Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/I3Cq3YAGZ0rNE_UoeJ6e30ano4k.cer
File:                     I3Cq3YAGZ0rNE_UoeJ6e30ano4k.cer (raw, json)
Hash identifier:          DgrMnGz1YTXds3/clGncioxBTLZmHw5KWj4lZEkAXXY=
Subject key identifier:   23:70:AA:DD:80:06:67:4A:CD:13:F5:28:78:9E:9E:DF:46:A7:A3:89
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC26D18CE65F8E278C490DB97CB6AB957
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.cc/repo/MythicalKitten/0/2370AADD8006674ACD13F528789E9EDF46A7A389.mft
caRepository:             rsync://rpki.cc/repo/MythicalKitten/0/
Notify URL:               https://rpki.cc/rrdp/notification.xml
Certificate not before:   Mon 01 Jan 2024 00:29:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 203635

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 08:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:18:ce:65:f8:e2:78:c4:90:db:97:cb:6a:b9:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 00:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2370aadd8006674acd13f528789e9edf46a7a389
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:22:f4:10:5c:e3:4c:cf:ea:9b:47:a2:7e:8d:
                    c4:ef:7c:d3:37:9a:1c:08:f9:20:58:4c:0b:99:5d:
                    ff:fc:31:4d:97:b7:f0:3c:b0:ba:4d:67:f1:f6:bc:
                    06:fe:80:95:01:86:6e:c0:6b:79:7f:04:50:52:6e:
                    26:d9:3e:a9:77:dd:4e:fa:c7:b0:c6:1f:ba:3c:ec:
                    7c:ad:d0:20:6c:cf:41:25:ad:dd:fe:57:27:af:75:
                    9f:73:1f:c3:f8:b5:d5:68:b1:43:a2:35:81:7c:ba:
                    6b:cf:0b:c8:5d:f5:64:ac:82:1d:58:0d:b0:5b:96:
                    a7:df:b9:1a:51:27:6e:f8:99:cd:4e:58:ee:aa:19:
                    42:4f:46:c7:76:1e:c1:79:ec:47:8a:c1:20:e4:a1:
                    cd:14:6f:8a:45:21:0c:aa:a4:98:3f:c3:92:16:d2:
                    fb:b3:d9:db:c9:f7:3d:70:4e:6e:84:bc:e2:e5:4e:
                    dc:cb:9f:3d:4d:5a:79:b9:f9:7a:3f:95:fb:4d:a9:
                    61:32:4c:1e:ad:68:ec:1f:ef:71:30:e5:5a:cc:29:
                    b0:4a:d0:63:e4:79:64:87:a5:7b:7f:34:09:c7:92:
                    ed:64:a6:5c:6e:a8:a1:83:03:17:b6:d8:62:d6:e5:
                    46:b7:fa:a1:09:78:c7:f1:27:29:de:09:4c:64:44:
                    c8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:70:AA:DD:80:06:67:4A:CD:13:F5:28:78:9E:9E:DF:46:A7:A3:89
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.cc/repo/MythicalKitten/0/
                RPKI Manifest - URI:rsync://rpki.cc/repo/MythicalKitten/0/2370AADD8006674ACD13F528789E9EDF46A7A389.mft
                RPKI Notify - URI:https://rpki.cc/rrdp/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203635

    Signature Algorithm: sha256WithRSAEncryption
         16:49:f3:be:b9:6a:b5:88:af:c4:5a:d2:d4:34:d9:e7:00:65:
         73:81:aa:81:8a:d8:74:f3:db:2a:a1:c9:3e:36:22:97:d7:78:
         7a:44:5d:45:0d:3b:9c:e3:3b:38:be:eb:ac:3c:b6:22:21:5f:
         7a:f9:bb:5c:9f:c3:a9:6b:92:3e:5f:94:7a:4b:b6:ca:57:cb:
         94:a5:f0:97:fe:f1:58:9c:aa:5e:91:82:0f:dc:73:e0:6d:df:
         d8:aa:f2:15:29:54:bb:a0:dd:33:2c:ca:ea:ea:40:c5:b2:79:
         3f:77:2b:f1:52:21:96:3c:8e:b8:38:93:ba:76:0c:5f:88:8a:
         2a:56:12:6a:ff:7d:fd:a3:a4:33:50:5d:9a:2b:0e:2c:53:fa:
         b4:f8:d4:d8:c7:16:58:24:1f:fb:23:f5:49:36:d2:3f:e0:ec:
         40:4c:05:c5:50:ac:00:03:74:07:69:b3:6c:11:c6:af:d0:60:
         f1:6f:2d:24:60:f0:ef:a1:93:92:8a:c3:1a:ce:74:aa:c9:d9:
         dd:76:7f:d5:08:88:8f:42:f2:d0:1a:42:31:66:11:53:01:dc:
         0f:53:0a:e0:3e:05:cf:96:6b:fc:7a:9d:11:8c:ad:1b:7c:32:
         4a:9c:61:1b:27:00:88:53:1e:63:4c:0f:9b:dc:2b:c6:d6:24:
         47:33:8a:25
-----BEGIN CERTIFICATE-----
MIIFJjCCBA6gAwIBAgISAYzCbRjOZfjieMSQ25fLarlXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzcwYWFkZDgwMDY2NzRhY2QxM2Y1Mjg3ODllOWVkZjQ2YTdhMzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSL0EFzjTM/qm0eifo3E73zTN5oc
CPkgWEwLmV3//DFNl7fwPLC6TWfx9rwG/oCVAYZuwGt5fwRQUm4m2T6pd91O+sew
xh+6POx8rdAgbM9BJa3d/lcnr3Wfcx/D+LXVaLFDojWBfLprzwvIXfVkrIIdWA2w
W5an37kaUSdu+JnNTljuqhlCT0bHdh7BeexHisEg5KHNFG+KRSEMqqSYP8OSFtL7
s9nbyfc9cE5uhLzi5U7cy589TVp5ufl6P5X7TalhMkwerWjsH+9xMOVazCmwStBj
5Hlkh6V7fzQJx5LtZKZcbqihgwMXtthi1uVGt/qhCXjH8Scp3glMZETIIQIDAQAB
o4ICMjCCAi4wHQYDVR0OBBYEFCNwqt2ABmdKzRP1KHient9Gp6OJMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwgdcGCCsGAQUFBwELBIHKMIHHMDIGCCsGAQUFBzAFhiZyc3lu
YzovL3Jwa2kuY2MvcmVwby9NeXRoaWNhbEtpdHRlbi8wLzBeBggrBgEFBQcwCoZS
cnN5bmM6Ly9ycGtpLmNjL3JlcG8vTXl0aGljYWxLaXR0ZW4vMC8yMzcwQUFERDgw
MDY2NzRBQ0QxM0Y1Mjg3ODlFOUVERjQ2QTdBMzg5Lm1mdDAxBggrBgEFBQcwDYYl
aHR0cHM6Ly9ycGtpLmNjL3JyZHAvbm90aWZpY2F0aW9uLnhtbDBZBgNVHR8EUjBQ
ME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDG3MwDQYJKoZIhvcN
AQELBQADggEBABZJ8765arWIr8Ra0tQ02ecAZXOBqoGK2HTz2yqhyT42IpfXeHpE
XUUNO5zjOzi+66w8tiIhX3r5u1yfw6lrkj5flHpLtspXy5Sl8Jf+8Vicql6Rgg/c
c+Bt39iq8hUpVLug3TMsyurqQMWyeT93K/FSIZY8jrg4k7p2DF+IiipWEmr/ff2j
pDNQXZorDixT+rT41NjHFlgkH/sj9Uk20j/g7EBMBcVQrAADdAdps2wRxq/QYPFv
LSRg8O+hk5KKwxrOdKrJ2d12f9UIiI9C8tAaQjFmEVMB3A9TCuA+Bc+Wa/x6nRGM
rRt8MkqcYRsnAIhTHmNMD5vcK8bWJEcziiU=
-----END CERTIFICATE-----