Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/yhg6ZpEwmnnW5mBbDVwR4_9-kZQ.cer
File:                     yhg6ZpEwmnnW5mBbDVwR4_9-kZQ.cer (raw, json)
Hash identifier:          /uVBgYpXxbqKcxatUNygbRijXlXAQKghJQ71vdhFSx8=
Subject key identifier:   CA:18:3A:66:91:30:9A:79:D6:E6:60:5B:0D:5C:11:E3:FF:7E:91:94
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC803014AF9F4CE4EC1EDF536BA336C0C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2e/0774bb-3b0b-4f47-b151-19e708469cee/1/yhg6ZpEwmnnW5mBbDVwR4_9-kZQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2e/0774bb-3b0b-4f47-b151-19e708469cee/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:31:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 130.192.0.0 -- 130.192.95.255
                          IP: 130.192.160.0/21
                          IP: 130.192.176.0/20
                          IP: 130.192.224.0/20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:01:4a:f9:f4:ce:4e:c1:ed:f5:36:ba:33:6c:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca183a6691309a79d6e6605b0d5c11e3ff7e9194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2a:7f:0f:4f:91:92:41:5c:38:1d:e1:85:ea:
                    70:12:4c:27:b5:a2:2f:19:6d:95:1c:aa:25:0f:f6:
                    17:9c:3f:e4:eb:4e:2e:eb:70:6e:59:99:79:30:e0:
                    54:76:5a:db:24:cd:ca:f5:60:41:c2:ad:e9:a8:0e:
                    c6:3b:ee:c3:3b:b8:90:80:c6:1e:bd:05:4a:0e:4d:
                    d2:62:0e:d2:43:6a:f2:36:85:7a:b2:1c:9c:e6:26:
                    a9:c2:28:42:52:23:89:d6:a0:eb:67:02:65:89:13:
                    e5:d5:1e:70:5c:4f:92:15:60:8a:75:ce:8a:05:f7:
                    06:43:d8:22:46:12:33:8e:a1:aa:e9:55:6e:d7:1b:
                    41:f5:bd:58:6d:46:9c:c2:5f:25:c9:a2:4b:5a:d4:
                    0b:38:57:28:67:b6:c0:76:30:95:d4:e4:f3:6a:36:
                    f6:da:7a:57:45:ef:5e:6a:7d:6e:3e:0c:6f:3a:c3:
                    06:b8:e3:c3:35:1f:c8:60:a4:95:e2:93:8b:22:6d:
                    eb:39:fc:31:d2:c4:d2:17:c9:7f:4d:c9:ff:46:16:
                    dc:05:d5:a6:d3:ef:fe:f6:2b:0c:e2:f6:3c:c3:34:
                    7d:6b:6d:b2:b1:c4:78:a6:85:27:5e:f2:27:ba:c5:
                    09:34:d6:1c:69:9e:ea:0c:24:2f:0d:38:97:d0:d1:
                    0b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:18:3A:66:91:30:9A:79:D6:E6:60:5B:0D:5C:11:E3:FF:7E:91:94
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/0774bb-3b0b-4f47-b151-19e708469cee/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/0774bb-3b0b-4f47-b151-19e708469cee/1/yhg6ZpEwmnnW5mBbDVwR4_9-kZQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.192.0.0-130.192.95.255
                  130.192.160.0/21
                  130.192.176.0/20
                  130.192.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         93:cb:2a:9b:25:3f:bc:b1:48:b9:1b:24:22:cd:83:18:fb:32:
         15:84:b5:87:df:b5:94:b2:52:9b:84:ec:10:f3:fb:df:ce:fb:
         fa:3e:8b:23:c6:8f:60:67:67:5e:a5:30:4e:66:9e:f6:4e:46:
         54:fc:f6:fc:34:51:59:fc:de:52:aa:a9:51:9a:09:bb:52:6d:
         61:96:93:a1:b5:f4:c4:57:de:c4:c1:be:28:12:4c:83:b0:04:
         7d:d5:43:97:8f:b0:8c:56:00:c7:f5:05:de:6c:94:49:d2:dd:
         29:8f:e5:f8:6c:d7:4c:7b:56:c2:98:ab:5d:9d:b4:79:c5:13:
         2d:b7:03:1b:2a:71:59:20:89:a6:72:d6:02:3b:37:bb:32:fb:
         5c:5c:71:1a:23:0c:1c:11:cd:2e:ce:6a:df:36:3b:fe:84:69:
         f0:b5:11:85:53:41:e8:19:f9:5a:58:24:4f:ca:e2:fd:10:d8:
         8d:45:9e:9f:7f:c3:3a:88:b8:29:82:46:f7:82:1e:03:36:6c:
         7e:4b:64:f0:97:fc:65:af:5d:c3:9a:61:c0:af:e9:94:6f:a6:
         6a:43:2b:46:92:a2:24:d3:f3:8b:29:02:ef:ce:c8:c4:12:da:
         f3:8e:33:2e:31:19:3f:25:db:bc:0b:97:90:fb:88:e1:04:03:
         95:4f:08:a8
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgISAYzIAwFK+fTOTsHt9Ta6M2wMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTE4M2E2NjkxMzA5YTc5ZDZlNjYwNWIwZDVjMTFlM2ZmN2U5MTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyp/D0+RkkFcOB3hhepwEkwntaIv
GW2VHKolD/YXnD/k604u63BuWZl5MOBUdlrbJM3K9WBBwq3pqA7GO+7DO7iQgMYe
vQVKDk3SYg7SQ2ryNoV6shyc5iapwihCUiOJ1qDrZwJliRPl1R5wXE+SFWCKdc6K
BfcGQ9giRhIzjqGq6VVu1xtB9b1YbUacwl8lyaJLWtQLOFcoZ7bAdjCV1OTzajb2
2npXRe9ean1uPgxvOsMGuOPDNR/IYKSV4pOLIm3rOfwx0sTSF8l/Tcn/RhbcBdWm
0+/+9isM4vY8wzR9a22yscR4poUnXvInusUJNNYcaZ7qDCQvDTiX0NEL5wIDAQAB
o4ICnTCCApkwHQYDVR0OBBYEFMoYOmaRMJp51uZgWw1cEeP/fpGUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJlLzA3NzRi
Yi0zYjBiLTRmNDctYjE1MS0xOWU3MDg0NjljZWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmUvMDc3NGJi
LTNiMGItNGY0Ny1iMTUxLTE5ZTcwODQ2OWNlZS8xL3loZzZacEV3bW5uVzVtQmJE
VndSNF85LWtaUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDgGCCsGAQUF
BwEHAQH/BCkwJzAlBAIAATAfMAsDAwaCwAMEBYLAQAMEA4LAoAMEBILAsAMEBILA
4DANBgkqhkiG9w0BAQsFAAOCAQEAk8sqmyU/vLFIuRskIs2DGPsyFYS1h9+1lLJS
m4TsEPP73877+j6LI8aPYGdnXqUwTmae9k5GVPz2/DRRWfzeUqqpUZoJu1JtYZaT
obX0xFfexMG+KBJMg7AEfdVDl4+wjFYAx/UF3myUSdLdKY/l+GzXTHtWwpirXZ20
ecUTLbcDGypxWSCJpnLWAjs3uzL7XFxxGiMMHBHNLs5q3zY7/oRp8LURhVNB6Bn5
WlgkT8ri/RDYjUWen3/DOoi4KYJG94IeAzZsfktk8Jf8Za9dw5phwK/plG+makMr
RpKiJNPziykC787IxBLa844zLjEZPyXbvAuXkPuI4QQDlU8IqA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 11:05:16 2024 by rpki-client on console-ams.rpki-client.org