Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3kaC5rKGYL2IqbTSjLHXXvfMbX8.cer
File:                     3kaC5rKGYL2IqbTSjLHXXvfMbX8.cer (raw, json)
Hash identifier:          dzhSQhItJPwEjtS8styS/ZEzT9zSudV5FvLR13OsP4k=
Subject key identifier:   DE:46:82:E6:B2:86:60:BD:88:A9:B4:D2:8C:B1:D7:5E:F7:CC:6D:7F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421443ADDB409F91EFB54A8D507B987DD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/74/3511af-0b4e-40b3-bf8f-479c114656fc/1/3kaC5rKGYL2IqbTSjLHXXvfMbX8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/74/3511af-0b4e-40b3-bf8f-479c114656fc/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:27 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 45.88.112.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:3a:dd:b4:09:f9:1e:fb:54:a8:d5:07:b9:87:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de4682e6b28660bd88a9b4d28cb1d75ef7cc6d7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:6d:ac:e0:2c:fb:07:0d:7e:f9:6a:b2:8d:16:
                    b2:f9:4e:c8:bf:ec:56:dd:1b:b8:68:6d:4b:3b:93:
                    69:37:b6:71:70:ea:12:7e:f9:3b:85:dc:f8:bb:58:
                    8b:2b:00:66:3e:e1:fd:66:fc:d5:ee:b7:fa:10:fb:
                    73:c5:64:24:f8:16:33:f5:62:09:f7:fc:e1:bb:25:
                    83:f6:2a:b1:be:09:08:c5:16:b8:eb:1f:16:12:44:
                    03:30:0b:d5:eb:bb:49:be:ab:35:42:db:6e:45:47:
                    3a:29:17:7d:db:c3:95:3a:be:0a:c2:da:e7:cf:99:
                    96:cc:9b:17:ca:5d:34:bf:6d:4d:0c:d1:dd:7b:dd:
                    48:37:34:c7:74:3c:40:22:d2:aa:b7:8b:18:53:9a:
                    47:b4:a6:85:2c:da:b8:b2:13:c5:41:1a:e9:e3:ab:
                    05:a0:ab:26:bb:d1:0b:10:a8:b0:c9:a9:1f:54:1e:
                    3c:66:56:a0:25:a5:ab:06:bf:f3:9c:1f:9f:7a:88:
                    31:49:7f:1c:bf:18:9c:2b:96:c4:fd:84:f6:60:d4:
                    63:8e:00:b0:f0:06:5b:01:f4:ab:e7:5a:53:ec:c9:
                    38:00:4b:39:ab:b6:43:55:b8:44:07:66:35:97:0a:
                    75:3f:7f:7d:05:e4:e4:39:ba:3e:0c:b5:a5:98:7b:
                    45:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:46:82:E6:B2:86:60:BD:88:A9:B4:D2:8C:B1:D7:5E:F7:CC:6D:7F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3511af-0b4e-40b3-bf8f-479c114656fc/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/3511af-0b4e-40b3-bf8f-479c114656fc/1/3kaC5rKGYL2IqbTSjLHXXvfMbX8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:2e:8b:fa:d3:7b:0b:7b:af:07:dd:87:3e:b3:4e:80:fc:f3:
         b1:d2:68:c1:d5:67:69:7b:15:69:8b:83:e5:b6:3e:3d:01:c0:
         1f:f8:3d:a2:83:eb:64:24:be:17:a0:2b:99:ca:9c:aa:71:22:
         e9:04:90:6b:3a:79:93:bb:de:bc:06:ce:58:f0:19:9b:72:78:
         f8:e0:21:90:de:31:f3:b9:1d:db:17:ab:97:9b:c3:d3:0e:4d:
         56:92:d7:0a:09:99:8d:a5:24:b3:be:ef:f8:8f:78:3b:a0:2c:
         a3:70:7a:5e:53:71:c4:4d:88:23:42:ad:1e:b7:ba:e4:d5:3c:
         b2:0d:24:ec:72:55:a8:7c:55:a9:f0:c9:58:a0:c6:a6:bc:f1:
         f6:b1:11:b4:9f:43:02:e2:16:45:9f:87:c9:2d:57:fa:c5:de:
         36:35:cd:13:bd:4f:23:8b:8a:ad:12:e7:b5:86:57:e9:6a:4c:
         f2:8b:10:d8:9a:e2:32:00:a0:ff:3d:8e:ea:05:48:91:ae:59:
         59:36:db:79:bd:6b:8e:fc:ee:0e:2b:ae:df:b2:79:d2:ce:df:
         a4:76:1e:37:ef:3a:08:ed:a4:9a:91:3c:f8:62:13:40:28:3b:
         1c:09:18:10:3a:3e:14:06:d5:ef:2b:7e:91:f9:a3:53:7b:a5:
         7a:f2:13:11
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQhRDrdtAn5HvtUqNUHuYfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTQ2ODJlNmIyODY2MGJkODhhOWI0ZDI4Y2IxZDc1ZWY3Y2M2ZDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkW2s4Cz7Bw1++WqyjRay+U7Iv+xW
3Ru4aG1LO5NpN7ZxcOoSfvk7hdz4u1iLKwBmPuH9ZvzV7rf6EPtzxWQk+BYz9WIJ
9/zhuyWD9iqxvgkIxRa46x8WEkQDMAvV67tJvqs1QttuRUc6KRd928OVOr4Kwtrn
z5mWzJsXyl00v21NDNHde91INzTHdDxAItKqt4sYU5pHtKaFLNq4shPFQRrp46sF
oKsmu9ELEKiwyakfVB48ZlagJaWrBr/znB+feogxSX8cvxicK5bE/YT2YNRjjgCw
8AZbAfSr51pT7Mk4AEs5q7ZDVbhEB2Y1lwp1P399BeTkObo+DLWlmHtF3wIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFN5GguayhmC9iKm00oyx1173zG1/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc0LzM1MTFh
Zi0wYjRlLTQwYjMtYmY4Zi00NzljMTE0NjU2ZmMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzQvMzUxMWFm
LTBiNGUtNDBiMy1iZjhmLTQ3OWMxMTQ2NTZmYy8xLzNrYUM1cktHWUwySXFiVFNq
TEhYWHZmTWJYOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLVhwMA0GCSqGSIb3DQEBCwUAA4IBAQCxLov6
03sLe68H3Yc+s06A/POx0mjB1WdpexVpi4Pltj49AcAf+D2ig+tkJL4XoCuZypyq
cSLpBJBrOnmTu968Bs5Y8Bmbcnj44CGQ3jHzuR3bF6uXm8PTDk1WktcKCZmNpSSz
vu/4j3g7oCyjcHpeU3HETYgjQq0et7rk1TyyDSTsclWofFWp8MlYoMamvPH2sRG0
n0MC4hZFn4fJLVf6xd42Nc0TvU8ji4qtEue1hlfpakzyixDYmuIyAKD/PY7qBUiR
rllZNtt5vWuO/O4OK67fsnnSzt+kdh437zoI7aSakTz4YhNAKDscCRgQOj4UBtXv
K36R+aNTe6V68hMR
-----END CERTIFICATE-----