Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9Z1WxSx3M_g753SvpHu9VdKHl6w.cer
File:                     9Z1WxSx3M_g753SvpHu9VdKHl6w.cer (raw, json)
Hash identifier:          Zq0gaTC9qBPIWxj9hppqG9bR/fgLpGhXbO2G/iONMm0=
Subject key identifier:   F5:9D:56:C5:2C:77:33:F8:3B:E7:74:AF:A4:7B:BD:55:D2:87:97:AC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC2DAEF234BB7ACA7284EC48E6DDF32E9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 02:29:37 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 202368
                          IP: 194.34.160.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 24 Apr 2024 17:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ef:23:4b:b7:ac:a7:28:4e:c4:8e:6d:df:32:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f59d56c52c7733f83be774afa47bbd55d28797ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2b:ba:99:20:0b:8c:c8:8a:86:b2:f7:7f:ae:
                    c9:94:62:9a:ca:b3:8f:3b:11:b7:3a:05:d7:51:38:
                    ca:27:74:4e:a7:02:2a:12:ea:34:cc:97:b2:65:93:
                    c5:a3:40:7b:a9:9d:cf:8f:ff:0b:f1:d8:15:2c:e5:
                    bd:0b:aa:00:d8:93:f5:73:b9:20:56:f9:c3:88:29:
                    b8:2c:0b:b8:e4:2f:7e:99:16:5e:ef:bd:d6:52:0c:
                    ef:16:90:6d:d7:41:e8:61:82:1e:80:2d:f4:7a:d9:
                    88:b2:b3:1d:1d:d0:6f:fd:0e:a8:38:04:05:3c:15:
                    17:9c:f7:8e:da:30:90:85:d6:5b:bb:33:ac:84:8f:
                    44:25:33:b9:18:c5:69:8b:20:a9:7e:1b:40:91:0a:
                    be:1c:a8:5b:98:6e:e7:b6:c3:4d:0d:0c:20:de:f5:
                    c1:b4:26:a8:06:33:92:55:04:ef:4f:f9:e3:ea:68:
                    01:9e:ad:85:47:c9:08:f7:96:58:0b:e2:3b:75:4e:
                    6d:69:44:2b:17:34:a7:bd:e2:ab:62:e1:4e:c8:32:
                    b2:21:73:d3:e6:e4:8a:e5:ec:4d:4c:c8:25:3b:53:
                    b1:01:de:7d:d6:d6:66:36:10:30:93:a1:15:1b:de:
                    0e:4b:36:f1:eb:dd:07:bc:b8:bc:15:ba:c7:4a:02:
                    c4:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:9D:56:C5:2C:77:33:F8:3B:E7:74:AF:A4:7B:BD:55:D2:87:97:AC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/cc1013-5dcb-4ebc-b79e-5c067b8b91a5/1/9Z1WxSx3M_g753SvpHu9VdKHl6w.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.34.160.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202368

    Signature Algorithm: sha256WithRSAEncryption
         00:0b:44:4a:4c:1a:0b:99:c4:25:1c:44:f6:6d:08:30:ce:87:
         78:26:8c:0e:e5:d8:65:82:f9:31:d7:98:ac:3a:7c:f2:48:07:
         3d:40:c1:e6:46:c7:92:0e:d8:51:2d:1c:1a:60:2e:c3:2a:31:
         e6:80:25:f9:c1:f4:54:ab:8d:eb:cf:9e:a8:a0:6b:b1:c0:13:
         6a:23:98:d3:d0:3a:43:ff:5e:e4:f7:c2:c3:03:aa:e4:b2:e6:
         c7:bd:4c:26:2b:6c:4d:3e:42:f7:5d:52:7c:9c:31:2b:cf:53:
         27:a4:27:98:0f:51:46:8c:6a:73:d2:02:0a:79:d6:d9:86:fe:
         e4:67:8a:ac:d4:27:d0:c3:7a:d1:d7:40:6b:e9:43:bd:a0:5e:
         26:db:3a:99:e6:1a:45:00:61:77:4f:e6:23:f7:43:68:26:55:
         30:8a:9b:05:10:a7:14:0a:20:62:42:60:83:ad:10:24:52:97:
         9b:cb:fb:fc:48:74:cd:bd:71:05:6b:7c:69:b0:bd:48:bd:ed:
         f9:88:13:78:fe:94:ae:a2:f0:de:ac:0c:aa:83:c2:1a:78:d3:
         ed:c3:00:e7:27:f2:37:91:06:a0:dc:e6:8b:34:56:dd:7c:1f:
         08:02:2e:db:c9:b9:de:2d:ff:1f:54:41:7a:02:e6:49:28:4b:
         17:27:78:85
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzC2u8jS7espyhOxI5t3zLpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTlkNTZjNTJjNzczM2Y4M2JlNzc0YWZhNDdiYmQ1NWQyODc5N2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCu6mSALjMiKhrL3f67JlGKayrOP
OxG3OgXXUTjKJ3ROpwIqEuo0zJeyZZPFo0B7qZ3Pj/8L8dgVLOW9C6oA2JP1c7kg
VvnDiCm4LAu45C9+mRZe773WUgzvFpBt10HoYYIegC30etmIsrMdHdBv/Q6oOAQF
PBUXnPeO2jCQhdZbuzOshI9EJTO5GMVpiyCpfhtAkQq+HKhbmG7ntsNNDQwg3vXB
tCaoBjOSVQTvT/nj6mgBnq2FR8kI95ZYC+I7dU5taUQrFzSnveKrYuFOyDKyIXPT
5uSK5exNTMglO1OxAd591tZmNhAwk6EVG94OSzbx690HvLi8FbrHSgLEawIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFPWdVsUsdzP4O+d0r6R7vVXSh5esMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzVmL2NjMTAx
My01ZGNiLTRlYmMtYjc5ZS01YzA2N2I4YjkxYTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWYvY2MxMDEz
LTVkY2ItNGViYy1iNzllLTVjMDY3YjhiOTFhNS8xLzlaMVd4U3gzTV9nNzUzU3Zw
SHU5VmRLSGw2dy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwiKgMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMWgDANBgkqhkiG9w0BAQsFAAOCAQEAAAtESkwaC5nEJRxE9m0IMM6HeCaMDuXY
ZYL5MdeYrDp88kgHPUDB5kbHkg7YUS0cGmAuwyox5oAl+cH0VKuN68+eqKBrscAT
aiOY09A6Q/9e5PfCwwOq5LLmx71MJitsTT5C911SfJwxK89TJ6QnmA9RRoxqc9IC
CnnW2Yb+5GeKrNQn0MN60ddAa+lDvaBeJts6meYaRQBhd0/mI/dDaCZVMIqbBRCn
FAogYkJgg60QJFKXm8v7/Eh0zb1xBWt8abC9SL3t+YgTeP6UrqLw3qwMqoPCGnjT
7cMA5yfyN5EGoNzmizRW3XwfCAIu28m53i3/H1RBegLmSShLFyd4hQ==
-----END CERTIFICATE-----