Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Gc5Ijvo8GE9Kyy_DDrGnH6EW-bQ.cer
File:                     Gc5Ijvo8GE9Kyy_DDrGnH6EW-bQ.cer (raw, json)
Hash identifier:          2u3JMxttWLBznn/A2Ynm6ITlQWtfM3AOHnijloku9Yg=
Subject key identifier:   19:CE:48:8E:FA:3C:18:4F:4A:CB:2F:C3:0E:B1:A7:1F:A1:16:F9:B4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC500158AA444343B23341033F4E69BBC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cb/0fef71-922e-4448-b37d-f740b9e1c480/1/Gc5Ijvo8GE9Kyy_DDrGnH6EW-bQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cb/0fef71-922e-4448-b37d-f740b9e1c480/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:29:26 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210877
                          IP: 195.225.232.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:15:8a:a4:44:34:3b:23:34:10:33:f4:e6:9b:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19ce488efa3c184f4acb2fc30eb1a71fa116f9b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e1:05:49:6f:95:0f:eb:c0:49:28:47:b7:d7:
                    28:cd:c1:e9:9b:cf:c2:60:03:ec:1f:96:8f:4b:f4:
                    db:bc:11:6e:4d:4e:7a:ae:e9:22:fe:fa:2a:ec:b2:
                    5e:ba:01:1f:8d:98:b1:7c:64:c3:fb:1e:67:70:42:
                    ed:8c:df:52:6b:22:b4:0d:25:34:c1:4a:ae:3f:d0:
                    7d:88:4d:48:e9:69:2f:19:18:a3:05:c1:5e:07:97:
                    8a:76:d6:7a:55:11:1b:ef:88:29:a8:7d:92:de:9c:
                    d6:c2:fb:6e:98:c2:97:7d:28:22:ff:02:a3:07:6c:
                    3a:92:09:a6:f0:b5:ef:ab:3f:78:01:77:13:b4:d7:
                    bc:18:05:56:3d:98:ba:5a:ea:2c:b2:74:ff:b1:3e:
                    97:0c:0d:7f:2b:aa:8a:6b:50:95:99:64:96:1b:93:
                    ff:fa:7a:66:90:6b:ab:bc:09:29:26:ee:51:1c:d8:
                    8c:b0:95:2f:3d:0d:97:c4:e3:31:a6:96:dd:36:61:
                    cb:69:ea:bf:6f:91:cf:e7:1b:1a:c0:ff:56:cf:e4:
                    14:10:32:99:99:45:aa:45:9e:fe:71:0e:80:e8:fa:
                    8c:89:3f:29:21:f0:de:c1:62:22:7b:bd:ca:1a:2a:
                    dd:8f:75:4e:b1:a0:de:29:68:47:ef:6f:90:11:e9:
                    d0:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:CE:48:8E:FA:3C:18:4F:4A:CB:2F:C3:0E:B1:A7:1F:A1:16:F9:B4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/0fef71-922e-4448-b37d-f740b9e1c480/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/0fef71-922e-4448-b37d-f740b9e1c480/1/Gc5Ijvo8GE9Kyy_DDrGnH6EW-bQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.232.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210877

    Signature Algorithm: sha256WithRSAEncryption
         00:bc:49:ae:33:07:01:52:a9:45:64:74:e0:30:69:d5:64:3b:
         e3:14:49:e1:b9:d0:93:6b:d6:19:be:41:2d:35:3d:42:ca:15:
         cf:fa:66:e9:2c:f5:2a:6a:65:90:45:8f:9d:b1:1b:a8:2f:8c:
         0d:b0:d6:8a:c0:2d:7e:32:e7:38:53:cb:7a:c6:0f:20:b9:db:
         a6:f7:7c:22:d2:c2:e2:21:b1:38:60:0d:bf:fb:e9:05:78:7b:
         d0:18:0a:87:2e:97:98:03:c1:94:c2:c9:e5:44:ae:3b:c4:a4:
         5f:e4:84:70:ee:f2:4f:be:eb:d3:64:74:02:c9:e7:01:04:c8:
         ba:c9:9c:2c:56:5d:62:88:8a:83:dd:f8:4c:76:4a:90:a8:1d:
         f4:26:6b:8d:e3:56:3d:6c:f5:c7:46:96:d1:87:b0:f9:29:ff:
         08:19:0b:34:e2:c6:2e:87:ba:e3:a1:62:6b:cb:c4:14:f9:bd:
         fa:ff:7b:06:8b:93:14:7b:f4:9b:09:11:d4:7e:27:ca:1b:aa:
         69:94:ac:10:c4:a5:82:8a:b5:89:a9:db:63:e2:c6:69:40:7c:
         75:3c:84:c5:3f:f5:16:18:99:dc:d6:fd:e8:fd:ca:83:bb:46:
         a7:06:6a:e1:7f:43:98:c6:19:e8:ee:e7:d3:1a:72:29:b2:ef:
         df:1e:48:dd
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzFABWKpEQ0OyM0EDP05pu8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWNlNDg4ZWZhM2MxODRmNGFjYjJmYzMwZWIxYTcxZmExMTZmOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+EFSW+VD+vASShHt9cozcHpm8/C
YAPsH5aPS/TbvBFuTU56ruki/voq7LJeugEfjZixfGTD+x5ncELtjN9SayK0DSU0
wUquP9B9iE1I6WkvGRijBcFeB5eKdtZ6VREb74gpqH2S3pzWwvtumMKXfSgi/wKj
B2w6kgmm8LXvqz94AXcTtNe8GAVWPZi6WuossnT/sT6XDA1/K6qKa1CVmWSWG5P/
+npmkGurvAkpJu5RHNiMsJUvPQ2XxOMxppbdNmHLaeq/b5HP5xsawP9Wz+QUEDKZ
mUWqRZ7+cQ6A6PqMiT8pIfDewWIie73KGirdj3VOsaDeKWhH72+QEenQ5wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBnOSI76PBhPSssvww6xpx+hFvm0MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NiLzBmZWY3
MS05MjJlLTQ0NDgtYjM3ZC1mNzQwYjllMWM0ODAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2IvMGZlZjcx
LTkyMmUtNDQ0OC1iMzdkLWY3NDBiOWUxYzQ4MC8xL0djNUlqdm84R0U5S3l5X0RE
ckduSDZFVy1iUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAw+HoMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM3vTANBgkqhkiG9w0BAQsFAAOCAQEAALxJrjMHAVKpRWR04DBp1WQ74xRJ4bnQ
k2vWGb5BLTU9QsoVz/pm6Sz1KmplkEWPnbEbqC+MDbDWisAtfjLnOFPLesYPILnb
pvd8ItLC4iGxOGANv/vpBXh70BgKhy6XmAPBlMLJ5USuO8SkX+SEcO7yT77r02R0
AsnnAQTIusmcLFZdYoiKg934THZKkKgd9CZrjeNWPWz1x0aW0Yew+Sn/CBkLNOLG
Loe646Fia8vEFPm9+v97BouTFHv0mwkR1H4nyhuqaZSsEMSlgoq1ianbY+LGaUB8
dTyExT/1FhiZ3Nb96P3Kg7tGpwZq4X9DmMYZ6O7n0xpyKbLv3x5I3Q==
-----END CERTIFICATE-----