Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/G_mzHCCQb4foYHjbRYHl8e5Tt68.cer
File:                     G_mzHCCQb4foYHjbRYHl8e5Tt68.cer (raw, json)
Hash identifier:          u2zl7pkBM5aeT0IaclykAk0f9ngtrxl/feyMlVgK9B0=
Subject key identifier:   1B:F9:B3:1C:20:90:6F:87:E8:60:78:DB:45:81:E5:F1:EE:53:B7:AF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC79433BDFA5F255CB13CE8F3D2B27C2D
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e0/b952a6-6049-4fd8-b7fd-9355e540ed10/1/G_mzHCCQb4foYHjbRYHl8e5Tt68.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e0/b952a6-6049-4fd8-b7fd-9355e540ed10/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:30:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 202828

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:33:bd:fa:5f:25:5c:b1:3c:e8:f3:d2:b2:7c:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bf9b31c20906f87e86078db4581e5f1ee53b7af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:1b:41:37:95:97:40:c4:ee:7f:8e:0f:18:9f:
                    e0:bc:f2:60:86:25:13:a7:b4:00:3e:27:84:bf:9e:
                    00:a5:33:79:5b:94:bb:cc:44:ab:6d:72:83:4b:69:
                    20:47:6c:f0:ee:64:0a:68:f4:20:b6:24:6f:06:6f:
                    54:ef:9c:f1:f1:ba:97:c2:a1:25:52:5c:73:15:e9:
                    45:55:27:e8:f2:74:1d:ce:7c:40:c7:37:c7:54:32:
                    3d:0b:82:21:50:4b:17:be:89:63:3d:fb:e4:07:97:
                    7c:99:88:12:f7:6d:32:46:2b:11:ec:30:6d:2e:78:
                    0a:c0:57:72:8b:24:3c:0f:89:c3:db:fc:0c:4c:88:
                    74:e7:be:03:d7:52:58:8f:68:59:10:94:a7:68:fc:
                    9d:0d:a8:21:be:90:7e:d3:87:0d:9d:31:96:88:d9:
                    a6:a2:4a:0c:12:f4:b6:97:86:36:71:d2:0d:24:0f:
                    6d:cb:e0:e1:ff:69:ae:42:cb:17:e4:a1:6f:d7:2d:
                    d3:ba:3b:56:fa:24:fa:cf:b3:ff:2c:f7:4f:6f:d9:
                    79:ee:d5:26:ab:40:d4:52:72:ea:79:4b:1e:f4:c5:
                    32:3e:2f:d6:d1:ee:c4:ac:e6:58:c5:53:c0:9e:04:
                    21:f5:65:85:19:2c:c6:0b:72:7b:27:b7:ca:6b:20:
                    9b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:F9:B3:1C:20:90:6F:87:E8:60:78:DB:45:81:E5:F1:EE:53:B7:AF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/b952a6-6049-4fd8-b7fd-9355e540ed10/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/b952a6-6049-4fd8-b7fd-9355e540ed10/1/G_mzHCCQb4foYHjbRYHl8e5Tt68.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  202828

    Signature Algorithm: sha256WithRSAEncryption
         34:35:ac:28:95:16:a6:a3:81:13:6a:97:99:d5:c3:b5:24:ec:
         72:d2:e0:84:bd:93:2c:93:85:af:ba:e0:5b:a8:4e:6e:39:94:
         02:48:12:e7:12:6b:4c:dc:43:fe:d7:23:11:0e:4c:da:e6:9e:
         ac:62:f8:06:39:c9:98:ae:12:af:af:91:4c:b2:bd:5b:c1:65:
         c6:cc:b2:72:2f:70:d8:b5:2f:61:2c:ed:03:b8:25:92:14:3b:
         e8:56:f6:f7:58:b4:d5:a2:d1:47:6a:33:02:3b:ab:e2:55:f1:
         96:c8:8c:46:62:c4:53:33:ff:67:d0:79:32:e5:41:1d:df:05:
         75:d4:28:ee:eb:d7:96:15:4c:94:a9:92:7d:a2:68:3b:2b:a3:
         be:04:2e:0e:6c:e9:6d:cd:a2:4a:f8:ad:31:f3:0a:b1:94:91:
         06:1f:26:98:40:27:a4:2f:1b:8e:47:26:20:7b:93:77:6d:74:
         10:c6:c6:20:c7:f6:89:47:8d:37:07:b0:63:87:3f:cf:34:1f:
         d9:3a:77:de:ca:88:db:5a:f8:ad:b7:92:41:d9:05:c8:7a:a2:
         c5:8b:14:8a:6d:7a:71:81:15:42:a0:60:38:aa:7a:3d:f6:5e:
         7e:fe:c7:a1:45:9e:70:f6:88:e2:11:68:49:de:54:16:54:12:
         94:93:0b:59
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzHlDO9+l8lXLE86PPSsnwtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmY5YjMxYzIwOTA2Zjg3ZTg2MDc4ZGI0NTgxZTVmMWVlNTNiN2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9BtBN5WXQMTuf44PGJ/gvPJghiUT
p7QAPieEv54ApTN5W5S7zESrbXKDS2kgR2zw7mQKaPQgtiRvBm9U75zx8bqXwqEl
UlxzFelFVSfo8nQdznxAxzfHVDI9C4IhUEsXvoljPfvkB5d8mYgS920yRisR7DBt
LngKwFdyiyQ8D4nD2/wMTIh0574D11JYj2hZEJSnaPydDaghvpB+04cNnTGWiNmm
okoMEvS2l4Y2cdINJA9ty+Dh/2muQssX5KFv1y3TujtW+iT6z7P/LPdPb9l57tUm
q0DUUnLqeUse9MUyPi/W0e7ErOZYxVPAngQh9WWFGSzGC3J7J7fKayCbzQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFBv5sxwgkG+H6GB420WB5fHuU7evMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2UwL2I5NTJh
Ni02MDQ5LTRmZDgtYjdmZC05MzU1ZTU0MGVkMTAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTAvYjk1MmE2
LTYwNDktNGZkOC1iN2ZkLTkzNTVlNTQwZWQxMC8xL0dfbXpIQ0NRYjRmb1lIamJS
WUhsOGU1VHQ2OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMYTDANBgkqhkiG9w0BAQsFAAOCAQEANDWsKJUWpqOB
E2qXmdXDtSTsctLghL2TLJOFr7rgW6hObjmUAkgS5xJrTNxD/tcjEQ5M2uaerGL4
BjnJmK4Sr6+RTLK9W8Flxsyyci9w2LUvYSztA7glkhQ76Fb291i01aLRR2ozAjur
4lXxlsiMRmLEUzP/Z9B5MuVBHd8FddQo7uvXlhVMlKmSfaJoOyujvgQuDmzpbc2i
SvitMfMKsZSRBh8mmEAnpC8bjkcmIHuTd210EMbGIMf2iUeNNwewY4c/zzQf2Tp3
3sqI21r4rbeSQdkFyHqixYsUim16cYEVQqBgOKp6PfZefv7HoUWecPaI4hFoSd5U
FlQSlJMLWQ==
-----END CERTIFICATE-----