Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/DyP3PWT22_gdUdNYBUgVaM3YGHU.cer
File:                     DyP3PWT22_gdUdNYBUgVaM3YGHU.cer (raw, json)
Hash identifier:          21Alm47jljPggFRX1ni1eSYix1eMObyn9j/IT8G7hI8=
Subject key identifier:   0F:23:F7:3D:64:F6:DB:F8:1D:51:D3:58:05:48:15:68:CD:D8:18:75
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D94A58C1CD2FA965AF7A1034BDAF65
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d8/03477c-10a4-455b-be6b-b3a09430c665/1/DyP3PWT22_gdUdNYBUgVaM3YGHU.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d8/03477c-10a4-455b-be6b-b3a09430c665/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:22 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 48560
                          IP: 194.50.79.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:4a:58:c1:cd:2f:a9:65:af:7a:10:34:bd:af:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f23f73d64f6dbf81d51d35805481568cdd81875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a5:7f:85:d7:f6:6e:8a:e4:e7:1e:22:b0:d8:
                    ea:00:b7:03:b0:18:c4:1b:ab:93:fc:cc:d0:89:68:
                    40:b9:f8:05:75:76:81:06:ea:9b:91:62:4a:9f:10:
                    40:ae:8c:e1:73:14:52:26:da:f4:5b:f8:43:7b:ee:
                    fe:ac:a7:f7:ff:aa:66:ae:43:bd:b3:45:81:9b:95:
                    cd:d2:49:f4:0f:7f:3e:fb:2e:14:71:4e:bd:6a:8d:
                    69:68:62:1d:71:0b:41:26:a1:0f:07:96:bb:8d:9e:
                    ed:06:1b:c4:36:f6:2e:13:49:a9:d9:32:df:0f:e0:
                    f8:73:2e:17:90:68:36:cc:69:85:04:1c:27:17:7c:
                    5f:8c:af:dc:3a:82:e4:38:1d:98:f4:68:80:46:62:
                    47:66:b8:52:00:a0:6c:55:ac:4e:e5:ab:ac:70:51:
                    36:21:6e:c6:d6:4c:c5:6a:5c:d4:29:c5:c9:00:f3:
                    ca:c1:ac:3c:47:d9:2f:c5:ca:1a:59:dd:1c:83:de:
                    7d:8f:17:d1:a2:d1:ea:be:a0:0b:ec:4b:f6:2d:c1:
                    ae:74:81:0f:3c:ec:06:17:94:e8:e7:34:ce:38:f2:
                    5f:a0:9b:5e:6d:e4:4f:22:2d:39:3b:b1:1d:1c:03:
                    1e:36:85:d0:69:82:cf:ec:34:54:04:dd:b2:56:60:
                    5b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:23:F7:3D:64:F6:DB:F8:1D:51:D3:58:05:48:15:68:CD:D8:18:75
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/03477c-10a4-455b-be6b-b3a09430c665/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/03477c-10a4-455b-be6b-b3a09430c665/1/DyP3PWT22_gdUdNYBUgVaM3YGHU.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.79.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  48560

    Signature Algorithm: sha256WithRSAEncryption
         86:ca:f1:bb:44:5c:12:00:93:70:fb:55:71:ed:a7:1b:5b:78:
         62:f2:f4:57:fa:88:8e:55:ee:61:74:eb:2d:ca:c4:83:79:75:
         8a:b4:48:55:7f:a7:71:1a:fb:fd:a6:d5:5a:3e:52:12:36:f1:
         03:c4:dd:bd:c3:5d:57:8b:15:85:68:0a:83:90:da:cf:37:65:
         d4:76:fc:2d:a9:23:d4:5b:43:a5:6d:cf:b8:a1:c6:6b:d4:9f:
         c8:63:32:ec:8f:00:f1:15:3d:62:99:b3:c7:f1:00:39:d2:0d:
         25:8e:4e:7a:4b:0f:cd:b5:42:a4:48:ac:4f:19:57:86:5d:28:
         94:e7:73:b1:8f:62:54:d3:d0:18:29:c2:f2:90:e9:d5:c4:13:
         8a:68:d8:f2:c0:3d:86:0d:d0:b1:a4:cf:26:86:d3:88:8a:05:
         df:17:7f:be:ab:71:c7:f8:d8:d8:74:f3:62:b3:fd:21:6d:49:
         8b:2e:d0:84:27:ac:80:70:b0:fd:4b:69:dc:10:65:c1:64:f3:
         e1:9d:08:1b:93:41:de:8d:98:e2:34:8b:42:99:1f:cb:7f:09:
         c9:f3:d0:d4:c5:eb:bb:8b:60:0b:18:dc:d8:33:c7:5b:30:5f:
         c9:26:a3:63:f6:fa:77:fc:21:a1:18:81:8e:a3:ef:fd:e1:72:
         52:a9:88:dd
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQm2UpYwc0vqWWvehA0va9lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjIzZjczZDY0ZjZkYmY4MWQ1MWQzNTgwNTQ4MTU2OGNkZDgxODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6V/hdf2bork5x4isNjqALcDsBjE
G6uT/MzQiWhAufgFdXaBBuqbkWJKnxBArozhcxRSJtr0W/hDe+7+rKf3/6pmrkO9
s0WBm5XN0kn0D38++y4UcU69ao1paGIdcQtBJqEPB5a7jZ7tBhvENvYuE0mp2TLf
D+D4cy4XkGg2zGmFBBwnF3xfjK/cOoLkOB2Y9GiARmJHZrhSAKBsVaxO5auscFE2
IW7G1kzFalzUKcXJAPPKwaw8R9kvxcoaWd0cg959jxfRotHqvqAL7Ev2LcGudIEP
POwGF5To5zTOOPJfoJtebeRPIi05O7EdHAMeNoXQaYLP7DRUBN2yVmBbEQIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFA8j9z1k9tv4HVHTWAVIFWjN2Bh1MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q4LzAzNDc3
Yy0xMGE0LTQ1NWItYmU2Yi1iM2EwOTQzMGM2NjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDgvMDM0Nzdj
LTEwYTQtNDU1Yi1iZTZiLWIzYTA5NDMwYzY2NS8xL0R5UDNQV1QyMl9nZFVkTllC
VWdWYU0zWUdIVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwjJPMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwC9sDANBgkqhkiG9w0BAQsFAAOCAQEAhsrxu0RcEgCTcPtVce2nG1t4YvL0V/qI
jlXuYXTrLcrEg3l1irRIVX+ncRr7/abVWj5SEjbxA8TdvcNdV4sVhWgKg5Dazzdl
1Hb8Lakj1FtDpW3PuKHGa9SfyGMy7I8A8RU9Ypmzx/EAOdINJY5OeksPzbVCpEis
TxlXhl0olOdzsY9iVNPQGCnC8pDp1cQTimjY8sA9hg3QsaTPJobTiIoF3xd/vqtx
x/jY2HTzYrP9IW1Jiy7QhCesgHCw/Utp3BBlwWTz4Z0IG5NB3o2Y4jSLQpkfy38J
yfPQ1MXru4tgCxjc2DPHWzBfySajY/b6d/whoRiBjqPv/eFyUqmI3Q==
-----END CERTIFICATE-----