Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JdsAYfLYrhQDSXyhfhqI3yMEj5M.cer
File:                     JdsAYfLYrhQDSXyhfhqI3yMEj5M.cer (raw, json)
Hash identifier:          rAc7Xki7CMU2DGd2Z6HKv4e/dqM2ERkbGy73jOsXKpo=
Subject key identifier:   25:DB:00:61:F2:D8:AE:14:03:49:7C:A1:7E:1A:88:DF:23:04:8F:93
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC94C157523A4EE233949446BE74938BB
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/a0/c9be93-3a58-4cec-8a6b-2acbe3d53dfb/1/JdsAYfLYrhQDSXyhfhqI3yMEj5M.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/a0/c9be93-3a58-4cec-8a6b-2acbe3d53dfb/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 08:30:55 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 47674

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:15:75:23:a4:ee:23:39:49:44:6b:e7:49:38:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 08:30:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=25db0061f2d8ae1403497ca17e1a88df23048f93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:e8:99:59:9f:65:51:a0:10:11:30:5d:45:e6:
                    b9:f1:41:17:80:14:d8:d8:e0:df:51:25:15:60:9a:
                    04:be:a0:f4:ff:2e:e3:32:39:0d:f4:e6:27:aa:d5:
                    82:5f:b4:91:be:8e:fd:20:0f:6d:41:26:0d:e2:ed:
                    d8:f0:85:40:63:dd:ef:9d:17:e8:57:c1:41:c7:06:
                    98:5e:3f:84:31:ad:b0:7c:f7:bd:13:c9:f8:9e:3b:
                    b5:2b:f9:44:7c:c1:f6:d2:56:45:b9:b0:b1:93:4c:
                    0d:5e:5c:ea:47:c7:31:dd:d2:03:2e:ff:60:f0:f3:
                    c7:97:1e:1f:24:b5:63:32:6b:bb:a4:a9:ed:d8:7e:
                    0c:3e:ad:1a:e9:d0:4d:e3:09:76:64:4c:c5:a6:f9:
                    54:74:8c:30:9b:68:a7:42:0a:97:68:54:fc:fc:ee:
                    f6:e2:de:47:a5:14:1d:68:71:7d:08:6c:96:ee:1d:
                    2c:94:60:16:24:4c:97:0d:67:91:f7:80:db:c7:12:
                    32:cd:23:14:a2:f1:23:e5:44:7f:c4:0d:b4:48:1e:
                    bf:1a:64:f9:06:60:a4:de:79:9c:0c:95:f6:e5:88:
                    3f:a3:f3:51:0a:f4:09:cc:1d:31:44:60:53:04:46:
                    26:cb:2b:1b:1f:42:5e:8a:2b:7f:a2:07:9a:2e:8d:
                    0f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:DB:00:61:F2:D8:AE:14:03:49:7C:A1:7E:1A:88:DF:23:04:8F:93
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c9be93-3a58-4cec-8a6b-2acbe3d53dfb/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/c9be93-3a58-4cec-8a6b-2acbe3d53dfb/1/JdsAYfLYrhQDSXyhfhqI3yMEj5M.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  47674

    Signature Algorithm: sha256WithRSAEncryption
         03:96:7b:62:64:63:4f:6b:c6:37:ca:7d:bd:62:1e:46:8e:c7:
         b8:a1:e1:ff:31:78:85:c4:55:93:08:2a:54:01:2c:1a:a3:55:
         d8:58:f2:aa:5f:3f:66:d4:a8:3e:71:40:47:eb:ae:37:55:e8:
         59:b4:97:97:58:99:fe:a7:df:06:bb:e8:f0:f3:8d:04:78:ec:
         1d:40:64:21:98:74:ef:a8:5c:87:e1:1e:00:09:85:fd:f9:7c:
         36:29:d5:e3:5f:89:6f:1c:b2:08:51:c2:a7:b6:3a:e8:3c:9d:
         b2:3a:ea:fa:3e:f4:89:e6:e9:7d:e6:3c:f4:d0:2c:85:5e:d2:
         49:d3:f7:21:ba:9c:8c:c0:0d:f0:0c:d1:50:03:3b:2c:43:e6:
         da:ed:1f:c3:fb:83:10:83:8c:e6:d6:53:c5:1a:16:a5:ba:3a:
         6b:08:22:5a:11:ac:8b:54:a4:48:8f:94:11:87:71:30:06:f1:
         d9:d8:7a:b2:cf:bf:21:e5:c5:95:f3:19:6d:ba:d6:7c:09:80:
         5f:8f:a1:14:8c:cc:1b:98:06:fd:94:c1:96:dd:ac:b2:51:15:
         b1:73:28:9d:11:98:c2:73:d2:a2:2e:02:3f:f2:87:18:8a:ab:
         7e:20:1b:aa:26:b3:1d:77:61:96:bf:cc:ba:7d:38:6f:43:2d:
         3a:b7:b2:97
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzJTBV1I6TuIzlJRGvnSTi7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDgzMDU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWRiMDA2MWYyZDhhZTE0MDM0OTdjYTE3ZTFhODhkZjIzMDQ4ZjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6+iZWZ9lUaAQETBdRea58UEXgBTY
2ODfUSUVYJoEvqD0/y7jMjkN9OYnqtWCX7SRvo79IA9tQSYN4u3Y8IVAY93vnRfo
V8FBxwaYXj+EMa2wfPe9E8n4nju1K/lEfMH20lZFubCxk0wNXlzqR8cx3dIDLv9g
8PPHlx4fJLVjMmu7pKnt2H4MPq0a6dBN4wl2ZEzFpvlUdIwwm2inQgqXaFT8/O72
4t5HpRQdaHF9CGyW7h0slGAWJEyXDWeR94DbxxIyzSMUovEj5UR/xA20SB6/GmT5
BmCk3nmcDJX25Yg/o/NRCvQJzB0xRGBTBEYmyysbH0Jeiit/ogeaLo0POwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFCXbAGHy2K4UA0l8oX4aiN8jBI+TMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2EwL2M5YmU5
My0zYTU4LTRjZWMtOGE2Yi0yYWNiZTNkNTNkZmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAvYzliZTkz
LTNhNTgtNGNlYy04YTZiLTJhY2JlM2Q1M2RmYi8xL0pkc0FZZkxZcmhRRFNYeWhm
aHFJM3lNRWo1TS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwC6OjANBgkqhkiG9w0BAQsFAAOCAQEAA5Z7YmRjT2vG
N8p9vWIeRo7HuKHh/zF4hcRVkwgqVAEsGqNV2Fjyql8/ZtSoPnFAR+uuN1XoWbSX
l1iZ/qffBrvo8PONBHjsHUBkIZh076hch+EeAAmF/fl8NinV41+JbxyyCFHCp7Y6
6Dydsjrq+j70iebpfeY89NAshV7SSdP3IbqcjMAN8AzRUAM7LEPm2u0fw/uDEIOM
5tZTxRoWpbo6awgiWhGsi1SkSI+UEYdxMAbx2dh6ss+/IeXFlfMZbbrWfAmAX4+h
FIzMG5gG/ZTBlt2sslEVsXMonRGYwnPSoi4CP/KHGIqrfiAbqiazHXdhlr/Mun04
b0MtOreylw==
-----END CERTIFICATE-----