Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer
File:                     F4yPIMk5qqnIDM5qDRVnGDyhxZk.cer (raw, json)
Hash identifier:          TeQpt9n4cH4rx0WcALOzXvdbkKRMKnNDPq8A7JVDb8M=
Subject key identifier:   17:8C:8F:20:C9:39:AA:A9:C8:0C:CE:6A:0D:15:67:18:3C:A1:C5:99
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942143FA5E24DDBA4EAC5CE3FC504607E5
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 09:48:10 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.199.74.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fa:5e:24:dd:ba:4e:ac:5c:e3:fc:50:46:07:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=178c8f20c939aaa9c80cce6a0d1567183ca1c599
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d7:6e:b8:fe:1b:a4:cc:bd:63:5f:ab:2f:a7:
                    ad:fe:13:da:ea:00:8c:8b:8f:5a:b7:7f:c4:84:f2:
                    3d:a2:50:7b:15:51:cc:1e:8e:78:55:df:aa:56:18:
                    ce:54:be:02:0e:1c:91:31:41:4d:a3:26:8d:8b:86:
                    43:70:91:d0:04:42:af:69:0e:b5:15:3d:89:a1:5a:
                    30:18:fc:ca:e5:1f:c2:6a:1b:67:d3:5d:57:10:b4:
                    7d:75:96:ff:34:3b:42:d9:f1:fa:93:44:34:42:08:
                    65:e9:ee:89:cd:64:d0:d8:b0:f9:3c:c3:a2:f5:87:
                    0e:30:bf:54:c2:92:88:ac:d7:a3:38:3e:c2:c6:d9:
                    20:15:7e:fd:f2:24:8d:69:ea:5a:bb:40:20:85:c9:
                    90:45:f7:fb:1d:72:39:21:56:bb:fa:85:61:f0:4d:
                    6a:2a:cb:f2:ad:8b:b1:6b:c8:46:3c:07:61:23:77:
                    53:b7:89:4f:a2:66:b5:4a:45:50:7f:22:57:d9:8e:
                    ab:36:6d:1a:a1:2d:a8:52:d9:13:78:4e:2c:3a:cb:
                    42:cf:89:40:cd:66:8e:5a:58:9c:21:a9:ac:f3:dc:
                    57:e9:2f:64:11:34:74:56:a0:c6:c3:2f:55:d2:20:
                    bb:76:46:cf:20:ab:42:74:7c:4d:99:17:5a:f3:9a:
                    53:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:8C:8F:20:C9:39:AA:A9:C8:0C:CE:6A:0D:15:67:18:3C:A1:C5:99
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/7edd9a-fb72-43d7-b252-4cd11e8b7497/1/F4yPIMk5qqnIDM5qDRVnGDyhxZk.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:27:c5:6d:78:46:46:30:76:0d:37:89:e2:ff:33:55:48:3f:
         e7:bd:14:7f:94:b1:aa:ab:7e:77:db:98:11:86:60:d2:33:6e:
         b5:51:e1:98:ce:ac:9f:6d:10:42:76:1f:df:c3:2b:25:52:61:
         78:c9:0f:49:50:99:8b:f2:73:82:20:66:e7:92:27:b4:56:55:
         01:cd:05:3c:87:ee:5d:b6:7e:5b:36:c9:bf:42:68:f7:dc:92:
         b9:84:3c:ef:f5:ae:54:fb:47:83:90:06:6d:dd:da:fb:4b:53:
         f2:ac:1e:fe:b3:7e:57:b6:7d:fa:9f:4a:73:f5:4b:95:8d:49:
         5f:e0:d5:1f:14:64:af:2c:a4:15:41:37:6b:8a:00:83:09:e5:
         a4:79:4e:c5:41:64:9f:f3:19:55:2d:52:a7:15:65:de:9c:3f:
         be:3a:7b:57:5b:1a:75:10:2a:ed:4a:b4:1d:4a:4c:c8:d6:83:
         de:c9:a9:84:33:5f:f0:33:01:3b:8a:0f:ac:0f:be:48:4b:8d:
         61:95:19:a4:06:31:74:c6:83:6a:c9:8c:d0:14:95:01:f1:c8:
         3d:42:f9:32:60:a5:c1:19:a3:90:ea:5d:d1:32:b6:a9:4a:17:
         05:73:2b:d9:10:00:d2:ce:de:48:86:5f:14:4a:b3:db:31:28:
         cb:73:01:cb
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQhQ/peJN26Tqxc4/xQRgflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzhjOGYyMGM5MzlhYWE5YzgwY2NlNmEwZDE1NjcxODNjYTFjNTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdduuP4bpMy9Y1+rL6et/hPa6gCM
i49at3/EhPI9olB7FVHMHo54Vd+qVhjOVL4CDhyRMUFNoyaNi4ZDcJHQBEKvaQ61
FT2JoVowGPzK5R/Cahtn011XELR9dZb/NDtC2fH6k0Q0Qghl6e6JzWTQ2LD5PMOi
9YcOML9UwpKIrNejOD7CxtkgFX798iSNaepau0AghcmQRff7HXI5IVa7+oVh8E1q
KsvyrYuxa8hGPAdhI3dTt4lPoma1SkVQfyJX2Y6rNm0aoS2oUtkTeE4sOstCz4lA
zWaOWlicIams89xX6S9kETR0VqDGwy9V0iC7dkbPIKtCdHxNmRda85pTUQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBeMjyDJOaqpyAzOag0VZxg8ocWZMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA3LzdlZGQ5
YS1mYjcyLTQzZDctYjI1Mi00Y2QxMWU4Yjc0OTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDcvN2VkZDlh
LWZiNzItNDNkNy1iMjUyLTRjZDExZThiNzQ5Ny8xL0Y0eVBJTWs1cXFuSURNNXFE
UlZuR0R5aHhaay5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW8dKMA0GCSqGSIb3DQEBCwUAA4IBAQAeJ8Vt
eEZGMHYNN4ni/zNVSD/nvRR/lLGqq35325gRhmDSM261UeGYzqyfbRBCdh/fwysl
UmF4yQ9JUJmL8nOCIGbnkie0VlUBzQU8h+5dtn5bNsm/Qmj33JK5hDzv9a5U+0eD
kAZt3dr7S1PyrB7+s35Xtn36n0pz9UuVjUlf4NUfFGSvLKQVQTdrigCDCeWkeU7F
QWSf8xlVLVKnFWXenD++OntXWxp1ECrtSrQdSkzI1oPeyamEM1/wMwE7ig+sD75I
S41hlRmkBjF0xoNqyYzQFJUB8cg9QvkyYKXBGaOQ6l3RMrapShcFcyvZEADSzt5I
hl8USrPbMSjLcwHL
-----END CERTIFICATE-----