Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4aWhf1DBNbGFHOwsdrD9cPncx54.cer
File:                     4aWhf1DBNbGFHOwsdrD9cPncx54.cer (raw, json)
Hash identifier:          AYokzBm6cW4TFXsmki7WbRTGCOjs6FITLeppZ5BUbtg=
Subject key identifier:   E1:A5:A1:7F:50:C1:35:B1:85:1C:EC:2C:76:B0:FD:70:F9:DC:C7:9E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018FA5411CBB65200B26378B652684DFB8D7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/82/f9f8fa-2988-445c-be94-913575c58f4a/1/4aWhf1DBNbGFHOwsdrD9cPncx54.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/82/f9f8fa-2988-445c-be94-913575c58f4a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 23 May 2024 11:40:58 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 202731
                          IP: 2001:678:1e4::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a5:41:1c:bb:65:20:0b:26:37:8b:65:26:84:df:b8:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 23 11:40:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1a5a17f50c135b1851cec2c76b0fd70f9dcc79e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:42:f9:fc:a1:aa:b6:33:e1:f4:23:a3:84:68:
                    59:cd:44:fd:02:04:c6:e3:8d:80:53:c3:10:e6:38:
                    5b:df:f6:e9:47:fe:1b:be:e0:20:6d:d2:97:d1:8f:
                    f4:ff:6b:33:92:d9:7c:65:96:90:d8:63:b7:15:12:
                    d6:fa:00:4f:43:b1:15:06:f0:ab:6f:2b:1e:10:d6:
                    8f:5d:d9:b9:52:fe:a8:eb:8b:9b:a6:4b:7a:58:6f:
                    e6:72:cc:20:a0:dc:09:95:7a:9b:02:c2:2e:81:b9:
                    95:ef:ce:7c:98:bd:c1:7e:b6:00:00:d3:10:77:e9:
                    68:fa:75:0e:bd:12:8d:84:f2:55:15:a1:bc:0f:97:
                    88:7e:a9:23:20:12:21:69:2c:81:47:37:20:5b:f1:
                    e5:8a:06:de:b3:4b:33:a0:d4:88:95:14:c0:92:06:
                    4e:8f:d1:e7:c7:32:b5:8c:5e:f7:f7:5d:23:94:13:
                    20:16:2b:c9:63:9a:e6:41:7b:35:4b:31:cd:2f:d4:
                    05:99:8d:41:31:97:eb:89:43:62:cc:5b:97:c4:67:
                    73:18:fb:74:1b:54:e0:18:51:d9:50:5e:8e:ff:30:
                    31:55:05:33:3b:14:87:28:15:0f:86:46:f1:57:95:
                    01:b5:bd:59:47:73:33:48:fa:fa:d3:80:ba:b8:c1:
                    37:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:A5:A1:7F:50:C1:35:B1:85:1C:EC:2C:76:B0:FD:70:F9:DC:C7:9E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/f9f8fa-2988-445c-be94-913575c58f4a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/f9f8fa-2988-445c-be94-913575c58f4a/1/4aWhf1DBNbGFHOwsdrD9cPncx54.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1e4::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202731

    Signature Algorithm: sha256WithRSAEncryption
         a2:2a:82:c5:8f:58:1c:ab:60:96:13:dd:ad:28:71:e6:4a:ea:
         a6:f4:cb:c6:2a:c3:da:9a:4e:10:9b:3e:05:48:20:fb:cc:0f:
         9a:5a:5a:c7:bc:55:98:49:16:85:38:d0:a6:6f:6f:87:ef:3c:
         82:3e:6f:8f:5b:76:99:a4:b7:9c:8b:0c:4f:14:b3:9e:e0:37:
         66:2b:6f:31:c2:9f:5f:a5:a4:e2:da:63:54:b7:0a:d3:e9:43:
         1c:6a:4a:f3:18:ee:e3:ca:0a:3d:d9:83:3b:a6:64:f1:38:ea:
         d6:99:7d:c1:80:c6:ad:59:13:6f:49:02:c9:03:f2:ea:94:05:
         ad:21:b0:5b:98:1c:38:64:fa:6a:73:df:01:f4:56:28:24:b7:
         ef:1e:fb:d1:eb:fa:bb:73:f6:9c:65:5b:ac:f0:5b:d8:9d:5f:
         e4:54:95:a4:56:5e:84:d2:7c:1d:93:ac:e2:1f:6f:7c:7f:e3:
         7a:a3:8a:98:a3:84:70:40:38:bc:b0:85:d2:01:61:c6:79:1a:
         fd:1a:d9:36:ed:3a:17:68:b5:ba:f7:2c:91:94:10:ea:77:8f:
         40:4d:20:60:f9:19:22:27:82:28:8f:4a:9e:6b:d7:81:8f:03:
         39:51:73:c2:ec:cf:dc:16:0c:42:52:1c:24:e1:13:d9:d0:6d:
         c0:07:3f:d9
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAY+lQRy7ZSALJjeLZSaE37jXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNTIzMTE0MDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWE1YTE3ZjUwYzEzNWIxODUxY2VjMmM3NmIwZmQ3MGY5ZGNjNzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEL5/KGqtjPh9COjhGhZzUT9AgTG
442AU8MQ5jhb3/bpR/4bvuAgbdKX0Y/0/2szktl8ZZaQ2GO3FRLW+gBPQ7EVBvCr
byseENaPXdm5Uv6o64ubpkt6WG/mcswgoNwJlXqbAsIugbmV7858mL3BfrYAANMQ
d+lo+nUOvRKNhPJVFaG8D5eIfqkjIBIhaSyBRzcgW/Hligbes0szoNSIlRTAkgZO
j9HnxzK1jF73910jlBMgFivJY5rmQXs1SzHNL9QFmY1BMZfriUNizFuXxGdzGPt0
G1TgGFHZUF6O/zAxVQUzOxSHKBUPhkbxV5UBtb1ZR3MzSPr604C6uME3xwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFOGloX9QwTWxhRzsLHaw/XD53MeeMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzgyL2Y5Zjhm
YS0yOTg4LTQ0NWMtYmU5NC05MTM1NzVjNThmNGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODIvZjlmOGZh
LTI5ODgtNDQ1Yy1iZTk0LTkxMzU3NWM1OGY0YS8xLzRhV2hmMURCTmJHRkhPd3Nk
ckQ5Y1BuY3g1NC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAHkMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMX6zANBgkqhkiG9w0BAQsFAAOCAQEAoiqCxY9YHKtglhPdrShx5krqpvTL
xirD2ppOEJs+BUgg+8wPmlpax7xVmEkWhTjQpm9vh+88gj5vj1t2maS3nIsMTxSz
nuA3ZitvMcKfX6Wk4tpjVLcK0+lDHGpK8xju48oKPdmDO6Zk8Tjq1pl9wYDGrVkT
b0kCyQPy6pQFrSGwW5gcOGT6anPfAfRWKCS37x770ev6u3P2nGVbrPBb2J1f5FSV
pFZehNJ8HZOs4h9vfH/jeqOKmKOEcEA4vLCF0gFhxnka/RrZNu06F2i1uvcskZQQ
6nePQE0gYPkZIieCKI9KnmvXgY8DOVFzwuzP3BYMQlIcJOET2dBtwAc/2Q==
-----END CERTIFICATE-----