Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/vfo6-DmqHc51j0ieLTGuIgkvyZo.cer
File:                     vfo6-DmqHc51j0ieLTGuIgkvyZo.cer (raw, json)
Hash identifier:          jhMUHWSUbKfmytBKVbXUQldeOUGycxq2UBMv56qXGvI=
Subject key identifier:   BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA286ADF6B1D29947FBC7E088741863F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:31:35 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 3304
                          AS: 5432
                          AS: 5488
                          AS: 28704
                          AS: 29005
                          IP: 37.62.0.0/16
                          IP: 37.184.0.0/15
                          IP: 46.178.0.0/15
                          IP: 62.4.128.0/17
                          IP: 62.235.0.0/16
                          IP: 80.200.0.0/15
                          IP: 80.236.128.0/17
                          IP: 81.11.128.0/17
                          IP: 81.169.0.0/17
                          IP: 81.240.0.0/13
                          IP: 83.134.0.0/16
                          IP: 87.64.0.0/14
                          IP: 88.197.128.0/17
                          IP: 91.176.0.0/13
                          IP: 91.190.208.0/21
                          IP: 92.48.128.0/18
                          IP: 109.128.0.0/12
                          IP: 178.144.0.0/15
                          IP: 185.2.92.0/22
                          IP: 188.5.0.0/16
                          IP: 193.28.47.0/24
                          IP: 193.74.0.0/16
                          IP: 193.75.128.0/17
                          IP: 193.91.96.0/19
                          IP: 193.121.0.0/16
                          IP: 193.243.136.0/23
                          IP: 194.78.0.0/16
                          IP: 194.119.224.0/19
                          IP: 195.0.0.0/17
                          IP: 195.13.0.0/19
                          IP: 195.74.192.0/19
                          IP: 195.95.0.0/17
                          IP: 195.207.0.0/16
                          IP: 195.238.0.0/19
                          IP: 212.233.0.0/19
                          IP: 212.239.128.0/17
                          IP: 213.49.0.0/16
                          IP: 213.177.128.0/19
                          IP: 213.181.32.0/19
                          IP: 217.136.0.0/16
                          IP: 2a02:a000::/26
                          IP: 2a04:6c40::/29
                          IP: 2a04:9f80::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:6a:df:6b:1d:29:94:7f:bc:7e:08:87:41:86:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bdfa3af839aa1dce758f489e2d31ae22092fc99a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b9:9d:f0:f8:10:fe:0a:45:6a:7f:f0:3f:58:
                    4a:4e:9b:71:0c:36:15:e4:ec:75:8b:ee:f4:51:a1:
                    f3:4e:91:2d:97:90:bb:4b:23:80:c9:98:6d:31:66:
                    e0:4a:b3:21:1f:56:f5:8d:6e:f8:3e:e2:6b:48:3b:
                    53:31:ed:1d:16:ea:22:d1:ee:e4:93:2d:57:33:2f:
                    b7:73:3f:0b:15:6d:69:29:f9:be:a7:ff:c1:e6:2f:
                    e8:b2:fe:e4:a9:0d:ca:45:c5:c1:3b:02:bb:4f:27:
                    10:71:08:98:63:9f:e1:5b:87:5d:dc:76:13:89:dc:
                    05:09:8c:a3:c2:15:f8:eb:bd:2e:37:ab:2f:89:66:
                    db:4f:0d:ab:e7:e7:95:30:34:d0:55:91:ef:e6:41:
                    88:7e:4d:87:c5:be:64:4b:8e:10:39:c6:4d:07:4d:
                    14:e0:6b:67:87:00:13:7c:b6:fb:c8:98:4a:b3:64:
                    71:f9:08:39:a4:bd:25:ec:e9:58:fb:5a:3f:c1:8b:
                    12:3a:ac:b5:3e:75:16:4b:5f:41:ea:cf:d0:0d:1b:
                    8d:7a:1d:45:3a:c8:62:42:f9:4a:75:37:8f:a9:ce:
                    50:8a:4b:ef:7b:0d:85:c9:fc:d8:bc:6f:f7:3c:02:
                    a3:fc:81:66:a3:50:d3:d1:73:1a:d7:b4:85:8e:ff:
                    ef:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:FA:3A:F8:39:AA:1D:CE:75:8F:48:9E:2D:31:AE:22:09:2F:C9:9A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/8cdbc5-9365-4a0c-b9a3-ae7746f09630/1/vfo6-DmqHc51j0ieLTGuIgkvyZo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.62.0.0/16
                  37.184.0.0/15
                  46.178.0.0/15
                  62.4.128.0/17
                  62.235.0.0/16
                  80.200.0.0/15
                  80.236.128.0/17
                  81.11.128.0/17
                  81.169.0.0/17
                  81.240.0.0/13
                  83.134.0.0/16
                  87.64.0.0/14
                  88.197.128.0/17
                  91.176.0.0/13
                  91.190.208.0/21
                  92.48.128.0/18
                  109.128.0.0/12
                  178.144.0.0/15
                  185.2.92.0/22
                  188.5.0.0/16
                  193.28.47.0/24
                  193.74.0.0/16
                  193.75.128.0/17
                  193.91.96.0/19
                  193.121.0.0/16
                  193.243.136.0/23
                  194.78.0.0/16
                  194.119.224.0/19
                  195.0.0.0/17
                  195.13.0.0/19
                  195.74.192.0/19
                  195.95.0.0/17
                  195.207.0.0/16
                  195.238.0.0/19
                  212.233.0.0/19
                  212.239.128.0/17
                  213.49.0.0/16
                  213.177.128.0/19
                  213.181.32.0/19
                  217.136.0.0/16
                IPv6:
                  2a02:a000::/26
                  2a04:6c40::/29
                  2a04:9f80::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  3304
                  5432
                  5488
                  28704
                  29005

    Signature Algorithm: sha256WithRSAEncryption
         a7:4a:49:52:5a:09:5c:1e:58:d6:b4:ab:d1:f4:33:2f:cd:67:
         1f:b7:4b:76:59:4e:4e:35:1a:09:37:b6:fa:93:ed:3c:7e:72:
         b7:c1:dd:db:b6:af:82:a2:e1:34:b0:26:25:3e:fd:3f:a1:28:
         7a:eb:9e:bc:d3:f5:e5:2c:6d:36:bb:b3:f3:97:67:f9:81:c5:
         ce:0b:94:80:c8:15:c2:79:07:f0:57:28:ef:f3:dc:92:b6:56:
         52:91:02:64:a3:4d:b7:35:98:05:80:c2:33:cb:fb:4c:2d:d4:
         8f:5a:a8:44:78:11:63:7a:c5:ad:92:c7:f4:8a:37:16:f2:2e:
         49:a6:1d:60:17:49:3e:ce:0e:0d:e3:ed:f7:3a:02:18:94:9b:
         55:fb:e0:e9:65:9c:ef:00:81:9e:37:b7:6e:4b:b2:6c:28:39:
         64:31:14:4e:a9:0c:86:1a:ac:ef:6b:82:ff:a8:35:86:47:0d:
         2a:e9:83:07:e0:6c:46:7f:47:09:12:6f:a5:e4:4a:f6:4e:54:
         0f:3b:41:69:40:77:e2:dd:89:a9:63:d8:a9:7f:98:e6:eb:19:
         27:3a:44:3d:15:04:a4:95:95:f9:f1:69:8c:17:f8:d8:ed:5c:
         58:c4:6f:43:50:de:c3:2f:ba:0c:d7:49:dc:76:af:f7:a0:db:
         a3:71:80:c0
-----BEGIN CERTIFICATE-----
MIIGoDCCBYigAwIBAgISAYzKKGrfax0plH+8fgiHQYY/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGZhM2FmODM5YWExZGNlNzU4ZjQ4OWUyZDMxYWUyMjA5MmZjOTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bmd8PgQ/gpFan/wP1hKTptxDDYV
5Ox1i+70UaHzTpEtl5C7SyOAyZhtMWbgSrMhH1b1jW74PuJrSDtTMe0dFuoi0e7k
ky1XMy+3cz8LFW1pKfm+p//B5i/osv7kqQ3KRcXBOwK7TycQcQiYY5/hW4dd3HYT
idwFCYyjwhX4670uN6sviWbbTw2r5+eVMDTQVZHv5kGIfk2Hxb5kS44QOcZNB00U
4GtnhwATfLb7yJhKs2Rx+Qg5pL0l7OlY+1o/wYsSOqy1PnUWS19B6s/QDRuNeh1F
OshiQvlKdTePqc5Qikvvew2FyfzYvG/3PAKj/IFmo1DT0XMa17SFjv/v9QIDAQAB
o4IDrDCCA6gwHQYDVR0OBBYEFL36Ovg5qh3OdY9Ini0xriIJL8maMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhkLzhjZGJj
NS05MzY1LTRhMGMtYjlhMy1hZTc3NDZmMDk2MzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGQvOGNkYmM1
LTkzNjUtNGEwYy1iOWEzLWFlNzc0NmYwOTYzMC8xL3ZmbzYtRG1xSGM1MWowaWVM
VEd1SWdrdnlaby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIBGgYIKwYB
BQUHAQcBAf8EggEJMIIBBTCB5QQCAAEwgd4DAwAlPgMDASW4AwMBLrIDBAc+BIAD
AwA+6wMDAVDIAwQHUOyAAwQHUQuAAwQHUakAAwMDUfADAwBThgMDAldAAwQHWMWA
AwMDW7ADBANbvtADBAZcMIADAwRtgAMDAbKQAwQCuQJcAwMAvAUDBADBHC8DAwDB
SgMEB8FLgAMEBcFbYAMDAMF5AwQBwfOIAwMAwk4DBAXCd+ADBAfDAAADBAXDDQAD
BAXDSsADBAfDXwADAwDDzwMEBcPuAAMEBdTpAAMEB9TvgAMDANUxAwQF1bGAAwQF
1bUgAwMA2YgwGwQCAAIwFQMFBioCoAADBQMqBGxAAwUDKgSfgDApBggrBgEFBQcB
CAEB/wQaMBigFjAUAgIM6AICFTgCAhVwAgJwIAICcU0wDQYJKoZIhvcNAQELBQAD
ggEBAKdKSVJaCVweWNa0q9H0My/NZx+3S3ZZTk41Ggk3tvqT7Tx+crfB3du2r4Ki
4TSwJiU+/T+hKHrrnrzT9eUsbTa7s/OXZ/mBxc4LlIDIFcJ5B/BXKO/z3JK2VlKR
AmSjTbc1mAWAwjPL+0wt1I9aqER4EWN6xa2Sx/SKNxbyLkmmHWAXST7ODg3j7fc6
AhiUm1X74OllnO8AgZ43t25LsmwoOWQxFE6pDIYarO9rgv+oNYZHDSrpgwfgbEZ/
RwkSb6XkSvZOVA87QWlAd+Ldialj2Kl/mObrGSc6RD0VBKSVlfnxaYwX+NjtXFjE
b0NQ3sMvugzXSdx2r/eg26NxgMA=
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:31:59 2024 by rpki-client on console-ams.rpki-client.org