Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/GHD7YYredkTpXYKIIvXCVQcnA8U.cer
File:                     GHD7YYredkTpXYKIIvXCVQcnA8U.cer (raw, json)
Hash identifier:          WV10MLl/JBal9TKxuZDo8k9nqi7J9RnYLfgymBEKAPw=
Subject key identifier:   18:70:FB:61:8A:DE:76:44:E9:5D:82:88:22:F5:C2:55:07:27:03:C5
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3490A622542543CB98324CFFDEF08D6
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/96/428ebc-0a95-4251-ad00-7993b60c8470/1/GHD7YYredkTpXYKIIvXCVQcnA8U.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/96/428ebc-0a95-4251-ad00-7993b60c8470/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 04:29:53 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 64493

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0a:62:25:42:54:3c:b9:83:24:cf:fd:ef:08:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1870fb618ade7644e95d828822f5c255072703c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a9:7a:73:19:92:61:1e:21:56:2b:7f:c3:39:
                    39:f7:3e:49:8d:ce:63:e3:0d:d7:6c:1f:6e:9f:b6:
                    84:c1:85:66:a3:86:8a:c7:3a:2c:8b:56:81:0f:72:
                    a4:17:fa:ba:f5:ee:1c:89:2a:7f:dd:fb:fe:ae:e0:
                    c3:dd:c9:b2:41:70:1b:4b:4b:08:31:d9:06:97:9a:
                    63:48:2f:5f:0c:e2:3c:2e:33:94:2d:a8:c6:83:73:
                    46:d0:2b:df:34:83:42:f2:40:0f:c8:4f:a0:71:b1:
                    aa:9e:8e:68:12:46:f6:05:b6:cc:ca:af:27:4a:0a:
                    1c:f0:e2:ee:78:9e:77:38:b9:26:d3:1b:58:ee:0f:
                    a2:88:7e:dc:0d:57:53:9e:82:94:01:b3:ab:ec:1a:
                    af:ca:10:3b:5a:82:2a:d2:32:5b:cf:12:ca:e5:fa:
                    3f:1b:64:02:d3:6b:75:c8:0a:8a:3e:03:b6:f8:31:
                    c8:14:48:70:50:3b:5a:2f:cb:07:cf:55:14:8f:22:
                    96:67:5f:74:44:a4:6f:fe:1a:ce:59:10:70:5c:a1:
                    d2:fc:72:cd:92:49:85:e8:46:9d:b1:1a:52:65:fd:
                    96:c2:9f:e9:e7:ae:94:71:5d:ca:63:8d:8e:69:07:
                    fb:bf:07:c9:b5:8a:bb:3d:5d:bf:ba:22:da:ed:44:
                    0b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:70:FB:61:8A:DE:76:44:E9:5D:82:88:22:F5:C2:55:07:27:03:C5
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/428ebc-0a95-4251-ad00-7993b60c8470/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/96/428ebc-0a95-4251-ad00-7993b60c8470/1/GHD7YYredkTpXYKIIvXCVQcnA8U.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  64493

    Signature Algorithm: sha256WithRSAEncryption
         08:c4:64:3b:b5:3d:66:6d:aa:29:91:1e:4b:98:8d:9b:eb:87:
         aa:3d:23:98:cb:42:fd:fc:45:51:e2:3b:88:91:cd:13:fe:5c:
         dd:74:47:9a:e2:14:7a:99:71:e5:76:54:c8:7c:e1:bf:9b:4c:
         17:d8:ce:89:e3:f2:39:83:18:39:ab:55:c2:67:da:ca:fc:9c:
         e8:ef:fb:7e:e3:6d:cb:cf:79:60:e1:f9:5e:6f:b2:65:b9:e4:
         10:f2:ed:1e:d8:42:a3:ea:f1:f1:17:8a:ab:b6:b6:dc:9d:60:
         5a:01:73:8a:2a:c5:76:5a:e7:b2:c0:3c:6e:9a:61:09:31:0d:
         75:5a:12:ee:b9:0c:7a:26:94:03:f8:d9:90:79:97:f3:08:7d:
         fc:44:58:2a:51:a3:47:f5:21:51:d0:c6:c8:bf:9b:82:1d:bd:
         b6:2a:0e:43:78:02:bf:4b:06:78:4b:9d:d7:cc:ab:4d:3d:cd:
         97:b0:cc:ef:e2:00:d6:39:4e:6a:b6:60:fc:57:36:1b:1f:b5:
         5d:14:c7:15:e5:14:a9:be:fc:21:ef:4b:52:37:77:40:5a:05:
         a0:2d:e1:81:5a:18:4a:b3:b2:45:b4:76:a3:25:0a:aa:de:e7:
         17:43:e7:7e:65:25:7b:3c:c7:39:08:4c:7c:a1:8b:28:40:31:
         41:9b:a2:f0
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzDSQpiJUJUPLmDJM/97wjWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODcwZmI2MThhZGU3NjQ0ZTk1ZDgyODgyMmY1YzI1NTA3MjcwM2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxql6cxmSYR4hVit/wzk59z5Jjc5j
4w3XbB9un7aEwYVmo4aKxzosi1aBD3KkF/q69e4ciSp/3fv+ruDD3cmyQXAbS0sI
MdkGl5pjSC9fDOI8LjOULajGg3NG0CvfNINC8kAPyE+gcbGqno5oEkb2BbbMyq8n
Sgoc8OLueJ53OLkm0xtY7g+iiH7cDVdTnoKUAbOr7BqvyhA7WoIq0jJbzxLK5fo/
G2QC02t1yAqKPgO2+DHIFEhwUDtaL8sHz1UUjyKWZ190RKRv/hrOWRBwXKHS/HLN
kkmF6EadsRpSZf2Wwp/p566UcV3KY42OaQf7vwfJtYq7PV2/uiLa7UQLAQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFBhw+2GK3nZE6V2CiCL1wlUHJwPFMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk2LzQyOGVi
Yy0wYTk1LTQyNTEtYWQwMC03OTkzYjYwYzg0NzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTYvNDI4ZWJj
LTBhOTUtNDI1MS1hZDAwLTc5OTNiNjBjODQ3MC8xL0dIRDdZWXJlZGtUcFhZS0lJ
dlhDVlFjbkE4VS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwD77TANBgkqhkiG9w0BAQsFAAOCAQEACMRkO7U9Zm2q
KZEeS5iNm+uHqj0jmMtC/fxFUeI7iJHNE/5c3XRHmuIUeplx5XZUyHzhv5tMF9jO
iePyOYMYOatVwmfayvyc6O/7fuNty895YOH5Xm+yZbnkEPLtHthCo+rx8ReKq7a2
3J1gWgFziirFdlrnssA8bpphCTENdVoS7rkMeiaUA/jZkHmX8wh9/ERYKlGjR/Uh
UdDGyL+bgh29tioOQ3gCv0sGeEud18yrTT3Nl7DM7+IA1jlOarZg/Fc2Gx+1XRTH
FeUUqb78Ie9LUjd3QFoFoC3hgVoYSrOyRbR2oyUKqt7nF0PnfmUlezzHOQhMfKGL
KEAxQZui8A==
-----END CERTIFICATE-----