Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5Bj2Z_Ptx9-BpPiH9mHdlksmvLk.cer
File:                     5Bj2Z_Ptx9-BpPiH9mHdlksmvLk.cer (raw, json)
Hash identifier:          YkQOztNnzcq/XFHCPhfy8413TeEcPiaZkob/S72WOF8=
Subject key identifier:   E4:18:F6:67:F3:ED:C7:DF:81:A4:F8:87:F6:61:DD:96:4B:26:BC:B9
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01904DE27B17E0468630A597792C588AD7E8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/0/E418F667F3EDC7DF81A4F887F661DD964B26BCB9.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Tue 25 Jun 2024 05:33:26 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214643

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4d:e2:7b:17:e0:46:86:30:a5:97:79:2c:58:8a:d7:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jun 25 05:33:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e418f667f3edc7df81a4f887f661dd964b26bcb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:21:b6:69:c9:58:77:5a:f4:4e:28:cd:26:52:
                    7c:50:8c:99:6b:25:ea:d2:c0:53:28:f2:0d:92:72:
                    ab:8d:da:fd:04:07:6a:5f:eb:c0:fb:73:6b:2b:ff:
                    f7:31:42:2d:19:03:1b:69:60:e9:3a:a4:fc:44:64:
                    c8:82:1e:d4:b3:7b:94:c7:e3:11:95:13:83:da:6b:
                    aa:23:ae:7a:9d:d9:2e:19:e4:f3:a3:8f:b6:64:84:
                    40:88:11:92:fc:25:63:f4:a6:cc:25:e0:c0:f8:be:
                    56:7a:15:53:fc:65:5c:2e:55:5f:df:9d:e9:80:d8:
                    57:9d:38:d5:58:b8:9e:74:71:1e:f2:b2:bd:05:a5:
                    81:c9:85:5f:fc:e2:4e:e9:bb:72:e7:41:55:07:84:
                    63:ad:1a:c3:4d:d3:b0:20:79:bd:a6:ac:d4:c2:6d:
                    67:21:46:ac:64:72:d2:17:26:29:7f:bf:8b:ae:86:
                    fe:5e:e6:d5:cc:e3:fe:b2:ce:d7:3d:91:d6:b4:6b:
                    7e:bb:c5:14:3e:55:7f:8d:5d:33:c4:16:4d:c4:11:
                    7c:f7:5c:72:03:b0:72:3d:f6:66:4d:34:6c:b1:85:
                    35:a4:09:6a:d2:89:7a:ff:6f:b6:da:f1:92:ec:ed:
                    20:b6:4c:eb:4e:a9:3b:29:b4:d0:fe:f3:72:bc:8e:
                    1e:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:18:F6:67:F3:ED:C7:DF:81:A4:F8:87:F6:61:DD:96:4B:26:BC:B9
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/db8d8b7d-c486-4239-9d9f-8f8f5dced8d0/0/E418F667F3EDC7DF81A4F887F661DD964B26BCB9.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214643

    Signature Algorithm: sha256WithRSAEncryption
         0d:21:ef:d0:3e:82:d7:b9:87:04:61:46:d8:d0:82:3d:41:33:
         3b:7c:30:70:d7:e1:0a:c0:ff:5b:00:c3:e6:e0:af:4b:69:e9:
         94:34:d5:3e:57:84:54:fe:15:24:54:9f:f1:af:74:7b:4c:6c:
         7d:dc:bd:fb:d1:a0:e1:7b:20:d9:f1:fb:a7:e3:f3:1a:5b:6d:
         a8:ea:04:d2:e9:0e:e3:9a:84:be:59:74:fb:78:bd:e9:a5:16:
         20:d7:c6:c8:76:2d:64:bb:ab:36:10:31:48:44:5e:fa:bd:87:
         6e:83:ec:c0:87:ed:a8:df:81:71:ad:03:52:91:07:67:e4:6b:
         da:16:71:d7:64:11:62:b6:c7:52:e5:5f:80:6b:a5:31:02:3f:
         01:70:93:75:a9:d3:0f:96:5a:c3:59:ec:03:00:f6:6e:1a:a1:
         fb:16:ec:28:7c:a5:39:53:fb:4e:c4:06:2a:12:8d:72:c3:96:
         5b:b2:10:e2:6b:9b:ff:fd:76:a5:25:f8:9a:b8:10:8c:c6:a3:
         21:07:7f:8d:3c:29:dc:05:9c:fa:ca:21:33:2d:56:81:1f:fd:
         86:a5:5f:97:9c:8f:16:d6:45:0c:42:dc:6d:f6:27:d9:d9:9a:
         03:47:02:ec:d0:23:d7:72:94:09:9b:d9:1a:9c:8c:90:23:d5:
         e9:49:f2:b2
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZBN4nsX4EaGMKWXeSxYitfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNjI1MDUzMzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDE4ZjY2N2YzZWRjN2RmODFhNGY4ODdmNjYxZGQ5NjRiMjZiY2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSG2aclYd1r0TijNJlJ8UIyZayXq
0sBTKPINknKrjdr9BAdqX+vA+3NrK//3MUItGQMbaWDpOqT8RGTIgh7Us3uUx+MR
lROD2muqI656ndkuGeTzo4+2ZIRAiBGS/CVj9KbMJeDA+L5WehVT/GVcLlVf353p
gNhXnTjVWLiedHEe8rK9BaWByYVf/OJO6bty50FVB4RjrRrDTdOwIHm9pqzUwm1n
IUasZHLSFyYpf7+Lrob+XubVzOP+ss7XPZHWtGt+u8UUPlV/jV0zxBZNxBF891xy
A7ByPfZmTTRssYU1pAlq0ol6/2+22vGS7O0gtkzrTqk7KbTQ/vNyvI4e+wIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFOQY9mfz7cffgaT4h/Zh3ZZLJry5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2RiOGQ4
YjdkLWM0ODYtNDIzOS05ZDlmLThmOGY1ZGNlZDhkMC8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZGI4
ZDhiN2QtYzQ4Ni00MjM5LTlkOWYtOGY4ZjVkY2VkOGQwLzAvRTQxOEY2NjdGM0VE
QzdERjgxQTRGODg3RjY2MUREOTY0QjI2QkNCOS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDRnMw
DQYJKoZIhvcNAQELBQADggEBAA0h79A+gte5hwRhRtjQgj1BMzt8MHDX4QrA/1sA
w+bgr0tp6ZQ01T5XhFT+FSRUn/GvdHtMbH3cvfvRoOF7INnx+6fj8xpbbajqBNLp
DuOahL5ZdPt4vemlFiDXxsh2LWS7qzYQMUhEXvq9h26D7MCH7ajfgXGtA1KRB2fk
a9oWcddkEWK2x1LlX4BrpTECPwFwk3Wp0w+WWsNZ7AMA9m4aofsW7Ch8pTlT+07E
BioSjXLDlluyEOJrm//9dqUl+Jq4EIzGoyEHf408KdwFnPrKITMtVoEf/YalX5ec
jxbWRQxC3G32J9nZmgNHAuzQI9dylAmb2RqcjJAj1elJ8rI=
-----END CERTIFICATE-----