Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0_wrb9dUv48iTSicz2XDjewnKz0.cer
File:                     0_wrb9dUv48iTSicz2XDjewnKz0.cer (raw, json)
Hash identifier:          Bl/FjuvJIDlLzs7L2y6RXdwWIolCqTZcTn7VSxA55Ao=
Subject key identifier:   D3:FC:2B:6F:D7:54:BF:8F:22:4D:28:9C:CF:65:C3:8D:EC:27:2B:3D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018D5EC193C16D8FA1433A9F78E83D1DFCDA
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/ef/ce7de3-be30-418f-b965-c696a7b7fc57/1/0_wrb9dUv48iTSicz2XDjewnKz0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/ef/ce7de3-be30-418f-b965-c696a7b7fc57/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 31 Jan 2024 09:02:41 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.84.225.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:c1:93:c1:6d:8f:a1:43:3a:9f:78:e8:3d:1d:fc:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 31 09:02:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d3fc2b6fd754bf8f224d289ccf65c38dec272b3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:2b:c1:72:22:f0:5b:ef:37:ac:da:30:3f:af:
                    13:5b:f2:30:1b:fb:b1:b5:d3:15:b5:a8:e2:7b:86:
                    79:3b:c1:f5:13:04:15:2e:6b:01:63:b3:7c:6c:a9:
                    3a:2f:c8:00:d6:be:f2:09:95:60:24:6c:31:82:61:
                    30:5f:21:40:9f:31:6a:8c:33:b4:47:4c:bd:4a:6a:
                    95:5b:58:7d:69:80:ce:b5:4b:6f:a6:4a:6f:f5:01:
                    98:3c:78:fa:5b:3e:40:6a:b5:07:db:ef:e4:09:5c:
                    92:7c:c6:56:6c:53:f8:2e:64:79:69:24:b4:0e:3d:
                    76:10:3a:8a:d7:b8:5a:da:64:58:7e:70:df:e9:bb:
                    50:07:62:26:24:04:c7:31:bd:73:64:a8:bd:64:25:
                    dc:fb:50:22:21:85:3f:cf:19:7c:9a:76:08:d8:d1:
                    03:6a:01:0a:bc:fd:a1:a4:3f:33:84:fc:4d:b7:f1:
                    eb:5a:ee:a7:17:49:d4:79:9c:3d:62:ab:da:b0:d1:
                    09:ae:f2:c3:43:bd:12:34:34:dd:2a:a8:be:f4:8a:
                    97:f8:53:00:f0:c5:02:8d:9e:4a:34:5d:1e:7b:e1:
                    fc:dd:51:a8:03:4c:f0:e6:9e:f4:55:7c:18:b1:67:
                    1a:80:7a:d2:3e:b8:1d:a6:a9:1e:14:18:23:13:22:
                    b4:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:FC:2B:6F:D7:54:BF:8F:22:4D:28:9C:CF:65:C3:8D:EC:27:2B:3D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ce7de3-be30-418f-b965-c696a7b7fc57/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ce7de3-be30-418f-b965-c696a7b7fc57/1/0_wrb9dUv48iTSicz2XDjewnKz0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:c6:86:05:f2:b5:1a:5b:d1:e7:3e:40:e0:13:dd:4b:e2:df:
         d9:42:f8:3f:30:e1:92:84:27:95:24:f5:a4:94:8b:34:c1:b6:
         6a:08:cd:78:df:a3:40:3d:77:55:7f:e4:28:f6:67:3d:85:90:
         93:49:2d:0e:36:0b:bc:cb:cf:ec:3f:8e:b0:64:4f:4b:0d:45:
         e6:09:6b:51:6d:75:42:51:dd:51:52:9f:41:fa:f8:b5:1e:bb:
         6a:36:69:58:24:bb:07:52:b3:a6:8e:8b:f1:18:4a:90:ef:ec:
         09:26:8d:81:de:be:f2:74:df:21:dd:ca:b3:6a:c4:eb:93:45:
         11:e3:13:7d:0c:b1:83:d5:fa:ef:d9:4e:51:77:99:f9:d1:1b:
         02:ca:a9:81:e7:95:83:ff:40:b2:83:09:ae:60:2d:bb:ab:d2:
         ec:b9:49:42:c1:1e:7b:b1:5a:93:d4:76:9d:68:af:5e:b2:25:
         56:0a:2a:67:86:6f:30:46:8f:d1:46:16:8e:a3:5f:51:99:17:
         f7:bf:c3:7b:f9:f9:b4:31:81:08:8a:bb:3c:52:e0:35:ab:1c:
         b5:6b:7c:6e:4d:9a:49:9e:5c:f8:ed:43:fc:91:1d:fe:13:49:
         ed:bb:a2:1e:b4:90:2b:b1:8e:95:ba:c9:47:ee:0c:75:e8:a5:
         51:fe:fc:d6
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAY1ewZPBbY+hQzqfeOg9HfzaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTMxMDkwMjQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZjMmI2ZmQ3NTRiZjhmMjI0ZDI4OWNjZjY1YzM4ZGVjMjcyYjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyvBciLwW+83rNowP68TW/IwG/ux
tdMVtajie4Z5O8H1EwQVLmsBY7N8bKk6L8gA1r7yCZVgJGwxgmEwXyFAnzFqjDO0
R0y9SmqVW1h9aYDOtUtvpkpv9QGYPHj6Wz5AarUH2+/kCVySfMZWbFP4LmR5aSS0
Dj12EDqK17ha2mRYfnDf6btQB2ImJATHMb1zZKi9ZCXc+1AiIYU/zxl8mnYI2NED
agEKvP2hpD8zhPxNt/HrWu6nF0nUeZw9YqvasNEJrvLDQ70SNDTdKqi+9IqX+FMA
8MUCjZ5KNF0ee+H83VGoA0zw5p70VXwYsWcagHrSPrgdpqkeFBgjEyK0gwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNP8K2/XVL+PIk0onM9lw43sJys9MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2VmL2NlN2Rl
My1iZTMwLTQxOGYtYjk2NS1jNjk2YTdiN2ZjNTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWYvY2U3ZGUz
LWJlMzAtNDE4Zi1iOTY1LWM2OTZhN2I3ZmM1Ny8xLzBfd3JiOWRVdjQ4aVRTaWN6
MlhEamV3bkt6MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuVThMA0GCSqGSIb3DQEBCwUAA4IBAQB6xoYF
8rUaW9HnPkDgE91L4t/ZQvg/MOGShCeVJPWklIs0wbZqCM1436NAPXdVf+Qo9mc9
hZCTSS0ONgu8y8/sP46wZE9LDUXmCWtRbXVCUd1RUp9B+vi1HrtqNmlYJLsHUrOm
jovxGEqQ7+wJJo2B3r7ydN8h3cqzasTrk0UR4xN9DLGD1frv2U5Rd5n50RsCyqmB
55WD/0CygwmuYC27q9LsuUlCwR57sVqT1HadaK9esiVWCipnhm8wRo/RRhaOo19R
mRf3v8N7+fm0MYEIirs8UuA1qxy1a3xuTZpJnlz47UP8kR3+E0ntu6IetJArsY6V
uslH7gx16KVR/vzW
-----END CERTIFICATE-----