Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8qJTzfUHoD4fV50gLY3xHWj1w9c.cer
File:                     8qJTzfUHoD4fV50gLY3xHWj1w9c.cer (raw, json)
Hash identifier:          qpP9sLAcI7Bq/O/rHg7Sy17vp+CaSwEp4U4lCCgqnA4=
Subject key identifier:   F2:A2:53:CD:F5:07:A0:3E:1F:57:9D:20:2D:8D:F1:1D:68:F5:C3:D7
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94E6CC4D3B01A58C3DADDA15FFC309F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/8qJTzfUHoD4fV50gLY3xHWj1w9c.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:33:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 45.88.228.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 23:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6c:c4:d3:b0:1a:58:c3:da:dd:a1:5f:fc:30:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2a253cdf507a03e1f579d202d8df11d68f5c3d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:60:f5:bf:14:df:fd:19:cb:36:a8:b7:15:c1:
                    c4:42:7d:b6:f5:ba:76:0c:a0:c3:1d:d7:ec:e8:62:
                    38:19:81:1a:f7:25:3b:3c:bc:20:02:27:d5:91:bf:
                    6b:26:ef:76:e4:00:58:7d:45:a4:4e:fd:b2:61:2a:
                    d9:0b:b1:b4:ca:9e:b6:03:2c:65:96:e8:00:7c:3f:
                    fb:1f:a3:72:10:db:1e:bb:18:45:43:66:7a:e9:bf:
                    d0:e5:33:fc:b7:64:2d:3c:9b:00:86:5d:11:14:e3:
                    52:1d:fe:02:e4:6f:b4:86:05:5f:f4:0e:76:37:ab:
                    b0:8f:70:3c:df:60:09:74:da:98:0e:ff:1a:1d:f9:
                    93:f5:92:29:c4:0b:d0:ee:65:42:43:18:e0:da:f1:
                    ff:de:81:80:fd:26:3f:4d:90:9c:6c:f0:d3:cc:f1:
                    7a:3c:f2:f6:28:58:46:72:ae:e5:3d:1f:02:d9:ee:
                    e6:ca:8c:5a:41:a2:ee:ae:1f:46:b7:bf:03:9c:4b:
                    cc:91:d6:32:75:55:48:b1:12:d8:69:f8:93:66:e1:
                    53:1d:a4:32:32:ab:c4:6e:32:92:c2:b6:a2:61:ff:
                    f8:50:fd:ba:23:94:ca:19:ea:c3:85:c1:b3:8d:8a:
                    cb:76:99:69:5f:b5:71:93:fa:7a:d5:ba:e9:00:9a:
                    67:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:A2:53:CD:F5:07:A0:3E:1F:57:9D:20:2D:8D:F1:1D:68:F5:C3:D7
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/8qJTzfUHoD4fV50gLY3xHWj1w9c.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9c:17:fd:06:c4:c1:47:49:80:92:4d:60:6d:7b:aa:8f:35:64:
         e2:b2:77:a5:f7:e2:02:22:c3:5a:29:c0:31:ae:b0:86:48:ad:
         41:c9:da:18:11:1f:4f:52:99:1d:57:48:09:01:de:1c:aa:f4:
         1e:50:fe:d4:95:7b:20:a6:14:fe:e9:e4:35:67:f7:5b:fe:a3:
         68:d1:37:d8:06:95:a8:48:ac:5b:e6:fd:61:0f:6b:0f:2a:96:
         6c:5d:6d:fa:c8:6f:28:b7:67:12:c0:16:15:94:d0:89:82:6e:
         bc:73:92:00:24:e6:7f:c9:bb:2a:05:cd:c9:b0:b3:43:64:6c:
         08:f9:70:cf:ea:9b:01:7e:32:8e:c8:f3:c6:06:89:6e:88:57:
         45:19:bd:53:b2:74:ed:b7:1c:58:f6:bd:24:4c:22:8b:27:7b:
         d1:6d:fc:ee:13:40:96:bd:7a:41:55:a9:1f:3b:7c:c8:60:77:
         f6:22:8c:24:0e:6b:ec:a2:61:0a:27:f0:07:20:25:6f:33:1b:
         ea:a3:a4:d8:bc:cb:f4:05:86:14:ae:8a:a3:91:a9:42:47:32:
         07:5f:01:f9:57:ca:72:d6:31:a7:00:60:3d:88:41:46:eb:d6:
         49:9c:14:17:05:b8:af:3b:69:a6:fc:0c:a0:89:08:ad:9e:d1:
         9c:40:e8:32
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzJTmzE07AaWMPa3aFf/DCfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmEyNTNjZGY1MDdhMDNlMWY1NzlkMjAyZDhkZjExZDY4ZjVjM2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGD1vxTf/RnLNqi3FcHEQn229bp2
DKDDHdfs6GI4GYEa9yU7PLwgAifVkb9rJu925ABYfUWkTv2yYSrZC7G0yp62Ayxl
lugAfD/7H6NyENseuxhFQ2Z66b/Q5TP8t2QtPJsAhl0RFONSHf4C5G+0hgVf9A52
N6uwj3A832AJdNqYDv8aHfmT9ZIpxAvQ7mVCQxjg2vH/3oGA/SY/TZCcbPDTzPF6
PPL2KFhGcq7lPR8C2e7myoxaQaLurh9Gt78DnEvMkdYydVVIsRLYafiTZuFTHaQy
MqvEbjKSwraiYf/4UP26I5TKGerDhcGzjYrLdplpX7Vxk/p61brpAJpnKQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFPKiU831B6A+H1edIC2N8R1o9cPXMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUxLzEwZWJl
Yy0yNzg0LTRkYWEtOGRmNy1iZTRkNWQwOWQ3MTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTEvMTBlYmVj
LTI3ODQtNGRhYS04ZGY3LWJlNGQ1ZDA5ZDcxMC8xLzhxSlR6ZlVIb0Q0ZlY1MGdM
WTN4SFdqMXc5Yy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLVjkMA0GCSqGSIb3DQEBCwUAA4IBAQCcF/0G
xMFHSYCSTWBte6qPNWTisnel9+ICIsNaKcAxrrCGSK1BydoYER9PUpkdV0gJAd4c
qvQeUP7UlXsgphT+6eQ1Z/db/qNo0TfYBpWoSKxb5v1hD2sPKpZsXW36yG8ot2cS
wBYVlNCJgm68c5IAJOZ/ybsqBc3JsLNDZGwI+XDP6psBfjKOyPPGBoluiFdFGb1T
snTttxxY9r0kTCKLJ3vRbfzuE0CWvXpBVakfO3zIYHf2IowkDmvsomEKJ/AHICVv
Mxvqo6TYvMv0BYYUroqjkalCRzIHXwH5V8py1jGnAGA9iEFG69ZJnBQXBbivO2mm
/AygiQitntGcQOgy
-----END CERTIFICATE-----