Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ua8Z9KYNrxXvt-xB_Fn12mVZcuY.cer
File:                     ua8Z9KYNrxXvt-xB_Fn12mVZcuY.cer (raw, json)
Hash identifier:          EN3fGi5+Be6J2YKSz0uN6+WbMoxf4KeAjZoEEx2Hq1k=
Subject key identifier:   B9:AF:19:F4:A6:0D:AF:15:EF:B7:EC:41:FC:59:F5:DA:65:59:72:E6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9B88D2B098100F8FBAE99BE8591CF56
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fc/14f46c-0a36-4cc3-b091-7425b13d5cf8/1/ua8Z9KYNrxXvt-xB_Fn12mVZcuY.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fc/14f46c-0a36-4cc3-b091-7425b13d5cf8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:29:24 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 203949
                          IP: 94.126.80.0/21
                          IP: 193.111.148.0/22
                          IP: 2a0c:5ac0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:b8:8d:2b:09:81:00:f8:fb:ae:99:be:85:91:cf:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9af19f4a60daf15efb7ec41fc59f5da655972e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:b9:ce:0c:a9:e4:f2:44:5a:81:39:f1:43:a5:
                    dd:35:17:36:71:f9:67:ae:7e:56:36:c6:a3:f7:9b:
                    05:52:68:e1:d2:a1:3f:16:14:a4:12:33:c6:cf:44:
                    d4:6d:29:cf:ee:2d:54:e9:cd:1e:ab:e6:49:89:16:
                    f8:28:34:28:ea:00:17:28:61:81:52:2f:de:bc:84:
                    56:15:5c:8d:88:b6:76:be:9e:f6:d5:4a:88:d6:5a:
                    85:e8:01:a3:98:a9:86:17:8e:90:6b:44:3d:b9:9f:
                    5f:07:19:2a:6f:a3:5d:57:91:ab:04:85:ff:94:45:
                    67:79:7a:fc:76:a3:b6:67:cf:73:b6:28:bf:e3:46:
                    2c:0d:70:44:b4:99:f8:30:5a:e7:dc:77:d9:6d:3b:
                    3e:50:95:07:6e:9f:ce:03:98:df:f5:56:c7:96:f1:
                    eb:e9:a0:b6:0a:22:25:4b:82:ff:29:e1:3f:94:dc:
                    3e:96:61:cb:4f:88:ce:8f:e4:9e:c0:5a:82:4b:2d:
                    d3:96:16:67:3d:a8:43:9c:3f:45:af:fc:53:37:1b:
                    ab:fa:2d:51:d0:33:e0:df:23:d2:1b:74:fc:76:dc:
                    f9:87:1c:76:c8:e8:22:e7:5a:9f:4f:e3:36:b1:f8:
                    a0:cd:dd:9b:0c:6c:5d:e6:e1:ee:d2:bd:eb:ee:bf:
                    a0:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:AF:19:F4:A6:0D:AF:15:EF:B7:EC:41:FC:59:F5:DA:65:59:72:E6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/14f46c-0a36-4cc3-b091-7425b13d5cf8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/14f46c-0a36-4cc3-b091-7425b13d5cf8/1/ua8Z9KYNrxXvt-xB_Fn12mVZcuY.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.126.80.0/21
                  193.111.148.0/22
                IPv6:
                  2a0c:5ac0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203949

    Signature Algorithm: sha256WithRSAEncryption
         9e:14:a9:b1:8c:94:f2:15:6d:93:6a:98:dc:9b:4e:3a:4b:ea:
         94:0f:c3:cb:f2:25:eb:05:01:22:00:8d:ec:88:b5:c6:96:25:
         23:0d:ca:cb:af:62:5d:de:9d:9b:c5:dd:10:3a:9e:e0:aa:da:
         0a:40:49:91:38:20:62:f3:e0:d3:0a:aa:31:26:f4:78:1e:52:
         d4:e2:e7:ae:d9:28:e4:f6:a9:a1:32:f1:e1:8f:07:b4:76:5c:
         bd:35:d2:ac:c9:56:53:78:fa:47:73:e4:82:05:e2:f6:2e:5f:
         d9:55:a9:72:4d:80:22:0b:ab:84:84:7e:ee:7b:d8:fa:42:4f:
         ab:c5:24:3c:7e:9f:2d:4d:1f:d3:8d:7e:a5:4a:e3:02:31:26:
         8d:45:18:b3:3c:2e:a1:2d:56:c9:49:b7:c0:a4:ac:36:0a:74:
         b0:16:d7:a3:c4:6f:cf:38:04:e3:6e:e0:b0:50:d7:a0:78:c9:
         ee:58:6b:35:26:ca:12:f7:ea:19:f0:50:0f:a7:b7:68:72:33:
         a2:f7:c9:69:9c:55:6a:ec:ee:b3:a0:bc:5b:f5:ab:82:4e:62:
         20:f2:be:71:e9:e2:10:24:9f:50:4a:fb:25:bf:cc:8b:d5:bc:
         c9:56:f7:49:29:22:9d:9d:36:af:a2:fd:bb:8b:1d:1b:6f:70:
         75:d9:90:a1
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYzJuI0rCYEA+Puumb6Fkc9WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWFmMTlmNGE2MGRhZjE1ZWZiN2VjNDFmYzU5ZjVkYTY1NTk3MmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9rnODKnk8kRagTnxQ6XdNRc2cfln
rn5WNsaj95sFUmjh0qE/FhSkEjPGz0TUbSnP7i1U6c0eq+ZJiRb4KDQo6gAXKGGB
Ui/evIRWFVyNiLZ2vp721UqI1lqF6AGjmKmGF46Qa0Q9uZ9fBxkqb6NdV5GrBIX/
lEVneXr8dqO2Z89ztii/40YsDXBEtJn4MFrn3HfZbTs+UJUHbp/OA5jf9VbHlvHr
6aC2CiIlS4L/KeE/lNw+lmHLT4jOj+SewFqCSy3TlhZnPahDnD9Fr/xTNxur+i1R
0DPg3yPSG3T8dtz5hxx2yOgi51qfT+M2sfigzd2bDGxd5uHu0r3r7r+gSwIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFLmvGfSmDa8V77fsQfxZ9dplWXLmMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZjLzE0ZjQ2
Yy0wYTM2LTRjYzMtYjA5MS03NDI1YjEzZDVjZjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmMvMTRmNDZj
LTBhMzYtNGNjMy1iMDkxLTc0MjViMTNkNWNmOC8xL3VhOFo5S1lOcnhYdnQteEJf
Rm4xMm1WWmN1WS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQDXn5QAwQCwW+UMA0EAgACMAcDBQMqDFrAMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwMcrTANBgkqhkiG9w0BAQsFAAOCAQEAnhSp
sYyU8hVtk2qY3JtOOkvqlA/Dy/Il6wUBIgCN7Ii1xpYlIw3Ky69iXd6dm8XdEDqe
4KraCkBJkTggYvPg0wqqMSb0eB5S1OLnrtko5PapoTLx4Y8HtHZcvTXSrMlWU3j6
R3PkggXi9i5f2VWpck2AIgurhIR+7nvY+kJPq8UkPH6fLU0f041+pUrjAjEmjUUY
szwuoS1WyUm3wKSsNgp0sBbXo8RvzzgE427gsFDXoHjJ7lhrNSbKEvfqGfBQD6e3
aHIzovfJaZxVauzus6C8W/Wrgk5iIPK+ceniECSfUEr7Jb/Mi9W8yVb3SSkinZ02
r6L9u4sdG29wddmQoQ==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:23:13 2024 by rpki-client on console-fra.rpki-client.org