Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3xgOBUPUcdzw2Dhg1r5jlcK4iIg.cer
File:                     3xgOBUPUcdzw2Dhg1r5jlcK4iIg.cer (raw, json)
Hash identifier:          I4lohJvXJk1nPUWooeFEr/TNtHsGdooWongw7CrQS/Y=
Subject key identifier:   DF:18:0E:05:43:D4:71:DC:F0:D8:38:60:D6:BE:63:95:C2:B8:88:88
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86F81E2245D7C1777885E95D0BC0B52
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/91/30f410-82bb-411a-b2bc-c4b1446c0d8b/1/3xgOBUPUcdzw2Dhg1r5jlcK4iIg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/91/30f410-82bb-411a-b2bc-c4b1446c0d8b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:30:00 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 199887

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 17:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:81:e2:24:5d:7c:17:77:88:5e:95:d0:bc:0b:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=df180e0543d471dcf0d83860d6be6395c2b88888
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ae:74:13:50:5b:c8:e2:d4:c9:bb:85:8f:5e:
                    89:6e:90:0d:b7:0c:f8:a5:85:43:2a:56:99:fd:64:
                    9c:9b:39:c3:ad:1f:b3:9a:4e:72:5c:88:ea:13:1e:
                    48:6b:56:8f:71:ba:f8:45:b1:e6:79:b2:86:87:8a:
                    51:57:ab:22:c8:47:33:a0:4c:89:09:ab:40:e5:b1:
                    60:fb:22:bd:e8:c5:ae:b1:72:63:f7:8b:8b:d4:79:
                    e1:14:6a:f8:92:bc:d8:1f:48:15:70:e4:c2:f1:ac:
                    13:70:40:d1:2d:00:7d:1d:28:d7:d6:53:f3:76:40:
                    05:55:dc:d9:2f:a4:f0:af:02:ba:73:b6:a9:fa:46:
                    d1:e1:94:bc:dd:90:d0:82:f8:f0:c0:99:8c:a8:2e:
                    f7:ec:e2:46:e2:7f:03:35:8a:30:af:be:15:2f:10:
                    2c:97:22:a0:84:a0:d6:78:52:10:a8:99:99:f0:af:
                    f1:e6:6d:a0:b1:9c:30:81:47:41:3e:61:8a:ee:b0:
                    00:20:76:05:d2:5d:0f:0e:89:83:d5:26:36:4f:bf:
                    e0:0e:18:6b:4a:6a:38:85:23:74:a8:87:47:05:22:
                    4d:09:53:4b:24:69:18:a5:2f:a9:3b:b4:76:8f:4b:
                    49:94:56:de:60:a8:7a:5b:5f:30:47:6b:b2:e4:5a:
                    40:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:18:0E:05:43:D4:71:DC:F0:D8:38:60:D6:BE:63:95:C2:B8:88:88
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/30f410-82bb-411a-b2bc-c4b1446c0d8b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/30f410-82bb-411a-b2bc-c4b1446c0d8b/1/3xgOBUPUcdzw2Dhg1r5jlcK4iIg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  199887

    Signature Algorithm: sha256WithRSAEncryption
         a1:cb:69:ad:41:37:05:38:69:76:bb:98:94:e9:70:cb:12:34:
         e3:51:97:50:ac:65:ca:9f:a2:b7:a7:d2:af:7a:c6:ca:af:09:
         fd:66:b1:f4:60:66:10:aa:ed:a3:f4:f0:2f:6e:d7:73:60:e7:
         d6:33:a6:fa:08:33:5b:9e:ae:1d:d6:db:50:34:dd:49:49:b9:
         f2:f6:3b:72:84:4f:e6:df:75:b7:25:9c:e8:5e:67:b9:00:d5:
         62:34:06:9f:40:37:a2:94:3e:cf:91:be:60:e1:f5:9d:10:46:
         48:8e:84:33:9d:97:5b:74:78:9a:49:04:2c:a4:ae:79:eb:a4:
         a5:e1:a9:1d:04:fd:b1:5c:6d:bb:7c:45:5b:f8:f5:82:11:4a:
         0e:b7:2e:eb:71:59:95:45:fe:a3:83:8d:d8:9b:bf:91:e8:5a:
         9a:28:45:74:f1:5d:ea:41:df:9c:ce:90:b8:05:77:2b:f9:d3:
         a0:54:d6:8f:c4:50:72:65:e1:62:b5:35:52:0a:89:b1:3d:d4:
         2a:66:3f:01:d5:1b:fb:56:dd:21:d4:3f:26:53:f0:70:00:fb:
         c9:fe:ae:23:bc:67:d5:ff:4f:33:fb:9e:ff:a9:f5:ef:3f:39:
         f6:11:30:39:a1:82:5e:e2:3a:c0:1b:7e:68:ec:70:fc:76:1f:
         7d:31:3d:49
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzIb4HiJF18F3eIXpXQvAtSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjE4MGUwNTQzZDQ3MWRjZjBkODM4NjBkNmJlNjM5NWMyYjg4ODg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK50E1BbyOLUybuFj16JbpANtwz4
pYVDKlaZ/WScmznDrR+zmk5yXIjqEx5Ia1aPcbr4RbHmebKGh4pRV6siyEczoEyJ
CatA5bFg+yK96MWusXJj94uL1HnhFGr4krzYH0gVcOTC8awTcEDRLQB9HSjX1lPz
dkAFVdzZL6TwrwK6c7ap+kbR4ZS83ZDQgvjwwJmMqC737OJG4n8DNYowr74VLxAs
lyKghKDWeFIQqJmZ8K/x5m2gsZwwgUdBPmGK7rAAIHYF0l0PDomD1SY2T7/gDhhr
Smo4hSN0qIdHBSJNCVNLJGkYpS+pO7R2j0tJlFbeYKh6W18wR2uy5FpA1QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFN8YDgVD1HHc8Ng4YNa+Y5XCuIiIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkxLzMwZjQx
MC04MmJiLTQxMWEtYjJiYy1jNGIxNDQ2YzBkOGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTEvMzBmNDEw
LTgyYmItNDExYS1iMmJjLWM0YjE0NDZjMGQ4Yi8xLzN4Z09CVVBVY2R6dzJEaGcx
cjVqbGNLNGlJZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMMzzANBgkqhkiG9w0BAQsFAAOCAQEAoctprUE3BThp
druYlOlwyxI041GXUKxlyp+it6fSr3rGyq8J/Wax9GBmEKrto/TwL27Xc2Dn1jOm
+ggzW56uHdbbUDTdSUm58vY7coRP5t91tyWc6F5nuQDVYjQGn0A3opQ+z5G+YOH1
nRBGSI6EM52XW3R4mkkELKSueeukpeGpHQT9sVxtu3xFW/j1ghFKDrcu63FZlUX+
o4ON2Ju/kehamihFdPFd6kHfnM6QuAV3K/nToFTWj8RQcmXhYrU1UgqJsT3UKmY/
AdUb+1bdIdQ/JlPwcAD7yf6uI7xn1f9PM/ue/6n17z859hEwOaGCXuI6wBt+aOxw
/HYffTE9SQ==
-----END CERTIFICATE-----