Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7MRfytxMkzrI_04LQ0pb-1Z7ZaE.cer
File:                     7MRfytxMkzrI_04LQ0pb-1Z7ZaE.cer (raw, json)
Hash identifier:          LOCQaWdLM9h15AEEfxeyuSxxjOf3QYl7iRRzk3zKeVY=
Subject key identifier:   EC:C4:5F:CA:DC:4C:93:3A:C8:FF:4E:0B:43:4A:5B:FB:56:7B:65:A1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56E9F3964E3A216F74ADAE98FCC20F8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/3c/8a4285-157e-4c76-bed4-e076f8ccb8b9/1/7MRfytxMkzrI_04LQ0pb-1Z7ZaE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/3c/8a4285-157e-4c76-bed4-e076f8ccb8b9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:10 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 15902
                          IP: 194.42.40.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Dec 2024 06:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:9f:39:64:e3:a2:16:f7:4a:da:e9:8f:cc:20:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ecc45fcadc4c933ac8ff4e0b434a5bfb567b65a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:d6:53:bf:38:6f:e0:7f:3d:05:5f:50:26:55:
                    6c:0d:f1:06:24:82:83:3b:b4:30:2e:0b:8c:9c:32:
                    92:db:04:95:ad:cd:aa:1b:9f:54:39:63:f7:93:3e:
                    4e:44:80:13:17:12:f7:f6:d2:52:bc:4d:0f:a3:ad:
                    aa:cf:9d:42:0b:a6:9e:49:cd:f2:7e:16:52:1f:24:
                    a4:93:f9:bf:3f:22:64:81:4e:e9:66:08:a4:ed:e2:
                    50:b0:8a:84:8c:5a:a1:e6:46:99:ad:4b:90:eb:58:
                    f7:79:c9:74:60:ea:e0:96:80:d5:c5:95:f8:36:b2:
                    31:74:0a:06:1f:cb:cb:d0:a7:03:d6:2a:9b:43:b1:
                    97:28:e6:1e:6a:e5:ed:82:0c:33:45:bd:f3:35:54:
                    53:a8:3e:2b:37:95:f0:1f:22:6b:95:7b:8d:0d:89:
                    93:ba:45:3d:03:41:6c:a0:c3:49:e5:f1:93:28:3e:
                    f4:8d:97:6a:d3:d1:37:cb:16:60:87:f3:41:09:d1:
                    69:8b:d5:33:b8:39:7b:c1:8f:c9:4c:88:90:76:ee:
                    ba:3d:e4:82:e8:c0:fc:9d:52:b8:5a:af:fb:f6:03:
                    90:78:d9:eb:57:ed:3e:69:fb:9d:d9:2d:cd:a9:74:
                    08:3e:15:45:d3:a3:0c:3a:0d:b7:67:1d:3b:26:ba:
                    0e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:C4:5F:CA:DC:4C:93:3A:C8:FF:4E:0B:43:4A:5B:FB:56:7B:65:A1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/8a4285-157e-4c76-bed4-e076f8ccb8b9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/8a4285-157e-4c76-bed4-e076f8ccb8b9/1/7MRfytxMkzrI_04LQ0pb-1Z7ZaE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.42.40.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  15902

    Signature Algorithm: sha256WithRSAEncryption
         0f:73:1b:47:05:62:7d:38:61:e4:ee:c8:7f:3c:bb:45:07:29:
         f6:39:59:ac:fa:a0:58:c0:29:8c:00:b1:95:4f:84:6c:6d:41:
         17:2c:45:70:3c:84:b7:18:d9:f3:8b:1a:9a:1d:45:9e:6b:9c:
         90:1f:be:33:c4:bb:63:2e:32:4d:16:3d:77:cf:7c:0f:76:c9:
         02:24:22:dd:e1:6b:d4:67:6b:9f:31:2e:69:f0:a3:67:83:01:
         12:be:a3:43:29:92:1d:82:85:c4:f9:a4:6b:ba:c5:76:43:12:
         b4:ed:c3:12:90:64:b2:7c:3a:4c:8f:98:8f:56:2b:1b:cc:01:
         c5:c3:99:9e:76:59:af:37:c1:05:45:db:75:a4:17:25:47:4f:
         1d:d6:2a:a5:83:36:64:25:4e:3f:93:ae:f7:bd:df:a6:50:7f:
         e3:82:1f:32:75:e2:7f:94:e4:bd:5e:f4:fb:d3:af:96:9e:ac:
         56:cd:22:41:66:9d:43:cf:79:c3:e4:41:98:31:b2:ed:dd:0a:
         d6:7b:ac:2a:a3:97:c8:8a:ae:03:7d:05:74:de:11:b6:a6:fd:
         b1:2e:56:62:d9:88:5d:ba:3a:50:a8:d3:94:a6:8d:20:2e:e6:
         59:25:43:d3:eb:7d:fa:b4:ed:88:de:ea:21:6d:a5:4d:57:ba:
         bc:ab:f1:56
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAYzFbp85ZOOiFvdK2umPzCD4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2M0NWZjYWRjNGM5MzNhYzhmZjRlMGI0MzRhNWJmYjU2N2I2NWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidZTvzhv4H89BV9QJlVsDfEGJIKD
O7QwLguMnDKS2wSVrc2qG59UOWP3kz5ORIATFxL39tJSvE0Po62qz51CC6aeSc3y
fhZSHySkk/m/PyJkgU7pZgik7eJQsIqEjFqh5kaZrUuQ61j3ecl0YOrgloDVxZX4
NrIxdAoGH8vL0KcD1iqbQ7GXKOYeauXtggwzRb3zNVRTqD4rN5XwHyJrlXuNDYmT
ukU9A0FsoMNJ5fGTKD70jZdq09E3yxZgh/NBCdFpi9UzuDl7wY/JTIiQdu66PeSC
6MD8nVK4Wq/79gOQeNnrV+0+afud2S3NqXQIPhVF06MMOg23Zx07JroO4QIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFOzEX8rcTJM6yP9OC0NKW/tWe2WhMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzNjLzhhNDI4
NS0xNTdlLTRjNzYtYmVkNC1lMDc2ZjhjY2I4YjkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2MvOGE0Mjg1
LTE1N2UtNGM3Ni1iZWQ0LWUwNzZmOGNjYjhiOS8xLzdNUmZ5dHhNa3pySV8wNExR
MHBiLTFaN1phRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwiooMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
Aj4eMA0GCSqGSIb3DQEBCwUAA4IBAQAPcxtHBWJ9OGHk7sh/PLtFByn2OVms+qBY
wCmMALGVT4RsbUEXLEVwPIS3GNnzixqaHUWea5yQH74zxLtjLjJNFj13z3wPdskC
JCLd4WvUZ2ufMS5p8KNngwESvqNDKZIdgoXE+aRrusV2QxK07cMSkGSyfDpMj5iP
VisbzAHFw5medlmvN8EFRdt1pBclR08d1iqlgzZkJU4/k673vd+mUH/jgh8ydeJ/
lOS9XvT706+WnqxWzSJBZp1Dz3nD5EGYMbLt3QrWe6wqo5fIiq4DfQV03hG2pv2x
LlZi2YhdujpQqNOUpo0gLuZZJUPT6336tO2I3uohbaVNV7q8q/FW
-----END CERTIFICATE-----