Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3dl3DDB-o5YMjaJoqIZaSp-mNMk.cer
File:                     3dl3DDB-o5YMjaJoqIZaSp-mNMk.cer (raw, json)
Hash identifier:          RJO9I6oiRrNJ5b+Ek232a5TUJv8Gfrj48ppVDBZGC98=
Subject key identifier:   DD:D9:77:0C:30:7E:A3:96:0C:8D:A2:68:A8:86:5A:4A:9F:A6:34:C9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01903433FCDAA75A136811B16D7657B4CC87
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/3dl3DDB-o5YMjaJoqIZaSp-mNMk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 20 Jun 2024 05:52:20 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 41923
                          IP: 193.34.56.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:34:33:fc:da:a7:5a:13:68:11:b1:6d:76:57:b4:cc:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 20 05:52:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ddd9770c307ea3960c8da268a8865a4a9fa634c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:53:bb:10:d8:1a:8c:6f:28:fc:a0:36:c7:bb:
                    4c:2c:ee:ea:23:3b:db:1f:d8:d2:12:ba:62:2b:8c:
                    ee:f3:49:14:eb:3a:1a:e9:2a:d7:e7:3b:1c:28:99:
                    99:83:be:73:36:10:9d:70:b5:17:ac:ee:26:37:ef:
                    21:be:a8:5a:4e:9b:9a:f7:ed:19:b3:c8:b4:28:b4:
                    ab:00:23:3c:78:68:c9:37:ac:7b:62:f5:b4:3b:34:
                    64:e3:d4:c8:97:66:55:3d:cc:bf:d9:6e:33:8e:66:
                    3a:d1:0d:0e:87:e7:42:78:f0:d0:f4:49:b4:14:f2:
                    3d:42:69:e2:85:cb:51:a9:9b:99:65:4f:e9:62:d8:
                    f2:68:32:ec:ab:35:00:a5:9f:51:5c:81:d2:ed:4b:
                    a1:ee:05:9f:d8:39:01:e7:56:18:4a:fe:77:8a:5e:
                    4f:11:71:ef:fe:fa:73:9f:91:9e:77:06:da:f0:65:
                    3e:2c:c9:1f:27:b8:89:15:78:69:7c:d7:3b:b6:b9:
                    8b:de:39:d8:d5:d2:9a:71:e0:66:5b:e5:3b:c6:78:
                    e4:4e:41:65:18:57:5b:32:50:65:0a:79:50:83:f0:
                    c3:aa:45:85:6a:47:c0:c4:9c:43:26:81:31:e2:59:
                    e5:28:4a:b9:af:2c:f0:cf:c9:13:c9:e3:cd:61:e1:
                    4c:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:D9:77:0C:30:7E:A3:96:0C:8D:A2:68:A8:86:5A:4A:9F:A6:34:C9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/4444ab-3da3-418b-a105-f2fe0d04bfbf/1/3dl3DDB-o5YMjaJoqIZaSp-mNMk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.34.56.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  41923

    Signature Algorithm: sha256WithRSAEncryption
         00:bb:b6:64:aa:06:fc:8b:77:31:6a:6a:2a:c4:d2:4a:7e:d7:
         c9:79:ae:14:c5:df:5f:5a:c2:fe:80:fb:cd:80:55:37:99:4d:
         2d:da:5f:02:a4:81:8a:9c:b5:d5:34:d6:ae:2b:5e:9e:87:71:
         9a:ef:ec:88:6c:2a:af:d2:88:e6:86:37:6d:39:82:d4:58:83:
         e0:82:e0:21:14:df:10:84:a1:8f:19:c7:19:62:b0:9e:c2:31:
         ea:80:f9:9e:70:25:c5:08:f8:84:b5:45:a6:94:4c:29:97:75:
         55:14:75:59:69:7f:15:86:02:0b:ad:bc:13:35:97:1a:10:b0:
         be:f1:9b:36:0c:65:f9:66:c9:13:48:66:70:ea:aa:cb:63:af:
         3f:2b:35:2f:96:bb:6f:9f:a2:45:c9:1e:67:90:3f:86:0d:1d:
         ce:82:83:04:75:69:d4:ca:bd:55:ee:e8:96:2e:6c:11:cc:ca:
         e0:9f:4a:c1:9a:ff:dc:84:20:cb:fb:aa:73:51:91:95:42:de:
         df:8b:2c:91:33:ae:66:fa:1a:f7:83:15:5b:8e:b1:c6:00:5f:
         7f:32:af:bf:83:41:da:f8:3f:35:09:3b:e9:33:fd:e0:61:d7:
         e5:99:a3:50:25:74:07:4e:6b:2f:04:e3:d0:1b:bf:79:3b:a4:
         65:d1:f3:6a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZA0M/zap1oTaBGxbXZXtMyHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjIwMDU1MjIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGQ5NzcwYzMwN2VhMzk2MGM4ZGEyNjhhODg2NWE0YTlmYTYzNGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7VO7ENgajG8o/KA2x7tMLO7qIzvb
H9jSErpiK4zu80kU6zoa6SrX5zscKJmZg75zNhCdcLUXrO4mN+8hvqhaTpua9+0Z
s8i0KLSrACM8eGjJN6x7YvW0OzRk49TIl2ZVPcy/2W4zjmY60Q0Oh+dCePDQ9Em0
FPI9QmnihctRqZuZZU/pYtjyaDLsqzUApZ9RXIHS7Uuh7gWf2DkB51YYSv53il5P
EXHv/vpzn5Gedwba8GU+LMkfJ7iJFXhpfNc7trmL3jnY1dKaceBmW+U7xnjkTkFl
GFdbMlBlCnlQg/DDqkWFakfAxJxDJoEx4lnlKEq5ryzwz8kTyePNYeFMowIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFN3ZdwwwfqOWDI2iaKiGWkqfpjTJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUzLzQ0NDRh
Yi0zZGEzLTQxOGItYTEwNS1mMmZlMGQwNGJmYmYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTMvNDQ0NGFi
LTNkYTMtNDE4Yi1hMTA1LWYyZmUwZDA0YmZiZi8xLzNkbDNEREItbzVZTWphSm9x
SVphU3AtbU5Nay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwSI4MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwCjwzANBgkqhkiG9w0BAQsFAAOCAQEAALu2ZKoG/It3MWpqKsTSSn7XyXmuFMXf
X1rC/oD7zYBVN5lNLdpfAqSBipy11TTWritenodxmu/siGwqr9KI5oY3bTmC1FiD
4ILgIRTfEIShjxnHGWKwnsIx6oD5nnAlxQj4hLVFppRMKZd1VRR1WWl/FYYCC628
EzWXGhCwvvGbNgxl+WbJE0hmcOqqy2OvPys1L5a7b5+iRckeZ5A/hg0dzoKDBHVp
1Mq9Ve7oli5sEczK4J9KwZr/3IQgy/uqc1GRlULe34sskTOuZvoa94MVW46xxgBf
fzKvv4NB2vg/NQk76TP94GHX5ZmjUCV0B05rLwTj0Bu/eTukZdHzag==
-----END CERTIFICATE-----