Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer
File:                     t1oFZtC2Oh-GLYNFjk8upv2PfSE.cer (raw, json)
Hash identifier:          dx0N0aYg7wXAaNj9u4E9kEKj5QxwKDK2gW6AjE0veQg=
Subject key identifier:   B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6D1C65F992023C369BC6313786CB4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:47 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 199775
                          AS: 201508
                          IP: 45.94.32.0/22
                          IP: 46.36.192.0/21
                          IP: 185.4.24.0/22
                          IP: 185.6.152.0/22
                          IP: 185.42.0.0/22
                          IP: 185.65.164.0/22
                          IP: 185.95.108.0/22
                          IP: 185.168.132.0/22
                          IP: 185.182.52.0/22
                          IP: 185.199.56.0/22
                          IP: 185.208.240.0/22
                          IP: 185.242.218.0/24
                          IP: 185.245.212.0/22
                          IP: 194.126.152.0/22
                          IP: 2a02:66c0::/32
                          IP: 2a03:1940::/32
                          IP: 2a04:8d80::/29
                          IP: 2a05:1c0::/29
                          IP: 2a09:1580::/29
                          IP: 2a0a:e480::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 25 Feb 2024 19:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d1:c6:5f:99:20:23:c3:69:bc:63:13:78:6c:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b75a0566d0b63a1f862d83458e4f2ea6fd8f7d21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:14:1e:90:54:92:62:d0:9e:ab:4c:fc:d9:aa:
                    47:ee:c0:17:4b:94:29:64:16:fa:c3:a1:7f:57:d1:
                    fd:f1:b5:b3:98:a0:7e:1b:86:5f:c0:79:78:15:7a:
                    90:12:c4:a3:47:ea:5d:23:2a:bb:6b:b9:79:a2:4b:
                    3b:27:5f:6a:17:09:75:89:05:65:66:20:28:65:38:
                    77:20:b5:6f:36:b3:06:00:ca:06:a4:49:d8:f8:52:
                    82:a9:3d:8a:70:3b:75:a8:f1:0a:1a:34:27:ab:ca:
                    ce:3a:d6:f4:e2:64:96:74:c3:37:55:2d:88:77:d1:
                    e4:63:40:65:02:31:51:1c:19:a4:47:0e:61:9a:04:
                    8e:16:72:5c:bf:c3:f2:d6:a5:af:3f:6c:81:3b:60:
                    ff:2e:2d:e2:cf:d3:32:5b:19:1f:e6:d2:52:fc:9b:
                    a5:64:a7:80:1b:10:d1:0f:c0:45:34:49:70:43:f6:
                    d5:02:40:5a:8d:89:ae:86:b2:8b:39:4d:5e:a3:9b:
                    90:d6:13:33:c3:9e:3f:96:b9:fe:c7:46:d0:ca:8d:
                    2e:50:3b:f3:e6:3b:3d:15:04:79:be:77:35:bb:8f:
                    3b:e1:19:08:e1:21:64:93:d5:dc:a1:37:38:c0:75:
                    88:a5:b0:41:44:34:9b:af:ce:17:46:60:b2:97:be:
                    4f:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:5A:05:66:D0:B6:3A:1F:86:2D:83:45:8E:4F:2E:A6:FD:8F:7D:21
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/103570-1cf6-42ac-81d4-83f601c3fb59/1/t1oFZtC2Oh-GLYNFjk8upv2PfSE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.32.0/22
                  46.36.192.0/21
                  185.4.24.0/22
                  185.6.152.0/22
                  185.42.0.0/22
                  185.65.164.0/22
                  185.95.108.0/22
                  185.168.132.0/22
                  185.182.52.0/22
                  185.199.56.0/22
                  185.208.240.0/22
                  185.242.218.0/24
                  185.245.212.0/22
                  194.126.152.0/22
                IPv6:
                  2a02:66c0::/32
                  2a03:1940::/32
                  2a04:8d80::/29
                  2a05:1c0::/29
                  2a09:1580::/29
                  2a0a:e480::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199775
                  201508

    Signature Algorithm: sha256WithRSAEncryption
         95:a0:f9:47:95:76:04:1f:c1:fe:9f:1e:b4:6a:48:12:77:47:
         4f:54:c5:b8:39:e7:a7:01:b9:e2:ab:0c:60:12:ba:39:38:f6:
         03:8d:09:cd:24:c1:22:d0:29:ef:df:f1:79:19:78:0e:ab:b6:
         be:7e:d4:ba:ec:06:7f:fe:a9:9b:7e:0f:05:37:46:64:66:91:
         b5:ad:8a:4f:e9:5b:e5:24:fe:71:da:1b:1f:4c:4d:1e:12:5a:
         db:ac:4c:e1:80:d4:7f:c8:e8:d2:91:a3:20:c8:d6:58:6c:f9:
         96:0b:fd:f2:f0:83:0b:c8:49:4f:61:0b:bb:e8:3e:65:7e:d7:
         f7:bd:af:5d:c7:9d:38:61:08:74:e8:7d:4a:52:e6:92:8d:04:
         d1:93:94:1a:4e:b2:c9:aa:0f:2a:c5:c6:67:ec:21:01:50:0a:
         c6:52:f0:2d:19:1f:9c:2d:83:59:ab:1d:39:43:1e:8d:1d:7d:
         1e:d7:2e:86:2b:48:a2:22:78:8e:3e:b9:58:de:c5:37:d2:4d:
         6a:a5:fd:94:42:8f:2b:6a:ea:a0:a6:93:82:d4:a0:59:a7:f5:
         de:43:36:21:fe:5c:a8:20:21:7b:f1:88:e4:3f:99:ce:b4:b5:
         18:44:ff:d4:de:fe:83:ad:5a:7a:fe:ab:36:0f:1d:a5:54:25:
         fe:2a:af:cd
-----BEGIN CERTIFICATE-----
MIIGHDCCBQSgAwIBAgISAYzDttHGX5kgI8NpvGMTeGy0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzVhMDU2NmQwYjYzYTFmODYyZDgzNDU4ZTRmMmVhNmZkOGY3ZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjBQekFSSYtCeq0z82apH7sAXS5Qp
ZBb6w6F/V9H98bWzmKB+G4ZfwHl4FXqQEsSjR+pdIyq7a7l5oks7J19qFwl1iQVl
ZiAoZTh3ILVvNrMGAMoGpEnY+FKCqT2KcDt1qPEKGjQnq8rOOtb04mSWdMM3VS2I
d9HkY0BlAjFRHBmkRw5hmgSOFnJcv8Py1qWvP2yBO2D/Li3iz9MyWxkf5tJS/Jul
ZKeAGxDRD8BFNElwQ/bVAkBajYmuhrKLOU1eo5uQ1hMzw54/lrn+x0bQyo0uUDvz
5js9FQR5vnc1u4874RkI4SFkk9XcoTc4wHWIpbBBRDSbr84XRmCyl75PPQIDAQAB
o4IDKDCCAyQwHQYDVR0OBBYEFLdaBWbQtjofhi2DRY5PLqb9j30hMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQyLzEwMzU3
MC0xY2Y2LTQyYWMtODFkNC04M2Y2MDFjM2ZiNTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIvMTAzNTcw
LTFjZjYtNDJhYy04MWQ0LTgzZjYwMWMzZmI1OS8xL3Qxb0ZadEMyT2gtR0xZTkZq
azh1cHYyUGZTRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIGhBggrBgEF
BQcBBwEB/wSBkTCBjjBaBAIAATBUAwQCLV4gAwQDLiTAAwQCuQQYAwQCuQaYAwQC
uSoAAwQCuUGkAwQCuV9sAwQCuaiEAwQCubY0AwQCucc4AwQCudDwAwQAufLaAwQC
ufXUAwQCwn6YMDAEAgACMCoDBQAqAmbAAwUAKgMZQAMFAyoEjYADBQMqBQHAAwUD
KgkVgAMFAyoK5IAwHwYIKwYBBQUHAQgBAf8EEDAOoAwwCgIDAwxfAgMDEyQwDQYJ
KoZIhvcNAQELBQADggEBAJWg+UeVdgQfwf6fHrRqSBJ3R09Uxbg556cBueKrDGAS
ujk49gONCc0kwSLQKe/f8XkZeA6rtr5+1LrsBn/+qZt+DwU3RmRmkbWtik/pW+Uk
/nHaGx9MTR4SWtusTOGA1H/I6NKRoyDI1lhs+ZYL/fLwgwvISU9hC7voPmV+1/e9
r13HnThhCHTofUpS5pKNBNGTlBpOssmqDyrFxmfsIQFQCsZS8C0ZH5wtg1mrHTlD
Ho0dfR7XLoYrSKIieI4+uVjexTfSTWql/ZRCjytq6qCmk4LUoFmn9d5DNiH+XKgg
IXvxiOQ/mc60tRhE/9Te/oOtWnr+qzYPHaVUJf4qr80=
-----END CERTIFICATE-----
Generated at Sun Feb 25 04:44:10 2024 by rpki-client on console-ams.rpki-client.org