Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4WU0PZW9Tbww89ciSVQanUfnbZE.cer
File:                     4WU0PZW9Tbww89ciSVQanUfnbZE.cer (raw, json)
Hash identifier:          XXjz+uR6FmLMz6MsdznsPA4XaMdP+C62ludWNi1hSvU=
Subject key identifier:   E1:65:34:3D:95:BD:4D:BC:30:F3:D7:22:49:54:1A:9D:47:E7:6D:91
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D59F413D0EAE625DC4128D7615AC06
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/74/7d26b8-f747-4d9a-9aa2-6e2c053d9993/1/4WU0PZW9Tbww89ciSVQanUfnbZE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/74/7d26b8-f747-4d9a-9aa2-6e2c053d9993/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:47:38 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 48566
                          IP: 194.49.50.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:9f:41:3d:0e:ae:62:5d:c4:12:8d:76:15:ac:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e165343d95bd4dbc30f3d72249541a9d47e76d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:c9:0a:2b:ad:59:1b:16:63:e0:21:5d:0e:9b:
                    d5:60:e1:09:81:1c:14:f1:59:74:f8:a4:4e:95:19:
                    d1:e0:44:58:a7:10:b9:b8:1a:8f:14:3c:c0:85:ea:
                    35:a1:82:68:df:bc:51:db:50:24:08:80:1c:85:05:
                    f3:fd:04:70:7d:93:dc:59:e2:0a:c4:6c:ba:11:ad:
                    0a:18:a3:7e:7a:d1:c9:41:9f:48:db:a5:3c:7a:d6:
                    47:7d:96:4a:77:13:1c:f8:80:0e:d3:a7:0c:61:ed:
                    5a:73:b3:74:86:4f:c9:cf:73:51:f9:a9:5b:22:bb:
                    9e:01:48:30:41:82:61:71:86:c1:80:84:20:87:94:
                    24:b7:fb:db:e4:6e:8a:48:b4:5d:0f:7e:75:87:32:
                    8b:77:57:b4:bd:38:57:bf:19:e5:63:4c:b6:f2:40:
                    d6:10:2e:9e:dd:2f:19:83:67:5b:91:5d:eb:dd:52:
                    4a:c5:5a:0f:8b:2e:b2:c7:49:6e:d6:f8:0e:a2:83:
                    ca:34:64:d5:5f:29:73:f4:b8:94:cd:97:e7:1e:4e:
                    4e:04:76:18:a4:51:6d:0a:8f:ee:9e:d1:d7:2f:ad:
                    87:1d:30:26:a4:74:24:8e:24:d7:b1:5d:75:3f:bd:
                    3a:ae:fc:9c:b6:9f:3d:0e:74:74:31:45:95:2b:55:
                    5e:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:65:34:3D:95:BD:4D:BC:30:F3:D7:22:49:54:1A:9D:47:E7:6D:91
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/7d26b8-f747-4d9a-9aa2-6e2c053d9993/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/7d26b8-f747-4d9a-9aa2-6e2c053d9993/1/4WU0PZW9Tbww89ciSVQanUfnbZE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.49.50.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48566

    Signature Algorithm: sha256WithRSAEncryption
         53:7d:98:5b:cf:53:9b:42:1f:89:d8:75:c4:b3:11:41:29:fd:
         d3:b8:53:f1:4d:f2:e6:63:e7:0e:88:56:2e:70:5a:1f:4c:a0:
         e8:1a:40:38:a5:32:84:58:86:ae:9c:57:a8:c9:7c:a2:bc:06:
         2f:4f:45:81:ea:b5:f8:ee:e3:6f:28:2b:86:39:2d:c1:85:8b:
         5e:76:df:72:c6:7b:a4:d4:b0:3a:be:84:88:a4:29:a6:ea:dd:
         ba:44:c5:31:07:4e:e7:02:4f:77:6f:4a:1a:d6:ad:af:14:ff:
         08:68:47:1d:da:c2:c8:bb:bb:ef:18:50:cd:34:3f:3d:b4:b1:
         8f:18:00:d9:2b:82:13:15:71:26:e9:fe:d5:b5:1f:a9:68:cb:
         c6:bf:8d:b4:95:49:48:61:15:10:36:26:0f:5f:04:9a:d3:d1:
         26:9c:cf:2d:fd:78:ef:ef:79:05:47:b1:de:fb:f0:e6:96:05:
         1a:85:ac:82:be:74:9a:db:b4:d2:35:f1:42:33:99:63:0e:29:
         67:1d:74:f5:10:e6:61:6e:81:bb:14:4a:44:56:dd:19:73:05:
         0c:6a:09:59:ee:e4:82:d8:6c:07:c1:05:0c:30:81:3c:e5:1b:
         a9:2d:d9:1e:c6:ce:28:ec:a5:93:5c:d6:f6:ea:06:b7:71:a4:
         e1:a1:7b:c0
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQg1Z9BPQ6uYl3EEo12FawGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTY1MzQzZDk1YmQ0ZGJjMzBmM2Q3MjI0OTU0MWE5ZDQ3ZTc2ZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz8kKK61ZGxZj4CFdDpvVYOEJgRwU
8Vl0+KROlRnR4ERYpxC5uBqPFDzAheo1oYJo37xR21AkCIAchQXz/QRwfZPcWeIK
xGy6Ea0KGKN+etHJQZ9I26U8etZHfZZKdxMc+IAO06cMYe1ac7N0hk/Jz3NR+alb
IrueAUgwQYJhcYbBgIQgh5Qkt/vb5G6KSLRdD351hzKLd1e0vThXvxnlY0y28kDW
EC6e3S8Zg2dbkV3r3VJKxVoPiy6yx0lu1vgOooPKNGTVXylz9LiUzZfnHk5OBHYY
pFFtCo/untHXL62HHTAmpHQkjiTXsV11P706rvyctp89DnR0MUWVK1VeywIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFOFlND2VvU28MPPXIklUGp1H522RMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc0LzdkMjZi
OC1mNzQ3LTRkOWEtOWFhMi02ZTJjMDUzZDk5OTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzQvN2QyNmI4
LWY3NDctNGQ5YS05YWEyLTZlMmMwNTNkOTk5My8xLzRXVTBQWlc5VGJ3dzg5Y2lT
VlFhblVmbmJaRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwjEyMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC9tjANBgkqhkiG9w0BAQsFAAOCAQEAU32YW89Tm0Ifidh1xLMRQSn907hT8U3y
5mPnDohWLnBaH0yg6BpAOKUyhFiGrpxXqMl8orwGL09Fgeq1+O7jbygrhjktwYWL
XnbfcsZ7pNSwOr6EiKQppurdukTFMQdO5wJPd29KGtatrxT/CGhHHdrCyLu77xhQ
zTQ/PbSxjxgA2SuCExVxJun+1bUfqWjLxr+NtJVJSGEVEDYmD18EmtPRJpzPLf14
7+95BUex3vvw5pYFGoWsgr50mtu00jXxQjOZYw4pZx109RDmYW6BuxRKRFbdGXMF
DGoJWe7kgthsB8EFDDCBPOUbqS3ZHsbOKOylk1zW9uoGt3Gk4aF7wA==
-----END CERTIFICATE-----