Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/FEcNM4hy7x8eX-T85uP2gyZ6Ifc.cer
File:                     FEcNM4hy7x8eX-T85uP2gyZ6Ifc.cer (raw, json)
Hash identifier:          gFiElhzWwFfq8eG31pbH164Yq1tSsxuiJ+kCNYWp18U=
Subject key identifier:   14:47:0D:33:88:72:EF:1F:1E:5F:E4:FC:E6:E3:F6:83:26:7A:21:F7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA29F445143861264A3D60AF00F624C5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/42/693672-81b1-48a7-a374-146dc46cd241/1/FEcNM4hy7x8eX-T85uP2gyZ6Ifc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/42/693672-81b1-48a7-a374-146dc46cd241/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:16 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 199068

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:f4:45:14:38:61:26:4a:3d:60:af:00:f6:24:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14470d338872ef1f1e5fe4fce6e3f683267a21f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:1f:17:31:48:13:51:bb:13:92:ef:d9:79:d8:
                    a7:18:56:66:9d:82:ac:3d:1c:08:52:e8:9d:d1:77:
                    e7:30:7a:90:f8:27:ba:b0:d0:45:85:41:e7:de:a1:
                    0a:34:36:13:3f:08:35:a6:03:9a:80:8a:5d:52:4f:
                    ba:c3:6a:78:70:fb:0e:9d:cc:25:dc:e8:f0:4e:0e:
                    99:17:22:d0:f1:b1:e6:7b:b9:77:02:fe:ac:7e:89:
                    ac:56:95:e6:e1:63:1c:f3:c5:4d:8b:d4:1a:78:c7:
                    9b:05:a5:28:fc:b4:39:47:38:c4:9e:3c:ac:58:b7:
                    5c:86:5f:48:8e:41:63:84:97:bd:b7:a3:66:eb:2b:
                    81:34:23:90:c1:43:32:64:65:de:09:06:16:37:d5:
                    6e:19:1b:c1:2b:1c:9b:a4:35:d5:9b:e2:2f:7f:52:
                    b1:3e:a0:f8:60:d5:86:fb:50:09:aa:43:96:86:7a:
                    4e:cd:ad:e7:e1:a2:40:13:a1:94:6b:8f:10:c8:20:
                    72:71:7c:ac:3e:4e:ac:49:bc:60:ca:0c:d0:ee:2c:
                    0f:0d:b6:0b:9f:8e:be:0b:ff:07:a4:fd:38:2c:1e:
                    c1:63:8b:34:da:63:3b:c4:ac:b7:ca:c9:d2:ee:a3:
                    50:dc:e0:5b:c8:cb:4d:a1:3c:8c:ef:f8:b4:34:49:
                    3c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:47:0D:33:88:72:EF:1F:1E:5F:E4:FC:E6:E3:F6:83:26:7A:21:F7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/693672-81b1-48a7-a374-146dc46cd241/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/693672-81b1-48a7-a374-146dc46cd241/1/FEcNM4hy7x8eX-T85uP2gyZ6Ifc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199068

    Signature Algorithm: sha256WithRSAEncryption
         a1:88:c9:98:12:45:c7:0b:fe:2b:91:0d:d3:7e:09:d8:1c:e1:
         c9:39:d7:5e:99:f2:12:b9:5b:bf:39:5c:99:d6:75:ad:90:51:
         8c:a8:ee:2a:dd:e1:1a:1d:e6:4b:78:6d:19:26:da:77:d7:0b:
         25:5b:c4:7c:ba:83:20:bc:33:99:da:e6:08:a6:3b:d8:04:98:
         9b:28:7a:01:eb:5d:d9:4c:8f:c7:32:77:ef:5b:62:45:75:e5:
         78:a2:3e:9e:3d:95:65:52:36:85:16:68:65:d1:8e:1a:07:53:
         4f:76:62:c2:ae:02:a4:a3:f0:84:aa:e9:de:7f:42:b3:e9:43:
         a0:f0:f3:e1:4c:29:fc:04:7f:d8:84:d0:cd:b3:36:a8:dc:24:
         ec:98:21:0c:fc:02:fd:b4:2d:0d:c3:e7:33:9b:dc:50:0e:3e:
         4a:6c:c0:49:86:5b:42:30:b4:04:49:22:d2:ae:13:9d:bd:97:
         ca:76:5f:10:c5:4b:8c:ea:fc:c8:a9:f3:1b:82:62:ad:68:45:
         d7:c7:f8:64:1d:ad:1d:c0:9d:c3:04:3f:46:e5:71:b3:6b:db:
         bb:1a:07:f7:c1:51:af:b2:6d:f3:99:17:f8:e0:29:7c:bc:ae:
         cf:58:42:81:e8:50:32:18:45:17:6b:f0:d4:2b:69:12:cb:5b:
         c6:bf:e7:b5
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzKKfRFFDhhJko9YK8A9iTFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDQ3MGQzMzg4NzJlZjFmMWU1ZmU0ZmNlNmUzZjY4MzI2N2EyMWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1R8XMUgTUbsTku/ZedinGFZmnYKs
PRwIUuid0XfnMHqQ+Ce6sNBFhUHn3qEKNDYTPwg1pgOagIpdUk+6w2p4cPsOncwl
3OjwTg6ZFyLQ8bHme7l3Av6sfomsVpXm4WMc88VNi9QaeMebBaUo/LQ5RzjEnjys
WLdchl9IjkFjhJe9t6Nm6yuBNCOQwUMyZGXeCQYWN9VuGRvBKxybpDXVm+Ivf1Kx
PqD4YNWG+1AJqkOWhnpOza3n4aJAE6GUa48QyCBycXysPk6sSbxgygzQ7iwPDbYL
n46+C/8HpP04LB7BY4s02mM7xKy3ysnS7qNQ3OBbyMtNoTyM7/i0NEk82wIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFBRHDTOIcu8fHl/k/Obj9oMmeiH3MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQyLzY5MzY3
Mi04MWIxLTQ4YTctYTM3NC0xNDZkYzQ2Y2QyNDEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDIvNjkzNjcy
LTgxYjEtNDhhNy1hMzc0LTE0NmRjNDZjZDI0MS8xL0ZFY05NNGh5N3g4ZVgtVDg1
dVAyZ3laNklmYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMJnDANBgkqhkiG9w0BAQsFAAOCAQEAoYjJmBJFxwv+
K5EN034J2BzhyTnXXpnyErlbvzlcmdZ1rZBRjKjuKt3hGh3mS3htGSbad9cLJVvE
fLqDILwzmdrmCKY72ASYmyh6Aetd2UyPxzJ371tiRXXleKI+nj2VZVI2hRZoZdGO
GgdTT3Ziwq4CpKPwhKrp3n9Cs+lDoPDz4Uwp/AR/2ITQzbM2qNwk7JghDPwC/bQt
DcPnM5vcUA4+SmzASYZbQjC0BEki0q4Tnb2XynZfEMVLjOr8yKnzG4JirWhF18f4
ZB2tHcCdwwQ/RuVxs2vbuxoH98FRr7Jt85kX+OApfLyuz1hCgehQMhhFF2vw1Ctp
Estbxr/ntQ==
-----END CERTIFICATE-----