Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/w4w6HAXImev-FdI2GQmmNZfGgHg.cer
File:                     w4w6HAXImev-FdI2GQmmNZfGgHg.cer (raw, json)
Hash identifier:          y6ARF5Lih+Ocgifgzl/+Y/mzXd6XcR88TGnr4KEXpb4=
Subject key identifier:   C3:8C:3A:1C:05:C8:99:EB:FE:15:D2:36:19:09:A6:35:97:C6:80:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC41936C8DE093074398A87F201B9B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/w4w6HAXImev-FdI2GQmmNZfGgHg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 43771
                          IP: 91.198.148.0/24
                          IP: 185.202.4.0/22
                          IP: 2a0a:cdc0::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:41:93:6c:8d:e0:93:07:43:98:a8:7f:20:1b:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c38c3a1c05c899ebfe15d2361909a63597c68078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:03:7b:d7:83:43:98:ff:ec:0a:6e:96:d9:9b:
                    15:09:4e:df:4c:fe:3f:79:49:34:b7:ab:64:b2:15:
                    f1:5a:89:f4:78:ec:cc:72:59:54:f9:8c:50:7e:bb:
                    63:27:65:ce:89:6c:cb:68:56:1f:ba:a9:cc:f5:ec:
                    87:28:30:c0:e4:68:66:eb:f9:cb:d5:4c:c1:c7:a6:
                    a1:5a:40:b8:db:a9:eb:46:45:b4:74:27:b0:05:c3:
                    09:85:a4:14:cb:cf:e4:68:66:99:e1:d1:6e:38:ca:
                    d0:fe:03:14:9a:a5:f9:26:a8:7b:f3:34:dc:65:97:
                    12:55:fe:8b:88:86:53:39:08:63:86:c9:d3:f1:1e:
                    5b:ad:68:92:26:81:a8:eb:42:85:22:e1:d3:a8:38:
                    07:0f:1a:f4:36:b9:e6:c8:dc:34:f9:f8:ff:25:6c:
                    bb:da:ce:d0:29:81:0d:28:e0:3b:1d:1e:91:6f:12:
                    58:a1:d2:aa:94:cf:73:94:a5:d6:47:4c:18:c5:ea:
                    18:ad:7a:1c:ef:3b:a3:3f:67:98:79:8a:f9:07:58:
                    73:e7:4f:6c:d2:0a:38:b7:a2:2a:83:ab:6b:9e:6a:
                    c5:56:e7:01:a0:4d:d0:80:21:d8:2a:21:c9:b5:15:
                    c3:93:ec:64:79:20:c2:91:e1:0d:37:dc:51:80:0e:
                    ca:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:8C:3A:1C:05:C8:99:EB:FE:15:D2:36:19:09:A6:35:97:C6:80:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/9e86ab-bc7f-4bc4-b127-42262161e940/1/w4w6HAXImev-FdI2GQmmNZfGgHg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.148.0/24
                  185.202.4.0/22
                IPv6:
                  2a0a:cdc0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  43771

    Signature Algorithm: sha256WithRSAEncryption
         29:0a:d8:80:a0:24:bd:50:52:57:68:a9:b4:d2:87:93:16:3c:
         ad:1c:b8:c8:45:2e:0d:20:ed:ee:d6:07:34:58:e6:97:32:c4:
         8b:93:5f:f8:f8:e1:ac:61:4a:15:e2:48:6c:52:6b:83:43:58:
         66:cb:f3:44:fb:cb:f5:34:20:9e:5b:d5:4e:a2:d6:8b:11:aa:
         50:3a:99:05:e8:b5:8a:4f:21:d9:54:cd:70:a7:b7:8c:de:3f:
         f0:95:15:7f:c0:e8:2c:fc:62:46:c4:40:3d:fe:30:ee:f6:e9:
         de:0d:c5:1d:9e:90:b0:bf:51:dd:b8:04:76:52:70:75:32:9a:
         fa:e5:f7:8b:ee:01:b2:fc:f1:2c:47:d2:91:df:ff:7d:d5:6a:
         32:2c:16:93:3a:ca:b6:a9:60:b2:da:f9:6e:c1:68:9e:9c:c2:
         d4:26:3f:9e:a8:54:f5:2b:4c:07:15:1d:24:5c:1f:5d:d3:60:
         40:29:34:e5:7c:8f:4b:3c:21:c8:20:a8:3b:04:3b:5f:a6:da:
         e9:ac:84:7d:b3:37:aa:50:39:23:45:fc:a8:da:72:4d:d7:9f:
         2f:ee:b6:84:ad:8b:9a:45:ff:ad:51:1e:f6:66:f0:3a:7e:e6:
         ea:ca:e6:16:61:cd:c3:e0:ca:a3:e6:03:15:ca:dc:56:43:83:
         b9:db:fd:ca
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYzF3EGTbI3gkwdDmKh/IBubMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzhjM2ExYzA1Yzg5OWViZmUxNWQyMzYxOTA5YTYzNTk3YzY4MDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgN714NDmP/sCm6W2ZsVCU7fTP4/
eUk0t6tkshXxWon0eOzMcllU+YxQfrtjJ2XOiWzLaFYfuqnM9eyHKDDA5Ghm6/nL
1UzBx6ahWkC426nrRkW0dCewBcMJhaQUy8/kaGaZ4dFuOMrQ/gMUmqX5Jqh78zTc
ZZcSVf6LiIZTOQhjhsnT8R5brWiSJoGo60KFIuHTqDgHDxr0NrnmyNw0+fj/JWy7
2s7QKYENKOA7HR6RbxJYodKqlM9zlKXWR0wYxeoYrXoc7zujP2eYeYr5B1hz509s
0go4t6Iqg6trnmrFVucBoE3QgCHYKiHJtRXDk+xkeSDCkeENN9xRgA7KYwIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFMOMOhwFyJnr/hXSNhkJpjWXxoB4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVlLzllODZh
Yi1iYzdmLTRiYzQtYjEyNy00MjI2MjE2MWU5NDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWUvOWU4NmFi
LWJjN2YtNGJjNC1iMTI3LTQyMjYyMTYxZTk0MC8xL3c0dzZIQVhJbWV2LUZkSTJH
UW1tTlpmR2dIZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDQGCCsGAQUF
BwEHAQH/BCUwIzASBAIAATAMAwQAW8aUAwQCucoEMA0EAgACMAcDBQAqCs3AMBoG
CCsGAQUFBwEIAQH/BAswCaAHMAUCAwCq+zANBgkqhkiG9w0BAQsFAAOCAQEAKQrY
gKAkvVBSV2iptNKHkxY8rRy4yEUuDSDt7tYHNFjmlzLEi5Nf+PjhrGFKFeJIbFJr
g0NYZsvzRPvL9TQgnlvVTqLWixGqUDqZBei1ik8h2VTNcKe3jN4/8JUVf8DoLPxi
RsRAPf4w7vbp3g3FHZ6QsL9R3bgEdlJwdTKa+uX3i+4BsvzxLEfSkd//fdVqMiwW
kzrKtqlgstr5bsFonpzC1CY/nqhU9StMBxUdJFwfXdNgQCk05XyPSzwhyCCoOwQ7
X6ba6ayEfbM3qlA5I0X8qNpyTdefL+62hK2LmkX/rVEe9mbwOn7m6srmFmHNw+DK
o+YDFcrcVkODudv9yg==
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:04:56 2024 by rpki-client on console-ams.rpki-client.org