwZDdkZDVlMmU2Zi8xL28xRTlLSTJyM24zdUJwdmJZ
MlZ6enB3LXkyQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIGRBggrBgEF
BQcBBwEB/wSBgTB/MG4EAgABMGgDBAMF+aADBAEtjSQDBAItkvwDBAJY1jgDBAJc
KiwDBAKG/9gwDAMEAIb/5wMEAIb/6gMEA5O9qAMEArnfHAMEArnv7AMEArn5xAME
AcEXfgMEAcEXoAMEAMEiRQMEAMHL7gMEAsKcWDANBAIAAjAHAwUDKgw1gDANBgkq
hkiG9w0BAQsFAAOCAQEAph27NHvheSPpkJNTNCPvzNUXjSFg773mSu7CGvzHRH8I
bZjzWMfyHHaBT8EvdvYMwMIPmYvDYXo2HrJekJjboGw+aQqbLu/wB2IQz4eOlnHl
UVBgwacwP51SHdkCeMLelRfuqcIJp1jZ+Np/VkZTtU5enYN42VYGjXRtli/qpSkk
zOfvVT0gw5AQhD/4xOKNBc1uZBXbBfYaAUF4rqSBqHLSdFdaA21J6/XfnlK093e/
swUmkFVtU+Z2x3XxCSbMYIvzVaSRYD183bldHfoZNR3W0N89B+WjxzHaQYZMikb6
b6na74jg7RHklt4mgDHUa+90rJd8x1Kd2zSRVOo+mw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 10:04:15 2024 by rpki-client on console-fra.rpki-client.org