Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1aGTZx3FnXb8MR2y1miaPIgpkJQ.cer
File:                     1aGTZx3FnXb8MR2y1miaPIgpkJQ.cer (raw, json)
Hash identifier:          hOEt+E3GloQ5HoT7sfGgEJSvXWwC3MuDgwNqDlh3TO0=
Subject key identifier:   D5:A1:93:67:1D:C5:9D:76:FC:31:1D:B2:D6:68:9A:3C:88:29:90:94
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01941FFA3D489AE90CF5EA82F4F1B5C889D5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c8/3d259d-9183-40a0-92a1-2b2a6e27f96f/1/1aGTZx3FnXb8MR2y1miaPIgpkJQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c8/3d259d-9183-40a0-92a1-2b2a6e27f96f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 03:48:00 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 193.186.35.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3d:48:9a:e9:0c:f5:ea:82:f4:f1:b5:c8:89:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 03:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5a193671dc59d76fc311db2d6689a3c88299094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:16:45:0b:4f:ca:2c:f0:05:13:ad:2d:eb:78:
                    0d:a4:2f:a2:28:8f:cf:17:9d:da:cd:f6:3b:d6:c4:
                    6f:f0:e2:16:d2:bb:c1:4b:53:71:14:9b:a6:b8:c5:
                    09:a5:06:26:1e:73:c6:45:f9:4b:38:08:2b:63:51:
                    58:16:e3:3b:ed:63:98:44:7f:09:6b:20:ad:d1:b0:
                    fb:6b:b0:b2:08:c4:b1:b2:bb:7a:67:9d:75:3e:1a:
                    7d:44:35:c0:47:9e:f4:28:d1:34:60:a5:06:90:4c:
                    ae:84:f4:df:bd:11:89:cf:a0:2e:41:3b:6b:4a:13:
                    bc:4f:41:94:12:41:57:2f:ae:ee:b7:dd:3f:8f:1c:
                    77:d9:60:79:5c:27:15:ba:b2:ed:53:65:e9:18:cd:
                    05:9c:94:17:f2:a5:96:b0:34:b7:6b:85:ca:c3:39:
                    32:ba:68:b1:05:00:86:1e:02:94:f2:69:e9:6d:c6:
                    56:54:03:74:ed:d5:65:4b:09:d3:f5:65:76:90:e8:
                    89:05:f1:fd:3c:cb:fe:0f:ba:68:a4:28:c4:e5:5d:
                    de:38:b2:5f:62:78:28:0f:d9:c0:8e:b4:2f:a0:e0:
                    a9:0a:f2:93:1d:31:81:97:de:dd:dc:11:2c:6f:a1:
                    a0:29:2e:a4:23:28:54:15:36:ec:c1:27:26:50:9c:
                    ef:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:A1:93:67:1D:C5:9D:76:FC:31:1D:B2:D6:68:9A:3C:88:29:90:94
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3d259d-9183-40a0-92a1-2b2a6e27f96f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/3d259d-9183-40a0-92a1-2b2a6e27f96f/1/1aGTZx3FnXb8MR2y1miaPIgpkJQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.186.35.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:85:bf:50:68:11:90:94:14:ed:93:b3:5c:04:96:fe:2a:4e:
         ac:4b:d0:9a:a0:27:47:61:f1:68:53:a2:e0:74:7f:70:2d:c6:
         34:12:b6:e1:0f:a9:c6:f3:d0:5c:ea:b4:66:fa:88:a4:73:ca:
         fa:4b:d7:31:b0:96:0d:0d:cc:79:f7:c7:ff:46:03:b1:93:6d:
         a3:af:be:12:52:13:d6:3f:9c:b4:41:72:70:cc:4a:60:26:3f:
         f6:f3:99:cc:89:46:28:14:dc:19:e9:9e:a7:bb:fd:6e:a5:50:
         75:7a:05:db:87:b6:e3:f2:a3:ef:1d:a3:f6:a2:1b:9c:7f:84:
         1e:3b:72:f2:aa:ad:8e:60:53:f7:23:cc:6c:38:49:5b:ec:19:
         31:d6:c7:39:00:ba:2e:74:38:2d:f7:05:f2:1d:27:60:14:f2:
         8a:25:ee:ec:e1:52:ff:06:53:ad:3a:6a:48:b0:95:e8:87:ce:
         1c:3f:a3:32:eb:b4:bc:0e:9d:b7:18:1e:92:a8:3e:41:d0:86:
         b9:4d:e4:d7:11:42:a5:71:e8:e7:0c:2b:4a:53:1c:a6:19:12:
         6a:c0:a3:1f:ec:ee:bd:ee:30:5a:9d:bf:c8:e6:c4:69:a6:19:
         a6:3f:fe:31:80:88:cc:05:13:64:ac:f7:76:1a:83:0f:c3:13:
         51:e1:40:e8
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQf+j1ImukM9eqC9PG1yInVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWExOTM2NzFkYzU5ZDc2ZmMzMTFkYjJkNjY4OWEzYzg4Mjk5MDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhZFC0/KLPAFE60t63gNpC+iKI/P
F53azfY71sRv8OIW0rvBS1NxFJumuMUJpQYmHnPGRflLOAgrY1FYFuM77WOYRH8J
ayCt0bD7a7CyCMSxsrt6Z511Php9RDXAR570KNE0YKUGkEyuhPTfvRGJz6AuQTtr
ShO8T0GUEkFXL67ut90/jxx32WB5XCcVurLtU2XpGM0FnJQX8qWWsDS3a4XKwzky
umixBQCGHgKU8mnpbcZWVAN07dVlSwnT9WV2kOiJBfH9PMv+D7popCjE5V3eOLJf
YngoD9nAjrQvoOCpCvKTHTGBl97d3BEsb6GgKS6kIyhUFTbswScmUJzvTQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFNWhk2cdxZ12/DEdstZomjyIKZCUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M4LzNkMjU5
ZC05MTgzLTQwYTAtOTJhMS0yYjJhNmUyN2Y5NmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgvM2QyNTlk
LTkxODMtNDBhMC05MmExLTJiMmE2ZTI3Zjk2Zi8xLzFhR1RaeDNGblhiOE1SMnkx
bWlhUElncGtKUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwbojMA0GCSqGSIb3DQEBCwUAA4IBAQAWhb9Q
aBGQlBTtk7NcBJb+Kk6sS9CaoCdHYfFoU6LgdH9wLcY0ErbhD6nG89Bc6rRm+oik
c8r6S9cxsJYNDcx598f/RgOxk22jr74SUhPWP5y0QXJwzEpgJj/285nMiUYoFNwZ
6Z6nu/1upVB1egXbh7bj8qPvHaP2ohucf4QeO3Lyqq2OYFP3I8xsOElb7Bkx1sc5
ALoudDgt9wXyHSdgFPKKJe7s4VL/BlOtOmpIsJXoh84cP6My67S8Dp23GB6SqD5B
0Ia5TeTXEUKlcejnDCtKUxymGRJqwKMf7O697jBanb/I5sRpphmmP/4xgIjMBRNk
rPd2GoMPwxNR4UDo
-----END CERTIFICATE-----