Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4bUJZyudmYtGScw3aoKYeeb-rKc.cer
File:                     4bUJZyudmYtGScw3aoKYeeb-rKc.cer (raw, json)
Hash identifier:          hpWuDjJR7ZC0XWXlzWAn+prK35f5mSdNdtoW7CMDJTw=
Subject key identifier:   E1:B5:09:67:2B:9D:99:8B:46:49:CC:37:6A:82:98:79:E6:FE:AC:A7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018EAB5DD74E638ACBDC797A6ED7F2E324E5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/4bUJZyudmYtGScw3aoKYeeb-rKc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 04 Apr 2024 23:07:17 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 210748
                          IP: 193.163.91.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ab:5d:d7:4e:63:8a:cb:dc:79:7a:6e:d7:f2:e3:24:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr  4 23:07:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e1b509672b9d998b4649cc376a829879e6feaca7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:38:89:a1:0d:09:70:01:0a:38:05:f7:17:f1:
                    a1:e7:75:b9:d0:87:28:fe:71:aa:f3:0a:d9:0e:25:
                    e2:3d:77:32:54:67:cc:9f:ea:eb:39:b6:e8:ce:f4:
                    3d:ce:5b:fc:46:6c:0b:b6:3b:e7:83:cf:7a:09:1d:
                    19:16:47:4e:ad:76:65:fd:74:06:30:0a:0c:f0:b1:
                    db:e3:e9:41:2e:4f:44:54:81:e0:a2:8f:1d:ae:dc:
                    16:c0:17:d2:3f:9b:db:1d:c4:06:00:26:c8:f6:c6:
                    55:1e:a4:2b:a0:81:6d:e8:e2:53:03:38:a4:4f:c7:
                    c2:4b:47:5e:fd:d6:41:36:8b:6f:a2:63:35:d6:f8:
                    a3:35:e7:6d:01:4f:4d:fa:e7:7d:df:89:16:fe:7f:
                    ec:9c:a7:c8:b0:3c:4d:7c:1d:81:1c:fc:46:d6:e5:
                    a6:78:80:df:57:80:48:f6:b0:b9:c2:7f:8f:0d:e8:
                    50:26:d2:ac:bd:2c:c2:ac:bc:00:fd:28:ed:8c:01:
                    e2:53:cc:66:23:6d:ab:90:6f:eb:eb:7d:ec:75:5d:
                    80:d8:65:36:4f:24:f6:17:e0:56:f7:34:cc:9d:f6:
                    25:ae:a9:46:0f:53:87:74:39:fb:47:64:38:b8:65:
                    25:7a:7f:00:d8:70:20:8a:02:56:b3:44:ad:d9:9c:
                    7f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:B5:09:67:2B:9D:99:8B:46:49:CC:37:6A:82:98:79:E6:FE:AC:A7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/4bUJZyudmYtGScw3aoKYeeb-rKc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.91.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210748

    Signature Algorithm: sha256WithRSAEncryption
         7c:82:e5:ec:7f:33:b7:a2:1b:7b:05:9b:a8:75:29:86:30:b0:
         96:f4:7a:5d:00:9c:6c:2c:28:d4:5f:79:a4:89:26:6f:87:3c:
         92:d3:c3:5c:d7:72:4d:34:07:d6:8a:36:9d:6a:0c:92:2f:b6:
         7d:b7:76:81:47:40:fd:b9:95:30:9f:ae:d1:24:ec:6c:ca:48:
         48:c6:83:f6:ce:25:6d:fb:19:24:59:35:71:11:0d:e5:8b:8f:
         5a:0c:19:d1:2d:6b:6c:e2:53:ad:74:71:b3:0e:4a:ed:fd:f5:
         4c:e6:79:f7:bf:93:6e:ef:48:1a:3f:0c:2f:69:a0:5d:2c:8f:
         20:5f:77:96:3e:3a:03:4b:42:fc:51:0c:0f:de:57:2e:c4:95:
         31:73:8a:18:5d:80:9c:c7:7d:a8:80:63:04:99:d6:16:b0:38:
         12:e3:4a:04:2c:26:ad:96:e7:e5:96:a6:63:e2:ee:8f:0d:55:
         cb:bc:9e:0f:1f:18:ce:35:f4:70:32:a3:37:f1:e6:28:c3:6f:
         93:65:c0:95:e9:5f:63:f7:9e:21:da:88:04:05:0b:56:d1:c1:
         bb:b0:f4:18:43:e9:52:28:56:ad:ab:23:55:59:07:c0:ea:26:
         26:07:f3:b4:a0:2b:c6:0e:e7:16:7a:b2:eb:a4:47:4a:ff:ca:
         3b:05:e0:0d
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY6rXddOY4rL3Hl6btfy4yTlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDA0MjMwNzE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWI1MDk2NzJiOWQ5OThiNDY0OWNjMzc2YTgyOTg3OWU2ZmVhY2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTiJoQ0JcAEKOAX3F/Gh53W50Ico
/nGq8wrZDiXiPXcyVGfMn+rrObbozvQ9zlv8RmwLtjvng896CR0ZFkdOrXZl/XQG
MAoM8LHb4+lBLk9EVIHgoo8drtwWwBfSP5vbHcQGACbI9sZVHqQroIFt6OJTAzik
T8fCS0de/dZBNotvomM11vijNedtAU9N+ud934kW/n/snKfIsDxNfB2BHPxG1uWm
eIDfV4BI9rC5wn+PDehQJtKsvSzCrLwA/SjtjAHiU8xmI22rkG/r633sdV2A2GU2
TyT2F+BW9zTMnfYlrqlGD1OHdDn7R2Q4uGUlen8A2HAgigJWs0St2Zx/cwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFOG1CWcrnZmLRknMN2qCmHnm/qynMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M3LzU0NmE1
NS1kZGFhLTQzNDEtYjhmOS0zZWM1MjI3NzFmNDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzcvNTQ2YTU1
LWRkYWEtNDM0MS1iOGY5LTNlYzUyMjc3MWY0MC8xLzRiVUpaeXVkbVl0R1NjdzNh
b0tZZWViLXJLYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwaNbMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM3PDANBgkqhkiG9w0BAQsFAAOCAQEAfILl7H8zt6IbewWbqHUphjCwlvR6XQCc
bCwo1F95pIkmb4c8ktPDXNdyTTQH1oo2nWoMki+2fbd2gUdA/bmVMJ+u0STsbMpI
SMaD9s4lbfsZJFk1cREN5YuPWgwZ0S1rbOJTrXRxsw5K7f31TOZ597+Tbu9IGj8M
L2mgXSyPIF93lj46A0tC/FEMD95XLsSVMXOKGF2AnMd9qIBjBJnWFrA4EuNKBCwm
rZbn5ZamY+Lujw1Vy7yeDx8YzjX0cDKjN/HmKMNvk2XAlelfY/eeIdqIBAULVtHB
u7D0GEPpUihWrasjVVkHwOomJgfztKArxg7nFnqy66RHSv/KOwXgDQ==
-----END CERTIFICATE-----