Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/CiPi8LBkCH_YTwSLH6mZcCPVmeE.cer
File:                     CiPi8LBkCH_YTwSLH6mZcCPVmeE.cer (raw, json)
Hash identifier:          7KKCDjDzzQlL7UxOxE+cAgwWmrM6TxplJDN29JpveNY=
Subject key identifier:   0A:23:E2:F0:B0:64:08:7F:D8:4F:04:8B:1F:A9:99:70:23:D5:99:E1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC795290D620787A77790160269AB746C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/CiPi8LBkCH_YTwSLH6mZcCPVmeE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:31:30 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 208272
                          IP: 2a0b:7980::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:29:0d:62:07:87:a7:77:90:16:02:69:ab:74:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:31:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a23e2f0b064087fd84f048b1fa9997023d599e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:08:e2:90:76:39:12:8f:72:72:34:5b:27:b0:
                    e7:04:03:f5:ca:40:27:7a:86:c9:25:b0:64:f2:60:
                    88:5c:12:13:b0:20:d1:2f:ba:ff:fc:bf:58:82:4e:
                    00:b4:31:a6:f6:ae:4c:0f:8c:30:ea:fe:2d:04:89:
                    8a:20:7d:b8:e8:57:66:33:27:ef:56:48:b0:ca:28:
                    3d:41:ea:42:3d:db:b5:0f:91:28:5e:ae:ca:c5:82:
                    0d:e6:62:e3:f4:18:ca:d0:6a:11:2e:25:2f:d8:95:
                    08:90:8f:1a:71:78:89:d2:0e:e1:90:82:ac:59:ee:
                    74:74:a4:23:c4:f1:e9:b1:f2:29:cc:67:ee:56:61:
                    60:54:ae:29:5b:7b:92:ae:d0:e6:41:ef:a5:30:45:
                    65:63:a3:68:9a:dc:45:15:57:a5:fc:fc:41:a9:a0:
                    28:83:f3:23:da:e1:ee:2c:d8:91:0b:41:bd:13:6d:
                    ad:0a:25:4c:9f:94:57:4a:15:e8:f7:82:e4:6b:db:
                    23:02:88:96:0a:ba:a5:05:a1:38:04:54:36:26:76:
                    e8:bf:56:80:ea:ae:ab:b9:5c:46:c7:ad:2a:28:23:
                    e7:5b:79:e6:a1:81:cc:6b:24:12:ad:83:73:70:93:
                    8d:d7:73:b5:51:97:78:6c:f1:92:db:51:49:b1:9d:
                    91:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:23:E2:F0:B0:64:08:7F:D8:4F:04:8B:1F:A9:99:70:23:D5:99:E1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/c983aa-b61e-4ed8-8e81-bc1e55c69755/1/CiPi8LBkCH_YTwSLH6mZcCPVmeE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:7980::/29

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208272

    Signature Algorithm: sha256WithRSAEncryption
         1f:be:f0:e2:21:8a:72:6b:3c:e6:5e:93:d8:09:65:b4:c2:47:
         98:13:bd:54:2f:eb:9f:d6:e8:de:c7:71:0a:37:01:c4:2c:87:
         f3:c4:2d:57:34:b6:3c:3d:42:20:69:19:32:4e:8f:1f:4e:fc:
         3d:2d:fa:a7:38:47:47:50:2d:f6:62:ac:dc:17:f5:b8:0a:a7:
         bc:87:bd:50:e6:f6:dc:82:59:d4:e4:03:45:9d:98:dc:64:2f:
         b9:e2:be:06:b8:29:aa:98:c9:74:d1:9d:1f:3a:8b:66:4f:a6:
         6a:ba:57:31:fc:85:95:86:08:9e:f4:9b:a3:8b:0f:37:5e:33:
         d8:41:aa:2d:1a:12:d8:c1:da:e4:42:d1:1d:4d:9c:90:3d:9e:
         3f:39:cb:88:0d:e6:44:1c:da:fe:89:bc:ed:7e:af:c0:40:77:
         d0:14:e4:cc:ef:1b:7d:d2:5c:e1:8e:b4:59:19:c0:05:15:fc:
         73:1e:18:57:5f:59:ed:30:57:ed:9c:5c:e7:c3:73:e3:55:10:
         dc:d9:d7:a8:0e:92:78:c8:03:8b:9b:0f:cd:d4:ac:32:fb:b1:
         70:8b:3d:2b:e1:f4:70:68:b2:b5:29:3e:85:2d:80:21:b5:27:
         06:aa:70:ee:53:36:1d:08:ea:44:8a:d6:0e:5f:b8:48:74:70:
         c2:93:46:da
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgISAYzHlSkNYgeHp3eQFgJpq3RsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTIzZTJmMGIwNjQwODdmZDg0ZjA0OGIxZmE5OTk3MDIzZDU5OWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowjikHY5Eo9ycjRbJ7DnBAP1ykAn
eobJJbBk8mCIXBITsCDRL7r//L9Ygk4AtDGm9q5MD4ww6v4tBImKIH246FdmMyfv
Vkiwyig9QepCPdu1D5EoXq7KxYIN5mLj9BjK0GoRLiUv2JUIkI8acXiJ0g7hkIKs
We50dKQjxPHpsfIpzGfuVmFgVK4pW3uSrtDmQe+lMEVlY6NomtxFFVel/PxBqaAo
g/Mj2uHuLNiRC0G9E22tCiVMn5RXShXo94Lka9sjAoiWCrqlBaE4BFQ2Jnbov1aA
6q6ruVxGx60qKCPnW3nmoYHMayQSrYNzcJON13O1UZd4bPGS21FJsZ2RZwIDAQAB
o4ICoTCCAp0wHQYDVR0OBBYEFAoj4vCwZAh/2E8Eix+pmXAj1ZnhMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk4L2M5ODNh
YS1iNjFlLTRlZDgtOGU4MS1iYzFlNTVjNjk3NTUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTgvYzk4M2Fh
LWI2MWUtNGVkOC04ZTgxLWJjMWU1NWM2OTc1NS8xL0NpUGk4TEJrQ0hfWVR3U0xI
Nm1aY0NQVm1lRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUF
BwEHAQH/BBEwDzANBAIAAjAHAwUDKgt5gDAaBggrBgEFBQcBCAEB/wQLMAmgBzAF
AgMDLZAwDQYJKoZIhvcNAQELBQADggEBAB++8OIhinJrPOZek9gJZbTCR5gTvVQv
65/W6N7HcQo3AcQsh/PELVc0tjw9QiBpGTJOjx9O/D0t+qc4R0dQLfZirNwX9bgK
p7yHvVDm9tyCWdTkA0WdmNxkL7nivga4KaqYyXTRnR86i2ZPpmq6VzH8hZWGCJ70
m6OLDzdeM9hBqi0aEtjB2uRC0R1NnJA9nj85y4gN5kQc2v6JvO1+r8BAd9AU5Mzv
G33SXOGOtFkZwAUV/HMeGFdfWe0wV+2cXOfDc+NVENzZ16gOknjIA4ubD83UrDL7
sXCLPSvh9HBosrUpPoUtgCG1JwaqcO5TNh0I6kSK1g5fuEh0cMKTRto=
-----END CERTIFICATE-----