Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/IUQgQoqlbnXGmG8810rcA6Hx_7I.cer
File:                     IUQgQoqlbnXGmG8810rcA6Hx_7I.cer (raw, json)
Hash identifier:          gJ543GCgxVonyFjMV70qDRgUiyuAD9CW07sKJCtR1aI=
Subject key identifier:   21:44:20:42:8A:A5:6E:75:C6:98:6F:3C:D7:4A:DC:03:A1:F1:FF:B2
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019476A2ACA69A7E59394E97A0770BD03575
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/e1a3b0bc-c24b-4965-b6fb-5f1c980a2f03/1/214420428AA56E75C6986F3CD74ADC03A1F1FFB2.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/e1a3b0bc-c24b-4965-b6fb-5f1c980a2f03/1/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Fri 17 Jan 2025 23:39:20 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215377
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:76:a2:ac:a6:9a:7e:59:39:4e:97:a0:77:0b:d0:35:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 17 23:39:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=214420428aa56e75c6986f3cd74adc03a1f1ffb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:67:85:7f:37:23:3b:b9:f8:cf:9b:44:db:9b:
                    95:5f:f1:67:d4:e2:66:1c:b1:ae:f2:38:7c:90:02:
                    d6:79:4a:65:dd:1f:d2:e5:1f:af:24:1d:94:e8:ed:
                    a3:6f:44:d4:92:e8:df:ac:42:47:e2:ca:d5:3c:55:
                    03:b2:fc:0c:c7:58:e9:48:33:b5:ca:6e:60:b4:bb:
                    66:32:2c:f7:a4:99:8e:13:c2:9b:52:23:b7:11:ab:
                    c0:60:b7:6c:dc:27:cd:fc:76:ba:bb:4a:f5:df:0c:
                    ec:52:b6:5a:a2:37:53:57:15:12:e8:6e:52:8f:aa:
                    7e:8d:52:8e:25:f4:95:83:a4:04:d2:dc:ec:29:03:
                    e2:92:99:f9:11:22:38:bb:81:d9:aa:d3:73:ae:c9:
                    4e:77:4d:5e:cd:22:ba:1d:95:e1:70:8d:86:1d:4f:
                    08:ae:af:9b:59:09:ad:5d:f5:ba:4e:3d:b6:40:e0:
                    b2:1c:8b:cb:fb:95:28:ae:d0:ba:c8:41:fe:64:5e:
                    3a:6c:da:96:84:58:a1:7e:47:cc:c2:6a:d8:e8:e5:
                    4b:4f:95:13:96:8b:4a:3b:b0:88:92:53:7a:7c:39:
                    fe:a5:5e:36:55:cb:49:cb:0c:de:c0:32:47:bd:3a:
                    69:28:da:41:f8:dd:d3:60:fa:38:01:4f:c6:e2:13:
                    f5:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:44:20:42:8A:A5:6E:75:C6:98:6F:3C:D7:4A:DC:03:A1:F1:FF:B2
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/e1a3b0bc-c24b-4965-b6fb-5f1c980a2f03/1/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/e1a3b0bc-c24b-4965-b6fb-5f1c980a2f03/1/214420428AA56E75C6986F3CD74ADC03A1F1FFB2.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215377

    Signature Algorithm: sha256WithRSAEncryption
         6b:94:83:c3:68:8a:b1:a8:30:f2:1b:6f:cb:37:18:b7:30:87:
         bf:72:e0:3f:1f:d0:8b:1b:3c:2a:41:4d:dc:e0:ab:8d:fd:65:
         0d:f0:83:81:67:53:89:51:c2:0d:8e:d6:40:27:e3:a4:c8:04:
         51:71:fd:7f:9b:92:a9:2b:db:0d:fa:6c:88:15:be:1f:d7:17:
         47:5e:a3:95:57:bb:f9:09:62:9a:9f:f5:66:05:f9:86:66:5b:
         62:c3:71:f7:ab:e9:d1:3e:d2:44:bd:66:46:e7:22:c9:8b:9d:
         f1:6f:23:64:09:63:fc:7c:24:bb:35:ef:7f:5a:88:53:b7:84:
         18:fc:e2:96:79:9a:ce:92:70:5e:d4:59:00:ed:c9:2b:f3:88:
         3b:54:a9:3e:e8:0b:23:b4:5f:fe:5a:a0:3c:bf:64:73:2b:78:
         15:d8:ac:1f:41:15:a9:f8:f1:30:15:f6:be:d4:60:cd:0a:6b:
         ab:c4:43:86:8e:4a:d8:a6:cd:e0:75:78:1d:58:b8:87:8e:58:
         80:2f:21:56:3c:06:94:12:7c:ac:f3:7f:c1:87:de:30:fe:06:
         fc:e7:23:13:58:e1:85:aa:9f:ed:5a:59:c9:4e:e9:57:77:a0:
         82:ce:47:de:4a:e5:92:e3:91:43:81:3c:6a:8f:00:65:c0:56:
         fb:53:c0:77
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZR2oqymmn5ZOU6XoHcL0DV1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTE3MjMzOTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTQ0MjA0MjhhYTU2ZTc1YzY5ODZmM2NkNzRhZGMwM2ExZjFmZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2eFfzcjO7n4z5tE25uVX/Fn1OJm
HLGu8jh8kALWeUpl3R/S5R+vJB2U6O2jb0TUkujfrEJH4srVPFUDsvwMx1jpSDO1
ym5gtLtmMiz3pJmOE8KbUiO3EavAYLds3CfN/Ha6u0r13wzsUrZaojdTVxUS6G5S
j6p+jVKOJfSVg6QE0tzsKQPikpn5ESI4u4HZqtNzrslOd01ezSK6HZXhcI2GHU8I
rq+bWQmtXfW6Tj22QOCyHIvL+5UortC6yEH+ZF46bNqWhFihfkfMwmrY6OVLT5UT
lotKO7CIklN6fDn+pV42VctJywzewDJHvTppKNpB+N3TYPo4AU/G4hP14QIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFCFEIEKKpW51xphvPNdK3AOh8f+yMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2UxYTNi
MGJjLWMyNGItNDk2NS1iNmZiLTVmMWM5ODBhMmYwMy8xLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvZTFh
M2IwYmMtYzI0Yi00OTY1LWI2ZmItNWYxYzk4MGEyZjAzLzEvMjE0NDIwNDI4QUE1
NkU3NUM2OTg2RjNDRDc0QURDMDNBMUYxRkZCMi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDSVEw
DQYJKoZIhvcNAQELBQADggEBAGuUg8NoirGoMPIbb8s3GLcwh79y4D8f0IsbPCpB
Tdzgq439ZQ3wg4FnU4lRwg2O1kAn46TIBFFx/X+bkqkr2w36bIgVvh/XF0deo5VX
u/kJYpqf9WYF+YZmW2LDcfer6dE+0kS9ZkbnIsmLnfFvI2QJY/x8JLs1739aiFO3
hBj84pZ5ms6ScF7UWQDtySvziDtUqT7oCyO0X/5aoDy/ZHMreBXYrB9BFan48TAV
9r7UYM0Ka6vEQ4aOStimzeB1eB1YuIeOWIAvIVY8BpQSfKzzf8GH3jD+BvznIxNY
4YWqn+1aWclO6Vd3oILOR95K5ZLjkUOBPGqPAGXAVvtTwHc=
-----END CERTIFICATE-----