Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.cer
File:                     GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.cer (raw, json)
Hash identifier:          DCiZAjBGpeUMc9Y+EwMtgVLIc182Dpak4zyJk1pU9KY=
Subject key identifier:   18:8E:D4:88:4F:11:19:39:CA:6C:7F:0F:34:B2:79:2B:39:B9:34:23
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194236A08F761C6AC9B7BFDB6940CF293E9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 19:48:59 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 192.76.154.0/24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 14:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:08:f7:61:c6:ac:9b:7b:fd:b6:94:0c:f2:93:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 19:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=188ed4884f111939ca6c7f0f34b2792b39b93423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:40:2e:01:14:93:88:1d:7b:cf:5c:2e:c0:a1:
                    2c:07:1a:3d:ec:34:e9:ab:e5:82:cc:f0:f4:4e:8a:
                    e2:a8:14:4d:47:28:15:bf:20:fe:10:28:f3:ae:3b:
                    57:c1:68:c5:e2:8b:2f:d8:25:5a:52:73:ae:7e:bf:
                    d7:d7:71:c4:5f:ef:0a:a5:96:d9:02:23:9d:ad:0c:
                    37:bc:01:56:e4:23:3c:91:78:9e:30:3d:a2:c9:16:
                    cb:2c:70:dc:59:a4:d1:7c:8d:93:e9:6b:fe:10:7d:
                    e9:03:f7:91:5e:c1:1d:be:c3:9e:61:90:fb:46:1a:
                    dd:ef:2e:f1:2a:ba:89:19:72:47:96:ed:f3:c4:74:
                    cd:b3:12:c6:d3:f8:f1:1e:37:bf:56:db:ff:de:53:
                    d2:96:f8:05:82:c8:f3:96:0e:85:3a:9f:d2:c5:53:
                    e8:54:b8:cf:92:27:42:ee:c8:d7:20:d1:7d:01:54:
                    48:8c:89:4c:97:73:f9:bf:96:47:d5:d4:0c:46:b7:
                    32:8b:00:04:e9:4b:d0:24:6d:6b:94:db:28:9f:67:
                    71:97:54:ff:fd:d7:54:5a:2b:c2:2e:4c:38:81:f6:
                    d9:27:cf:1c:86:07:92:6e:84:f2:67:f2:42:c5:71:
                    f8:ca:9c:11:73:bc:4e:70:df:7f:12:69:46:bc:52:
                    25:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:8E:D4:88:4F:11:19:39:CA:6C:7F:0F:34:B2:79:2B:39:B9:34:23
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/b88532-9974-4612-94c4-5e0777b04049/1/GI7UiE8RGTnKbH8PNLJ5Kzm5NCM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.76.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:d5:49:1c:6c:4c:36:8a:76:b9:4c:d4:4b:2e:72:57:7f:2c:
         ea:b5:76:dd:81:87:a1:40:8a:c1:f4:54:20:1a:e5:f5:a0:70:
         23:6c:04:84:b0:7b:14:97:50:e9:ed:6a:31:09:4a:5e:d1:dd:
         98:43:16:e2:08:6c:ba:f0:0b:a4:84:78:a2:a4:1f:a7:bf:9f:
         c0:31:ad:22:60:55:54:85:ce:9a:e7:66:3c:12:dc:fe:c8:84:
         da:39:20:2a:e3:61:f3:b2:13:62:93:19:69:05:82:86:a8:f2:
         f4:f6:30:7b:b5:9e:9b:a3:2c:f4:b4:12:7c:fb:47:1a:70:c0:
         15:45:2f:38:60:41:63:ad:a8:e0:f8:2d:8f:a5:77:7a:ae:e5:
         2e:ef:92:2a:db:4b:88:9b:d9:a0:68:27:fb:3a:9a:46:a4:c6:
         fe:fe:76:76:c0:70:99:df:41:a2:9c:3f:ea:0f:05:86:e0:f2:
         b7:f1:b4:c2:64:f6:5d:e0:d6:6b:cd:1a:3f:d9:a0:1f:c4:ba:
         0b:cd:cf:48:e4:1e:ba:23:1f:c0:a5:00:3e:82:b0:a4:cd:ff:
         35:d2:4f:fa:58:22:74:ab:36:ab:09:e7:fb:18:50:02:b1:25:
         9b:7c:1b:0c:9d:8a:8b:cc:ed:8a:96:dc:91:35:a4:ca:11:4b:
         21:9a:29:7e
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZQjagj3Ycasm3v9tpQM8pPpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTk0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODhlZDQ4ODRmMTExOTM5Y2E2YzdmMGYzNGIyNzkyYjM5YjkzNDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UAuARSTiB17z1wuwKEsBxo97DTp
q+WCzPD0ToriqBRNRygVvyD+ECjzrjtXwWjF4osv2CVaUnOufr/X13HEX+8KpZbZ
AiOdrQw3vAFW5CM8kXieMD2iyRbLLHDcWaTRfI2T6Wv+EH3pA/eRXsEdvsOeYZD7
Rhrd7y7xKrqJGXJHlu3zxHTNsxLG0/jxHje/Vtv/3lPSlvgFgsjzlg6FOp/SxVPo
VLjPkidC7sjXINF9AVRIjIlMl3P5v5ZH1dQMRrcyiwAE6UvQJG1rlNson2dxl1T/
/ddUWivCLkw4gfbZJ88chgeSboTyZ/JCxXH4ypwRc7xOcN9/EmlGvFIlzwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBiO1IhPERk5ymx/DzSyeSs5uTQjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q3L2I4ODUz
Mi05OTc0LTQ2MTItOTRjNC01ZTA3NzdiMDQwNDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDcvYjg4NTMy
LTk5NzQtNDYxMi05NGM0LTVlMDc3N2IwNDA0OS8xL0dJN1VpRThSR1RuS2JIOFBO
TEo1S3ptNU5DTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwEyaMA0GCSqGSIb3DQEBCwUAA4IBAQBy1Ukc
bEw2ina5TNRLLnJXfyzqtXbdgYehQIrB9FQgGuX1oHAjbASEsHsUl1Dp7WoxCUpe
0d2YQxbiCGy68AukhHiipB+nv5/AMa0iYFVUhc6a52Y8Etz+yITaOSAq42HzshNi
kxlpBYKGqPL09jB7tZ6boyz0tBJ8+0cacMAVRS84YEFjrajg+C2PpXd6ruUu75Iq
20uIm9mgaCf7OppGpMb+/nZ2wHCZ30GinD/qDwWG4PK38bTCZPZd4NZrzRo/2aAf
xLoLzc9I5B66Ix/ApQA+grCkzf810k/6WCJ0qzarCef7GFACsSWbfBsMnYqLzO2K
ltyRNaTKEUshmil+
-----END CERTIFICATE-----