Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8vSmwLPCsMAy3t3NI9Qh_7liAPw.cer
File:                     8vSmwLPCsMAy3t3NI9Qh_7liAPw.cer (raw, json)
Hash identifier:          r+HldCilv0LUa2drzBedErYKdYNI+YtgF65w80Mc1xM=
Subject key identifier:   F2:F4:A6:C0:B3:C2:B0:C0:32:DE:DD:CD:23:D4:21:FF:B9:62:00:FC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC49380BC83903FAFB372F88A2E3239E5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7d/cbe997-1c8b-4242-a701-309864b4d491/1/8vSmwLPCsMAy3t3NI9Qh_7liAPw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7d/cbe997-1c8b-4242-a701-309864b4d491/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 10:30:50 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 91.219.132.0/22
                          IP: 91.221.4.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:80:bc:83:90:3f:af:b3:72:f8:8a:2e:32:39:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 10:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f2f4a6c0b3c2b0c032deddcd23d421ffb96200fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:05:e1:cb:1e:04:e7:be:8b:72:2f:37:0c:3c:
                    05:30:9b:5f:e4:a4:6a:9e:76:eb:0e:bc:74:16:8f:
                    bc:60:7b:56:18:e1:66:91:8e:ea:98:0a:12:88:d5:
                    8f:48:0a:23:7b:16:74:72:1d:43:3c:41:f6:cf:22:
                    d8:cc:d1:02:18:86:bd:10:c4:ed:b3:c4:18:9a:81:
                    8e:39:e4:e6:fb:a3:7f:b1:16:ee:10:4b:3a:ab:a7:
                    7d:84:1c:a8:31:1d:f5:e7:a6:16:03:df:6e:1b:b8:
                    76:53:1f:04:de:2b:f6:0d:26:4d:6d:36:c1:ea:93:
                    31:59:b5:88:ab:fe:1f:f6:19:fc:62:21:b1:c6:4e:
                    c5:b9:5d:df:4c:21:5c:72:49:02:2b:61:d1:a4:a5:
                    a8:cd:6d:2b:21:99:3f:36:8b:de:64:a1:3d:8b:f8:
                    12:15:66:ac:f7:c4:64:56:33:ac:b4:57:30:69:fb:
                    5f:28:55:cb:cf:fa:1e:5a:ac:3c:9a:51:32:dc:fd:
                    58:fd:5e:05:1b:0f:6e:b9:f4:5d:33:26:64:91:65:
                    89:57:da:eb:4e:b0:fb:fd:69:79:52:4d:04:e2:d0:
                    2f:30:c3:95:b7:68:6d:81:f3:b6:b7:24:cb:af:30:
                    a9:57:66:d1:03:fc:1c:17:5c:21:1b:64:a4:4f:b3:
                    50:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:F4:A6:C0:B3:C2:B0:C0:32:DE:DD:CD:23:D4:21:FF:B9:62:00:FC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/cbe997-1c8b-4242-a701-309864b4d491/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/cbe997-1c8b-4242-a701-309864b4d491/1/8vSmwLPCsMAy3t3NI9Qh_7liAPw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.219.132.0/22
                  91.221.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:fb:1e:6e:72:45:76:67:75:82:74:52:ad:8d:5f:cc:fb:d4:
         68:5b:26:15:fb:41:04:82:86:60:24:99:24:54:e0:be:41:0e:
         78:32:b3:12:4f:3c:65:d7:1b:ea:9e:4c:91:34:e9:0c:3e:22:
         c9:e2:a7:06:bb:07:67:a2:56:cb:61:ee:cf:33:7a:ec:13:a3:
         76:50:85:cd:f8:d7:82:d3:a1:40:d0:b8:8b:26:7c:71:02:1f:
         04:cd:c5:f0:46:69:7b:10:e3:06:9c:6e:87:27:ae:3c:89:d1:
         1c:8d:a8:d2:eb:8d:34:e6:be:7b:08:d4:79:5c:bc:88:3d:71:
         2c:6f:02:a2:4f:97:ec:67:2a:4d:8d:bc:4a:ae:86:1c:ac:7e:
         77:9a:67:3f:ec:7d:a0:ac:fb:6a:9d:63:4e:ef:26:83:c5:b9:
         ff:29:34:f0:bf:27:b3:af:fb:82:1d:81:5b:2b:9e:73:2a:cc:
         cc:c0:ba:6d:df:3f:72:f8:39:93:d2:b2:14:57:0c:cd:c9:a5:
         d1:3f:4f:3f:58:5b:15:07:55:0a:86:d3:18:dd:82:2a:fa:8a:
         7d:c6:a2:47:15:20:68:be:b6:28:06:c8:80:51:ab:78:a9:05:
         57:cf:4f:2e:76:63:ba:a7:99:9e:5b:49:f6:34:90:e9:46:de:
         81:f4:9b:66
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzEk4C8g5A/r7Ny+IouMjnlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTAzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmY0YTZjMGIzYzJiMGMwMzJkZWRkY2QyM2Q0MjFmZmI5NjIwMGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQXhyx4E576Lci83DDwFMJtf5KRq
nnbrDrx0Fo+8YHtWGOFmkY7qmAoSiNWPSAojexZ0ch1DPEH2zyLYzNECGIa9EMTt
s8QYmoGOOeTm+6N/sRbuEEs6q6d9hByoMR3156YWA99uG7h2Ux8E3iv2DSZNbTbB
6pMxWbWIq/4f9hn8YiGxxk7FuV3fTCFcckkCK2HRpKWozW0rIZk/NoveZKE9i/gS
FWas98RkVjOstFcwaftfKFXLz/oeWqw8mlEy3P1Y/V4FGw9uufRdMyZkkWWJV9rr
TrD7/Wl5Uk0E4tAvMMOVt2htgfO2tyTLrzCpV2bRA/wcF1whG2SkT7NQ3wIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFPL0psCzwrDAMt7dzSPUIf+5YgD8MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdkL2NiZTk5
Ny0xYzhiLTQyNDItYTcwMS0zMDk4NjRiNGQ0OTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2QvY2JlOTk3
LTFjOGItNDI0Mi1hNzAxLTMwOTg2NGI0ZDQ5MS8xLzh2U213TFBDc01BeTN0M05J
OVFoXzdsaUFQdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQCW9uEAwQBW90EMA0GCSqGSIb3DQEBCwUAA4IB
AQAv+x5uckV2Z3WCdFKtjV/M+9RoWyYV+0EEgoZgJJkkVOC+QQ54MrMSTzxl1xvq
nkyRNOkMPiLJ4qcGuwdnolbLYe7PM3rsE6N2UIXN+NeC06FA0LiLJnxxAh8EzcXw
Rml7EOMGnG6HJ648idEcjajS64005r57CNR5XLyIPXEsbwKiT5fsZypNjbxKroYc
rH53mmc/7H2grPtqnWNO7yaDxbn/KTTwvyezr/uCHYFbK55zKszMwLpt3z9y+DmT
0rIUVwzNyaXRP08/WFsVB1UKhtMY3YIq+op9xqJHFSBovrYoBsiAUat4qQVXz08u
dmO6p5meW0n2NJDpRt6B9Jtm
-----END CERTIFICATE-----