Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DS7-O2P6myp5MsW17IVLcMPxiDk.cer
File:                     DS7-O2P6myp5MsW17IVLcMPxiDk.cer (raw, json)
Hash identifier:          U4y9PrkRxDfV/MZH8RWi7H3WYfUpCMOQPbjV1QCMHVg=
Subject key identifier:   0D:2E:FE:3B:63:FA:9B:2A:79:32:C5:B5:EC:85:4B:70:C3:F1:88:39
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018F2900D4D70F8921DA0868B7895DC78532
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/DS7-O2P6myp5MsW17IVLcMPxiDk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 29 Apr 2024 08:37:51 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215120
                          IP: 193.178.186.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:00:d4:d7:0f:89:21:da:08:68:b7:89:5d:c7:85:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Apr 29 08:37:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d2efe3b63fa9b2a7932c5b5ec854b70c3f18839
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:e2:4a:3d:66:69:d6:51:a5:96:15:f9:d9:b5:
                    6a:bc:7c:94:b0:4a:bd:7f:e7:04:de:96:62:ed:f6:
                    71:72:0c:6d:b9:88:3d:d9:43:8b:53:17:cf:b0:99:
                    84:66:5e:71:81:01:74:e6:ca:d2:45:83:ef:c9:76:
                    04:91:9f:e0:d6:fa:5c:29:10:9e:bb:44:37:a8:70:
                    8c:f8:a1:61:3f:38:77:e6:0b:e0:c6:f0:59:0f:12:
                    87:ac:73:59:d8:3d:b0:df:db:c5:2a:bf:65:79:ca:
                    10:69:07:22:f1:c5:97:a8:be:89:52:64:4d:69:d5:
                    0d:55:b8:43:cb:b5:81:e4:ce:f5:21:5f:e1:48:fc:
                    a3:dc:92:e6:39:f3:25:b6:fe:93:15:9f:0f:18:15:
                    61:60:6d:1d:be:14:e2:3a:bc:8d:a2:4c:a2:5a:9e:
                    a4:29:df:1a:fb:49:34:24:06:d6:e7:8f:44:f2:33:
                    f8:31:00:9b:9c:5c:90:96:dd:1a:5d:56:f4:bc:f5:
                    40:3f:d9:df:e3:5f:5f:5b:10:81:c6:5a:6e:d7:b4:
                    67:52:8f:9d:f2:cd:60:71:cc:6b:9b:9b:7c:1b:87:
                    a2:23:fa:a7:06:23:95:8a:dc:e2:1a:d1:b0:fc:ff:
                    1b:97:0d:9c:e6:a7:10:3c:5c:f8:37:6c:2b:49:99:
                    bc:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:2E:FE:3B:63:FA:9B:2A:79:32:C5:B5:EC:85:4B:70:C3:F1:88:39
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ae0a93-f690-4e36-befa-91a349e77478/1/DS7-O2P6myp5MsW17IVLcMPxiDk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.178.186.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215120

    Signature Algorithm: sha256WithRSAEncryption
         22:ca:ea:fc:9b:47:3e:39:fd:3f:fb:a7:ce:4a:79:f6:d9:f8:
         84:ee:82:aa:06:49:5c:10:e6:aa:ef:3f:d5:6f:2f:88:5d:ed:
         bd:eb:b9:bf:f4:29:f3:97:14:df:ae:50:dc:3f:7c:0c:b4:f2:
         da:22:70:24:6b:cd:1e:20:cb:46:e5:79:25:2f:cd:54:2d:dd:
         a4:d2:c5:de:2a:18:12:3c:97:49:a2:86:14:9e:ba:6e:fe:f9:
         e5:d7:1f:8d:9f:4d:55:4f:30:f3:56:79:46:3b:0e:1f:a4:86:
         4b:97:21:e0:f3:13:50:91:52:9d:ee:4c:89:dd:94:2d:87:3d:
         1e:71:c5:cb:7d:4b:ed:e8:89:cd:3d:e6:84:c2:0e:6a:7c:f5:
         ad:39:e4:db:ea:e9:85:21:32:6b:f5:7c:8a:8d:40:6a:94:52:
         5f:77:1b:77:25:f8:9e:6c:f0:4e:58:78:2f:34:bb:c7:fa:63:
         8c:56:ef:a6:8a:da:a6:ac:bd:1d:32:d5:52:2e:4c:8c:01:f5:
         0f:ee:53:7b:2f:53:a4:6c:49:0f:91:69:d6:72:2c:43:db:b3:
         82:8a:a4:d3:5a:f1:fd:80:60:db:19:94:64:e4:eb:98:0c:89:
         a7:c1:8e:85:04:50:c0:28:45:17:f1:f6:e4:c5:fc:05:95:27:
         49:25:9d:6d
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY8pANTXD4kh2ghot4ldx4UyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwNDI5MDgzNzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDJlZmUzYjYzZmE5YjJhNzkzMmM1YjVlYzg1NGI3MGMzZjE4ODM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4uJKPWZp1lGllhX52bVqvHyUsEq9
f+cE3pZi7fZxcgxtuYg92UOLUxfPsJmEZl5xgQF05srSRYPvyXYEkZ/g1vpcKRCe
u0Q3qHCM+KFhPzh35gvgxvBZDxKHrHNZ2D2w39vFKr9lecoQaQci8cWXqL6JUmRN
adUNVbhDy7WB5M71IV/hSPyj3JLmOfMltv6TFZ8PGBVhYG0dvhTiOryNokyiWp6k
Kd8a+0k0JAbW549E8jP4MQCbnFyQlt0aXVb0vPVAP9nf419fWxCBxlpu17RnUo+d
8s1gccxrm5t8G4eiI/qnBiOVitziGtGw/P8blw2c5qcQPFz4N2wrSZm81wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFA0u/jtj+psqeTLFteyFS3DD8Yg5MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkxL2FlMGE5
My1mNjkwLTRlMzYtYmVmYS05MWEzNDllNzc0NzgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTEvYWUwYTkz
LWY2OTAtNGUzNi1iZWZhLTkxYTM0OWU3NzQ3OC8xL0RTNy1PMlA2bXlwNU1zVzE3
SVZMY01QeGlEay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwbK6MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwNIUDANBgkqhkiG9w0BAQsFAAOCAQEAIsrq/JtHPjn9P/unzkp59tn4hO6CqgZJ
XBDmqu8/1W8viF3tveu5v/Qp85cU365Q3D98DLTy2iJwJGvNHiDLRuV5JS/NVC3d
pNLF3ioYEjyXSaKGFJ66bv755dcfjZ9NVU8w81Z5RjsOH6SGS5ch4PMTUJFSne5M
id2ULYc9HnHFy31L7eiJzT3mhMIOanz1rTnk2+rphSEya/V8io1AapRSX3cbdyX4
nmzwTlh4LzS7x/pjjFbvporapqy9HTLVUi5MjAH1D+5Tey9TpGxJD5Fp1nIsQ9uz
goqk01rx/YBg2xmUZOTrmAyJp8GOhQRQwChFF/H25MX8BZUnSSWdbQ==
-----END CERTIFICATE-----