Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xVnUaTVVufKtaAe6ztxLWi5wGkg.cer
File:                     xVnUaTVVufKtaAe6ztxLWi5wGkg.cer (raw, json)
Hash identifier:          0Ve4Vy2WZpTOqeYo7BHl7M/vr6VQ/hk7cJY7WFc1pVU=
Subject key identifier:   C5:59:D4:69:35:55:B9:F2:AD:68:07:BA:CE:DC:4B:5A:2E:70:1A:48
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4935AE369CE0647B6907B85D327EC1F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/20/3f0f8b-af93-423b-bea5-d2e351609759/1/xVnUaTVVufKtaAe6ztxLWi5wGkg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/20/3f0f8b-af93-423b-bea5-d2e351609759/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:30:40 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 89.35.118.0/24
                          IP: 149.62.34.0/24
                          IP: 185.70.28.0/22
                          IP: 2a05:2800::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5a:e3:69:ce:06:47:b6:90:7b:85:d3:27:ec:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c559d4693555b9f2ad6807bacedc4b5a2e701a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8f:ea:59:93:05:7a:43:ae:ed:13:dc:fb:0b:
                    15:32:e1:d3:74:71:aa:2c:a4:36:9b:22:04:47:87:
                    68:b7:ce:63:9b:e9:c3:84:ab:ad:63:97:af:92:6b:
                    83:5f:98:b6:3a:72:c9:24:9b:d8:dc:c0:ea:a3:cd:
                    01:fd:1c:d0:d0:c6:ef:c3:59:2f:4e:5f:f9:53:3b:
                    cb:b6:ab:9f:0f:d2:f7:a8:ae:b9:61:ed:23:2a:58:
                    ea:2a:bf:4a:ce:60:be:33:40:7e:41:49:f7:6f:25:
                    c9:14:57:e8:ce:40:bc:5c:ef:1e:81:32:c6:82:ff:
                    73:32:b1:7b:76:c8:36:58:15:ac:70:a3:75:0e:60:
                    aa:05:12:70:d2:7a:82:b2:14:49:a7:94:68:91:11:
                    e4:77:82:2d:8b:69:dc:80:2c:dc:52:0b:20:de:48:
                    1f:44:5a:36:3e:ed:18:19:95:6a:14:a1:24:cf:64:
                    cc:8c:c0:6f:36:34:00:24:39:cc:66:c2:8b:5b:3a:
                    f6:95:62:e8:b1:cf:7c:34:89:22:02:68:02:5c:b3:
                    89:d3:ba:12:2a:1a:84:31:4b:5b:86:f0:41:4a:71:
                    2d:ac:56:44:25:2b:72:2a:28:96:99:ad:42:7c:a8:
                    d4:2a:43:2c:42:69:7e:51:16:17:85:c4:aa:63:09:
                    ba:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:59:D4:69:35:55:B9:F2:AD:68:07:BA:CE:DC:4B:5A:2E:70:1A:48
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/3f0f8b-af93-423b-bea5-d2e351609759/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/3f0f8b-af93-423b-bea5-d2e351609759/1/xVnUaTVVufKtaAe6ztxLWi5wGkg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.118.0/24
                  149.62.34.0/24
                  185.70.28.0/22
                IPv6:
                  2a05:2800::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:d0:4b:43:cc:9b:0b:a6:af:d5:59:c4:e3:47:a2:08:47:ca:
         ea:9c:f5:89:15:a2:55:e0:c9:84:5a:89:1f:3f:97:63:18:84:
         c7:5a:9d:69:4c:1e:3d:55:32:0e:a9:20:eb:35:f6:c2:f1:59:
         06:2e:b2:ae:20:a0:82:7c:b6:51:4b:4f:9f:da:bc:2d:4f:8e:
         2f:80:7f:8c:48:73:45:b6:49:db:a1:07:76:c2:e9:cb:a0:cb:
         46:c1:44:70:cb:68:51:67:00:3e:a3:40:b2:24:e6:66:b4:f6:
         ee:e7:e9:74:8a:79:42:14:30:24:60:85:a8:e7:56:06:33:52:
         04:01:e3:00:60:95:2c:10:2b:04:b7:30:66:e2:62:c9:7e:da:
         27:d9:80:88:5a:d7:ee:bc:49:15:a6:fa:a4:5a:a1:08:2d:de:
         ea:2a:7a:8a:a7:77:c1:78:ee:44:49:d1:e5:52:dc:aa:c4:7c:
         37:79:28:cf:7c:70:65:1e:f8:df:16:77:b6:1a:d8:f2:4d:6b:
         4d:2e:d6:80:b4:93:19:91:e3:2c:64:b3:77:f7:1e:c8:9a:c5:
         7a:7f:2a:bf:ea:9c:20:bb:1f:c6:ea:5d:3c:b1:cf:f9:b3:a9:
         16:2b:24:79:08:66:ca:c5:9c:37:b5:a1:ae:d4:28:27:d8:95:
         bf:06:79:2a
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzEk1rjac4GR7aQe4XTJ+wfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTU5ZDQ2OTM1NTViOWYyYWQ2ODA3YmFjZWRjNGI1YTJlNzAxYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzI/qWZMFekOu7RPc+wsVMuHTdHGq
LKQ2myIER4dot85jm+nDhKutY5evkmuDX5i2OnLJJJvY3MDqo80B/RzQ0Mbvw1kv
Tl/5UzvLtqufD9L3qK65Ye0jKljqKr9KzmC+M0B+QUn3byXJFFfozkC8XO8egTLG
gv9zMrF7dsg2WBWscKN1DmCqBRJw0nqCshRJp5RokRHkd4Iti2ncgCzcUgsg3kgf
RFo2Pu0YGZVqFKEkz2TMjMBvNjQAJDnMZsKLWzr2lWLosc98NIkiAmgCXLOJ07oS
KhqEMUtbhvBBSnEtrFZEJStyKiiWma1CfKjUKkMsQml+URYXhcSqYwm6ewIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFMVZ1Gk1VbnyrWgHus7cS1oucBpIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzIwLzNmMGY4
Yi1hZjkzLTQyM2ItYmVhNS1kMmUzNTE2MDk3NTkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvM2YwZjhi
LWFmOTMtNDIzYi1iZWE1LWQyZTM1MTYwOTc1OS8xL3hWblVhVFZWdWZLdGFBZTZ6
dHhMV2k1d0drZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDoGCCsGAQUF
BwEHAQH/BCswKTAYBAIAATASAwQAWSN2AwQAlT4iAwQCuUYcMA0EAgACMAcDBQMq
BSgAMA0GCSqGSIb3DQEBCwUAA4IBAQCr0EtDzJsLpq/VWcTjR6IIR8rqnPWJFaJV
4MmEWokfP5djGITHWp1pTB49VTIOqSDrNfbC8VkGLrKuIKCCfLZRS0+f2rwtT44v
gH+MSHNFtknboQd2wunLoMtGwURwy2hRZwA+o0CyJOZmtPbu5+l0inlCFDAkYIWo
51YGM1IEAeMAYJUsECsEtzBm4mLJfton2YCIWtfuvEkVpvqkWqEILd7qKnqKp3fB
eO5ESdHlUtyqxHw3eSjPfHBlHvjfFne2GtjyTWtNLtaAtJMZkeMsZLN39x7ImsV6
fyq/6pwgux/G6l08sc/5s6kWKyR5CGbKxZw3taGu1Cgn2JW/Bnkq
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:32:13 2024 by rpki-client on console-ams.rpki-client.org