Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Iaw4_oEF-1mizSV_UZ-FhZWEAwE.cer
File:                     Iaw4_oEF-1mizSV_UZ-FhZWEAwE.cer (raw, json)
Hash identifier:          7zbL1y8YLdPZREMOYgp8m2AZISM8bIL4+4082sBHUlA=
Subject key identifier:   21:AC:38:FE:81:05:FB:59:A2:CD:25:7F:51:9F:85:85:95:84:03:01
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019421B1C02F0CBF91F2D842EC6F7D48007A
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c8/345c62-2e0a-4ce1-befb-0cf54cfa8da1/1/Iaw4_oEF-1mizSV_UZ-FhZWEAwE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c8/345c62-2e0a-4ce1-befb-0cf54cfa8da1/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 11:48:04 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 215601
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:c0:2f:0c:bf:91:f2:d8:42:ec:6f:7d:48:00:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 11:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21ac38fe8105fb59a2cd257f519f858595840301
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:f7:1b:f9:52:da:9f:b8:e6:c8:92:ec:f0:1f:
                    3f:98:7c:e3:5e:f2:2a:fc:90:f7:e2:cb:28:31:aa:
                    2b:3b:63:ec:27:59:90:85:39:be:4a:5c:88:82:71:
                    6a:29:7c:57:76:e5:f9:bc:5a:49:e2:52:76:ff:43:
                    81:24:0c:14:02:f3:d1:bb:3c:ac:01:dc:0b:3f:77:
                    17:11:c5:df:7d:af:d9:3b:10:47:21:58:44:8f:ce:
                    ff:8c:c4:a5:fe:f4:6f:a4:03:8f:08:4c:b3:cd:e3:
                    f9:31:e1:f0:e2:e9:93:2d:66:44:a4:29:6b:7a:c5:
                    65:e1:69:14:3c:a7:90:94:68:2d:f2:88:d2:f3:87:
                    b3:83:a3:2a:34:fb:9e:05:80:fa:81:8f:31:cf:b6:
                    50:61:02:17:f6:86:9a:be:1e:51:66:c2:f8:23:40:
                    ea:54:57:68:d5:78:29:dc:98:66:cf:f3:19:81:1b:
                    e5:86:cf:f8:96:db:81:9a:e8:2c:9f:d5:98:87:f3:
                    bf:d3:88:6f:17:d4:df:b0:c8:f1:b8:98:07:98:53:
                    05:f5:84:0b:c1:bb:db:0d:d5:f2:c3:13:ad:27:71:
                    5b:b1:79:4a:0d:79:3e:29:a3:00:44:ea:9a:ec:cd:
                    f2:a9:25:97:2c:84:55:29:af:80:5f:64:85:4c:b9:
                    61:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:AC:38:FE:81:05:FB:59:A2:CD:25:7F:51:9F:85:85:95:84:03:01
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/345c62-2e0a-4ce1-befb-0cf54cfa8da1/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/345c62-2e0a-4ce1-befb-0cf54cfa8da1/1/Iaw4_oEF-1mizSV_UZ-FhZWEAwE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215601

    Signature Algorithm: sha256WithRSAEncryption
         3b:f5:f8:ce:fd:33:89:34:3f:0c:e6:04:0e:37:99:b1:af:bf:
         18:d8:29:4f:c0:e9:9f:9f:7d:7a:69:75:bf:d7:bc:30:58:53:
         ed:22:02:f1:a5:b1:6d:18:59:d8:46:33:ab:8f:bd:35:04:b7:
         f4:dd:7e:70:fc:cc:c4:5a:8c:95:c1:b7:cb:6b:77:3e:ed:3d:
         be:de:e7:bc:e0:ae:f5:3c:73:09:38:9e:fd:25:e4:88:12:fb:
         31:63:04:50:16:dc:66:e6:9f:87:09:71:09:40:2b:df:eb:e0:
         8b:1b:5e:4a:c2:f9:10:50:f9:ab:e8:16:cb:81:2b:06:04:dd:
         a5:36:43:01:76:04:31:f6:86:b5:87:b9:89:c8:33:ef:29:80:
         4a:a1:1b:c8:0a:71:79:d7:a8:dd:7d:9a:d7:19:ae:4b:72:cd:
         4b:82:13:66:ac:5d:b5:31:45:63:67:d8:58:09:87:99:b3:66:
         36:6e:3d:2e:1a:d1:24:45:5b:8f:a5:25:45:dc:a6:9e:d8:24:
         2f:0a:39:64:1c:bb:be:cc:b0:53:d7:75:6c:07:7b:7d:02:8d:
         8a:c3:d9:bb:6b:0b:b2:69:eb:90:8b:77:51:9e:fd:73:be:79:
         6d:bc:85:c4:dd:5a:52:66:09:5b:94:1b:d5:d9:7c:12:51:f9:
         b8:2a:1e:61
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQhscAvDL+R8thC7G99SAB6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFjMzhmZTgxMDVmYjU5YTJjZDI1N2Y1MTlmODU4NTk1ODQwMzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvcb+VLan7jmyJLs8B8/mHzjXvIq
/JD34ssoMaorO2PsJ1mQhTm+SlyIgnFqKXxXduX5vFpJ4lJ2/0OBJAwUAvPRuzys
AdwLP3cXEcXffa/ZOxBHIVhEj87/jMSl/vRvpAOPCEyzzeP5MeHw4umTLWZEpClr
esVl4WkUPKeQlGgt8ojS84ezg6MqNPueBYD6gY8xz7ZQYQIX9oaavh5RZsL4I0Dq
VFdo1Xgp3Jhmz/MZgRvlhs/4ltuBmugsn9WYh/O/04hvF9TfsMjxuJgHmFMF9YQL
wbvbDdXywxOtJ3FbsXlKDXk+KaMAROqa7M3yqSWXLIRVKa+AX2SFTLlh3QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCGsOP6BBftZos0lf1GfhYWVhAMBMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M4LzM0NWM2
Mi0yZTBhLTRjZTEtYmVmYi0wY2Y1NGNmYThkYTEvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzgvMzQ1YzYy
LTJlMGEtNGNlMS1iZWZiLTBjZjU0Y2ZhOGRhMS8xL0lhdzRfb0VGLTFtaXpTVl9V
Wi1GaFpXRUF3RS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNKMTANBgkqhkiG9w0BAQsFAAOCAQEAO/X4zv0ziTQ/
DOYEDjeZsa+/GNgpT8Dpn599eml1v9e8MFhT7SIC8aWxbRhZ2EYzq4+9NQS39N1+
cPzMxFqMlcG3y2t3Pu09vt7nvOCu9TxzCTie/SXkiBL7MWMEUBbcZuafhwlxCUAr
3+vgixteSsL5EFD5q+gWy4ErBgTdpTZDAXYEMfaGtYe5icgz7ymASqEbyApxedeo
3X2a1xmuS3LNS4ITZqxdtTFFY2fYWAmHmbNmNm49LhrRJEVbj6UlRdymntgkLwo5
ZBy7vsywU9d1bAd7fQKNisPZu2sLsmnrkIt3UZ79c755bbyFxN1aUmYJW5Qb1dl8
ElH5uCoeYQ==
-----END CERTIFICATE-----