Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4bUJZyudmYtGScw3aoKYeeb-rKc.cer
File:                     4bUJZyudmYtGScw3aoKYeeb-rKc.cer (raw, json)
Hash identifier:          sWKfjVdB837+D+vEx4OGGFqg59Cp9rx+kJmKJLXPms0=
Subject key identifier:   E1:B5:09:67:2B:9D:99:8B:46:49:CC:37:6A:82:98:79:E6:FE:AC:A7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194252226E4C037F5A0C4C0CE8AC5853196
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/4bUJZyudmYtGScw3aoKYeeb-rKc.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 03:49:42 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 210748
                          IP: 193.163.91.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:26:e4:c0:37:f5:a0:c4:c0:ce:8a:c5:85:31:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 03:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1b509672b9d998b4649cc376a829879e6feaca7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:38:89:a1:0d:09:70:01:0a:38:05:f7:17:f1:
                    a1:e7:75:b9:d0:87:28:fe:71:aa:f3:0a:d9:0e:25:
                    e2:3d:77:32:54:67:cc:9f:ea:eb:39:b6:e8:ce:f4:
                    3d:ce:5b:fc:46:6c:0b:b6:3b:e7:83:cf:7a:09:1d:
                    19:16:47:4e:ad:76:65:fd:74:06:30:0a:0c:f0:b1:
                    db:e3:e9:41:2e:4f:44:54:81:e0:a2:8f:1d:ae:dc:
                    16:c0:17:d2:3f:9b:db:1d:c4:06:00:26:c8:f6:c6:
                    55:1e:a4:2b:a0:81:6d:e8:e2:53:03:38:a4:4f:c7:
                    c2:4b:47:5e:fd:d6:41:36:8b:6f:a2:63:35:d6:f8:
                    a3:35:e7:6d:01:4f:4d:fa:e7:7d:df:89:16:fe:7f:
                    ec:9c:a7:c8:b0:3c:4d:7c:1d:81:1c:fc:46:d6:e5:
                    a6:78:80:df:57:80:48:f6:b0:b9:c2:7f:8f:0d:e8:
                    50:26:d2:ac:bd:2c:c2:ac:bc:00:fd:28:ed:8c:01:
                    e2:53:cc:66:23:6d:ab:90:6f:eb:eb:7d:ec:75:5d:
                    80:d8:65:36:4f:24:f6:17:e0:56:f7:34:cc:9d:f6:
                    25:ae:a9:46:0f:53:87:74:39:fb:47:64:38:b8:65:
                    25:7a:7f:00:d8:70:20:8a:02:56:b3:44:ad:d9:9c:
                    7f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:B5:09:67:2B:9D:99:8B:46:49:CC:37:6A:82:98:79:E6:FE:AC:A7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/546a55-ddaa-4341-b8f9-3ec522771f40/1/4bUJZyudmYtGScw3aoKYeeb-rKc.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.91.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  210748

    Signature Algorithm: sha256WithRSAEncryption
         9d:61:95:90:3a:21:cc:19:af:ff:83:83:aa:e1:54:ab:f5:12:
         4b:c1:29:e7:f6:2b:18:df:75:95:d4:a2:31:8e:1e:35:c5:ff:
         8b:e2:5a:0d:65:37:01:8b:dd:ba:d2:eb:04:22:41:d7:ff:b5:
         f8:e6:82:50:c1:e3:32:fd:0a:f5:73:3c:73:3e:11:08:8c:98:
         d1:e7:56:b3:69:de:27:0a:9d:4c:5b:9a:ab:79:ee:5a:97:1c:
         70:e5:21:65:23:d3:12:b1:d0:6f:6b:52:95:d5:1e:ff:d1:e4:
         6e:b4:2b:52:2f:09:9d:db:da:90:7b:dc:72:b6:fc:bb:15:66:
         68:ee:1c:53:04:11:ef:ff:4d:43:49:de:4b:4f:cb:bb:d9:95:
         34:2d:8d:cb:51:4e:58:96:71:d9:da:38:54:3e:c8:7c:ee:38:
         22:38:4a:3d:25:08:44:f3:ae:32:fe:82:df:58:0b:1d:6f:c7:
         bf:04:5d:40:43:51:13:e0:1e:3a:d8:11:1b:b2:3f:a5:e4:02:
         e8:08:86:7d:f1:73:98:00:47:09:95:24:a7:dc:f0:c0:43:83:
         6c:fc:4d:91:95:b2:56:00:1b:2d:bb:9c:75:cd:f1:8c:ca:b3:
         c8:05:e3:fa:3b:9e:9a:f4:af:d5:ec:d1:cb:aa:c8:dd:9d:1d:
         12:d0:27:68
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQlIibkwDf1oMTAzorFhTGWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDM0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWI1MDk2NzJiOWQ5OThiNDY0OWNjMzc2YTgyOTg3OWU2ZmVhY2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTiJoQ0JcAEKOAX3F/Gh53W50Ico
/nGq8wrZDiXiPXcyVGfMn+rrObbozvQ9zlv8RmwLtjvng896CR0ZFkdOrXZl/XQG
MAoM8LHb4+lBLk9EVIHgoo8drtwWwBfSP5vbHcQGACbI9sZVHqQroIFt6OJTAzik
T8fCS0de/dZBNotvomM11vijNedtAU9N+ud934kW/n/snKfIsDxNfB2BHPxG1uWm
eIDfV4BI9rC5wn+PDehQJtKsvSzCrLwA/SjtjAHiU8xmI22rkG/r633sdV2A2GU2
TyT2F+BW9zTMnfYlrqlGD1OHdDn7R2Q4uGUlen8A2HAgigJWs0St2Zx/cwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFOG1CWcrnZmLRknMN2qCmHnm/qynMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M3LzU0NmE1
NS1kZGFhLTQzNDEtYjhmOS0zZWM1MjI3NzFmNDAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzcvNTQ2YTU1
LWRkYWEtNDM0MS1iOGY5LTNlYzUyMjc3MWY0MC8xLzRiVUpaeXVkbVl0R1NjdzNh
b0tZZWViLXJLYy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwaNbMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM3PDANBgkqhkiG9w0BAQsFAAOCAQEAnWGVkDohzBmv/4ODquFUq/USS8Ep5/Yr
GN91ldSiMY4eNcX/i+JaDWU3AYvdutLrBCJB1/+1+OaCUMHjMv0K9XM8cz4RCIyY
0edWs2neJwqdTFuaq3nuWpcccOUhZSPTErHQb2tSldUe/9HkbrQrUi8JndvakHvc
crb8uxVmaO4cUwQR7/9NQ0neS0/Lu9mVNC2Ny1FOWJZx2do4VD7IfO44IjhKPSUI
RPOuMv6C31gLHW/HvwRdQENRE+AeOtgRG7I/peQC6AiGffFzmABHCZUkp9zwwEOD
bPxNkZWyVgAbLbucdc3xjMqzyAXj+juemvSv1ezRy6rI3Z0dEtAnaA==
-----END CERTIFICATE-----