Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/FXdt9sJqD_OcQ1OdAkcpIbhh5Ow.cer
File:                     FXdt9sJqD_OcQ1OdAkcpIbhh5Ow.cer (raw, json)
Hash identifier:          qgukKA0p6mM0PD9nmopPZgd3EsmmHKOd+D7VqEjLWUM=
Subject key identifier:   15:77:6D:F6:C2:6A:0F:F3:9C:43:53:9D:02:47:29:21:B8:61:E4:EC
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86EFC6B69E336939CC2C06FA673549B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f6/3ec808-52e1-4f66-b145-4accf9f53927/1/FXdt9sJqD_OcQ1OdAkcpIbhh5Ow.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f6/3ec808-52e1-4f66-b145-4accf9f53927/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:29:25 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 50852
                          IP: 194.247.22.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 02:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:fc:6b:69:e3:36:93:9c:c2:c0:6f:a6:73:54:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15776df6c26a0ff39c43539d02472921b861e4ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b5:a9:a2:3f:35:89:f1:63:81:d3:aa:1f:60:
                    03:53:27:ec:07:27:e1:fa:99:a0:f5:06:c7:84:ab:
                    58:fb:50:d6:5a:ac:2b:14:b1:1c:c4:4b:14:59:10:
                    8c:2f:4a:7e:4f:5f:1d:1e:92:53:4b:43:e2:39:30:
                    ab:20:f8:f6:9a:b2:07:5e:58:93:90:d7:8e:bc:33:
                    b9:31:d0:d1:7f:c2:65:7e:35:94:81:0c:27:ae:3f:
                    00:be:6c:8c:c0:78:6a:1b:5b:72:1e:b7:d0:7c:bf:
                    97:4d:5d:60:0e:2f:07:22:d0:7f:ae:51:d3:9a:7a:
                    8d:d9:39:ea:84:39:c9:15:f0:cf:d6:b8:95:82:ce:
                    5d:cf:36:b7:95:4a:7e:5e:71:e1:9e:e2:e2:0e:e5:
                    8e:de:74:41:1f:7c:c1:cc:58:53:6d:c8:25:17:ae:
                    a6:44:79:4a:60:c3:ff:84:ea:16:1f:72:3e:3c:b7:
                    85:5f:3b:11:50:44:82:8d:62:33:0b:ae:6c:70:7a:
                    5f:01:d0:7c:b8:60:3c:3c:2e:e3:54:3f:04:5c:12:
                    4d:e4:e8:a9:91:5f:9e:93:b9:c3:3d:35:a9:f6:4b:
                    80:49:cc:4b:bd:f6:62:aa:6b:19:f3:38:87:25:16:
                    e6:84:17:4b:05:f2:ec:b1:f4:b4:1a:73:ae:2d:a2:
                    8d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:77:6D:F6:C2:6A:0F:F3:9C:43:53:9D:02:47:29:21:B8:61:E4:EC
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/3ec808-52e1-4f66-b145-4accf9f53927/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/3ec808-52e1-4f66-b145-4accf9f53927/1/FXdt9sJqD_OcQ1OdAkcpIbhh5Ow.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.247.22.0/23

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50852

    Signature Algorithm: sha256WithRSAEncryption
         99:d3:04:a7:30:69:1d:3f:98:99:e1:9f:63:29:e0:9d:90:21:
         e0:17:47:29:f6:61:77:1b:c0:f9:ec:55:14:86:23:ad:cd:6b:
         d2:bc:c0:74:a1:12:23:42:86:90:64:17:93:e0:55:b2:6f:bc:
         5d:f4:8a:5a:32:b7:10:88:d0:5f:df:65:9b:8c:4c:95:01:4c:
         98:57:91:55:8b:78:3a:cc:ac:ba:e7:e9:a2:46:16:d1:f2:ca:
         51:4c:df:3d:29:0f:d2:bd:66:11:f3:ad:d3:f0:a8:77:9e:70:
         8c:7e:1c:aa:7f:14:30:3c:bd:85:f9:7a:33:8a:db:73:fb:f0:
         5a:08:6f:68:10:8e:2d:fb:5e:ec:0f:24:2c:e5:cb:b2:36:af:
         7e:9a:ba:cc:8e:56:9f:1c:6d:af:57:4a:26:35:c1:41:58:2a:
         d9:9b:6b:8e:44:bb:f2:e6:41:4f:ab:24:8c:b7:c5:1d:2d:13:
         c5:d5:f7:55:01:16:e3:d8:e7:d9:d9:04:ca:f3:89:3a:6b:81:
         80:a0:f7:1c:e3:04:2b:70:46:9f:98:8e:2f:70:19:d1:05:51:
         e2:f4:00:6c:b5:17:3e:ba:da:ee:b3:22:08:00:1d:7e:c2:ba:
         dc:c9:c4:a6:c7:15:5c:cf:ac:81:a9:85:2b:3f:55:c0:7b:6c:
         15:00:48:91
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzIbvxraeM2k5zCwG+mc1SbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTc3NmRmNmMyNmEwZmYzOWM0MzUzOWQwMjQ3MjkyMWI4NjFlNGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrWpoj81ifFjgdOqH2ADUyfsByfh
+pmg9QbHhKtY+1DWWqwrFLEcxEsUWRCML0p+T18dHpJTS0PiOTCrIPj2mrIHXliT
kNeOvDO5MdDRf8JlfjWUgQwnrj8AvmyMwHhqG1tyHrfQfL+XTV1gDi8HItB/rlHT
mnqN2TnqhDnJFfDP1riVgs5dzza3lUp+XnHhnuLiDuWO3nRBH3zBzFhTbcglF66m
RHlKYMP/hOoWH3I+PLeFXzsRUESCjWIzC65scHpfAdB8uGA8PC7jVD8EXBJN5Oip
kV+ek7nDPTWp9kuAScxLvfZiqmsZ8ziHJRbmhBdLBfLssfS0GnOuLaKNawIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFBV3bfbCag/znENTnQJHKSG4YeTsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y2LzNlYzgw
OC01MmUxLTRmNjYtYjE0NS00YWNjZjlmNTM5MjcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjYvM2VjODA4
LTUyZTEtNGY2Ni1iMTQ1LTRhY2NmOWY1MzkyNy8xL0ZYZHQ5c0pxRF9PY1ExT2RB
a2NwSWJoaDVPdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwvcWMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDGpDANBgkqhkiG9w0BAQsFAAOCAQEAmdMEpzBpHT+YmeGfYyngnZAh4BdHKfZh
dxvA+exVFIYjrc1r0rzAdKESI0KGkGQXk+BVsm+8XfSKWjK3EIjQX99lm4xMlQFM
mFeRVYt4OsysuufpokYW0fLKUUzfPSkP0r1mEfOt0/Cod55wjH4cqn8UMDy9hfl6
M4rbc/vwWghvaBCOLfte7A8kLOXLsjavfpq6zI5Wnxxtr1dKJjXBQVgq2ZtrjkS7
8uZBT6skjLfFHS0TxdX3VQEW49jn2dkEyvOJOmuBgKD3HOMEK3BGn5iOL3AZ0QVR
4vQAbLUXPrra7rMiCAAdfsK63MnEpscVXM+sgamFKz9VwHtsFQBIkQ==
-----END CERTIFICATE-----