Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/yNMivrfjY_TUV14eT-7lzLhOEnU.cer
File:                     yNMivrfjY_TUV14eT-7lzLhOEnU.cer (raw, json)
Hash identifier:          p2heUgCQtoSVWnP53RPzW7wat3BtmAhMgvq9XP3awHQ=
Subject key identifier:   C8:D3:22:BE:B7:E3:63:F4:D4:57:5E:1E:4F:EE:E5:CC:B8:4E:12:75
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC649EE08C54BFDA4A6E4C6DA204F74F5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a7/ef4db0-b6c9-47aa-84c1-dc3769e8f6a1/1/yNMivrfjY_TUV14eT-7lzLhOEnU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a7/ef4db0-b6c9-47aa-84c1-dc3769e8f6a1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:29:43 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 200562
                          IP: 45.159.172.0/22
                          IP: 146.255.116.0/22
                          IP: 185.75.144.0/22
                          IP: 2a05:5300::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:49:ee:08:c5:4b:fd:a4:a6:e4:c6:da:20:4f:74:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8d322beb7e363f4d4575e1e4feee5ccb84e1275
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:26:5c:f9:82:d5:3f:b6:08:64:e8:f1:2d:4b:
                    19:99:08:84:b5:33:0d:31:ae:63:d1:e2:19:59:62:
                    c5:56:3c:f2:46:8b:83:85:f5:67:72:c6:e2:f2:8f:
                    9c:b7:9a:2d:b8:a6:84:94:82:40:8f:6c:0d:36:a6:
                    0f:bc:9f:b2:ea:5c:2b:15:07:d0:b3:45:cd:ad:de:
                    77:4b:6c:e2:33:51:73:58:77:4d:01:9b:c9:c7:a7:
                    5a:ae:c0:05:d7:47:ea:ac:35:ec:64:fa:49:e7:ff:
                    0e:c6:9e:3f:4e:8e:94:18:f0:e7:46:fa:c1:64:22:
                    c4:f7:40:b0:05:4d:88:ed:a1:f3:42:b8:eb:5b:5b:
                    bf:ff:7c:f5:33:71:7e:6a:d1:e0:d4:ac:c2:de:74:
                    b7:7e:df:c0:ff:f4:b1:b4:f8:ff:66:90:3a:53:09:
                    06:78:00:7c:b1:76:ba:cb:06:4b:85:41:87:37:7c:
                    8a:15:66:21:1b:14:ca:22:d6:b4:ea:28:74:09:e7:
                    f1:39:92:00:cb:28:47:73:68:18:96:2e:86:b1:54:
                    31:e1:b5:4a:c0:6c:00:37:95:3b:c2:7d:55:65:61:
                    a1:80:28:9a:0a:07:c6:56:a1:c2:60:9e:1b:9b:63:
                    ba:20:c1:26:70:77:da:56:de:5c:da:44:3b:2a:1f:
                    47:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:D3:22:BE:B7:E3:63:F4:D4:57:5E:1E:4F:EE:E5:CC:B8:4E:12:75
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/ef4db0-b6c9-47aa-84c1-dc3769e8f6a1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/ef4db0-b6c9-47aa-84c1-dc3769e8f6a1/1/yNMivrfjY_TUV14eT-7lzLhOEnU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.172.0/22
                  146.255.116.0/22
                  185.75.144.0/22
                IPv6:
                  2a05:5300::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  200562

    Signature Algorithm: sha256WithRSAEncryption
         04:d6:3c:84:b3:71:fc:84:a5:36:9d:13:90:95:22:be:fb:be:
         e5:cf:19:43:f3:d2:15:0c:b5:6f:07:6a:c0:b2:fd:39:d9:d2:
         be:a1:8c:a7:8c:50:14:5a:e6:4d:24:e6:b7:fc:3c:60:a3:00:
         31:c3:81:28:1c:bf:83:8a:b9:ab:ab:d4:ba:e5:8f:fa:68:c9:
         b5:05:2d:fd:22:0b:74:50:d9:e4:8e:fa:4e:d1:b7:b8:d1:5b:
         64:d9:2d:0a:5b:ec:52:55:65:4e:ba:20:21:95:4b:6f:1b:97:
         1a:59:a5:32:cb:44:3c:4e:08:04:a9:d3:48:d1:0b:91:b3:ab:
         77:dd:80:85:a3:0f:65:61:a4:f8:45:35:56:e9:10:b2:68:df:
         e5:e1:9a:db:0b:09:53:7d:9d:f8:ac:c7:39:f3:cf:b6:cc:11:
         72:6e:a7:d1:70:a1:64:1e:11:13:7b:79:43:60:f6:84:9d:16:
         73:16:18:b9:ef:c7:65:29:e3:cc:b8:ab:c8:32:3c:5b:f8:43:
         6d:88:fe:56:de:a0:66:e6:5e:80:54:12:79:d3:35:dc:6c:d1:
         ac:48:67:b7:58:8f:2f:b1:c2:89:ec:d1:ae:20:2b:4b:38:a9:
         64:46:22:dc:17:8a:6b:af:54:d6:58:74:80:68:08:c5:55:5e:
         3e:6d:e9:d6
-----BEGIN CERTIFICATE-----
MIIFrzCCBJegAwIBAgISAYzGSe4IxUv9pKbkxtogT3T1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGQzMjJiZWI3ZTM2M2Y0ZDQ1NzVlMWU0ZmVlZTVjY2I4NGUxMjc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuiZc+YLVP7YIZOjxLUsZmQiEtTMN
Ma5j0eIZWWLFVjzyRouDhfVncsbi8o+ct5otuKaElIJAj2wNNqYPvJ+y6lwrFQfQ
s0XNrd53S2ziM1FzWHdNAZvJx6darsAF10fqrDXsZPpJ5/8Oxp4/To6UGPDnRvrB
ZCLE90CwBU2I7aHzQrjrW1u//3z1M3F+atHg1KzC3nS3ft/A//SxtPj/ZpA6UwkG
eAB8sXa6ywZLhUGHN3yKFWYhGxTKIta06ih0CefxOZIAyyhHc2gYli6GsVQx4bVK
wGwAN5U7wn1VZWGhgCiaCgfGVqHCYJ4bm2O6IMEmcHfaVt5c2kQ7Kh9HpQIDAQAB
o4ICuzCCArcwHQYDVR0OBBYEFMjTIr6342P01FdeHk/u5cy4ThJ1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2E3L2VmNGRi
MC1iNmM5LTQ3YWEtODRjMS1kYzM3NjllOGY2YTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcvZWY0ZGIw
LWI2YzktNDdhYS04NGMxLWRjMzc2OWU4ZjZhMS8xL3lOTWl2cmZqWV9UVVYxNGVU
LTdsekxoT0VuVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDoGCCsGAQUF
BwEHAQH/BCswKTAYBAIAATASAwQCLZ+sAwQCkv90AwQCuUuQMA0EAgACMAcDBQMq
BVMAMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUCAwMPcjANBgkqhkiG9w0BAQsFAAOC
AQEABNY8hLNx/ISlNp0TkJUivvu+5c8ZQ/PSFQy1bwdqwLL9OdnSvqGMp4xQFFrm
TSTmt/w8YKMAMcOBKBy/g4q5q6vUuuWP+mjJtQUt/SILdFDZ5I76TtG3uNFbZNkt
ClvsUlVlTrogIZVLbxuXGlmlMstEPE4IBKnTSNELkbOrd92AhaMPZWGk+EU1VukQ
smjf5eGa2wsJU32d+KzHOfPPtswRcm6n0XChZB4RE3t5Q2D2hJ0WcxYYue/HZSnj
zLiryDI8W/hDbYj+Vt6gZuZegFQSedM13GzRrEhnt1iPL7HCiezRriArSzipZEYi
3BeKa69U1lh0gGgIxVVePm3p1g==
-----END CERTIFICATE-----
Generated at Sat Nov 23 10:23:46 2024 by rpki-client on console-fra.rpki-client.org