Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3rwtwyLztJZucDtdjIi3FvDZsOk.cer
File:                     3rwtwyLztJZucDtdjIi3FvDZsOk.cer (raw, json)
Hash identifier:          LdnZYM6iPeQHU3XgUMwyVoVwkFkvkb2TRBDpmtfdQOA=
Subject key identifier:   DE:BC:2D:C3:22:F3:B4:96:6E:70:3B:5D:8C:88:B7:16:F0:D9:B0:E9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941F8C441249CCE2F0D400A0EF550171E7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/97/800dec-b66c-4e1a-a6cc-e88e1a668be4/1/3rwtwyLztJZucDtdjIi3FvDZsOk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/97/800dec-b66c-4e1a-a6cc-e88e1a668be4/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 01:47:53 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 212981
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:44:12:49:cc:e2:f0:d4:00:a0:ef:55:01:71:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=debc2dc322f3b4966e703b5d8c88b716f0d9b0e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fb:94:60:78:39:d6:a8:8c:b0:af:db:21:d5:
                    3b:8a:4a:d1:f1:7d:63:f9:56:8f:dd:fe:8a:b4:e6:
                    16:a5:f5:b8:28:4c:61:d7:9a:f0:6f:94:72:12:ab:
                    95:ff:af:7c:5f:88:e0:fe:e4:f1:a5:c4:00:07:e6:
                    49:52:a0:58:19:7d:22:87:a2:88:f7:7f:b3:59:b3:
                    08:dc:a7:1a:12:92:7b:70:e0:b5:85:91:f2:3c:7b:
                    c0:ab:a7:d9:63:f1:ae:2d:c8:4e:1e:f3:af:40:98:
                    1e:74:f7:57:49:88:a3:3c:48:b3:2e:c3:2a:ae:95:
                    32:9b:f6:6a:27:37:24:4d:e4:48:79:6a:07:02:72:
                    9e:1d:05:24:f0:54:b5:46:49:64:99:f8:ab:b2:cf:
                    59:cc:d5:4d:98:a9:1a:f3:84:90:5b:e3:7f:d0:04:
                    77:63:83:13:c4:19:b1:da:a6:4b:37:d4:4a:ac:bd:
                    c5:72:0a:c5:6f:38:f9:ee:17:4d:61:6b:02:8c:9b:
                    20:28:d8:e0:2a:9b:bf:4a:bc:56:7b:30:15:7b:fc:
                    43:1f:f5:65:a6:b8:d4:cf:e0:65:67:24:4c:e0:33:
                    58:be:06:5c:50:b1:2a:1e:50:a5:c4:b7:b1:04:2f:
                    ae:82:4e:e0:bc:48:50:4a:40:e4:22:81:b0:20:c5:
                    5c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BC:2D:C3:22:F3:B4:96:6E:70:3B:5D:8C:88:B7:16:F0:D9:B0:E9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/800dec-b66c-4e1a-a6cc-e88e1a668be4/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/800dec-b66c-4e1a-a6cc-e88e1a668be4/1/3rwtwyLztJZucDtdjIi3FvDZsOk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212981

    Signature Algorithm: sha256WithRSAEncryption
         a6:e7:0e:e9:df:a4:e6:15:97:58:4a:bd:d8:12:85:1a:da:2e:
         2b:82:78:c9:58:57:03:00:37:66:fb:5c:c3:8f:0b:8a:86:7f:
         74:bd:3a:87:2c:9a:bb:bf:5a:a8:bb:85:47:e3:f3:09:c3:38:
         3b:98:f2:f9:ae:23:1f:55:67:ed:b8:a8:7f:c3:12:75:a4:e4:
         89:5d:81:2a:64:8b:31:f7:16:06:d9:cc:41:72:21:0d:e2:3d:
         16:9f:fb:37:23:30:29:6f:ca:86:28:40:f3:1f:c0:3c:9c:4c:
         c9:f5:3c:70:ba:7f:4d:c7:88:5b:e5:c2:72:da:2a:52:1a:a7:
         12:48:e5:a1:25:18:d1:7c:48:1a:85:f1:e3:70:78:a6:7e:51:
         78:fc:63:40:04:df:2b:05:b4:02:19:c9:56:8c:a5:b9:d4:2e:
         43:e7:c9:5d:31:25:56:d8:c0:7a:88:4b:8b:da:ae:a2:e1:08:
         88:d9:f7:67:11:cd:a2:24:09:a6:d8:65:3f:47:6e:b7:70:33:
         6d:d3:8c:f9:c3:85:95:c2:ad:ea:77:af:2b:8a:bd:c7:24:a4:
         20:05:3f:13:0b:31:ef:16:78:3a:81:cb:7d:7c:fa:cd:ef:58:
         0e:15:5a:8e:ee:ac:7a:a4:ac:af:85:c4:a4:b9:38:8f:b1:19:
         92:e5:3e:d7
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQfjEQSSczi8NQAoO9VAXHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWJjMmRjMzIyZjNiNDk2NmU3MDNiNWQ4Yzg4YjcxNmYwZDliMGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfuUYHg51qiMsK/bIdU7ikrR8X1j
+VaP3f6KtOYWpfW4KExh15rwb5RyEquV/698X4jg/uTxpcQAB+ZJUqBYGX0ih6KI
93+zWbMI3KcaEpJ7cOC1hZHyPHvAq6fZY/GuLchOHvOvQJgedPdXSYijPEizLsMq
rpUym/ZqJzckTeRIeWoHAnKeHQUk8FS1Rklkmfirss9ZzNVNmKka84SQW+N/0AR3
Y4MTxBmx2qZLN9RKrL3FcgrFbzj57hdNYWsCjJsgKNjgKpu/SrxWezAVe/xDH/Vl
prjUz+BlZyRM4DNYvgZcULEqHlClxLexBC+ugk7gvEhQSkDkIoGwIMVchwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFN68LcMi87SWbnA7XYyItxbw2bDpMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk3LzgwMGRl
Yy1iNjZjLTRlMWEtYTZjYy1lODhlMWE2NjhiZTQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTcvODAwZGVj
LWI2NmMtNGUxYS1hNmNjLWU4OGUxYTY2OGJlNC8xLzNyd3R3eUx6dEpadWNEdGRq
SWkzRnZEWnNPay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwM/9TANBgkqhkiG9w0BAQsFAAOCAQEApucO6d+k5hWX
WEq92BKFGtouK4J4yVhXAwA3Zvtcw48LioZ/dL06hyyau79aqLuFR+PzCcM4O5jy
+a4jH1Vn7biof8MSdaTkiV2BKmSLMfcWBtnMQXIhDeI9Fp/7NyMwKW/KhihA8x/A
PJxMyfU8cLp/TceIW+XCctoqUhqnEkjloSUY0XxIGoXx43B4pn5RePxjQATfKwW0
AhnJVoyludQuQ+fJXTElVtjAeohLi9quouEIiNn3ZxHNoiQJpthlP0dut3AzbdOM
+cOFlcKt6nevK4q9xySkIAU/Ewsx7xZ4OoHLfXz6ze9YDhVaju6seqSsr4XEpLk4
j7EZkuU+1w==
-----END CERTIFICATE-----