Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8Oen7AhMfvq_Zmijd5MsNqs62A0.cer
File:                     8Oen7AhMfvq_Zmijd5MsNqs62A0.cer (raw, json)
Hash identifier:          tdhJehMy6ORVatOH/NkYBc9IGpbcfzm/Ks4WyEr8Kks=
Subject key identifier:   F0:E7:A7:EC:08:4C:7E:FA:BF:66:68:A3:77:93:2C:36:AB:3A:D8:0D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC4935E3B85D4AB6F935D2DE0F7411805
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/40/58e432-b06e-4f0f-8529-d749897af60b/1/8Oen7AhMfvq_Zmijd5MsNqs62A0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/40/58e432-b06e-4f0f-8529-d749897af60b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:30:41 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 205431

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:5e:3b:85:d4:ab:6f:93:5d:2d:e0:f7:41:18:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:30:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0e7a7ec084c7efabf6668a377932c36ab3ad80d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:f0:b7:11:5c:54:7b:b2:17:45:bc:8d:bb:d2:
                    9a:51:90:04:70:06:e2:bf:1f:a7:b2:28:66:5a:ff:
                    42:ad:3e:fb:cc:d4:1c:fd:89:ea:8e:92:2f:79:1e:
                    62:18:30:30:4f:cf:88:2a:13:3a:d0:3f:c2:cd:06:
                    73:f6:ba:02:2a:07:80:e4:2b:99:c6:33:ea:65:e6:
                    4f:09:2e:bf:5b:06:e5:ba:69:93:ce:46:2e:6d:a0:
                    06:e2:6b:48:2c:11:2e:49:00:b2:15:87:09:32:c9:
                    8a:ff:2c:be:dc:0d:d4:30:25:25:79:22:6f:84:68:
                    18:ae:3f:98:c5:18:89:85:c0:5e:21:f2:1a:a2:ed:
                    7c:77:4c:36:e6:41:e6:6f:b4:17:90:cb:5e:22:1b:
                    df:96:5f:31:50:b7:88:39:a7:c7:b9:2f:d5:8f:2b:
                    e5:45:b9:8d:ed:f8:bb:df:02:c3:8f:20:77:fa:d1:
                    e5:00:4d:55:9c:60:cd:c8:64:c9:3a:71:61:a0:60:
                    83:f9:18:3b:f6:82:01:d6:d8:f1:d2:bd:b9:1c:8e:
                    cc:8d:56:3e:ba:d9:78:4c:eb:da:a9:28:97:34:e6:
                    c7:b1:70:64:4f:d6:e6:d6:f1:8b:0d:c8:6f:ce:7a:
                    22:70:fc:ec:a2:e8:f1:d9:62:88:08:c7:4c:18:56:
                    c2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:E7:A7:EC:08:4C:7E:FA:BF:66:68:A3:77:93:2C:36:AB:3A:D8:0D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58e432-b06e-4f0f-8529-d749897af60b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58e432-b06e-4f0f-8529-d749897af60b/1/8Oen7AhMfvq_Zmijd5MsNqs62A0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  205431

    Signature Algorithm: sha256WithRSAEncryption
         4a:2a:99:99:56:95:00:4f:f5:62:33:d9:ae:95:1a:c6:17:a4:
         cd:f4:08:58:ac:0d:74:0f:92:d2:56:8e:f4:6c:cd:ae:8b:49:
         02:fe:4e:f7:ce:1e:36:ba:b4:64:63:30:4e:5c:ca:a3:20:e0:
         c9:b2:56:54:1c:59:d4:81:2c:74:7f:4f:ec:e1:44:e5:2b:17:
         6d:b9:af:a6:69:55:37:4f:39:00:2a:26:1f:7d:97:ea:c6:7f:
         40:de:7e:12:5e:78:55:9d:ab:53:7c:65:c2:b2:e4:17:73:a3:
         1a:54:54:a9:b7:82:46:4f:7a:0f:d4:b0:47:50:72:a7:b2:51:
         09:eb:aa:c8:7c:38:ea:85:e2:9d:9f:e9:5e:cb:47:58:15:f4:
         4f:0b:59:8f:aa:d0:2c:89:81:61:ce:90:17:f6:52:9f:03:70:
         5f:ea:fe:1a:8e:b0:06:18:8d:78:ad:24:6f:c5:d0:5a:b4:b8:
         9d:98:82:1f:1a:f7:ab:28:e5:75:61:9a:e5:cd:9a:a9:8f:1d:
         01:0c:ec:04:4b:ca:6c:53:68:df:f2:54:00:e3:3b:b7:29:e0:
         ce:4b:10:c6:f5:82:74:22:98:e0:71:25:bb:13:09:c1:2e:e1:
         a7:c3:d8:89:27:12:fc:3c:da:fa:fb:b2:8d:07:18:ae:68:52:
         fd:73:b6:1a
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzEk147hdSrb5NdLeD3QRgFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAzMDQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGU3YTdlYzA4NGM3ZWZhYmY2NjY4YTM3NzkzMmMzNmFiM2FkODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlvC3EVxUe7IXRbyNu9KaUZAEcAbi
vx+nsihmWv9CrT77zNQc/YnqjpIveR5iGDAwT8+IKhM60D/CzQZz9roCKgeA5CuZ
xjPqZeZPCS6/WwblummTzkYubaAG4mtILBEuSQCyFYcJMsmK/yy+3A3UMCUleSJv
hGgYrj+YxRiJhcBeIfIaou18d0w25kHmb7QXkMteIhvfll8xULeIOafHuS/Vjyvl
RbmN7fi73wLDjyB3+tHlAE1VnGDNyGTJOnFhoGCD+Rg79oIB1tjx0r25HI7MjVY+
utl4TOvaqSiXNObHsXBkT9bm1vGLDchvznoicPzsoujx2WKICMdMGFbCVwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFPDnp+wITH76v2Zoo3eTLDarOtgNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQwLzU4ZTQz
Mi1iMDZlLTRmMGYtODUyOS1kNzQ5ODk3YWY2MGIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAvNThlNDMy
LWIwNmUtNGYwZi04NTI5LWQ3NDk4OTdhZjYwYi8xLzhPZW43QWhNZnZxX1ptaWpk
NU1zTnFzNjJBMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMidzANBgkqhkiG9w0BAQsFAAOCAQEASiqZmVaVAE/1
YjPZrpUaxhekzfQIWKwNdA+S0laO9GzNrotJAv5O984eNrq0ZGMwTlzKoyDgybJW
VBxZ1IEsdH9P7OFE5SsXbbmvpmlVN085AComH32X6sZ/QN5+El54VZ2rU3xlwrLk
F3OjGlRUqbeCRk96D9SwR1Byp7JRCeuqyHw46oXinZ/pXstHWBX0TwtZj6rQLImB
Yc6QF/ZSnwNwX+r+Go6wBhiNeK0kb8XQWrS4nZiCHxr3qyjldWGa5c2aqY8dAQzs
BEvKbFNo3/JUAOM7tyngzksQxvWCdCKY4HEluxMJwS7hp8PYiScS/Dza+vuyjQcY
rmhS/XO2Gg==
-----END CERTIFICATE-----