Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Df9Jns244Vczu3EQlZlZrA4WYAg.cer
File:                     Df9Jns244Vczu3EQlZlZrA4WYAg.cer (raw, json)
Hash identifier:          cX8dTOu87Lfr77UM6KXutSGUzjN6Oz+rbd7j4G1SXN8=
Subject key identifier:   0D:FF:49:9E:CD:B8:E1:57:33:BB:71:10:95:99:59:AC:0E:16:60:08
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94E1ECF93E78F1EE9034FAAF5F5B1C9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/02/596120-b25d-4279-8ea1-6f7c0ec91d8a/1/Df9Jns244Vczu3EQlZlZrA4WYAg.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/02/596120-b25d-4279-8ea1-6f7c0ec91d8a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:33:09 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.96.173.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:1e:cf:93:e7:8f:1e:e9:03:4f:aa:f5:f5:b1:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:33:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dff499ecdb8e15733bb7110959959ac0e166008
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:39:03:b3:ec:0d:a5:1b:d7:33:39:41:da:ce:
                    0f:36:f6:3d:aa:c9:e0:87:67:4f:a9:d7:05:31:82:
                    c8:09:64:ff:16:ce:28:6f:ed:d1:10:47:4a:3a:1f:
                    58:40:37:9d:df:c8:c7:01:f3:a6:68:bd:fa:c6:9b:
                    24:3d:ca:97:42:65:3b:2c:6e:cf:53:a4:44:54:9f:
                    74:cd:c7:06:12:99:8b:3a:c0:2b:d9:80:9c:d9:8f:
                    48:dd:e8:2f:12:9b:8b:89:0b:f6:6a:47:2e:fd:bf:
                    4a:10:a6:e8:85:2a:52:76:ec:c5:25:fc:eb:e4:e6:
                    3e:4b:3f:4f:ef:31:aa:5f:b5:56:5c:2b:a3:1c:71:
                    f9:50:e1:86:4e:c9:21:27:29:72:95:8c:b2:f7:9b:
                    1d:23:86:59:21:b3:ce:ee:78:72:76:65:7a:59:da:
                    6d:25:15:52:7d:24:80:ca:3e:6f:3e:12:fa:61:06:
                    aa:11:8e:c0:9b:42:df:ca:2b:84:34:c7:3d:44:fe:
                    1e:de:bb:15:a0:77:7e:f6:ff:a7:1b:10:76:64:e3:
                    90:d0:15:98:d2:fa:e6:43:d4:84:fe:82:44:55:59:
                    b2:12:f5:26:ae:21:8c:f6:35:8b:69:79:15:7a:d6:
                    11:e8:ea:d7:17:ad:10:87:8c:5c:35:18:ea:e4:91:
                    90:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:FF:49:9E:CD:B8:E1:57:33:BB:71:10:95:99:59:AC:0E:16:60:08
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/596120-b25d-4279-8ea1-6f7c0ec91d8a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/596120-b25d-4279-8ea1-6f7c0ec91d8a/1/Df9Jns244Vczu3EQlZlZrA4WYAg.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.96.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:d9:cc:17:e6:f9:af:99:b1:27:66:a3:71:26:7c:c1:b6:5a:
         4b:86:9e:91:c2:31:12:d9:79:27:2e:54:54:db:9b:b7:b2:71:
         5d:54:9c:39:f0:fc:05:19:3f:d9:d6:93:e9:83:ef:30:2a:3c:
         61:5e:ef:a6:99:88:4b:11:c9:16:a8:a2:87:2c:85:90:64:53:
         7c:83:4b:31:25:0e:4c:bb:b7:6d:ff:d5:66:71:e2:01:38:82:
         46:5e:fe:c0:04:5b:4a:e0:cc:a4:b2:b9:c5:7b:d1:e5:8d:d9:
         cb:47:5f:d8:46:f2:6b:55:d4:da:ee:9b:fb:1a:5d:be:9e:51:
         6e:a4:07:8b:91:22:40:a6:e7:b5:a9:48:4e:76:c2:cb:ee:8c:
         c8:04:f2:eb:7a:71:85:7c:92:4a:ff:98:e8:c0:21:4a:11:c4:
         26:16:e5:44:69:f3:7e:ff:b6:fc:d5:a6:bd:9d:d4:6f:40:d1:
         3e:11:5f:be:04:95:64:1d:1a:a8:41:05:40:4e:2e:6b:a5:f6:
         b1:04:2a:fa:ed:e0:13:4b:16:ee:bd:ab:14:4c:fe:6f:e1:36:
         8c:d8:f0:70:f9:40:2d:cf:b2:a3:07:35:fb:d5:28:29:cc:74:
         b1:be:30:34:fc:79:74:3f:b3:2c:30:01:42:79:7c:ea:ca:38:
         c5:8b:48:88
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzJTh7Pk+ePHukDT6r19bHJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGZmNDk5ZWNkYjhlMTU3MzNiYjcxMTA5NTk5NTlhYzBlMTY2MDA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTkDs+wNpRvXMzlB2s4PNvY9qsng
h2dPqdcFMYLICWT/Fs4ob+3REEdKOh9YQDed38jHAfOmaL36xpskPcqXQmU7LG7P
U6REVJ90zccGEpmLOsAr2YCc2Y9I3egvEpuLiQv2akcu/b9KEKbohSpSduzFJfzr
5OY+Sz9P7zGqX7VWXCujHHH5UOGGTskhJylylYyy95sdI4ZZIbPO7nhydmV6Wdpt
JRVSfSSAyj5vPhL6YQaqEY7Am0LfyiuENMc9RP4e3rsVoHd+9v+nGxB2ZOOQ0BWY
0vrmQ9SE/oJEVVmyEvUmriGM9jWLaXkVetYR6OrXF60Qh4xcNRjq5JGQhQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFA3/SZ7NuOFXM7txEJWZWawOFmAIMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzAyLzU5NjEy
MC1iMjVkLTQyNzktOGVhMS02ZjdjMGVjOTFkOGEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDIvNTk2MTIw
LWIyNWQtNDI3OS04ZWExLTZmN2MwZWM5MWQ4YS8xL0RmOUpuczI0NFZjenUzRVFs
WmxackE0V1lBZy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwWCtMA0GCSqGSIb3DQEBCwUAA4IBAQAg2cwX
5vmvmbEnZqNxJnzBtlpLhp6RwjES2XknLlRU25u3snFdVJw58PwFGT/Z1pPpg+8w
KjxhXu+mmYhLEckWqKKHLIWQZFN8g0sxJQ5Mu7dt/9VmceIBOIJGXv7ABFtK4Myk
srnFe9HljdnLR1/YRvJrVdTa7pv7Gl2+nlFupAeLkSJApue1qUhOdsLL7ozIBPLr
enGFfJJK/5jowCFKEcQmFuVEafN+/7b81aa9ndRvQNE+EV++BJVkHRqoQQVATi5r
pfaxBCr67eATSxbuvasUTP5v4TaM2PBw+UAtz7KjBzX71SgpzHSxvjA0/Hl0P7Ms
MAFCeXzqyjjFi0iI
-----END CERTIFICATE-----