Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3PTUuoW3Ve-SnJuZXq90bQ4LblE.cer
File:                     3PTUuoW3Ve-SnJuZXq90bQ4LblE.cer (raw, json)
Hash identifier:          Y9zfV3+5HzDMzQ5pykqrA9G6tFCBtCZg8Zii/24eO+w=
Subject key identifier:   DC:F4:D4:BA:85:B7:55:EF:92:9C:9B:99:5E:AF:74:6D:0E:0B:6E:51
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56EFA2F6FB0F2AC4F001AD8774B7F15
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/df/965236-c05e-4180-b590-41470a9459a1/1/3PTUuoW3Ve-SnJuZXq90bQ4LblE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/df/965236-c05e-4180-b590-41470a9459a1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:33 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 28790
                          IP: 195.46.56.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:fa:2f:6f:b0:f2:ac:4f:00:1a:d8:77:4b:7f:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcf4d4ba85b755ef929c9b995eaf746d0e0b6e51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:06:45:17:19:4e:0f:cf:48:a6:0d:dc:30:19:
                    0b:1b:95:cd:42:3f:6a:c9:01:ce:87:af:ca:15:a5:
                    56:01:f2:05:49:8b:01:30:17:0a:80:38:2b:17:39:
                    d2:5f:ba:aa:24:04:f4:79:16:f1:ca:8a:34:f9:f6:
                    1b:7c:95:2a:29:08:3b:d1:d8:cc:47:19:c7:53:a7:
                    a8:31:38:d5:30:35:5f:f8:09:74:91:f3:14:1f:24:
                    e0:dd:78:37:0c:64:74:5c:47:ce:52:0b:26:e4:4c:
                    c7:37:7d:95:68:da:d7:43:62:d2:d7:cd:fa:5c:53:
                    7e:6d:c7:9d:52:09:bb:a5:1d:dc:2b:f5:bb:02:50:
                    a5:aa:70:78:09:69:9c:00:32:8c:ce:e8:42:4a:06:
                    f1:3a:f3:ec:6f:b6:50:45:48:6d:4b:83:48:9d:c2:
                    16:1b:2e:67:c6:f0:12:53:7e:78:9f:50:74:db:68:
                    e8:e6:76:1f:74:a1:cf:c2:07:35:bd:47:6e:53:d1:
                    12:6e:1a:30:53:38:36:70:f8:38:f2:52:d6:79:18:
                    23:c5:cf:d8:58:83:80:6a:4c:24:cc:0f:ed:fa:5e:
                    5a:f5:1b:f3:c4:2f:c3:c9:4a:b7:7e:a2:53:c6:df:
                    71:f3:d5:c0:01:c5:9c:c3:ce:d1:d8:9e:c5:aa:17:
                    cf:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:F4:D4:BA:85:B7:55:EF:92:9C:9B:99:5E:AF:74:6D:0E:0B:6E:51
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/965236-c05e-4180-b590-41470a9459a1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/965236-c05e-4180-b590-41470a9459a1/1/3PTUuoW3Ve-SnJuZXq90bQ4LblE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.46.56.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  28790

    Signature Algorithm: sha256WithRSAEncryption
         34:ef:27:8e:94:30:2d:49:2b:5f:db:7c:d8:e1:bc:e2:4e:87:
         40:81:5d:bf:7a:bd:13:f2:3c:3b:b4:bc:1c:24:5d:17:9f:88:
         80:7d:42:21:17:01:1a:d4:bb:d9:9c:04:68:c4:88:ad:c1:1a:
         ce:4d:c3:1b:f8:21:ed:53:a9:f5:5b:54:37:31:5f:e0:7a:2d:
         d0:74:6b:e2:24:e2:b2:fa:ef:75:3b:d4:9f:51:0d:5f:d3:e9:
         c9:51:c7:ea:81:97:cd:ed:30:85:47:45:ca:60:84:6d:31:71:
         d5:be:3d:c8:d0:c8:26:fd:27:12:d1:aa:d0:02:26:04:a9:1e:
         de:89:30:72:16:c9:04:6a:cf:3a:84:06:09:17:92:78:31:72:
         7f:35:67:a4:1c:af:c7:f2:0f:84:1f:c4:bd:5c:0d:8a:ad:3a:
         2e:77:75:69:71:5c:97:22:4d:fb:30:4a:5a:21:f4:18:f9:f0:
         76:f0:9f:4c:69:a4:dd:0f:ad:2d:e4:98:4b:f4:72:9f:25:27:
         0d:8b:c4:70:d3:e1:19:2e:c6:e7:36:6d:da:dd:88:10:b9:41:
         57:b2:3e:57:0a:f6:bc:3d:29:d2:dd:ca:da:c3:2f:cf:f3:c2:
         7c:b1:1f:77:21:b9:1d:85:97:46:4a:8b:0b:e7:d8:4f:d2:57:
         3f:28:49:fe
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzFbvovb7DyrE8AGth3S38VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2Y0ZDRiYTg1Yjc1NWVmOTI5YzliOTk1ZWFmNzQ2ZDBlMGI2ZTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApwZFFxlOD89Ipg3cMBkLG5XNQj9q
yQHOh6/KFaVWAfIFSYsBMBcKgDgrFznSX7qqJAT0eRbxyoo0+fYbfJUqKQg70djM
RxnHU6eoMTjVMDVf+Al0kfMUHyTg3Xg3DGR0XEfOUgsm5EzHN32VaNrXQ2LS1836
XFN+bcedUgm7pR3cK/W7AlClqnB4CWmcADKMzuhCSgbxOvPsb7ZQRUhtS4NIncIW
Gy5nxvASU354n1B022jo5nYfdKHPwgc1vUduU9ESbhowUzg2cPg48lLWeRgjxc/Y
WIOAakwkzA/t+l5a9RvzxC/DyUq3fqJTxt9x89XAAcWcw87R2J7FqhfPTwIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFNz01LqFt1XvkpybmV6vdG0OC25RMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RmLzk2NTIz
Ni1jMDVlLTQxODAtYjU5MC00MTQ3MGE5NDU5YTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYvOTY1MjM2
LWMwNWUtNDE4MC1iNTkwLTQxNDcwYTk0NTlhMS8xLzNQVFV1b1czVmUtU25KdVpY
cTkwYlE0TGJsRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwy44MBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AnB2MA0GCSqGSIb3DQEBCwUAA4IBAQA07yeOlDAtSStf23zY4bziTodAgV2/er0T
8jw7tLwcJF0Xn4iAfUIhFwEa1LvZnARoxIitwRrOTcMb+CHtU6n1W1Q3MV/gei3Q
dGviJOKy+u91O9SfUQ1f0+nJUcfqgZfN7TCFR0XKYIRtMXHVvj3I0Mgm/ScS0arQ
AiYEqR7eiTByFskEas86hAYJF5J4MXJ/NWekHK/H8g+EH8S9XA2KrToud3VpcVyX
Ik37MEpaIfQY+fB28J9MaaTdD60t5JhL9HKfJScNi8Rw0+EZLsbnNm3a3YgQuUFX
sj5XCva8PSnS3crawy/P88J8sR93IbkdhZdGSosL59hP0lc/KEn+
-----END CERTIFICATE-----