Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/x3cBNdDw0wqGjfVR2HUtS0utwsE.cer
File:                     x3cBNdDw0wqGjfVR2HUtS0utwsE.cer (raw, json)
Hash identifier:          IKW1W+YcNncxi8G6ji+nAl9FyDBw2X+T1Xa68vdDDJ0=
Subject key identifier:   C7:77:01:35:D0:F0:D3:0A:86:8D:F5:51:D8:75:2D:4B:4B:AD:C2:C1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018DA79869A5EED228135911F3764B37A8FA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/x3cBNdDw0wqGjfVR2HUtS0utwsE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 14 Feb 2024 12:30:00 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 51942
                          AS: 60938
                          IP: 81.173.44.0/22
                          IP: 91.221.150.0/23
                          IP: 185.133.36.0/22
                          IP: 2001:67c:16b4::/48
                          IP: 2a06:21c0::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:98:69:a5:ee:d2:28:13:59:11:f3:76:4b:37:a8:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Feb 14 12:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7770135d0f0d30a868df551d8752d4b4badc2c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:5e:96:df:66:92:a0:29:9f:8b:bb:28:c1:8c:
                    6e:b5:8c:69:57:2c:fc:ab:2f:1f:72:69:20:a9:e2:
                    70:87:38:ca:96:24:c6:ab:d0:6f:65:56:68:d0:6c:
                    cc:f0:28:fd:a4:5c:8a:5a:c6:13:7b:fa:b9:a6:84:
                    df:9f:1c:b8:99:32:d7:3a:b8:cf:0f:51:c0:f7:f0:
                    80:66:35:a7:a9:0b:e7:0d:6c:a0:ff:4d:08:1d:86:
                    95:15:c7:f5:d7:a4:db:b9:45:f4:9d:e8:ce:f2:79:
                    63:97:e8:2d:b6:c0:b6:ab:2e:2d:f8:ef:e1:80:a8:
                    ad:91:01:d8:62:ac:33:59:f3:8b:cb:f1:1e:c8:f1:
                    dc:9c:08:7e:9a:10:54:72:48:9e:62:50:9c:a9:0b:
                    eb:c5:09:0f:c4:fc:a2:c9:6a:62:ed:57:5f:a9:24:
                    db:a7:56:53:61:6c:8b:e9:ec:5a:98:77:11:c5:cb:
                    58:b2:cf:fb:b7:8b:14:28:54:3b:3f:17:3b:74:a7:
                    bd:74:e9:fd:95:11:16:5d:99:b7:6e:eb:9b:ec:8e:
                    83:3f:6d:37:7c:28:6a:c2:6e:11:be:45:ac:14:a9:
                    90:c7:22:65:d1:ab:14:06:81:0c:93:d3:25:5d:50:
                    dd:dd:6c:67:f6:6c:6d:5f:cb:21:c1:fe:92:6e:b5:
                    69:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:77:01:35:D0:F0:D3:0A:86:8D:F5:51:D8:75:2D:4B:4B:AD:C2:C1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/b97070-c5f4-4410-94b5-d64d75394037/1/x3cBNdDw0wqGjfVR2HUtS0utwsE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.173.44.0/22
                  91.221.150.0/23
                  185.133.36.0/22
                IPv6:
                  2001:67c:16b4::/48
                  2a06:21c0::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  51942
                  60938

    Signature Algorithm: sha256WithRSAEncryption
         17:80:8f:03:a3:6a:51:9a:02:f6:4d:0a:5a:a8:d6:8b:00:87:
         f9:68:05:b0:e8:90:d5:49:4c:d9:1b:f3:3b:04:83:d5:ff:6b:
         f2:e4:0d:89:8d:33:ac:41:02:77:c0:5e:34:d9:bd:df:b3:c9:
         a1:35:9a:46:71:5e:20:44:bc:36:df:59:90:b8:89:7c:60:95:
         24:37:86:90:f0:7d:70:88:06:d2:b2:8e:1f:c3:56:5e:28:19:
         65:1b:39:20:58:d6:e1:fc:89:23:af:75:23:55:74:bf:ff:3a:
         93:fe:20:41:37:14:9c:85:07:e6:23:cc:9d:11:2c:d8:20:31:
         61:0a:a5:97:3d:2e:49:e8:1e:26:a5:08:fc:14:08:1b:3b:1b:
         a4:64:c4:88:97:df:b3:c9:84:b1:df:82:9e:6a:f3:9e:3d:41:
         6b:0b:58:a1:f7:5c:cd:b2:4e:f5:52:10:3d:1b:06:d5:c8:15:
         c8:c1:26:cc:3d:08:44:c5:7c:9b:aa:f6:e8:03:20:74:65:a1:
         93:73:4a:13:00:9c:fd:05:af:9d:2b:96:9a:9c:e0:2d:90:0a:
         65:77:bd:6f:b3:39:79:a5:0c:03:99:4e:6a:27:1a:0b:32:0f:
         d2:b0:d4:76:45:30:e5:83:bb:fc:04:9f:73:84:a0:1a:13:e2:
         b2:a3:ba:7e
-----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgISAY2nmGml7tIoE1kR83ZLN6j6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMjE0MTIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzc3MDEzNWQwZjBkMzBhODY4ZGY1NTFkODc1MmQ0YjRiYWRjMmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA216W32aSoCmfi7sowYxutYxpVyz8
qy8fcmkgqeJwhzjKliTGq9BvZVZo0GzM8Cj9pFyKWsYTe/q5poTfnxy4mTLXOrjP
D1HA9/CAZjWnqQvnDWyg/00IHYaVFcf116TbuUX0nejO8nljl+gttsC2qy4t+O/h
gKitkQHYYqwzWfOLy/EeyPHcnAh+mhBUckieYlCcqQvrxQkPxPyiyWpi7VdfqSTb
p1ZTYWyL6examHcRxctYss/7t4sUKFQ7Pxc7dKe9dOn9lREWXZm3buub7I6DP203
fChqwm4RvkWsFKmQxyJl0asUBoEMk9MlXVDd3Wxn9mxtX8shwf6SbrVpHQIDAQAB
o4ICyTCCAsUwHQYDVR0OBBYEFMd3ATXQ8NMKho31Udh1LUtLrcLBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzYxL2I5NzA3
MC1jNWY0LTQ0MTAtOTRiNS1kNjRkNzUzOTQwMzcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjEvYjk3MDcw
LWM1ZjQtNDQxMC05NGI1LWQ2NGQ3NTM5NDAzNy8xL3gzY0JOZER3MHdxR2pmVlIy
SFV0UzB1dHdzRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMEMGCCsGAQUF
BwEHAQH/BDQwMjAYBAIAATASAwQCUa0sAwQBW92WAwQCuYUkMBYEAgACMBADBwAg
AQZ8FrQDBQMqBiHAMB8GCCsGAQUFBwEIAQH/BBAwDqAMMAoCAwDK5gIDAO4KMA0G
CSqGSIb3DQEBCwUAA4IBAQAXgI8Do2pRmgL2TQpaqNaLAIf5aAWw6JDVSUzZG/M7
BIPV/2vy5A2JjTOsQQJ3wF402b3fs8mhNZpGcV4gRLw231mQuIl8YJUkN4aQ8H1w
iAbSso4fw1ZeKBllGzkgWNbh/Ikjr3UjVXS//zqT/iBBNxSchQfmI8ydESzYIDFh
CqWXPS5J6B4mpQj8FAgbOxukZMSIl9+zyYSx34KeavOePUFrC1ih91zNsk71UhA9
GwbVyBXIwSbMPQhExXybqvboAyB0ZaGTc0oTAJz9Ba+dK5aanOAtkApld71vszl5
pQwDmU5qJxoLMg/SsNR2RTDlg7v8BJ9zhKAaE+Kyo7p+
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:05:04 2024 by rpki-client on console-ams.rpki-client.org