Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JNuhs13nN_cbfFUN9fS0ToNka40.cer
File:                     JNuhs13nN_cbfFUN9fS0ToNka40.cer (raw, json)
Hash identifier:          58GER3Qz6wQ9YU+9keHwZy4OKcXqivbnfHPTp7CKA2s=
Subject key identifier:   24:DB:A1:B3:5D:E7:37:F7:1B:7C:55:0D:F5:F4:B4:4E:83:64:6B:8D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194221F8439EFE021766B4FFCE077FC8EDD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/41/895e9f-d541-4564-9947-da04e2f39b88/1/JNuhs13nN_cbfFUN9fS0ToNka40.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/41/895e9f-d541-4564-9947-da04e2f39b88/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:47:58 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 185.62.2.0/24
                          IP: 2a13:d480::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:84:39:ef:e0:21:76:6b:4f:fc:e0:77:fc:8e:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24dba1b35de737f71b7c550df5f4b44e83646b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:49:59:cb:00:90:8e:75:da:bd:63:08:60:7d:
                    17:a7:8c:4f:ed:f1:2a:c7:22:66:e7:c1:61:4e:54:
                    86:7b:cc:2d:4f:fd:f2:09:12:50:24:ec:c8:10:59:
                    b0:db:ff:91:b3:27:24:8e:30:35:41:b9:0c:0b:7b:
                    bb:c8:a9:c4:96:33:bd:99:41:50:7e:3c:b8:83:3d:
                    50:98:08:d6:b0:3d:66:3b:2a:ce:ed:3b:f6:14:bf:
                    e3:4b:95:c1:67:7c:c1:45:6f:ec:22:8f:37:71:b0:
                    cc:50:a8:25:be:8f:4b:f4:85:8b:a3:fa:20:dc:79:
                    9d:e9:4e:26:6d:e8:c0:90:2e:b1:16:41:6a:61:9d:
                    03:9e:29:cf:39:75:6d:2a:6b:03:04:da:1b:e4:c2:
                    8f:7d:b7:3a:c2:b9:3c:96:4a:11:5b:9b:7a:65:6e:
                    43:1b:17:f0:c5:a7:4d:fc:9e:b5:f6:a1:fe:a7:65:
                    ec:29:db:a6:88:c5:48:d2:05:5c:1b:45:b7:38:47:
                    00:75:09:9f:f5:e6:42:c9:83:55:f6:79:95:00:66:
                    84:eb:78:01:9c:72:6f:78:b5:39:eb:df:f6:d3:b3:
                    64:7a:3d:3b:fe:5a:45:49:39:46:74:62:e5:2e:fa:
                    b3:9f:15:82:03:20:f7:47:a3:f2:3f:fd:be:30:de:
                    07:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:DB:A1:B3:5D:E7:37:F7:1B:7C:55:0D:F5:F4:B4:4E:83:64:6B:8D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/895e9f-d541-4564-9947-da04e2f39b88/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/895e9f-d541-4564-9947-da04e2f39b88/1/JNuhs13nN_cbfFUN9fS0ToNka40.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.2.0/24
                IPv6:
                  2a13:d480::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:7f:9a:32:1c:44:87:51:9d:17:b0:7f:d1:c5:70:10:0a:9d:
         ca:7b:a7:7c:71:2e:04:29:28:d8:8e:98:38:83:bc:c8:59:18:
         61:89:7e:0b:15:cc:c3:e0:76:e1:96:4f:83:03:ee:16:72:1e:
         68:7f:2c:ed:4b:58:18:b6:01:9f:55:c9:42:7d:5b:fc:0c:62:
         c7:82:47:04:54:e0:46:bb:15:74:3f:23:9a:57:3e:64:8f:6c:
         33:09:84:9e:3a:9a:e0:c7:91:13:21:a2:44:27:bd:7e:c7:84:
         81:1e:22:8b:53:a0:b3:17:c8:7c:ae:ea:71:b4:63:74:4f:a6:
         35:58:45:6d:5e:2d:62:1e:d1:8f:b1:8f:6f:b7:7e:91:f7:f7:
         aa:ac:91:6d:95:e5:ba:61:cb:bc:5c:7f:c6:5e:2e:29:6c:f3:
         63:24:00:d3:b2:14:47:92:ee:35:a7:47:70:19:27:b8:e2:f8:
         3e:66:33:3a:e4:96:92:4b:6f:62:d7:6d:93:dd:e2:68:5d:8a:
         04:c2:1f:ca:79:02:d4:e6:2c:45:cd:4c:b1:8d:9e:85:d4:30:
         57:6b:04:2a:52:e8:dd:2f:17:d7:f7:9b:6a:7b:bc:31:da:ef:
         7e:81:8f:e5:94:ac:21:14:46:d8:e0:36:17:8b:03:1e:b4:5d:
         26:6a:1d:59
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQiH4Q57+AhdmtP/OB3/I7dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGRiYTFiMzVkZTczN2Y3MWI3YzU1MGRmNWY0YjQ0ZTgzNjQ2YjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArElZywCQjnXavWMIYH0Xp4xP7fEq
xyJm58FhTlSGe8wtT/3yCRJQJOzIEFmw2/+RsyckjjA1QbkMC3u7yKnEljO9mUFQ
fjy4gz1QmAjWsD1mOyrO7Tv2FL/jS5XBZ3zBRW/sIo83cbDMUKglvo9L9IWLo/og
3Hmd6U4mbejAkC6xFkFqYZ0DninPOXVtKmsDBNob5MKPfbc6wrk8lkoRW5t6ZW5D
GxfwxadN/J619qH+p2XsKdumiMVI0gVcG0W3OEcAdQmf9eZCyYNV9nmVAGaE63gB
nHJveLU569/207Nkej07/lpFSTlGdGLlLvqznxWCAyD3R6PyP/2+MN4HtwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFCTbobNd5zf3G3xVDfX0tE6DZGuNMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQxLzg5NWU5
Zi1kNTQxLTQ1NjQtOTk0Ny1kYTA0ZTJmMzliODgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEvODk1ZTlm
LWQ1NDEtNDU2NC05OTQ3LWRhMDRlMmYzOWI4OC8xL0pOdWhzMTNuTl9jYmZGVU45
ZlMwVG9Oa2E0MC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAuT4CMA0EAgACMAcDBQMqE9SAMA0GCSqGSIb3
DQEBCwUAA4IBAQBgf5oyHESHUZ0XsH/RxXAQCp3Ke6d8cS4EKSjYjpg4g7zIWRhh
iX4LFczD4Hbhlk+DA+4Wch5ofyztS1gYtgGfVclCfVv8DGLHgkcEVOBGuxV0PyOa
Vz5kj2wzCYSeOprgx5ETIaJEJ71+x4SBHiKLU6CzF8h8rupxtGN0T6Y1WEVtXi1i
HtGPsY9vt36R9/eqrJFtleW6Ycu8XH/GXi4pbPNjJADTshRHku41p0dwGSe44vg+
ZjM65JaSS29i122T3eJoXYoEwh/KeQLU5ixFzUyxjZ6F1DBXawQqUujdLxfX95tq
e7wx2u9+gY/llKwhFEbY4DYXiwMetF0mah1Z
-----END CERTIFICATE-----