Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/rOSXY9L9uQmGRpQDBmy15qeCXww.cer
File:                     rOSXY9L9uQmGRpQDBmy15qeCXww.cer (raw, json)
Hash identifier:          Snm1CMO4hM9fLNDZLs6UHnIZt9nVYYrOFtAumXbM8FA=
Subject key identifier:   AC:E4:97:63:D2:FD:B9:09:86:46:94:03:06:6C:B5:E6:A7:82:5F:0C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC79412AD0474446014BCF99D9D781822
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ce/4630fd-a0ca-48a0-bcab-90a8c6e785c9/1/rOSXY9L9uQmGRpQDBmy15qeCXww.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ce/4630fd-a0ca-48a0-bcab-90a8c6e785c9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:19 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 25521
                          IP: 193.0.220.0/23
                          IP: 2a13:8f40::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 28 Nov 2024 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:12:ad:04:74:44:60:14:bc:f9:9d:9d:78:18:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ace49763d2fdb90986469403066cb5e6a7825f0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:dd:0a:72:30:a6:5a:80:1e:d0:31:d6:10:4b:
                    ac:38:7f:cd:ae:7c:75:b3:9a:51:3b:1d:41:ca:77:
                    d3:f5:63:bf:f7:4b:08:11:bc:69:3b:2d:9c:4b:71:
                    12:b9:f2:09:0e:6e:bc:ab:40:19:dc:c7:67:ba:95:
                    b2:34:c6:75:ed:a0:55:59:42:8e:69:80:07:8f:0d:
                    10:12:46:2f:6d:cb:60:b8:61:0f:68:62:2a:de:b5:
                    40:fe:b9:de:b3:ab:4a:35:30:3b:09:0a:ce:c9:2a:
                    41:ed:01:d9:aa:1d:90:c7:b4:81:dd:f6:67:06:ed:
                    a2:08:9f:d0:b2:68:1e:ca:59:42:71:9b:b4:3d:8f:
                    89:b6:cf:18:22:e5:27:6a:52:61:af:a7:7c:e6:84:
                    8d:c8:a9:7a:ca:69:12:97:29:ed:d7:7a:47:d3:47:
                    40:52:5a:9f:78:4b:78:7d:f1:13:58:2b:dd:e2:63:
                    db:e1:4f:76:7a:66:73:f7:ed:3a:b9:a3:07:08:24:
                    07:81:75:10:45:6b:9e:40:9f:7e:02:3b:fa:ab:c9:
                    63:c7:c2:62:58:58:fb:b7:ee:3f:ec:03:98:a0:fc:
                    36:c0:5e:3a:04:2f:99:34:50:4b:08:b0:a1:01:a6:
                    ff:8b:f6:c6:cd:b3:27:03:6c:41:95:77:3c:b8:d4:
                    37:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:E4:97:63:D2:FD:B9:09:86:46:94:03:06:6C:B5:E6:A7:82:5F:0C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/4630fd-a0ca-48a0-bcab-90a8c6e785c9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/4630fd-a0ca-48a0-bcab-90a8c6e785c9/1/rOSXY9L9uQmGRpQDBmy15qeCXww.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.0.220.0/23
                IPv6:
                  2a13:8f40::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  25521

    Signature Algorithm: sha256WithRSAEncryption
         77:ea:04:74:86:b6:1c:ef:a3:ce:13:47:e9:5f:cc:a5:cd:05:
         7d:1b:ce:53:fb:fe:ca:56:52:df:0c:58:a4:cc:94:2e:1c:f7:
         d4:d2:82:9f:8d:d6:f5:06:97:11:d5:18:78:06:2c:d0:58:0b:
         46:c4:53:1b:6e:9e:a3:c8:fa:59:16:d9:46:98:78:68:b4:43:
         87:bc:ed:26:0b:1e:79:1f:51:01:56:b4:9f:1e:8c:62:fc:13:
         f9:4d:82:26:23:8f:60:15:e3:f4:7a:78:05:3b:c8:09:82:d7:
         88:72:05:be:09:1c:9e:c0:74:7f:cd:1b:d3:68:75:4d:80:a2:
         ea:6a:4a:ae:3f:33:63:6c:93:7f:9f:6f:8d:04:61:04:cb:1d:
         d9:12:74:24:7f:58:7a:e4:6b:79:46:6b:b8:74:7f:76:58:88:
         50:23:8a:b1:0e:26:ee:56:7a:44:f3:54:a0:b7:01:bf:8e:70:
         2c:0b:d2:ed:bd:31:d3:ba:7d:18:7b:b3:da:d0:5e:8f:60:50:
         bc:40:98:8f:50:9c:63:83:a8:13:ae:56:d2:88:31:31:06:b6:
         59:de:1c:3c:ff:2e:1f:46:cf:36:5d:8f:e4:30:17:57:b4:86:
         f8:d5:d5:b6:e9:0e:2b:ed:33:a1:20:57:f3:75:b9:1e:db:40:
         ff:62:48:bb
-----BEGIN CERTIFICATE-----
MIIFojCCBIqgAwIBAgISAYzHlBKtBHREYBS8+Z2deBgiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2U0OTc2M2QyZmRiOTA5ODY0Njk0MDMwNjZjYjVlNmE3ODI1ZjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1N0KcjCmWoAe0DHWEEusOH/Nrnx1
s5pROx1BynfT9WO/90sIEbxpOy2cS3ESufIJDm68q0AZ3MdnupWyNMZ17aBVWUKO
aYAHjw0QEkYvbctguGEPaGIq3rVA/rnes6tKNTA7CQrOySpB7QHZqh2Qx7SB3fZn
Bu2iCJ/QsmgeyllCcZu0PY+Jts8YIuUnalJhr6d85oSNyKl6ymkSlynt13pH00dA
UlqfeEt4ffETWCvd4mPb4U92emZz9+06uaMHCCQHgXUQRWueQJ9+Ajv6q8ljx8Ji
WFj7t+4/7AOYoPw2wF46BC+ZNFBLCLChAab/i/bGzbMnA2xBlXc8uNQ3mwIDAQAB
o4ICrjCCAqowHQYDVR0OBBYEFKzkl2PS/bkJhkaUAwZsteangl8MMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NlLzQ2MzBm
ZC1hMGNhLTQ4YTAtYmNhYi05MGE4YzZlNzg1YzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2UvNDYzMGZk
LWEwY2EtNDhhMC1iY2FiLTkwYThjNmU3ODVjOS8xL3JPU1hZOUw5dVFtR1JwUURC
bXkxNXFlQ1h3dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQBwQDcMA0EAgACMAcDBQMqE49AMBkGCCsGAQUF
BwEIAQH/BAowCKAGMAQCAmOxMA0GCSqGSIb3DQEBCwUAA4IBAQB36gR0hrYc76PO
E0fpX8ylzQV9G85T+/7KVlLfDFikzJQuHPfU0oKfjdb1BpcR1Rh4BizQWAtGxFMb
bp6jyPpZFtlGmHhotEOHvO0mCx55H1EBVrSfHoxi/BP5TYImI49gFeP0engFO8gJ
gteIcgW+CRyewHR/zRvTaHVNgKLqakquPzNjbJN/n2+NBGEEyx3ZEnQkf1h65Gt5
Rmu4dH92WIhQI4qxDibuVnpE81SgtwG/jnAsC9LtvTHTun0Ye7Pa0F6PYFC8QJiP
UJxjg6gTrlbSiDExBrZZ3hw8/y4fRs82XY/kMBdXtIb41dW26Q4r7TOhIFfzdbke
20D/Yki7
-----END CERTIFICATE-----
Generated at Wed Nov 27 09:39:12 2024 by rpki-client on console-ams.rpki-client.org