Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/L5FDTuFsYTNOwnDfVox3oLXeBSo.cer
File:                     L5FDTuFsYTNOwnDfVox3oLXeBSo.cer (raw, json)
Hash identifier:          MwLaMNfOBf9RBQJfWoxpWYRbPZpGtR/sAGu6c4H25oY=
Subject key identifier:   2F:91:43:4E:E1:6C:61:33:4E:C2:70:DF:56:8C:77:A0:B5:DE:05:2A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC424C251B326336F99DD27D4655A42C4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b6/cd41ba-2ea7-474f-8941-5fdb3228fe1f/1/L5FDTuFsYTNOwnDfVox3oLXeBSo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b6/cd41ba-2ea7-474f-8941-5fdb3228fe1f/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 08:29:52 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.134.102.0/23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:c2:51:b3:26:33:6f:99:dd:27:d4:65:5a:42:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 08:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f91434ee16c61334ec270df568c77a0b5de052a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:51:95:19:7f:a6:01:69:f0:59:29:52:15:61:
                    12:6a:9e:5f:8a:18:5f:34:58:e3:a4:06:8b:ef:44:
                    56:90:1d:30:a4:cd:bd:34:70:60:92:f7:04:7e:9d:
                    c1:fd:ca:38:ec:de:54:ba:7e:6f:fc:32:ac:04:fd:
                    f5:b9:ea:1d:90:29:db:97:4e:65:c8:28:c9:52:27:
                    a6:c7:f1:e2:17:8e:cf:d2:23:eb:d7:c0:2a:96:23:
                    ae:7b:9a:8f:eb:ea:18:9b:38:92:62:d7:7b:32:a2:
                    a4:8a:f3:3b:e6:28:f7:52:37:d6:e6:bc:72:ad:15:
                    2a:7d:79:71:4a:c9:4f:25:94:b4:5d:e2:06:95:b2:
                    aa:ba:c1:73:42:19:98:6c:bc:73:bc:56:ca:a3:4f:
                    cc:fb:a7:0f:93:38:45:8d:3e:a0:b5:d6:a9:8a:02:
                    c3:61:79:ae:7b:1e:1a:16:a2:f5:46:f0:a4:73:03:
                    cf:8f:3c:1c:b1:cd:53:61:35:ab:6d:55:e7:5e:7c:
                    52:8d:56:a5:ce:2d:35:13:e4:b3:dc:1d:25:79:4e:
                    8d:2f:aa:8a:63:56:9b:3c:67:2c:bc:06:75:86:8f:
                    a0:bf:64:88:c6:32:af:35:68:58:9b:1f:32:56:a9:
                    67:aa:bb:b3:cd:ec:f6:8a:d0:96:d6:4e:f7:73:e7:
                    08:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:91:43:4E:E1:6C:61:33:4E:C2:70:DF:56:8C:77:A0:B5:DE:05:2A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/cd41ba-2ea7-474f-8941-5fdb3228fe1f/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/cd41ba-2ea7-474f-8941-5fdb3228fe1f/1/L5FDTuFsYTNOwnDfVox3oLXeBSo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.134.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4c:0a:04:8e:4e:4a:88:c5:d7:c0:b4:e6:14:d8:f5:9f:71:f6:
         8d:26:2b:c6:7c:05:9d:df:96:a5:6e:1d:e4:a9:45:0d:b0:67:
         f7:72:98:84:1e:15:64:42:01:de:e4:71:b3:5a:b7:15:90:38:
         dc:71:ef:66:cb:94:ee:cc:e5:47:56:b4:f2:b0:a5:81:1f:8f:
         af:af:53:a0:96:11:45:90:50:9a:1a:18:b6:f4:55:70:02:af:
         f0:a0:cf:1f:06:85:23:b0:45:a9:58:68:ae:4e:89:b6:e6:25:
         60:7d:44:af:15:22:d6:d0:dd:20:0f:57:8d:31:5d:4f:43:b3:
         15:96:e5:24:b2:ce:d9:3e:23:67:6a:d9:e2:70:62:7f:bb:21:
         7f:6d:fa:3f:f2:79:42:e8:29:e9:41:02:71:32:04:cd:ef:59:
         ac:f3:11:ff:2c:54:0e:5b:24:f4:d9:71:f0:02:b5:b6:81:c0:
         3c:31:67:1e:ce:99:fc:76:36:6b:63:ec:87:19:ec:ee:92:03:
         56:be:d6:6c:b2:75:16:1d:6f:8e:23:48:72:95:a5:e6:be:22:
         84:46:76:54:6d:13:f2:e4:30:1d:f6:1a:dc:e7:f6:7e:8b:a1:
         78:46:f9:3f:6f:33:0d:14:a9:02:5e:06:61:a3:dd:d4:19:1c:
         00:0a:e4:d1
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzEJMJRsyYzb5ndJ9RlWkLEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDgyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjkxNDM0ZWUxNmM2MTMzNGVjMjcwZGY1NjhjNzdhMGI1ZGUwNTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2lGVGX+mAWnwWSlSFWESap5fihhf
NFjjpAaL70RWkB0wpM29NHBgkvcEfp3B/co47N5Uun5v/DKsBP31ueodkCnbl05l
yCjJUiemx/HiF47P0iPr18AqliOue5qP6+oYmziSYtd7MqKkivM75ij3UjfW5rxy
rRUqfXlxSslPJZS0XeIGlbKqusFzQhmYbLxzvFbKo0/M+6cPkzhFjT6gtdapigLD
YXmuex4aFqL1RvCkcwPPjzwcsc1TYTWrbVXnXnxSjValzi01E+Sz3B0leU6NL6qK
Y1abPGcsvAZ1ho+gv2SIxjKvNWhYmx8yVqlnqruzzez2itCW1k73c+cItwIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFC+RQ07hbGEzTsJw31aMd6C13gUqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I2L2NkNDFi
YS0yZWE3LTQ3NGYtODk0MS01ZmRiMzIyOGZlMWYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjYvY2Q0MWJh
LTJlYTctNDc0Zi04OTQxLTVmZGIzMjI4ZmUxZi8xL0w1RkRUdUZzWVROT3duRGZW
b3gzb0xYZUJTby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQBwYZmMA0GCSqGSIb3DQEBCwUAA4IBAQBMCgSO
TkqIxdfAtOYU2PWfcfaNJivGfAWd35albh3kqUUNsGf3cpiEHhVkQgHe5HGzWrcV
kDjcce9my5TuzOVHVrTysKWBH4+vr1OglhFFkFCaGhi29FVwAq/woM8fBoUjsEWp
WGiuTom25iVgfUSvFSLW0N0gD1eNMV1PQ7MVluUkss7ZPiNnatnicGJ/uyF/bfo/
8nlC6CnpQQJxMgTN71ms8xH/LFQOWyT02XHwArW2gcA8MWcezpn8djZrY+yHGezu
kgNWvtZssnUWHW+OI0hylaXmviKERnZUbRPy5DAd9hrc5/Z+i6F4Rvk/bzMNFKkC
XgZho93UGRwACuTR
-----END CERTIFICATE-----