Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/IsFSYGEl62bVIiY_oDEJu_C7o9o.cer
File:                     IsFSYGEl62bVIiY_oDEJu_C7o9o.cer (raw, json)
Hash identifier:          9eB2d6OzHCl+RAg5E3pO3faE1Qg/mkEQfROEBUMY9S8=
Subject key identifier:   22:C1:52:60:61:25:EB:66:D5:22:26:3F:A0:31:09:BB:F0:BB:A3:DA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC8DEC27534C57D5A0F1DA9C53A1F42F8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/4b/ac25b4-194e-49c4-aab1-0fe4d7f7db3d/1/IsFSYGEl62bVIiY_oDEJu_C7o9o.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/4b/ac25b4-194e-49c4-aab1-0fe4d7f7db3d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 06:31:31 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 198874
                          IP: 91.234.228.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Apr 2024 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:c2:75:34:c5:7d:5a:0f:1d:a9:c5:3a:1f:42:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 06:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22c152606125eb66d522263fa03109bbf0bba3da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:7c:0a:ae:d8:a1:97:fc:e3:95:cc:58:d1:92:
                    89:a6:0c:b7:98:88:cf:16:6e:ba:f4:65:06:2b:a0:
                    46:e3:65:fd:e1:c4:99:ce:58:0a:2d:7e:8f:67:dc:
                    49:9b:01:66:f5:0f:a3:52:0f:70:08:55:51:52:80:
                    a9:1c:b4:bb:67:6e:a8:73:ab:39:0a:f0:6f:e7:5f:
                    0f:44:13:7a:f9:5a:3e:f3:fa:11:29:c4:0e:a9:43:
                    b1:9f:84:18:ce:d1:35:2f:68:6d:cb:c5:d3:b0:f8:
                    44:b9:66:f0:d1:b9:50:30:e1:77:d2:d1:51:d0:1c:
                    2e:f3:19:e3:da:e0:e8:12:07:43:e7:31:f8:d8:95:
                    3c:87:c1:0b:05:25:24:40:bd:93:6d:4d:6e:d6:8a:
                    44:cb:c0:a3:22:43:0a:c4:c3:31:ee:bd:8c:0e:5b:
                    85:a2:31:eb:8b:59:33:b0:6a:b5:66:8c:1c:60:b5:
                    d8:86:1e:c3:8f:6d:96:87:3e:54:60:c0:6a:e4:e7:
                    ed:a5:25:cf:48:85:e9:ab:1b:0b:87:f1:33:a7:80:
                    e4:11:c3:de:3a:14:14:b5:25:35:52:2e:c8:7c:63:
                    0c:9d:d7:4e:5d:62:9d:6d:e3:f6:c5:ce:4d:15:3a:
                    ce:f6:ee:f1:38:ab:9e:e1:7d:9e:df:5e:60:e2:40:
                    e6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:C1:52:60:61:25:EB:66:D5:22:26:3F:A0:31:09:BB:F0:BB:A3:DA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/ac25b4-194e-49c4-aab1-0fe4d7f7db3d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/ac25b4-194e-49c4-aab1-0fe4d7f7db3d/1/IsFSYGEl62bVIiY_oDEJu_C7o9o.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.228.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198874

    Signature Algorithm: sha256WithRSAEncryption
         22:00:0c:ae:ff:fe:aa:f6:60:e8:41:0e:a4:46:c6:f7:e1:f5:
         03:af:4b:5c:a4:5f:bf:2d:84:c7:e4:b6:33:5a:b2:f1:33:ba:
         bf:f7:69:e7:da:ef:d6:58:40:05:3b:2b:2b:c2:75:c0:b7:82:
         a2:93:43:80:dd:46:1c:b9:75:66:33:fd:a9:6c:41:75:a4:29:
         f5:d3:b4:84:21:c5:05:9c:47:b1:6f:f1:e6:f4:a7:96:da:b5:
         ee:8b:9b:7e:76:97:ee:51:b8:e0:2a:84:5d:68:0f:3f:eb:26:
         19:f2:e1:ec:50:79:c2:27:a2:63:a2:67:fb:68:d4:a1:46:55:
         73:64:50:5b:b2:51:19:00:53:f5:ab:a6:d3:2e:15:86:9b:d7:
         12:cc:c6:67:32:c5:a2:2e:da:76:13:41:15:11:3b:70:99:e7:
         e3:b2:3c:77:21:77:11:e5:1d:97:10:c7:dd:d6:4e:8f:70:ff:
         60:a7:72:b4:22:cd:09:bc:c8:3f:9a:40:c7:25:5c:69:1f:07:
         e0:21:89:74:92:79:fd:7d:66:93:28:9e:ec:77:da:74:33:d0:
         4b:0c:65:13:40:ce:08:ae:77:ed:d8:a9:4a:af:9b:4b:a6:d0:
         17:89:f9:f5:5d:e3:9c:0a:bf:e0:94:51:0c:2a:ca:ec:f2:37:
         2b:37:09:30
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzI3sJ1NMV9Wg8dqcU6H0L4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDYzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmMxNTI2MDYxMjVlYjY2ZDUyMjI2M2ZhMDMxMDliYmYwYmJhM2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6nwKrtihl/zjlcxY0ZKJpgy3mIjP
Fm669GUGK6BG42X94cSZzlgKLX6PZ9xJmwFm9Q+jUg9wCFVRUoCpHLS7Z26oc6s5
CvBv518PRBN6+Vo+8/oRKcQOqUOxn4QYztE1L2hty8XTsPhEuWbw0blQMOF30tFR
0Bwu8xnj2uDoEgdD5zH42JU8h8ELBSUkQL2TbU1u1opEy8CjIkMKxMMx7r2MDluF
ojHri1kzsGq1ZowcYLXYhh7Dj22Whz5UYMBq5OftpSXPSIXpqxsLh/Ezp4DkEcPe
OhQUtSU1Ui7IfGMMnddOXWKdbeP2xc5NFTrO9u7xOKue4X2e315g4kDmowIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFCLBUmBhJetm1SImP6AxCbvwu6PaMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzRiL2FjMjVi
NC0xOTRlLTQ5YzQtYWFiMS0wZmU0ZDdmN2RiM2QvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGIvYWMyNWI0
LTE5NGUtNDljNC1hYWIxLTBmZTRkN2Y3ZGIzZC8xL0lzRlNZR0VsNjJiVklpWV9v
REVKdV9DN285by5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAW+rkMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMI2jANBgkqhkiG9w0BAQsFAAOCAQEAIgAMrv/+qvZg6EEOpEbG9+H1A69LXKRf
vy2Ex+S2M1qy8TO6v/dp59rv1lhABTsrK8J1wLeCopNDgN1GHLl1ZjP9qWxBdaQp
9dO0hCHFBZxHsW/x5vSnltq17oubfnaX7lG44CqEXWgPP+smGfLh7FB5wieiY6Jn
+2jUoUZVc2RQW7JRGQBT9aum0y4VhpvXEszGZzLFoi7adhNBFRE7cJnn47I8dyF3
EeUdlxDH3dZOj3D/YKdytCLNCbzIP5pAxyVcaR8H4CGJdJJ5/X1mkyie7HfadDPQ
SwxlE0DOCK537dipSq+bS6bQF4n59V3jnAq/4JRRDCrK7PI3KzcJMA==
-----END CERTIFICATE-----