Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9GdLarPVxnQ9AE7AkgoDcc4Bl1g.cer
File:                     9GdLarPVxnQ9AE7AkgoDcc4Bl1g.cer (raw, json)
Hash identifier:          L+pgHlhPLkkCcVL0VMJwNvzBmF1xYU+Lv4HNhqRksTc=
Subject key identifier:   F4:67:4B:6A:B3:D5:C6:74:3D:00:4E:C0:92:0A:03:71:CE:01:97:58
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B6C037A5E5CE144577601D74EFB881
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/8a/748ede-de37-4308-8872-39570d6f009e/1/9GdLarPVxnQ9AE7AkgoDcc4Bl1g.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/8a/748ede-de37-4308-8872-39570d6f009e/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:29:43 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 212828
                          IP: 2001:67c:a58::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 00:45:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c0:37:a5:e5:ce:14:45:77:60:1d:74:ef:b8:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4674b6ab3d5c6743d004ec0920a0371ce019758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:fb:31:68:f0:72:1a:92:dc:42:d6:fb:1d:8d:
                    1a:0d:a7:47:bf:63:68:a1:33:7b:eb:6e:2e:73:c8:
                    62:9e:62:8b:89:10:1a:83:7d:ee:e2:f8:38:10:8f:
                    85:bc:7f:32:09:83:59:75:b4:d8:15:ff:bd:0c:19:
                    24:d2:01:7e:7e:d9:b1:dc:96:78:e3:63:40:20:03:
                    e6:0d:1e:7a:44:57:57:9a:51:5a:67:d3:ff:da:71:
                    45:fd:ad:c3:f7:43:94:09:9d:b7:36:69:3b:60:aa:
                    0f:a8:e0:e6:d3:e2:f4:c3:25:bb:68:53:65:77:75:
                    03:17:e8:a0:e2:e1:d9:45:5b:50:6f:ea:1a:67:49:
                    bc:96:06:6b:e7:eb:d4:8e:30:f8:3e:9e:f7:48:92:
                    71:42:8d:e0:89:26:1c:e1:cc:2e:a3:be:ad:a1:40:
                    9f:35:3a:d1:f8:15:f3:ba:5e:4a:85:b7:cb:4e:b1:
                    81:88:63:83:58:fe:d5:be:31:cf:41:78:86:03:50:
                    ce:51:ca:52:72:75:87:ee:8b:2e:06:70:b2:52:7c:
                    4f:c3:57:33:e2:14:93:40:56:35:45:16:ae:d7:62:
                    a6:30:c8:b6:6a:c2:25:a0:97:44:e2:8e:af:63:d0:
                    02:6d:1e:dc:7d:d2:95:34:4f:d5:ce:45:6c:f7:67:
                    81:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:67:4B:6A:B3:D5:C6:74:3D:00:4E:C0:92:0A:03:71:CE:01:97:58
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/748ede-de37-4308-8872-39570d6f009e/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/748ede-de37-4308-8872-39570d6f009e/1/9GdLarPVxnQ9AE7AkgoDcc4Bl1g.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a58::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212828

    Signature Algorithm: sha256WithRSAEncryption
         98:8e:35:0c:cb:3a:48:a1:e4:bd:c9:ec:6c:b2:a5:ce:7d:98:
         0b:0f:32:d2:1f:e2:06:7f:ab:8c:69:5e:4f:14:6c:63:a9:ee:
         9b:ef:e9:b4:3f:08:09:14:fb:fd:80:b2:0a:a2:24:9d:ee:6d:
         90:d6:19:cd:47:dd:29:9c:90:a1:f2:53:27:2e:98:3f:79:ce:
         73:65:97:5b:9e:92:2f:b7:f1:a8:72:17:d6:f9:0c:3c:f9:4f:
         54:74:5d:e5:81:f2:7a:06:aa:c3:7a:cf:f2:7e:15:01:3a:a9:
         2a:9a:ab:6b:ea:f4:05:1f:70:75:2a:2c:68:e5:b3:70:40:79:
         37:39:4a:83:c2:d7:bc:d7:37:43:38:cd:1c:90:87:be:76:6b:
         a0:0a:c5:95:ae:40:67:50:f2:60:4c:c3:0c:5b:0c:16:9c:56:
         e8:26:4a:12:b0:51:1d:78:d7:83:a8:c3:72:1d:71:5c:fc:f7:
         dd:50:14:52:25:90:20:c5:28:34:71:7d:bc:d6:65:bc:ee:af:
         dd:f8:df:e4:62:d8:d5:52:16:be:af:6e:48:be:4f:04:62:20:
         8c:bd:39:7f:da:b2:86:6a:5d:b1:30:c4:29:af:26:cb:eb:1d:
         63:68:6e:dd:f7:fb:d5:18:38:e3:7c:21:3f:8e:0f:ba:17:63:
         21:9b:06:8e
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzDtsA3peXOFEV3YB1077iBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDY3NGI2YWIzZDVjNjc0M2QwMDRlYzA5MjBhMDM3MWNlMDE5NzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/sxaPByGpLcQtb7HY0aDadHv2No
oTN7624uc8hinmKLiRAag33u4vg4EI+FvH8yCYNZdbTYFf+9DBkk0gF+ftmx3JZ4
42NAIAPmDR56RFdXmlFaZ9P/2nFF/a3D90OUCZ23Nmk7YKoPqODm0+L0wyW7aFNl
d3UDF+ig4uHZRVtQb+oaZ0m8lgZr5+vUjjD4Pp73SJJxQo3giSYc4cwuo76toUCf
NTrR+BXzul5KhbfLTrGBiGODWP7VvjHPQXiGA1DOUcpScnWH7osuBnCyUnxPw1cz
4hSTQFY1RRau12KmMMi2asIloJdE4o6vY9ACbR7cfdKVNE/VzkVs92eBvwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFPRnS2qz1cZ0PQBOwJIKA3HOAZdYMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzhhLzc0OGVk
ZS1kZTM3LTQzMDgtODg3Mi0zOTU3MGQ2ZjAwOWUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGEvNzQ4ZWRl
LWRlMzctNDMwOC04ODcyLTM5NTcwZDZmMDA5ZS8xLzlHZExhclBWeG5ROUFFN0Fr
Z29EY2M0QmwxZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfApYMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwM/XDANBgkqhkiG9w0BAQsFAAOCAQEAmI41DMs6SKHkvcnsbLKlzn2YCw8y
0h/iBn+rjGleTxRsY6num+/ptD8ICRT7/YCyCqIkne5tkNYZzUfdKZyQofJTJy6Y
P3nOc2WXW56SL7fxqHIX1vkMPPlPVHRd5YHyegaqw3rP8n4VATqpKpqra+r0BR9w
dSosaOWzcEB5NzlKg8LXvNc3QzjNHJCHvnZroArFla5AZ1DyYEzDDFsMFpxW6CZK
ErBRHXjXg6jDch1xXPz33VAUUiWQIMUoNHF9vNZlvO6v3fjf5GLY1VIWvq9uSL5P
BGIgjL05f9qyhmpdsTDEKa8my+sdY2hu3ff71Rg443whP44PuhdjIZsGjg==
-----END CERTIFICATE-----