Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/HApvbzqa4dpeW-h1L6sY3rKLphQ.cer
File:                     HApvbzqa4dpeW-h1L6sY3rKLphQ.cer (raw, json)
Hash identifier:          tvGgcOoqYcuUt+1nnZ7r1t+UFl/jgnSY4dijZb5XQjk=
Subject key identifier:   1C:0A:6F:6F:3A:9A:E1:DA:5E:5B:E8:75:2F:AB:18:DE:B2:8B:A6:14
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0196EC9350CCEB42C9E15B92AF1DA539C017
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/25/2a9dd4-17b8-473c-83bf-9af1074c227f/1/HApvbzqa4dpeW-h1L6sY3rKLphQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/25/2a9dd4-17b8-473c-83bf-9af1074c227f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 20 May 2025 07:23:19 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 91.205.192.0/23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ec:93:50:cc:eb:42:c9:e1:5b:92:af:1d:a5:39:c0:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: May 20 07:23:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c0a6f6f3a9ae1da5e5be8752fab18deb28ba614
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7a:09:8c:af:40:a4:42:f8:a0:b5:fe:48:2f:
                    9b:ad:d2:b0:1e:c8:0a:b1:3b:61:2a:99:85:65:c9:
                    6f:ff:95:ee:6b:4d:52:97:04:0b:4b:e2:20:5d:5f:
                    c3:7c:d3:49:58:fb:8a:00:b5:9c:80:0b:27:78:a6:
                    61:98:04:a7:9a:83:59:5f:9d:a2:38:29:cf:99:cd:
                    07:de:bc:76:b7:ae:1e:ff:e5:4d:2c:85:06:c6:72:
                    34:bd:7c:cf:ea:98:88:70:6f:5d:7d:ac:e7:b3:2c:
                    32:84:99:c7:83:70:c7:2a:65:16:dd:56:39:49:cc:
                    ac:35:b7:52:b6:f2:cd:f2:3e:76:33:93:04:4c:35:
                    5a:a5:06:0c:86:cd:1d:74:70:5f:a3:86:c1:29:67:
                    bf:7e:2b:3c:ce:ee:67:b8:e0:0a:94:c7:49:7a:61:
                    a1:20:60:f3:d2:3a:23:af:8a:24:4b:14:7d:70:03:
                    ed:f8:eb:8b:6f:3c:09:ff:8a:34:7e:43:f9:34:a1:
                    fc:3e:cc:12:b5:c1:46:ce:45:9e:3e:41:e6:c1:2c:
                    ea:09:94:9e:d6:d7:85:29:14:96:24:7e:21:99:d8:
                    66:c3:50:4c:71:0a:04:97:07:a4:57:4c:10:f0:3f:
                    7d:0f:d6:92:83:33:35:46:2f:b9:0f:87:1c:26:03:
                    73:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:0A:6F:6F:3A:9A:E1:DA:5E:5B:E8:75:2F:AB:18:DE:B2:8B:A6:14
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2a9dd4-17b8-473c-83bf-9af1074c227f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/2a9dd4-17b8-473c-83bf-9af1074c227f/1/HApvbzqa4dpeW-h1L6sY3rKLphQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:aa:16:79:a2:a2:fd:f6:b4:d5:65:7a:4a:d0:72:c5:8a:7e:
         a9:5c:40:6d:5f:e7:c6:34:fa:25:09:33:5b:d2:56:a2:b5:1e:
         c5:2b:91:e4:71:d3:38:51:47:99:18:87:b2:0f:92:c0:f3:21:
         cc:43:ca:ae:c3:9c:a3:e1:b3:50:32:c9:1b:11:49:51:4b:91:
         9c:7c:18:73:69:f2:e8:79:37:61:a3:bc:67:ab:c3:5e:5b:eb:
         56:ce:59:13:db:e4:d8:5b:11:a9:65:f9:d7:ff:9f:e1:2d:f4:
         39:d3:73:47:ad:4d:b6:ec:2a:78:df:f7:c3:ac:22:1a:14:40:
         00:f7:68:84:60:4e:99:8e:66:b7:30:80:a6:52:da:b2:4f:cd:
         31:1c:f1:8a:5d:58:c5:5c:f1:e2:e0:10:88:88:e1:1a:3b:1c:
         90:7c:05:fd:c0:41:11:a6:7c:d6:d8:51:e5:25:88:bb:16:4e:
         8c:f3:22:2d:f3:d6:69:75:5f:b6:08:09:65:b2:07:25:02:41:
         f1:e5:4b:f5:e9:29:eb:4a:96:3e:a8:e1:3a:d1:8d:72:7d:9e:
         05:27:6b:d8:c7:8f:00:70:cc:cb:fd:42:cd:28:8b:48:4d:74:
         1a:9d:d9:3c:1b:55:18:75:b9:13:3f:42:80:79:8d:12:dd:8e:
         8d:86:e4:55
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAZbsk1DM60LJ4VuSrx2lOcAXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwNTIwMDcyMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzBhNmY2ZjNhOWFlMWRhNWU1YmU4NzUyZmFiMThkZWIyOGJhNjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3oJjK9ApEL4oLX+SC+brdKwHsgK
sTthKpmFZclv/5Xua01SlwQLS+IgXV/DfNNJWPuKALWcgAsneKZhmASnmoNZX52i
OCnPmc0H3rx2t64e/+VNLIUGxnI0vXzP6piIcG9dfaznsywyhJnHg3DHKmUW3VY5
ScysNbdStvLN8j52M5METDVapQYMhs0ddHBfo4bBKWe/fis8zu5nuOAKlMdJemGh
IGDz0jojr4okSxR9cAPt+OuLbzwJ/4o0fkP5NKH8PswStcFGzkWePkHmwSzqCZSe
1teFKRSWJH4hmdhmw1BMcQoElwekV0wQ8D99D9aSgzM1Ri+5D4ccJgNz2QIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFBwKb286muHaXlvodS+rGN6yi6YUMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzI1LzJhOWRk
NC0xN2I4LTQ3M2MtODNiZi05YWYxMDc0YzIyN2YvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjUvMmE5ZGQ0
LTE3YjgtNDczYy04M2JmLTlhZjEwNzRjMjI3Zi8xL0hBcHZienFhNGRwZVctaDFM
NnNZM3JLTHBoUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBW83AMA0GCSqGSIb3DQEBCwUAA4IBAQApqhZ5
oqL99rTVZXpK0HLFin6pXEBtX+fGNPolCTNb0laitR7FK5HkcdM4UUeZGIeyD5LA
8yHMQ8quw5yj4bNQMskbEUlRS5GcfBhzafLoeTdho7xnq8NeW+tWzlkT2+TYWxGp
ZfnX/5/hLfQ503NHrU227Cp43/fDrCIaFEAA92iEYE6Zjma3MICmUtqyT80xHPGK
XVjFXPHi4BCIiOEaOxyQfAX9wEERpnzW2FHlJYi7Fk6M8yIt89ZpdV+2CAllsgcl
AkHx5Uv16SnrSpY+qOE60Y1yfZ4FJ2vYx48AcMzL/ULNKItITXQandk8G1UYdbkT
P0KAeY0S3Y6NhuRV
-----END CERTIFICATE-----