Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/J322q3eePVMzyXqyKFuYgAHF4MY.cer
File:                     J322q3eePVMzyXqyKFuYgAHF4MY.cer (raw, json)
Hash identifier:          tt/HLk9YXGT35pedkhfYhOguGQjdeTZsl0VoHLMEbco=
Subject key identifier:   27:7D:B6:AB:77:9E:3D:53:33:C9:7A:B2:28:5B:98:80:01:C5:E0:C6
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0191CDE258288E4E946C141EDB64E72B245E
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/74c1572c-e97c-4100-aeff-1373f4e9433a/0/277DB6AB779E3D5333C97AB2285B988001C5E0C6.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/74c1572c-e97c-4100-aeff-1373f4e9433a/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Sat 07 Sep 2024 19:07:28 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215241

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:cd:e2:58:28:8e:4e:94:6c:14:1e:db:64:e7:2b:24:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Sep  7 19:07:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=277db6ab779e3d5333c97ab2285b988001c5e0c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:2e:88:0d:77:1f:fe:4c:68:9f:e2:f3:72:0b:
                    aa:c4:d6:ca:e1:87:4b:a7:0d:6b:20:53:63:f7:91:
                    48:f1:9c:f6:8d:82:92:8b:9a:fa:ed:76:e8:c1:b3:
                    40:dc:d3:09:fa:d6:06:11:72:80:c1:15:2e:cd:25:
                    14:06:62:d6:9e:38:2f:ba:1b:55:f5:a3:1d:6f:b4:
                    d6:36:d5:61:e8:3b:20:64:56:e5:fe:a5:f9:f5:e2:
                    b8:af:35:c6:61:d1:4b:5d:ce:44:10:b4:2d:65:8b:
                    ae:45:02:49:0d:63:f0:ec:a9:6f:9b:f1:92:c0:0b:
                    b5:7d:36:21:4c:17:31:6a:65:45:e8:b4:ed:d1:59:
                    1f:cd:46:9a:f3:40:45:b7:0a:53:12:d2:89:34:21:
                    1e:c8:3f:9c:4f:b9:fc:f4:a2:b6:ea:00:9e:0c:18:
                    3f:0c:f9:0a:6a:99:a9:2f:3a:a0:f3:5e:d4:6d:b0:
                    dd:98:2f:42:51:09:93:a2:99:0c:05:b7:f8:57:56:
                    7e:c1:74:d9:58:5a:8f:ea:01:68:f4:19:18:94:99:
                    ec:57:73:43:8b:ca:0d:ce:b0:f4:55:29:c0:86:b5:
                    99:24:eb:f4:f1:48:8f:5c:2f:65:c7:2b:46:3c:c1:
                    68:42:4a:2d:a1:8e:86:92:0a:8d:d4:8d:85:22:35:
                    f5:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:7D:B6:AB:77:9E:3D:53:33:C9:7A:B2:28:5B:98:80:01:C5:E0:C6
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/74c1572c-e97c-4100-aeff-1373f4e9433a/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/74c1572c-e97c-4100-aeff-1373f4e9433a/0/277DB6AB779E3D5333C97AB2285B988001C5E0C6.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215241

    Signature Algorithm: sha256WithRSAEncryption
         6c:36:5b:05:47:89:28:1b:7c:68:f7:83:ee:af:3a:70:84:24:
         ff:1d:d3:21:a7:28:97:2f:f8:70:01:5a:a6:c0:8e:27:72:c5:
         ed:95:f4:2b:56:67:0d:65:91:c7:d5:f3:73:5a:d7:6d:bf:ab:
         d1:b6:ee:cd:b9:89:fe:84:0f:78:e5:8b:c9:c5:46:a8:02:91:
         82:5e:cd:42:76:fb:a3:d3:0d:88:e2:8f:b9:04:c6:a8:b1:c4:
         77:75:94:de:5d:01:5c:37:a1:94:db:06:bc:80:18:bf:fa:d4:
         4b:ef:1d:c4:47:ad:70:c7:eb:84:47:39:8c:de:7a:b2:63:64:
         eb:71:4b:a9:8e:7f:d4:86:21:29:68:a6:f1:ee:de:6c:4b:17:
         c3:80:be:ff:0d:a2:bb:c4:0c:1b:fd:22:c8:02:7d:4c:1c:28:
         8d:1f:4d:93:5c:b4:5d:b4:1f:05:1d:f3:4d:5b:77:61:81:d4:
         23:3e:43:ea:2a:c4:2d:b3:00:2e:bf:19:4c:9b:7b:04:f3:5b:
         ce:4a:d7:90:64:2a:f2:ae:87:3a:11:f8:ff:17:a7:12:48:d1:
         44:7d:65:81:32:ea:e0:ac:02:5a:be:58:5c:fd:9b:4b:38:fe:
         d7:90:c3:b9:7f:ec:36:ef:2b:fb:98:32:6a:bb:25:a2:66:b8:
         8a:7c:dd:e9
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZHN4lgojk6UbBQe22TnKyReMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwOTA3MTkwNzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzdkYjZhYjc3OWUzZDUzMzNjOTdhYjIyODViOTg4MDAxYzVlMGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApS6IDXcf/kxon+LzcguqxNbK4YdL
pw1rIFNj95FI8Zz2jYKSi5r67XbowbNA3NMJ+tYGEXKAwRUuzSUUBmLWnjgvuhtV
9aMdb7TWNtVh6DsgZFbl/qX59eK4rzXGYdFLXc5EELQtZYuuRQJJDWPw7Klvm/GS
wAu1fTYhTBcxamVF6LTt0VkfzUaa80BFtwpTEtKJNCEeyD+cT7n89KK26gCeDBg/
DPkKapmpLzqg817UbbDdmC9CUQmTopkMBbf4V1Z+wXTZWFqP6gFo9BkYlJnsV3ND
i8oNzrD0VSnAhrWZJOv08UiPXC9lxytGPMFoQkotoY6GkgqN1I2FIjX1JwIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFCd9tqt3nj1TM8l6sihbmIABxeDGMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzc0YzE1
NzJjLWU5N2MtNDEwMC1hZWZmLTEzNzNmNGU5NDMzYS8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNzRj
MTU3MmMtZTk3Yy00MTAwLWFlZmYtMTM3M2Y0ZTk0MzNhLzAvMjc3REI2QUI3NzlF
M0Q1MzMzQzk3QUIyMjg1Qjk4ODAwMUM1RTBDNi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDSMkw
DQYJKoZIhvcNAQELBQADggEBAGw2WwVHiSgbfGj3g+6vOnCEJP8d0yGnKJcv+HAB
WqbAjidyxe2V9CtWZw1lkcfV83Na122/q9G27s25if6ED3jli8nFRqgCkYJezUJ2
+6PTDYjij7kExqixxHd1lN5dAVw3oZTbBryAGL/61EvvHcRHrXDH64RHOYzeerJj
ZOtxS6mOf9SGISlopvHu3mxLF8OAvv8NorvEDBv9IsgCfUwcKI0fTZNctF20HwUd
801bd2GB1CM+Q+oqxC2zAC6/GUybewTzW85K15BkKvKuhzoR+P8XpxJI0UR9ZYEy
6uCsAlq+WFz9m0s4/teQw7l/7DbvK/uYMmq7JaJmuIp83ek=
-----END CERTIFICATE-----