Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CBG8UM_tnQLlgZaiyByYjjC6EmA.cer
File:                     CBG8UM_tnQLlgZaiyByYjjC6EmA.cer (raw, json)
Hash identifier:          fq5mTr/1rdNRzekPJlUCwi81/NjDAuZFIBFHTYVdgns=
Subject key identifier:   08:11:BC:50:CF:ED:9D:02:E5:81:96:A2:C8:1C:98:8E:30:BA:12:60
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC56F04F5F6E9EB2C143A20259FC6A7E1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/40/0c8194-76d1-465e-a746-ee5a6743be56/1/CBG8UM_tnQLlgZaiyByYjjC6EmA.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/40/0c8194-76d1-465e-a746-ee5a6743be56/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 14:30:36 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.33.116.0/22
                          IP: 2a00:cc20::/32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6f:04:f5:f6:e9:eb:2c:14:3a:20:25:9f:c6:a7:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 14:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0811bc50cfed9d02e58196a2c81c988e30ba1260
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:76:73:c4:91:2b:89:8b:45:ec:5e:08:15:57:
                    e0:0f:3c:a4:1d:06:ac:32:16:f0:11:fb:59:59:a6:
                    fb:e7:cf:71:b9:fb:9d:dd:52:51:7f:80:19:fd:be:
                    57:75:d6:54:39:ac:43:5b:e0:b7:03:9e:0b:75:d1:
                    68:6a:a4:df:4d:9a:4e:f9:2d:bf:ca:e0:15:f8:64:
                    31:48:0d:3a:ca:46:21:0e:7d:3d:d4:a6:ff:c5:6d:
                    33:c9:93:9b:21:7b:b5:23:b9:07:8c:f2:e1:53:56:
                    66:4d:66:d2:7e:98:89:db:e9:73:b3:68:b7:76:3a:
                    1f:7b:b5:e3:49:7e:9f:26:f9:15:54:67:8a:e6:11:
                    8f:a6:75:07:c7:99:15:34:19:21:d9:62:d5:cf:c7:
                    2a:5d:0c:4b:d4:52:d0:fd:84:6f:40:f1:29:e2:eb:
                    75:7e:12:d5:f1:69:81:28:73:db:cb:16:ff:47:1c:
                    69:01:41:3d:f0:9b:71:1b:dc:66:cc:fd:ad:e0:a7:
                    96:53:5f:34:ec:fe:f1:95:fa:8b:46:27:db:55:12:
                    db:2b:c4:6d:9e:07:8b:37:06:d9:0f:fe:77:be:59:
                    c2:b4:f7:b1:83:2e:4a:3d:a0:1f:f8:ff:a9:74:30:
                    0c:c8:38:17:9a:02:db:a3:b5:c0:70:17:09:49:7e:
                    fd:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:11:BC:50:CF:ED:9D:02:E5:81:96:A2:C8:1C:98:8E:30:BA:12:60
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/0c8194-76d1-465e-a746-ee5a6743be56/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/0c8194-76d1-465e-a746-ee5a6743be56/1/CBG8UM_tnQLlgZaiyByYjjC6EmA.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.116.0/22
                IPv6:
                  2a00:cc20::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:1e:f1:27:14:0c:80:5d:bb:5b:bb:50:ff:38:35:e3:fc:65:
         40:e5:08:95:ae:20:72:80:be:59:b2:73:bc:92:d2:fa:ab:a7:
         b7:11:f8:2e:d9:f0:43:26:55:fa:d3:2d:ec:1a:85:d4:e2:aa:
         2f:10:50:21:28:70:58:42:33:7b:38:92:17:65:4b:fd:7d:a1:
         45:58:ac:e8:c4:d7:91:32:a2:13:ec:0a:7b:43:b3:5e:d1:85:
         81:10:cf:51:e7:93:f6:bc:36:7c:fd:49:d3:a6:b9:91:02:d6:
         8f:91:e4:dc:06:ee:2b:b5:f0:52:35:be:fc:71:52:bd:bc:b3:
         86:71:e6:aa:ca:5c:59:35:9c:b5:4a:43:c2:f9:f1:14:c7:81:
         bd:e4:93:4e:8b:14:4a:09:97:34:6a:41:84:45:89:17:5d:c7:
         6b:de:20:6f:3c:05:94:a6:51:59:a2:c5:77:84:8d:6e:81:3b:
         4a:73:3b:e6:f1:9b:b4:b8:55:a7:dc:9c:65:7f:f3:a2:83:7a:
         d5:25:de:af:42:ff:38:8a:eb:dd:90:aa:6d:2a:52:1d:a3:17:
         87:eb:67:99:d9:91:81:01:2b:33:94:db:2b:cf:14:5e:63:a8:
         bf:76:ef:bd:be:bb:af:b2:71:f2:48:c4:35:13:e4:ab:2a:0d:
         07:df:f6:67
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzFbwT19unrLBQ6ICWfxqfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTQzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODExYmM1MGNmZWQ5ZDAyZTU4MTk2YTJjODFjOTg4ZTMwYmExMjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHZzxJEriYtF7F4IFVfgDzykHQas
MhbwEftZWab7589xufud3VJRf4AZ/b5XddZUOaxDW+C3A54LddFoaqTfTZpO+S2/
yuAV+GQxSA06ykYhDn091Kb/xW0zyZObIXu1I7kHjPLhU1ZmTWbSfpiJ2+lzs2i3
djofe7XjSX6fJvkVVGeK5hGPpnUHx5kVNBkh2WLVz8cqXQxL1FLQ/YRvQPEp4ut1
fhLV8WmBKHPbyxb/RxxpAUE98JtxG9xmzP2t4KeWU1807P7xlfqLRifbVRLbK8Rt
ngeLNwbZD/53vlnCtPexgy5KPaAf+P+pdDAMyDgXmgLbo7XAcBcJSX793wIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFAgRvFDP7Z0C5YGWosgcmI4wuhJgMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQwLzBjODE5
NC03NmQxLTQ2NWUtYTc0Ni1lZTVhNjc0M2JlNTYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDAvMGM4MTk0
LTc2ZDEtNDY1ZS1hNzQ2LWVlNWE2NzQzYmU1Ni8xL0NCRzhVTV90blFMbGdaYWl5
QnlZampDNkVtQS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCuSF0MA0EAgACMAcDBQAqAMwgMA0GCSqGSIb3
DQEBCwUAA4IBAQB0HvEnFAyAXbtbu1D/ODXj/GVA5QiVriBygL5ZsnO8ktL6q6e3
Efgu2fBDJlX60y3sGoXU4qovEFAhKHBYQjN7OJIXZUv9faFFWKzoxNeRMqIT7Ap7
Q7Ne0YWBEM9R55P2vDZ8/UnTprmRAtaPkeTcBu4rtfBSNb78cVK9vLOGceaqylxZ
NZy1SkPC+fEUx4G95JNOixRKCZc0akGERYkXXcdr3iBvPAWUplFZosV3hI1ugTtK
czvm8Zu0uFWn3Jxlf/Oig3rVJd6vQv84iuvdkKptKlIdoxeH62eZ2ZGBASszlNsr
zxReY6i/du+9vruvsnHySMQ1E+SrKg0H3/Zn
-----END CERTIFICATE-----