Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/FxnQvARM2qI0GAnQAPD8Th3ts0U.cer
File:                     FxnQvARM2qI0GAnQAPD8Th3ts0U.cer (raw, json)
Hash identifier:          ++zvVunan/RmtEyIFdhQj8AsB7edjdTxDJz6j/P1wQw=
Subject key identifier:   17:19:D0:BC:04:4C:DA:A2:34:18:09:D0:00:F0:FC:4E:1D:ED:B3:45
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC802A37E2E8A606A1A415C7F50DA7B14
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/FxnQvARM2qI0GAnQAPD8Th3ts0U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:31:05 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 208562
                          IP: 2001:678:ad8::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:a3:7e:2e:8a:60:6a:1a:41:5c:7f:50:da:7b:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1719d0bc044cdaa2341809d000f0fc4e1dedb345
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:9b:de:42:27:df:66:5e:f5:dc:a3:eb:4e:bc:
                    f3:6b:06:ba:aa:16:4d:a5:43:0e:4f:0a:f1:52:38:
                    38:a1:1b:57:d6:a0:68:19:e5:6c:f1:27:ec:da:d5:
                    e9:bc:43:1e:b8:b0:1e:78:5e:58:30:02:83:59:dd:
                    bd:14:08:eb:5c:ac:c9:1d:e3:e8:09:37:b4:48:08:
                    0f:e7:da:df:27:77:70:e2:ab:01:5d:02:ba:34:fa:
                    2a:1e:27:47:cb:d7:7b:12:f1:e5:90:c1:7a:e9:07:
                    09:0b:3d:d6:51:a5:a9:e4:b6:17:0a:3c:b8:d2:09:
                    67:f9:d9:46:4f:54:82:f2:a6:7e:2e:92:6a:ff:b3:
                    e8:3b:c6:e9:12:aa:cb:fd:fa:c4:0f:26:b5:0b:dd:
                    79:03:d5:38:4d:df:30:c2:36:19:4a:b5:81:55:ce:
                    ea:9f:b6:b7:6a:78:1f:c0:74:34:d6:31:08:6d:87:
                    6e:8a:6e:5e:58:2b:9d:25:d1:b8:84:34:ef:43:ae:
                    17:63:0e:a8:37:11:d3:55:1a:37:2a:f2:eb:6e:10:
                    2e:5f:c5:09:50:4e:01:b4:b8:76:9d:b5:8b:3a:2c:
                    8e:c0:87:ac:3c:6e:68:b0:fe:cb:3b:28:ca:c0:8f:
                    89:7b:57:d8:e6:f1:35:00:bc:66:5e:40:f9:c4:82:
                    bc:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:19:D0:BC:04:4C:DA:A2:34:18:09:D0:00:F0:FC:4E:1D:ED:B3:45
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/FxnQvARM2qI0GAnQAPD8Th3ts0U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ad8::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208562

    Signature Algorithm: sha256WithRSAEncryption
         a8:05:70:e8:77:67:40:ec:ab:9f:70:25:fe:87:ba:99:ea:5e:
         f0:86:37:03:27:cc:63:62:40:6b:68:c9:b6:fb:e5:06:22:f1:
         e8:a2:ef:af:80:20:fc:db:c0:cd:13:93:6e:3c:ac:c3:52:7e:
         df:c5:a1:48:37:8f:6c:2b:54:c3:32:aa:e3:92:3e:04:ab:97:
         f5:17:b6:fe:d7:4d:05:aa:db:47:d1:ef:4c:c7:3b:05:04:3e:
         f0:ce:f3:1e:8c:6c:a4:02:54:9b:2a:cd:27:08:5b:8a:e3:23:
         66:74:ce:0f:8a:ef:b8:95:d6:e7:67:9f:4d:e8:ea:9e:78:b9:
         b0:35:77:f9:84:86:4b:72:b9:4e:6e:d5:50:99:5a:22:76:97:
         b5:a5:d1:55:b1:06:f4:f4:f4:37:be:82:fd:83:93:7c:39:86:
         a8:52:6a:48:7a:3a:93:e5:c8:e0:6d:a1:0a:c2:22:6e:4d:a5:
         fc:93:00:2c:85:76:ed:12:6f:19:58:3b:c1:7e:68:03:5b:de:
         13:f0:ab:4e:90:84:85:94:40:85:2f:ac:99:87:31:c6:7c:b7:
         c4:3c:7c:fe:25:81:67:91:95:64:c8:2b:72:9a:22:ff:95:c5:
         a6:f4:0f:eb:9c:20:aa:51:cf:98:ed:bd:11:b7:32:e3:f5:1a:
         87:45:f9:90
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAYzIAqN+LopgahpBXH9Q2nsUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzE5ZDBiYzA0NGNkYWEyMzQxODA5ZDAwMGYwZmM0ZTFkZWRiMzQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5JveQiffZl713KPrTrzzawa6qhZN
pUMOTwrxUjg4oRtX1qBoGeVs8Sfs2tXpvEMeuLAeeF5YMAKDWd29FAjrXKzJHePo
CTe0SAgP59rfJ3dw4qsBXQK6NPoqHidHy9d7EvHlkMF66QcJCz3WUaWp5LYXCjy4
0gln+dlGT1SC8qZ+LpJq/7PoO8bpEqrL/frEDya1C915A9U4Td8wwjYZSrWBVc7q
n7a3angfwHQ01jEIbYduim5eWCudJdG4hDTvQ64XYw6oNxHTVRo3KvLrbhAuX8UJ
UE4BtLh2nbWLOiyOwIesPG5osP7LOyjKwI+Je1fY5vE1ALxmXkD5xIK8AwIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFBcZ0LwETNqiNBgJ0ADw/E4d7bNFMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NiL2MwM2Vh
ZS0zOWFlLTQwMDItYjY2ZS0wNGFjMGE1ZTgxNDMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvY2IvYzAzZWFl
LTM5YWUtNDAwMi1iNjZlLTA0YWMwYTVlODE0My8xL0Z4blF2QVJNMnFJMEdBblFB
UEQ4VGgzdHMwVS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeArYMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwMusjANBgkqhkiG9w0BAQsFAAOCAQEAqAVw6HdnQOyrn3Al/oe6mepe8IY3
AyfMY2JAa2jJtvvlBiLx6KLvr4Ag/NvAzROTbjysw1J+38WhSDePbCtUwzKq45I+
BKuX9Re2/tdNBarbR9HvTMc7BQQ+8M7zHoxspAJUmyrNJwhbiuMjZnTOD4rvuJXW
52efTejqnni5sDV3+YSGS3K5Tm7VUJlaInaXtaXRVbEG9PT0N76C/YOTfDmGqFJq
SHo6k+XI4G2hCsIibk2l/JMALIV27RJvGVg7wX5oA1veE/CrTpCEhZRAhS+smYcx
xny3xDx8/iWBZ5GVZMgrcpoi/5XFpvQP65wgqlHPmO29Ebcy4/Uah0X5kA==
-----END CERTIFICATE-----