Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4KM3CoQbiT57aPhqOTNjWC4QVkg.cer
File:                     4KM3CoQbiT57aPhqOTNjWC4QVkg.cer (raw, json)
Hash identifier:          pyv/VcNo0PnzvOUF55/N0trKr+7vAFCCJD++BilNHbU=
Subject key identifier:   E0:A3:37:0A:84:1B:89:3E:7B:68:F8:6A:39:33:63:58:2E:10:56:48
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC79489DC14072EA22DE1B0F5BA960EB4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/40/95746e-be52-42ee-9cc8-c3edb4d8f71e/1/4KM3CoQbiT57aPhqOTNjWC4QVkg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/40/95746e-be52-42ee-9cc8-c3edb4d8f71e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:49 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 204914

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:89:dc:14:07:2e:a2:2d:e1:b0:f5:ba:96:0e:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e0a3370a841b893e7b68f86a393363582e105648
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d3:ab:af:ba:00:97:3a:ff:cb:f4:bb:89:fa:
                    4f:f5:a8:5b:c1:0d:52:9a:13:22:8e:be:ee:b9:6e:
                    e4:eb:5c:30:0b:fc:3c:e9:16:0f:f0:de:5b:35:91:
                    20:22:5f:09:3a:9d:65:ec:f8:0a:e1:cc:5b:3a:4b:
                    b8:ee:dc:30:02:44:6d:18:ce:0f:44:f1:ae:c4:64:
                    18:9b:57:5b:78:46:3d:2e:0d:6b:54:f7:d7:11:f4:
                    df:e4:61:b2:02:37:81:57:dc:41:c3:cc:4c:e0:e5:
                    dc:1a:97:a1:51:d6:f0:7e:ee:74:f3:79:b9:bd:d3:
                    4b:4b:90:6d:6b:75:41:e1:6e:a7:d6:e6:98:04:0b:
                    7d:bb:dc:06:dc:27:09:46:62:6f:63:ec:84:b4:6c:
                    a5:73:70:0f:89:28:dc:c2:df:da:02:3e:51:4e:20:
                    b0:7c:2d:0f:fa:77:d9:f3:ce:12:3c:fe:7c:e7:a3:
                    4b:39:90:0c:3c:82:1f:0a:b9:09:80:6d:21:d2:8e:
                    7c:43:df:8a:ee:0d:6d:9b:1c:38:b1:f4:e6:c4:e2:
                    08:6f:83:b0:bb:fc:58:f9:a0:63:61:62:3a:26:39:
                    67:06:df:ce:f3:aa:8d:16:3f:67:37:86:6d:20:d1:
                    7a:db:06:36:40:5e:b9:14:3b:fc:c2:db:67:1e:b9:
                    b2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:A3:37:0A:84:1B:89:3E:7B:68:F8:6A:39:33:63:58:2E:10:56:48
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/95746e-be52-42ee-9cc8-c3edb4d8f71e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/95746e-be52-42ee-9cc8-c3edb4d8f71e/1/4KM3CoQbiT57aPhqOTNjWC4QVkg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  204914

    Signature Algorithm: sha256WithRSAEncryption
         2d:0c:54:12:da:f0:db:d8:49:84:22:14:0e:71:5b:8b:df:59:
         41:f4:ac:77:f3:77:f0:c9:45:22:18:90:24:f3:72:2e:81:c9:
         51:ca:df:db:c2:c7:12:0a:60:c4:c4:d9:d5:d9:ff:e5:f6:5d:
         12:50:ed:d9:bf:94:81:8d:9e:69:0b:99:ef:12:bd:0a:aa:ab:
         ce:c0:1a:96:ae:94:da:e9:df:10:aa:6d:8c:9e:c0:84:43:77:
         37:0c:75:48:a0:5d:e5:87:30:ac:69:10:1f:3d:d1:fa:7c:90:
         6c:15:65:4d:c5:b1:55:d1:24:b4:93:b9:b7:ca:9b:02:a0:c3:
         2f:86:22:69:e4:25:d3:da:3a:64:49:14:72:e8:b5:ca:25:5e:
         34:1b:5e:fd:f9:18:e6:a6:ab:05:5f:18:b6:b3:26:d2:41:da:
         72:ab:c7:c7:ad:b9:64:37:d2:c7:c5:2c:b5:2e:e5:29:50:a9:
         e2:f7:a0:71:d1:a4:9f:d8:0d:af:66:1f:dd:9e:c6:f6:44:4e:
         32:ae:4f:d6:3b:07:17:3d:0d:b4:96:7e:44:e4:72:9e:f3:b4:
         0d:f0:f7:97:ff:13:0c:bc:40:ff:0c:85:ae:fc:a8:c7:53:fa:
         57:9d:fc:e4:c9:ad:13:97:7f:57:7f:3b:ce:d9:48:44:7f:b7:
         e3:aa:28:16
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHlIncFAcuoi3hsPW6lg60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGEzMzcwYTg0MWI4OTNlN2I2OGY4NmEzOTMzNjM1ODJlMTA1NjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdOrr7oAlzr/y/S7ifpP9ahbwQ1S
mhMijr7uuW7k61wwC/w86RYP8N5bNZEgIl8JOp1l7PgK4cxbOku47twwAkRtGM4P
RPGuxGQYm1dbeEY9Lg1rVPfXEfTf5GGyAjeBV9xBw8xM4OXcGpehUdbwfu5083m5
vdNLS5Bta3VB4W6n1uaYBAt9u9wG3CcJRmJvY+yEtGylc3APiSjcwt/aAj5RTiCw
fC0P+nfZ884SPP5856NLOZAMPIIfCrkJgG0h0o58Q9+K7g1tmxw4sfTmxOIIb4Ow
u/xY+aBjYWI6JjlnBt/O86qNFj9nN4ZtINF62wY2QF65FDv8wttnHrmyXwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFOCjNwqEG4k+e2j4ajkzY1guEFZIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQwLzk1NzQ2
ZS1iZTUyLTQyZWUtOWNjOC1jM2VkYjRkOGY3MWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAvOTU3NDZl
LWJlNTItNDJlZS05Y2M4LWMzZWRiNGQ4ZjcxZS8xLzRLTTNDb1FiaVQ1N2FQaHFP
VE5qV0M0UVZrZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMgcjANBgkqhkiG9w0BAQsFAAOCAQEALQxUEtrw29hJ
hCIUDnFbi99ZQfSsd/N38MlFIhiQJPNyLoHJUcrf28LHEgpgxMTZ1dn/5fZdElDt
2b+UgY2eaQuZ7xK9CqqrzsAalq6U2unfEKptjJ7AhEN3Nwx1SKBd5YcwrGkQHz3R
+nyQbBVlTcWxVdEktJO5t8qbAqDDL4YiaeQl09o6ZEkUcui1yiVeNBte/fkY5qar
BV8YtrMm0kHacqvHx625ZDfSx8UstS7lKVCp4vegcdGkn9gNr2Yf3Z7G9kROMq5P
1jsHFz0NtJZ+RORynvO0DfD3l/8TDLxA/wyFrvyox1P6V5385MmtE5d/V387ztlI
RH+346ooFg==
-----END CERTIFICATE-----