Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/xoEG9ElX0ZQCAzWwv9YHfMvNyHg.cer
File:                     xoEG9ElX0ZQCAzWwv9YHfMvNyHg.cer (raw, json)
Hash identifier:          YiidNy51k56WcyFRYkCk4+QgnJoffcqRwhsAYwW+Vtc=
Subject key identifier:   C6:81:06:F4:49:57:D1:94:02:03:35:B0:BF:D6:07:7C:CB:CD:C8:78
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94AA5558AB579CB47EF46FE672AC26E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/6a/43e70b-df62-4028-a386-a029fbb4be29/1/xoEG9ElX0ZQCAzWwv9YHfMvNyHg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/6a/43e70b-df62-4028-a386-a029fbb4be29/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:29:21 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 56538
                          AS: 61188
                          IP: 77.74.216.0/21
                          IP: 91.213.47.0/24
                          IP: 185.97.192.0/22
                          IP: 2a03:ea00::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:a5:55:8a:b5:79:cb:47:ef:46:fe:67:2a:c2:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c68106f44957d194020335b0bfd6077ccbcdc878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c8:6f:c0:3e:8b:59:ef:3a:37:a8:1d:af:c4:
                    d0:8e:2e:d5:c7:86:f2:64:1a:1f:33:87:45:c5:c5:
                    25:f2:ac:1f:ad:e9:1c:aa:f9:05:eb:c6:ce:cb:7d:
                    24:2f:c9:1b:67:a2:20:c8:bf:ca:67:36:fb:a7:4c:
                    da:2e:43:61:94:05:c1:50:ba:41:37:28:e7:1c:ae:
                    ae:8a:6f:7f:3f:ad:c0:a9:84:bf:ad:1e:5f:c7:db:
                    7d:4f:90:ed:12:22:86:9f:37:fd:5a:d6:b6:ff:e0:
                    7c:bb:c0:f4:d2:c3:a0:27:35:ed:f5:0c:7f:c5:8e:
                    96:de:81:61:39:a0:5d:b1:ef:b9:92:db:ce:d0:47:
                    1e:ee:bf:b3:01:05:c7:89:e6:81:4d:ba:99:6a:90:
                    19:70:8c:74:84:f5:13:45:7c:e4:7a:a0:09:2b:75:
                    12:3c:f6:2f:5e:76:32:36:8e:b9:12:b8:73:e3:f0:
                    db:68:87:b5:e4:6a:23:99:df:d7:d6:8c:9b:3f:8f:
                    66:24:ad:7c:e9:7c:3f:88:a1:c0:44:92:95:f0:57:
                    74:b1:0e:fb:5d:1b:42:a5:cb:44:a5:af:ee:9a:a5:
                    4e:3f:39:04:1b:fd:16:0f:a1:32:b2:9c:2d:c4:fb:
                    0e:6d:36:39:80:15:c1:8e:35:6b:e2:ed:7b:90:77:
                    74:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:81:06:F4:49:57:D1:94:02:03:35:B0:BF:D6:07:7C:CB:CD:C8:78
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/43e70b-df62-4028-a386-a029fbb4be29/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/43e70b-df62-4028-a386-a029fbb4be29/1/xoEG9ElX0ZQCAzWwv9YHfMvNyHg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.74.216.0/21
                  91.213.47.0/24
                  185.97.192.0/22
                IPv6:
                  2a03:ea00::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  56538
                  61188

    Signature Algorithm: sha256WithRSAEncryption
         2d:37:dc:76:d6:9c:c4:ac:e1:8d:19:5d:31:63:77:57:bf:e0:
         0a:c8:e4:e9:52:41:62:9e:e6:97:55:dd:93:90:47:64:3a:34:
         1d:52:03:3f:5e:39:99:dd:63:2c:97:21:37:18:29:88:c3:7d:
         64:1f:14:11:ed:1d:d1:71:2e:83:41:4a:ba:5b:af:61:09:d4:
         ec:2b:cf:80:a1:1f:3b:f1:53:67:dd:79:3b:d3:0d:4a:f5:95:
         60:54:12:33:f2:29:cc:ca:a4:5f:b3:7f:0a:97:8a:83:6a:3e:
         dd:86:7c:8f:32:d6:36:b2:95:c4:ab:5b:92:2e:15:02:23:ef:
         7a:7e:d3:c2:ee:0d:cc:cc:62:97:30:4a:9d:23:31:38:bb:67:
         c9:7c:57:5c:17:98:7a:b3:1a:26:d5:30:f4:52:f2:9d:6e:0a:
         df:89:2f:10:4c:88:29:6f:93:76:31:33:c5:da:77:a9:ec:0d:
         57:3f:fd:cb:46:c0:dd:d5:b8:a2:08:b5:8a:d0:0f:7a:1d:44:
         84:5b:1b:37:5a:f4:5e:d9:bf:e4:bd:a2:30:58:7d:20:18:4a:
         28:af:e0:83:da:ee:8a:46:38:59:0a:74:63:02:71:d7:12:9a:
         e3:1e:bb:fd:16:96:cc:58:2d:d1:80:7b:eb:b0:c7:bc:4d:f4:
         3f:8a:9e:bf
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgISAYzJSqVVirV5y0fvRv5nKsJuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjgxMDZmNDQ5NTdkMTk0MDIwMzM1YjBiZmQ2MDc3Y2NiY2RjODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8hvwD6LWe86N6gdr8TQji7Vx4by
ZBofM4dFxcUl8qwfrekcqvkF68bOy30kL8kbZ6IgyL/KZzb7p0zaLkNhlAXBULpB
NyjnHK6uim9/P63AqYS/rR5fx9t9T5DtEiKGnzf9Wta2/+B8u8D00sOgJzXt9Qx/
xY6W3oFhOaBdse+5ktvO0Ece7r+zAQXHieaBTbqZapAZcIx0hPUTRXzkeqAJK3US
PPYvXnYyNo65Erhz4/DbaIe15Gojmd/X1oybP49mJK186Xw/iKHARJKV8Fd0sQ77
XRtCpctEpa/umqVOPzkEG/0WD6EyspwtxPsObTY5gBXBjjVr4u17kHd0qQIDAQAB
o4ICwDCCArwwHQYDVR0OBBYEFMaBBvRJV9GUAgM1sL/WB3zLzch4MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzZhLzQzZTcw
Yi1kZjYyLTQwMjgtYTM4Ni1hMDI5ZmJiNGJlMjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmEvNDNlNzBi
LWRmNjItNDAyOC1hMzg2LWEwMjlmYmI0YmUyOS8xL3hvRUc5RWxYMFpRQ0F6V3d2
OVlIZk12TnlIZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDoGCCsGAQUF
BwEHAQH/BCswKTAYBAIAATASAwQDTUrYAwQAW9UvAwQCuWHAMA0EAgACMAcDBQAq
A+oAMB8GCCsGAQUFBwEIAQH/BBAwDqAMMAoCAwDc2gIDAO8EMA0GCSqGSIb3DQEB
CwUAA4IBAQAtN9x21pzErOGNGV0xY3dXv+AKyOTpUkFinuaXVd2TkEdkOjQdUgM/
XjmZ3WMslyE3GCmIw31kHxQR7R3RcS6DQUq6W69hCdTsK8+AoR878VNn3Xk70w1K
9ZVgVBIz8inMyqRfs38Kl4qDaj7dhnyPMtY2spXEq1uSLhUCI+96ftPC7g3MzGKX
MEqdIzE4u2fJfFdcF5h6sxom1TD0UvKdbgrfiS8QTIgpb5N2MTPF2nep7A1XP/3L
RsDd1biiCLWK0A96HUSEWxs3WvRe2b/kvaIwWH0gGEoor+CD2u6KRjhZCnRjAnHX
EprjHrv9FpbMWC3RgHvrsMe8TfQ/ip6/
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:05:10 2024 by rpki-client on console-ams.rpki-client.org