Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8fkw4jsIoVzNTcmrGCnGB_7d6KU.cer
File:                     8fkw4jsIoVzNTcmrGCnGB_7d6KU.cer (raw, json)
Hash identifier:          HM4Lz8Vo8eQVkBDsHrAqzr23m2Q1TKpxTOuRxmqCpIw=
Subject key identifier:   F1:F9:30:E2:3B:08:A1:5C:CD:4D:C9:AB:18:29:C6:07:FE:DD:E8:A5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7948F7327CC3A74E2C8F9A5CF606BC9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f9/ea128c-a09d-40e8-bb11-aea714ec5113/1/8fkw4jsIoVzNTcmrGCnGB_7d6KU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f9/ea128c-a09d-40e8-bb11-aea714ec5113/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:51 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.22.230.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8f:73:27:cc:3a:74:e2:c8:f9:a5:cf:60:6b:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f1f930e23b08a15ccd4dc9ab1829c607fedde8a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:12:f1:2d:3a:fb:35:a2:d8:89:0e:d8:01:61:
                    34:7e:10:4b:d7:bb:7a:6d:bc:29:46:26:5d:e3:b5:
                    d6:b4:3f:e4:84:30:5c:e4:c7:0f:ef:94:be:a9:af:
                    62:3b:03:f6:8e:94:03:a3:3d:4b:4d:77:a5:47:a5:
                    70:21:49:23:f6:ba:4a:c5:43:d1:be:18:31:d6:6d:
                    0f:b0:b9:01:40:0b:6d:b5:db:53:02:4a:77:b0:2c:
                    4e:42:83:e6:05:f1:1c:c5:bc:d4:fa:bd:b9:b2:8a:
                    ad:c2:b1:56:f6:82:59:1e:7a:dd:e7:5d:98:89:1e:
                    5c:cb:95:e2:1f:44:0b:ed:9b:a6:e1:97:0d:43:1f:
                    c7:05:f2:92:7b:e1:7e:f6:7b:6b:19:62:f7:c4:92:
                    15:7f:bb:48:7c:44:ce:40:4a:3f:ed:18:6d:44:a0:
                    ba:df:28:b0:7b:13:3c:a3:d7:3d:01:f9:2f:9f:01:
                    97:2f:d9:6e:5e:bf:37:99:32:6c:11:cf:00:8d:ca:
                    7d:50:f7:de:31:3a:78:4a:86:51:f4:3f:de:0e:da:
                    e1:f2:08:5d:4f:a5:cb:b6:2d:83:98:38:0c:f6:b9:
                    17:75:1d:8e:0b:33:bd:0f:3b:70:94:b5:02:0a:98:
                    af:2c:2e:c1:6b:d7:11:d7:61:fc:94:88:d8:f5:b5:
                    8f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:F9:30:E2:3B:08:A1:5C:CD:4D:C9:AB:18:29:C6:07:FE:DD:E8:A5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ea128c-a09d-40e8-bb11-aea714ec5113/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/ea128c-a09d-40e8-bb11-aea714ec5113/1/8fkw4jsIoVzNTcmrGCnGB_7d6KU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.22.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:73:01:47:84:ae:1a:3a:5a:3b:b5:2e:7d:32:92:19:59:a0:
         ec:52:07:02:3e:e2:4e:f5:f4:f4:3f:66:4f:a9:9c:86:40:ad:
         ce:99:9e:5b:9e:61:0c:c4:c8:f0:31:2a:41:81:3f:1b:7c:ea:
         35:a3:13:30:9b:af:5a:56:53:21:41:d7:ad:9e:01:46:dc:e5:
         96:04:ea:5f:19:f5:1d:4f:f6:b5:ca:bf:e6:ac:d2:f6:77:3a:
         2b:63:a3:e7:56:b0:65:a4:cd:fe:de:4e:6c:51:5f:f4:50:87:
         25:04:7f:e4:46:b3:60:6b:2b:83:8d:b0:5e:ed:28:29:9b:0e:
         4b:c0:20:3b:14:18:14:bf:cb:6f:dd:f6:0a:b3:a0:97:ba:78:
         83:8f:91:30:22:41:d2:74:58:2b:27:9f:4c:d2:64:e7:07:98:
         72:2e:8f:85:d2:9a:38:ef:07:11:bd:d5:55:ff:3c:c4:ce:28:
         51:db:66:fe:bc:08:26:1f:99:6c:74:36:51:fe:46:0e:4b:85:
         94:4a:cc:52:51:58:c6:e2:36:c5:e5:fa:8b:4e:7f:a9:0b:4f:
         a9:59:62:1e:93:74:74:f4:24:90:41:41:d3:84:70:07:df:8d:
         72:bd:cd:81:0d:4a:b7:06:4b:b0:b6:ca:b5:7c:67:1a:7f:29:
         5a:f4:aa:72
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzHlI9zJ8w6dOLI+aXPYGvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWY5MzBlMjNiMDhhMTVjY2Q0ZGM5YWIxODI5YzYwN2ZlZGRlOGE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhLxLTr7NaLYiQ7YAWE0fhBL17t6
bbwpRiZd47XWtD/khDBc5McP75S+qa9iOwP2jpQDoz1LTXelR6VwIUkj9rpKxUPR
vhgx1m0PsLkBQAtttdtTAkp3sCxOQoPmBfEcxbzU+r25soqtwrFW9oJZHnrd512Y
iR5cy5XiH0QL7Zum4ZcNQx/HBfKSe+F+9ntrGWL3xJIVf7tIfETOQEo/7RhtRKC6
3yiwexM8o9c9AfkvnwGXL9luXr83mTJsEc8Ajcp9UPfeMTp4SoZR9D/eDtrh8ghd
T6XLti2DmDgM9rkXdR2OCzO9DztwlLUCCpivLC7Ba9cR12H8lIjY9bWPeQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFPH5MOI7CKFczU3Jqxgpxgf+3eilMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y5L2VhMTI4
Yy1hMDlkLTQwZTgtYmIxMS1hZWE3MTRlYzUxMTMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjkvZWExMjhj
LWEwOWQtNDBlOC1iYjExLWFlYTcxNGVjNTExMy8xLzhma3c0anNJb1Z6TlRjbXJH
Q25HQl83ZDZLVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAuRbmMA0GCSqGSIb3DQEBCwUAA4IBAQCTcwFH
hK4aOlo7tS59MpIZWaDsUgcCPuJO9fT0P2ZPqZyGQK3OmZ5bnmEMxMjwMSpBgT8b
fOo1oxMwm69aVlMhQdetngFG3OWWBOpfGfUdT/a1yr/mrNL2dzorY6PnVrBlpM3+
3k5sUV/0UIclBH/kRrNgayuDjbBe7Sgpmw5LwCA7FBgUv8tv3fYKs6CXuniDj5Ew
IkHSdFgrJ59M0mTnB5hyLo+F0po47wcRvdVV/zzEzihR22b+vAgmH5lsdDZR/kYO
S4WUSsxSUVjG4jbF5fqLTn+pC0+pWWIek3R09CSQQUHThHAH341yvc2BDUq3Bkuw
tsq1fGcafyla9Kpy
-----END CERTIFICATE-----