Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/E_-Kk0rrWapFoeVUiOO4i-HgE1s.cer
File:                     E_-Kk0rrWapFoeVUiOO4i-HgE1s.cer (raw, json)
Hash identifier:          0wdQ9wW8fUTHuERMEghy6jvJoWYXyo/igbk311pj1s4=
Subject key identifier:   13:FF:8A:93:4A:EB:59:AA:45:A1:E5:54:88:E3:B8:8B:E1:E0:13:5B
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B752B4E1120F11C629774AB802FA3
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/10/c92c58-c727-4de0-84a6-7cf4dc67aa70/1/E_-Kk0rrWapFoeVUiOO4i-HgE1s.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/10/c92c58-c727-4de0-84a6-7cf4dc67aa70/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:23 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 60107
                          IP: 2001:67c:5a8::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Apr 2024 14:05:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:75:2b:4e:11:20:f1:1c:62:97:74:ab:80:2f:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13ff8a934aeb59aa45a1e55488e3b88be1e0135b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:89:7a:c4:34:a2:fc:ae:ff:48:9a:c6:53:c1:
                    cd:90:98:93:40:56:b9:90:89:bb:54:86:01:b0:64:
                    f2:62:13:66:54:7a:41:5d:c0:8f:48:bc:0d:ee:ec:
                    73:f3:01:9b:5e:5b:61:98:4f:aa:28:37:e3:f9:28:
                    ad:2f:5d:b1:c4:16:23:2a:a5:99:80:4b:db:34:92:
                    99:54:90:bf:60:c1:ac:6d:02:b7:eb:5d:0a:54:5b:
                    fb:7d:a4:7f:4e:28:05:d1:e6:b4:5c:c2:d3:1c:2f:
                    16:95:da:32:17:10:f0:aa:69:d1:77:e1:d4:a6:e9:
                    61:1c:17:35:0d:ab:aa:75:5f:2d:68:39:f5:36:c1:
                    a9:46:69:c5:af:d0:85:ec:dd:30:b2:ee:99:79:89:
                    c3:b2:12:1d:8f:3b:09:45:ee:f1:3d:28:1d:88:8f:
                    c8:bc:9f:f3:0e:49:1b:89:77:8c:0e:b2:0c:63:f1:
                    5e:0d:51:d3:09:c4:dc:33:53:fa:6a:e0:ec:07:6b:
                    4b:4b:ca:75:80:0f:f2:8d:13:1d:8e:d5:0b:17:96:
                    30:62:fd:f3:00:f7:fe:93:77:58:b8:78:5c:86:7a:
                    fd:43:9a:7e:30:cd:35:71:69:d6:da:04:c3:be:26:
                    13:27:e3:e2:77:de:47:4b:60:bf:d6:c4:7c:fb:68:
                    73:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:FF:8A:93:4A:EB:59:AA:45:A1:E5:54:88:E3:B8:8B:E1:E0:13:5B
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/c92c58-c727-4de0-84a6-7cf4dc67aa70/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/c92c58-c727-4de0-84a6-7cf4dc67aa70/1/E_-Kk0rrWapFoeVUiOO4i-HgE1s.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:5a8::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  60107

    Signature Algorithm: sha256WithRSAEncryption
         06:07:65:ab:73:72:82:6c:c8:28:a8:22:19:1b:20:ae:13:a5:
         fa:2d:ad:41:7d:09:b1:95:95:7f:9e:72:ce:4d:41:7f:d9:00:
         e5:33:69:d0:8f:e7:9e:b9:0f:76:1e:3b:5e:56:8c:5b:3f:6b:
         06:b9:fc:b3:03:48:7b:78:54:60:10:e7:48:b9:7c:6a:b2:29:
         91:0e:fe:e7:fb:b2:25:aa:26:f1:08:84:99:9a:57:6a:cf:c4:
         bf:7e:5b:af:c5:5c:ac:e6:dd:ec:3d:ad:17:30:c4:03:8d:b4:
         9a:82:5a:97:01:8c:47:85:33:a1:c4:65:bd:cf:cf:4b:79:f8:
         fd:dc:73:ca:3b:b5:90:26:7a:7d:d0:f3:d4:dc:63:a0:1e:a9:
         8f:b5:6d:ba:ab:3d:c7:b8:29:87:fb:e1:23:00:09:ab:6e:93:
         74:a2:b2:af:50:3c:df:d2:34:b7:3e:81:5e:7b:1d:46:cf:c1:
         ee:89:b5:b3:43:a8:59:37:14:bf:59:20:24:7d:4b:83:c1:6b:
         95:76:be:d3:0d:eb:8d:96:ca:2b:6a:02:12:c3:c3:f0:ca:50:
         d1:be:8c:49:b2:70:ff:17:83:de:71:46:6b:28:fe:70:f5:71:
         37:b2:67:43:f8:f1:f7:c9:0b:93:ad:69:b8:b8:a1:ed:c3:3c:
         b7:fc:e9:c7
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzGS3UrThEg8Rxil3SrgC+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2ZmOGE5MzRhZWI1OWFhNDVhMWU1NTQ4OGUzYjg4YmUxZTAxMzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Il6xDSi/K7/SJrGU8HNkJiTQFa5
kIm7VIYBsGTyYhNmVHpBXcCPSLwN7uxz8wGbXlthmE+qKDfj+SitL12xxBYjKqWZ
gEvbNJKZVJC/YMGsbQK3610KVFv7faR/TigF0ea0XMLTHC8WldoyFxDwqmnRd+HU
pulhHBc1DauqdV8taDn1NsGpRmnFr9CF7N0wsu6ZeYnDshIdjzsJRe7xPSgdiI/I
vJ/zDkkbiXeMDrIMY/FeDVHTCcTcM1P6auDsB2tLS8p1gA/yjRMdjtULF5YwYv3z
APf+k3dYuHhchnr9Q5p+MM01cWnW2gTDviYTJ+Pid95HS2C/1sR8+2hzLQIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFBP/ipNK61mqRaHlVIjjuIvh4BNbMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzEwL2M5MmM1
OC1jNzI3LTRkZTAtODRhNi03Y2Y0ZGM2N2FhNzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTAvYzkyYzU4
LWM3MjctNGRlMC04NGE2LTdjZjRkYzY3YWE3MC8xL0VfLUtrMHJyV2FwRm9lVlVp
T080aS1IZ0Uxcy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAWoMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwDqyzANBgkqhkiG9w0BAQsFAAOCAQEABgdlq3NygmzIKKgiGRsgrhOl+i2t
QX0JsZWVf55yzk1Bf9kA5TNp0I/nnrkPdh47XlaMWz9rBrn8swNIe3hUYBDnSLl8
arIpkQ7+5/uyJaom8QiEmZpXas/Ev35br8VcrObd7D2tFzDEA420moJalwGMR4Uz
ocRlvc/PS3n4/dxzyju1kCZ6fdDz1NxjoB6pj7Vtuqs9x7gph/vhIwAJq26TdKKy
r1A839I0tz6BXnsdRs/B7om1s0OoWTcUv1kgJH1Lg8FrlXa+0w3rjZbKK2oCEsPD
8MpQ0b6MSbJw/xeD3nFGayj+cPVxN7JnQ/jx98kLk61puLih7cM8t/zpxw==
-----END CERTIFICATE-----