Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0cdzwgrI5Ak99iu7hyyvzbaLVdw.cer
File:                     0cdzwgrI5Ak99iu7hyyvzbaLVdw.cer (raw, json)
Hash identifier:          z4T8yX2DeqlL8jOQKTSZpkl74+C9ZEu1loJdPjvwpyU=
Subject key identifier:   D1:C7:73:C2:0A:C8:E4:09:3D:F6:2B:BB:87:2C:AF:CD:B6:8B:55:DC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC80148902A645D95BE5FBE3F3FC483F4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/79/ee3822-abea-48d9-93a9-8856c65fe182/1/0cdzwgrI5Ak99iu7hyyvzbaLVdw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/79/ee3822-abea-48d9-93a9-8856c65fe182/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:29:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.133.28.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Apr 2024 16:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:48:90:2a:64:5d:95:be:5f:be:3f:3f:c4:83:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1c773c20ac8e4093df62bbb872cafcdb68b55dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:48:ad:76:b5:77:cf:50:4d:d0:55:c4:21:16:
                    10:c7:49:f6:01:73:3d:0c:45:09:ea:d2:96:05:f8:
                    13:d6:a9:82:f6:ab:60:cf:96:16:98:6f:3f:a7:71:
                    7d:69:2d:4e:e0:cd:95:54:ce:b3:f6:2e:0e:ad:12:
                    3e:b1:96:f8:e5:28:7a:e8:54:ad:b1:db:e4:c7:a2:
                    07:2b:10:e7:50:7e:de:c1:91:bb:2a:88:9d:65:bc:
                    16:57:16:c8:1a:de:5b:60:f5:a8:b7:78:35:ab:1d:
                    a0:0b:16:f7:29:58:40:d4:3e:d7:32:12:16:39:b1:
                    13:07:51:b6:44:b7:d5:d9:32:28:3a:f4:3f:69:36:
                    ec:8f:62:32:04:92:b2:d8:54:ed:37:2f:2e:24:b9:
                    76:02:ea:99:8a:dd:79:f5:6a:cf:81:3f:56:a8:49:
                    1f:af:17:d0:c1:54:af:f3:b6:07:37:f0:c8:dc:b6:
                    dc:19:fd:39:81:04:60:06:ae:b5:6b:cc:85:77:87:
                    a1:e1:3c:c9:be:64:aa:05:30:46:82:a6:2b:ae:45:
                    eb:87:b3:28:96:3c:30:7e:99:43:a0:80:b8:07:e4:
                    1f:1c:3b:ce:9a:e8:07:d1:87:6e:5d:66:d0:fd:d6:
                    46:96:13:b6:ef:3e:b2:39:74:bf:91:83:f3:61:b9:
                    6a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:C7:73:C2:0A:C8:E4:09:3D:F6:2B:BB:87:2C:AF:CD:B6:8B:55:DC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/ee3822-abea-48d9-93a9-8856c65fe182/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/ee3822-abea-48d9-93a9-8856c65fe182/1/0cdzwgrI5Ak99iu7hyyvzbaLVdw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.133.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:d1:f0:7f:53:1a:d7:1b:57:dc:a2:32:5d:28:bb:9d:83:d6:
         bb:f1:b3:26:59:34:22:28:34:c5:32:2f:d8:e3:c0:30:e4:d4:
         4f:85:59:b2:b7:43:99:15:a1:e4:d9:a1:d9:98:54:1c:be:04:
         7a:39:1a:55:85:5c:0e:5b:55:f6:6e:83:33:9d:5a:8f:ec:11:
         6e:a7:de:a6:a5:af:56:86:7f:51:c1:95:e7:d0:61:aa:5e:db:
         f9:0c:e8:0e:7e:ae:7b:b0:0d:4b:61:83:58:63:52:34:6e:61:
         37:22:e0:10:6d:39:35:b5:f3:47:04:13:7d:c9:e1:e6:27:b3:
         93:78:d9:5c:b3:5c:40:c4:b3:d3:56:1a:0b:58:a9:c7:36:e3:
         c9:4c:28:1b:b2:0c:74:d9:e2:2c:20:8a:77:2f:89:bc:3d:8f:
         39:07:4b:25:93:dd:5e:95:ac:98:c4:f1:e0:62:bb:8c:41:1c:
         d4:53:60:83:64:dd:b7:0b:c4:15:da:a3:67:de:55:38:38:6b:
         82:5d:f3:75:17:9b:5c:c2:b1:2d:89:cf:b9:e7:28:92:6c:80:
         6e:36:4f:cc:86:f3:90:2f:c3:6c:96:22:1c:aa:04:e9:7f:7a:
         e5:75:4e:fe:9d:53:39:21:f7:4a:26:e6:e2:17:9f:22:2c:56:
         5a:4f:d8:13
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzIAUiQKmRdlb5fvj8/xIP0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWM3NzNjMjBhYzhlNDA5M2RmNjJiYmI4NzJjYWZjZGI2OGI1NWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokitdrV3z1BN0FXEIRYQx0n2AXM9
DEUJ6tKWBfgT1qmC9qtgz5YWmG8/p3F9aS1O4M2VVM6z9i4OrRI+sZb45Sh66FSt
sdvkx6IHKxDnUH7ewZG7KoidZbwWVxbIGt5bYPWot3g1qx2gCxb3KVhA1D7XMhIW
ObETB1G2RLfV2TIoOvQ/aTbsj2IyBJKy2FTtNy8uJLl2AuqZit159WrPgT9WqEkf
rxfQwVSv87YHN/DI3LbcGf05gQRgBq61a8yFd4eh4TzJvmSqBTBGgqYrrkXrh7Mo
ljwwfplDoIC4B+QfHDvOmugH0YduXWbQ/dZGlhO27z6yOXS/kYPzYblqVQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNHHc8IKyOQJPfYru4csr822i1XcMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc5L2VlMzgy
Mi1hYmVhLTQ4ZDktOTNhOS04ODU2YzY1ZmUxODIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzkvZWUzODIy
LWFiZWEtNDhkOS05M2E5LTg4NTZjNjVmZTE4Mi8xLzBjZHp3Z3JJNUFrOTlpdTdo
eXl2emJhTFZkdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwYUcMA0GCSqGSIb3DQEBCwUAA4IBAQBJ0fB/
UxrXG1fcojJdKLudg9a78bMmWTQiKDTFMi/Y48Aw5NRPhVmyt0OZFaHk2aHZmFQc
vgR6ORpVhVwOW1X2boMznVqP7BFup96mpa9Whn9RwZXn0GGqXtv5DOgOfq57sA1L
YYNYY1I0bmE3IuAQbTk1tfNHBBN9yeHmJ7OTeNlcs1xAxLPTVhoLWKnHNuPJTCgb
sgx02eIsIIp3L4m8PY85B0slk91elayYxPHgYruMQRzUU2CDZN23C8QV2qNn3lU4
OGuCXfN1F5tcwrEtic+55yiSbIBuNk/MhvOQL8NsliIcqgTpf3rldU7+nVM5IfdK
JubiF58iLFZaT9gT
-----END CERTIFICATE-----