Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/JrFSTsAdz0BfRBcYKe1nopkqpC0.cer
File:                     JrFSTsAdz0BfRBcYKe1nopkqpC0.cer (raw, json)
Hash identifier:          XaHut6ICfQ+0YJP9Knoz/Wk/rSMSBFgqCxaOKlDez2g=
Subject key identifier:   26:B1:52:4E:C0:1D:CF:40:5F:44:17:18:29:ED:67:A2:99:2A:A4:2D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01934E5DEABE85746AC326A45C3AC9FFDF16
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/50/056563-e61c-4b8a-8d6e-766c82758065/1/JrFSTsAdz0BfRBcYKe1nopkqpC0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/50/056563-e61c-4b8a-8d6e-766c82758065/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 21 Nov 2024 10:56:38 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214147
                          IP: 2001:67c:f9c::/48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:5d:ea:be:85:74:6a:c3:26:a4:5c:3a:c9:ff:df:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Nov 21 10:56:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26b1524ec01dcf405f44171829ed67a2992aa42d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4f:d3:8d:a1:10:23:b3:86:67:7b:1f:2a:3e:
                    4f:57:1c:38:35:2f:2a:a5:52:78:f3:2b:4a:68:62:
                    3a:76:49:e0:95:eb:56:91:08:c1:af:30:99:97:b2:
                    2b:94:d5:c4:98:89:63:e9:06:74:32:f2:78:eb:0e:
                    20:65:e3:99:33:64:32:2a:1a:0b:70:31:83:7c:43:
                    bf:cd:2f:ef:b7:c2:c0:a0:78:c4:26:10:cc:be:29:
                    7c:fd:be:d9:7b:61:15:76:81:ff:fa:4a:6e:c1:b4:
                    a0:73:71:ef:1a:22:cf:3a:11:20:f5:34:31:9b:68:
                    40:f6:7f:ac:da:b3:c8:99:54:92:11:14:3f:42:22:
                    51:69:60:48:cd:4c:f8:ed:b9:75:eb:b3:ee:36:9c:
                    1d:d8:eb:2d:02:2b:34:93:fa:24:ef:59:96:8b:f6:
                    8c:97:8a:88:0c:b3:1f:c7:c1:75:b2:1c:2c:35:75:
                    e4:f6:01:90:07:41:cb:57:64:eb:92:e7:59:78:4b:
                    df:ae:ce:e0:59:35:c5:16:c1:42:60:a8:c7:36:f0:
                    31:ff:bf:5d:91:5d:b1:a4:30:0f:89:3b:d0:46:3e:
                    ef:b4:5c:e4:a3:cb:ed:0c:96:4d:f1:65:68:b3:24:
                    6a:37:e6:c2:0b:34:73:6d:76:4b:e7:34:8a:f0:3d:
                    89:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:B1:52:4E:C0:1D:CF:40:5F:44:17:18:29:ED:67:A2:99:2A:A4:2D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/056563-e61c-4b8a-8d6e-766c82758065/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/056563-e61c-4b8a-8d6e-766c82758065/1/JrFSTsAdz0BfRBcYKe1nopkqpC0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:f9c::/48

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214147

    Signature Algorithm: sha256WithRSAEncryption
         45:a3:90:2c:27:b2:ec:b7:0d:95:82:2e:4c:9d:47:d5:b5:71:
         c8:5f:a4:b3:ce:e2:75:90:02:ec:f6:0a:06:85:2d:6b:c6:72:
         44:ad:b7:f6:d4:79:1d:d0:ca:69:ff:c8:61:3d:0c:60:28:b5:
         c9:50:03:44:10:a1:9c:97:9b:df:d9:8e:45:5d:ee:c6:4e:d9:
         4c:8c:63:d1:06:d2:81:4a:73:a2:c7:38:69:73:0d:a0:37:ea:
         2e:eb:8b:43:a8:9a:0c:00:97:ec:76:f4:14:25:cc:a3:4d:a3:
         fb:5a:b0:90:98:f9:34:22:af:ad:f1:35:ac:b0:71:96:58:d5:
         fb:57:4d:79:6a:58:8b:59:ad:8c:55:53:90:03:b7:79:b3:37:
         cc:be:61:04:a9:c3:8e:e1:b6:a9:5f:7e:32:69:71:f0:7a:e2:
         4c:fe:1b:c7:54:dd:75:68:58:b8:1e:1a:ba:b2:ca:11:41:21:
         1a:08:29:1f:b1:73:f4:07:aa:b8:31:29:ce:9a:ec:4b:48:4a:
         ae:14:99:e3:57:58:b7:69:2b:eb:40:30:11:f5:72:57:60:6b:
         d1:e3:f2:f4:96:0c:12:e1:de:81:28:2e:13:f9:53:af:b9:a3:
         75:c6:43:1e:aa:7d:b9:40:ca:b3:a8:96:30:12:29:b9:31:68:
         61:48:fa:de
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgISAZNOXeq+hXRqwyakXDrJ/98WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQxMTIxMTA1NjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmIxNTI0ZWMwMWRjZjQwNWY0NDE3MTgyOWVkNjdhMjk5MmFhNDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtU/TjaEQI7OGZ3sfKj5PVxw4NS8q
pVJ48ytKaGI6dkngletWkQjBrzCZl7IrlNXEmIlj6QZ0MvJ46w4gZeOZM2QyKhoL
cDGDfEO/zS/vt8LAoHjEJhDMvil8/b7Ze2EVdoH/+kpuwbSgc3HvGiLPOhEg9TQx
m2hA9n+s2rPImVSSERQ/QiJRaWBIzUz47bl167PuNpwd2OstAis0k/ok71mWi/aM
l4qIDLMfx8F1shwsNXXk9gGQB0HLV2TrkudZeEvfrs7gWTXFFsFCYKjHNvAx/79d
kV2xpDAPiTvQRj7vtFzko8vtDJZN8WVosyRqN+bCCzRzbXZL5zSK8D2J1QIDAQAB
o4ICozCCAp8wHQYDVR0OBBYEFCaxUk7AHc9AX0QXGCntZ6KZKqQtMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzUwLzA1NjU2
My1lNjFjLTRiOGEtOGQ2ZS03NjZjODI3NTgwNjUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTAvMDU2NTYz
LWU2MWMtNGI4YS04ZDZlLTc2NmM4Mjc1ODA2NS8xL0pyRlNUc0FkejBCZlJCY1lL
ZTFub3BrcXBDMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUF
BwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA+cMBoGCCsGAQUFBwEIAQH/BAswCaAH
MAUCAwNEgzANBgkqhkiG9w0BAQsFAAOCAQEARaOQLCey7LcNlYIuTJ1H1bVxyF+k
s87idZAC7PYKBoUta8ZyRK239tR5HdDKaf/IYT0MYCi1yVADRBChnJeb39mORV3u
xk7ZTIxj0QbSgUpzosc4aXMNoDfqLuuLQ6iaDACX7Hb0FCXMo02j+1qwkJj5NCKv
rfE1rLBxlljV+1dNeWpYi1mtjFVTkAO3ebM3zL5hBKnDjuG2qV9+Mmlx8HriTP4b
x1TddWhYuB4aurLKEUEhGggpH7Fz9AequDEpzprsS0hKrhSZ41dYt2kr60AwEfVy
V2Br0ePy9JYMEuHegSguE/lTr7mjdcZDHqp9uUDKs6iWMBIpuTFoYUj63g==
-----END CERTIFICATE-----