Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1lAD4kzs-_jowV_2N90V201_rpI.cer
File:                     1lAD4kzs-_jowV_2N90V201_rpI.cer (raw, json)
Hash identifier:          RFtSK2C0iCCSHWBHoKG8JfEx7gSGk9RoJvBV1byD8C8=
Subject key identifier:   D6:50:03:E2:4C:EC:FB:F8:E8:C1:5F:F6:37:DD:15:DB:4D:7F:AE:92
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019155FE4581AA5794A5B5D648EE56AAF3B4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/1lAD4kzs-_jowV_2N90V201_rpI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 15 Aug 2024 12:23:32 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.36.240.0/20
                          IP: 193.37.112.0/20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:55:fe:45:81:aa:57:94:a5:b5:d6:48:ee:56:aa:f3:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug 15 12:23:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d65003e24cecfbf8e8c15ff637dd15db4d7fae92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:84:20:84:42:ae:c4:8e:06:16:73:06:6e:63:
                    47:4b:2c:36:b5:74:09:99:ea:f5:6f:7b:d9:e1:09:
                    e6:3b:49:bb:f5:46:60:ec:20:80:a4:0e:e5:e1:d1:
                    0f:48:72:71:3c:c4:92:ed:d0:50:25:3f:d5:e6:cf:
                    88:f7:9f:60:63:9e:8f:de:cf:ad:b1:2b:a6:7e:5a:
                    10:d0:23:cc:0a:02:82:12:bb:f2:45:da:bb:1e:7a:
                    24:05:6b:78:94:36:7d:46:93:e5:2e:bc:10:f9:7a:
                    aa:d7:7d:0f:f8:51:7f:a5:c9:f2:5e:b6:82:ec:74:
                    38:f8:ab:f6:a2:35:37:9b:9e:3f:1c:21:c8:18:31:
                    72:e2:d1:8f:71:fc:69:c3:63:13:e5:bb:ad:21:db:
                    73:90:dc:5f:57:6a:39:d5:a3:57:85:bf:22:06:4b:
                    b0:5d:df:c3:da:f4:00:22:f7:2b:01:d7:d6:8b:c0:
                    d4:0f:1f:b1:bc:c2:db:7c:19:ea:58:77:5e:21:3a:
                    52:30:72:d7:cb:35:55:c6:ac:53:96:9a:e1:66:3b:
                    b7:9a:c3:9e:2e:46:f1:ef:78:9a:92:46:a6:2a:af:
                    b8:f1:01:3e:77:87:3c:01:a4:30:a3:40:9a:27:b5:
                    26:11:18:d0:cc:28:77:23:65:27:5d:0e:df:47:85:
                    f3:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:50:03:E2:4C:EC:FB:F8:E8:C1:5F:F6:37:DD:15:DB:4D:7F:AE:92
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/54910b-9a13-4ace-abf2-a2351f4e8915/1/1lAD4kzs-_jowV_2N90V201_rpI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.240.0/20
                  193.37.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         45:a4:38:55:10:49:a5:76:9b:46:c7:2c:91:7b:cf:4e:2a:cb:
         a2:69:2b:eb:1e:85:05:25:1f:53:9c:d0:1a:46:a3:0e:b9:80:
         07:aa:e6:4a:59:0c:b8:fd:bb:31:53:c8:6b:fa:6f:f1:c9:ab:
         96:d1:b2:70:22:d6:86:cf:11:e6:1a:75:5f:1c:d5:b7:5d:cf:
         39:5b:dd:f5:9f:e7:dd:73:c4:a7:ff:53:34:25:e6:02:ad:55:
         dd:08:7f:e2:ce:e3:fb:a8:76:29:ee:df:1f:9f:7b:cc:58:26:
         30:f9:19:49:94:a4:b0:e5:17:2f:35:c6:b0:40:a9:e8:08:9c:
         de:16:7c:e5:6f:fa:39:0b:78:46:59:bc:dc:c3:09:79:06:da:
         72:92:59:5d:de:e5:6b:c7:b3:dd:d0:94:84:ff:95:dd:35:c1:
         ea:16:c2:7e:84:c1:68:34:b0:df:d7:73:a1:f2:f3:e1:2b:4f:
         47:3d:07:da:46:4f:6e:78:6f:7b:fd:a1:7f:1f:99:f2:c8:ee:
         ab:71:b5:ef:bd:2e:15:ea:cb:f3:4f:c1:f7:43:2b:0a:ab:cb:
         70:df:bd:f2:4b:d7:80:df:db:5b:b6:a4:29:71:41:c6:c4:1d:
         9e:d4:cb:d1:b2:d0:ee:04:51:05:54:d5:3f:d9:32:41:bd:4b:
         9c:d5:8b:b0
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAZFV/kWBqleUpbXWSO5WqvO0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwODE1MTIyMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjUwMDNlMjRjZWNmYmY4ZThjMTVmZjYzN2RkMTVkYjRkN2ZhZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9oQghEKuxI4GFnMGbmNHSyw2tXQJ
mer1b3vZ4QnmO0m79UZg7CCApA7l4dEPSHJxPMSS7dBQJT/V5s+I959gY56P3s+t
sSumfloQ0CPMCgKCErvyRdq7HnokBWt4lDZ9RpPlLrwQ+Xqq130P+FF/pcnyXraC
7HQ4+Kv2ojU3m54/HCHIGDFy4tGPcfxpw2MT5butIdtzkNxfV2o51aNXhb8iBkuw
Xd/D2vQAIvcrAdfWi8DUDx+xvMLbfBnqWHdeITpSMHLXyzVVxqxTlprhZju3msOe
Lkbx73iakkamKq+48QE+d4c8AaQwo0CaJ7UmERjQzCh3I2UnXQ7fR4Xz4wIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFNZQA+JM7Pv46MFf9jfdFdtNf66SMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI0LzU0OTEw
Yi05YTEzLTRhY2UtYWJmMi1hMjM1MWY0ZTg5MTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjQvNTQ5MTBi
LTlhMTMtNGFjZS1hYmYyLWEyMzUxZjRlODkxNS8xLzFsQUQ0a3pzLV9qb3dWXzJO
OTBWMjAxX3JwSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQEwSTwAwQEwSVwMA0GCSqGSIb3DQEBCwUAA4IB
AQBFpDhVEEmldptGxyyRe89OKsuiaSvrHoUFJR9TnNAaRqMOuYAHquZKWQy4/bsx
U8hr+m/xyauW0bJwItaGzxHmGnVfHNW3Xc85W931n+fdc8Sn/1M0JeYCrVXdCH/i
zuP7qHYp7t8fn3vMWCYw+RlJlKSw5RcvNcawQKnoCJzeFnzlb/o5C3hGWbzcwwl5
Btpyklld3uVrx7Pd0JSE/5XdNcHqFsJ+hMFoNLDf13Oh8vPhK09HPQfaRk9ueG97
/aF/H5nyyO6rcbXvvS4V6svzT8H3QysKq8tw373yS9eA39tbtqQpcUHGxB2e1MvR
stDuBFEFVNU/2TJBvUuc1Yuw
-----END CERTIFICATE-----