Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/zFshNT-Sy9vzt9JRO5pGWsU7LTk.cer
File:                     zFshNT-Sy9vzt9JRO5pGWsU7LTk.cer (raw, json)
Hash identifier:          urQjqyR6AIEjL3ENZD48RZInR22gaWGmnhSod4tDcVs=
Subject key identifier:   CC:5B:21:35:3F:92:CB:DB:F3:B7:D2:51:3B:9A:46:5A:C5:3B:2D:39
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC9BB04E214605107B62AD89976EC57CC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ed/4fb057-5dae-4851-ad47-5ad5f33cc99c/1/zFshNT-Sy9vzt9JRO5pGWsU7LTk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ed/4fb057-5dae-4851-ad47-5ad5f33cc99c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 10:32:06 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 3242
                          IP: 151.1.0.0 -- 151.2.127.255
                          IP: 2a01:65c0::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:04:e2:14:60:51:07:b6:2a:d8:99:76:ec:57:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 10:32:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc5b21353f92cbdbf3b7d2513b9a465ac53b2d39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b9:2a:88:cb:94:b8:50:8f:af:a6:eb:fd:81:
                    7c:69:e4:7b:fc:75:c4:14:df:6b:79:e1:f4:e8:54:
                    1b:a9:8e:fd:f8:44:c3:0b:71:71:a6:6f:9d:9f:31:
                    b4:3e:56:25:0b:52:09:6f:94:fd:95:9b:bf:c7:ee:
                    e0:21:5d:de:24:09:3c:94:d7:e7:a5:ad:e2:7d:8e:
                    b0:f5:dc:d9:fd:e3:b9:6c:f7:ec:4d:d0:0f:4b:27:
                    f0:57:19:84:bd:89:8e:cb:a4:71:3d:d0:57:27:23:
                    29:e5:d6:8b:4c:5f:fa:82:23:c5:09:53:71:9b:ef:
                    2a:5d:75:23:62:33:c4:16:3c:4c:64:b8:ba:20:84:
                    8d:b0:b3:15:8b:c6:ba:19:98:ff:2f:8a:84:5c:f5:
                    91:e5:ed:aa:65:8e:c1:e4:54:3e:5a:4b:e7:f9:5a:
                    c5:77:de:5c:f2:1b:ba:e8:53:de:f7:e8:47:6e:25:
                    08:83:af:72:21:1e:48:50:22:24:bf:78:82:70:94:
                    29:8c:1f:13:52:59:f1:ef:2b:05:e6:30:1e:7b:74:
                    7c:4a:f8:df:4a:6e:f2:cd:57:c9:7d:6b:d4:67:ca:
                    0f:50:71:84:16:ce:1f:e9:70:e1:94:93:0f:87:12:
                    6b:9c:97:79:3c:f6:30:64:bd:e0:5b:06:99:7b:13:
                    2c:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:5B:21:35:3F:92:CB:DB:F3:B7:D2:51:3B:9A:46:5A:C5:3B:2D:39
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4fb057-5dae-4851-ad47-5ad5f33cc99c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4fb057-5dae-4851-ad47-5ad5f33cc99c/1/zFshNT-Sy9vzt9JRO5pGWsU7LTk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.1.0.0-151.2.127.255
                IPv6:
                  2a01:65c0::/32

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  3242

    Signature Algorithm: sha256WithRSAEncryption
         7d:e2:36:0b:2c:fd:3e:1e:5a:1a:09:fc:37:27:c6:95:f9:8a:
         8e:ca:37:bb:10:be:6d:8d:bc:c3:89:4d:a6:32:a8:85:0a:37:
         9b:42:4b:fc:a1:e9:58:19:83:3d:12:25:f8:5f:af:40:a1:58:
         45:e9:f1:29:8f:5a:5d:c0:b4:84:5f:ae:d4:58:cd:b3:1d:b3:
         8c:00:c1:26:ab:e3:e3:2d:8e:6d:31:b5:34:b0:d6:17:12:d7:
         14:c6:65:9f:83:a2:c1:52:ef:5c:5f:f4:9e:6d:94:6b:f8:61:
         c9:e8:ea:7d:d1:e9:28:d2:15:8a:9c:c0:e1:59:bc:0b:1f:52:
         07:41:be:70:3e:cb:4f:6c:a5:59:85:b7:8b:6d:01:e2:b7:16:
         0f:d3:a4:d7:78:e3:8a:8a:63:ff:ff:03:25:45:25:18:27:c0:
         16:7e:9b:eb:5b:74:e1:e3:ac:54:a9:7a:d7:27:51:76:8e:77:
         af:6e:e2:cf:40:01:99:89:48:80:47:17:33:72:d7:36:c1:63:
         96:85:2f:d1:4c:85:c2:eb:a0:2f:d7:31:53:be:76:77:9d:b3:
         4b:2a:27:70:95:5a:6d:82:16:4f:e1:d0:d7:b9:bc:52:4a:b8:
         73:65:28:24:19:9c:6a:97:c4:c3:a0:dd:46:38:5c:46:41:bc:
         c3:d6:52:e2
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAYzJuwTiFGBRB7Yq2Jl27FfMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTAzMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzViMjEzNTNmOTJjYmRiZjNiN2QyNTEzYjlhNDY1YWM1M2IyZDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrkqiMuUuFCPr6br/YF8aeR7/HXE
FN9reeH06FQbqY79+ETDC3Fxpm+dnzG0PlYlC1IJb5T9lZu/x+7gIV3eJAk8lNfn
pa3ifY6w9dzZ/eO5bPfsTdAPSyfwVxmEvYmOy6RxPdBXJyMp5daLTF/6giPFCVNx
m+8qXXUjYjPEFjxMZLi6IISNsLMVi8a6GZj/L4qEXPWR5e2qZY7B5FQ+Wkvn+VrF
d95c8hu66FPe9+hHbiUIg69yIR5IUCIkv3iCcJQpjB8TUlnx7ysF5jAee3R8Svjf
Sm7yzVfJfWvUZ8oPUHGEFs4f6XDhlJMPhxJrnJd5PPYwZL3gWwaZexMsHQIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFMxbITU/ksvb87fSUTuaRlrFOy05MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VkLzRmYjA1
Ny01ZGFlLTQ4NTEtYWQ0Ny01YWQ1ZjMzY2M5OWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvNGZiMDU3
LTVkYWUtNDg1MS1hZDQ3LTVhZDVmMzNjYzk5Yy8xL3pGc2hOVC1TeTl2enQ5SlJP
NXBHV3NVN0xUay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMDUGCCsGAQUF
BwEHAQH/BCYwJDATBAIAATANMAsDAwCXAQMEB5cCADANBAIAAjAHAwUAKgFlwDAZ
BggrBgEFBQcBCAEB/wQKMAigBjAEAgIMqjANBgkqhkiG9w0BAQsFAAOCAQEAfeI2
Cyz9Ph5aGgn8NyfGlfmKjso3uxC+bY28w4lNpjKohQo3m0JL/KHpWBmDPRIl+F+v
QKFYRenxKY9aXcC0hF+u1FjNsx2zjADBJqvj4y2ObTG1NLDWFxLXFMZln4OiwVLv
XF/0nm2Ua/hhyejqfdHpKNIVipzA4Vm8Cx9SB0G+cD7LT2ylWYW3i20B4rcWD9Ok
13jjiopj//8DJUUlGCfAFn6b61t04eOsVKl61ydRdo53r27iz0ABmYlIgEcXM3LX
NsFjloUv0UyFwuugL9cxU752d52zSyoncJVabYIWT+HQ17m8Ukq4c2UoJBmcapfE
w6DdRjhcRkG8w9ZS4g==
-----END CERTIFICATE-----
Generated at Fri Nov 22 20:34:34 2024 by rpki-client on console-ams.rpki-client.org