Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/LxXXiyVtKEWbhptybyMpSrP_Fz8.cer
File:                     LxXXiyVtKEWbhptybyMpSrP_Fz8.cer (raw, json)
Hash identifier:          YY8ELObMuK5zYfZyf1LUrm8IJ+Ff+ncOmbvfF//fwjA=
Subject key identifier:   2F:15:D7:8B:25:6D:28:45:9B:86:9B:72:6F:23:29:4A:B3:FF:17:3F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC6B794AA535EBA457EE971D3FE33D8C8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/LxXXiyVtKEWbhptybyMpSrP_Fz8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 20:29:29 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.13.66.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:94:aa:53:5e:ba:45:7e:e9:71:d3:fe:33:d8:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 20:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f15d78b256d28459b869b726f23294ab3ff173f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:4d:04:02:c1:a8:08:62:0b:fa:7e:d2:9c:cc:
                    b0:41:5e:65:af:d3:a0:7e:73:a6:e6:e3:ea:56:24:
                    71:15:b7:69:95:5a:94:b6:94:d6:b2:00:18:86:79:
                    93:06:d5:f4:b0:ba:4f:6c:14:73:40:51:86:1c:95:
                    a7:c1:de:56:14:2d:4c:75:6f:a4:20:8a:63:05:0d:
                    1c:ee:af:a5:f2:a6:31:44:0e:28:65:84:6a:1c:db:
                    86:3f:07:c6:da:e0:4e:e6:48:a3:65:61:ee:0d:f7:
                    6f:fd:0a:a2:e3:82:58:b7:45:28:63:fb:c9:0c:02:
                    c2:7d:5d:1e:fa:6d:cd:1a:8e:be:aa:32:c3:32:b7:
                    f6:7c:10:dc:02:21:a6:67:50:b0:5d:11:a6:72:b1:
                    85:4d:bd:db:1b:9d:db:50:52:7b:9f:83:53:34:10:
                    c4:5a:e5:5e:f1:56:40:37:b6:c4:3f:2e:d1:39:02:
                    a9:56:f5:38:40:d3:f4:ba:c0:21:2f:59:44:d7:fa:
                    a2:94:bd:69:d3:3f:a7:41:ac:a5:44:30:4a:c9:da:
                    83:74:5b:77:3d:84:ba:de:20:ec:ac:f7:f5:2a:b5:
                    0f:33:e6:88:d5:68:3f:61:d3:4d:54:28:5d:36:7f:
                    4d:43:3f:e8:f3:6c:b9:5e:d5:30:b9:5a:35:db:b0:
                    6f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:15:D7:8B:25:6D:28:45:9B:86:9B:72:6F:23:29:4A:B3:FF:17:3F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/6bdf6c-a181-42fc-b9bf-83bc7cc463de/1/LxXXiyVtKEWbhptybyMpSrP_Fz8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.13.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:39:b1:37:75:ea:4b:d6:f9:03:41:33:5a:b4:ad:8f:af:13:
         05:54:0b:73:65:3c:32:62:8e:4a:43:09:e6:32:f5:e3:3b:35:
         c1:c8:ad:a7:1b:1a:05:32:12:e8:0b:16:7a:96:e4:ec:bd:07:
         1b:37:a4:2b:f0:d2:6b:7c:ba:24:7c:08:c7:c9:49:1f:f8:90:
         be:e5:0e:08:79:a4:31:ec:8f:fe:e5:49:c6:4d:cd:74:54:ad:
         15:c1:8c:80:89:a3:d5:c4:c1:95:79:be:a1:59:08:6f:09:14:
         ae:02:d1:b6:b9:2a:6b:24:4e:d6:ea:65:62:a6:67:09:97:bc:
         c8:09:1d:8c:94:2d:b6:b5:de:8f:c3:69:2c:9b:e4:59:37:a1:
         00:b6:f7:ee:f0:53:48:54:b4:42:8e:8c:7c:69:42:5e:22:22:
         76:6a:01:a3:64:ea:c7:9d:70:a5:cd:0f:31:72:3c:34:20:e4:
         9e:a8:c2:bb:79:f3:06:3c:74:cf:f2:b5:c2:8e:f7:60:39:b8:
         76:20:7e:83:03:45:eb:f3:fa:c3:ce:a0:cb:92:ab:ae:1e:9e:
         86:56:cb:ef:e7:e5:81:9e:d5:69:17:58:26:8f:a4:e9:e7:2f:
         f1:ab:af:86:1f:42:3b:de:ce:6d:77:73:ac:e0:a4:d4:95:5c:
         25:2c:c5:43
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGt5SqU166RX7pcdP+M9jIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjE1ZDc4YjI1NmQyODQ1OWI4NjliNzI2ZjIzMjk0YWIzZmYxNzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiE0EAsGoCGIL+n7SnMywQV5lr9Og
fnOm5uPqViRxFbdplVqUtpTWsgAYhnmTBtX0sLpPbBRzQFGGHJWnwd5WFC1MdW+k
IIpjBQ0c7q+l8qYxRA4oZYRqHNuGPwfG2uBO5kijZWHuDfdv/Qqi44JYt0UoY/vJ
DALCfV0e+m3NGo6+qjLDMrf2fBDcAiGmZ1CwXRGmcrGFTb3bG53bUFJ7n4NTNBDE
WuVe8VZAN7bEPy7ROQKpVvU4QNP0usAhL1lE1/qilL1p0z+nQaylRDBKydqDdFt3
PYS63iDsrPf1KrUPM+aI1Wg/YdNNVChdNn9NQz/o82y5XtUwuVo127BvowIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFC8V14slbShFm4abcm8jKUqz/xc/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2M5LzZiZGY2
Yy1hMTgxLTQyZmMtYjliZi04M2JjN2NjNDYzZGUvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzkvNmJkZjZj
LWExODEtNDJmYy1iOWJmLTgzYmM3Y2M0NjNkZS8xL0x4WFhpeVZ0S0VXYmhwdHli
eU1wU3JQX0Z6OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwg1CMA0GCSqGSIb3DQEBCwUAA4IBAQCWObE3
depL1vkDQTNatK2PrxMFVAtzZTwyYo5KQwnmMvXjOzXByK2nGxoFMhLoCxZ6luTs
vQcbN6Qr8NJrfLokfAjHyUkf+JC+5Q4IeaQx7I/+5UnGTc10VK0VwYyAiaPVxMGV
eb6hWQhvCRSuAtG2uSprJE7W6mVipmcJl7zICR2MlC22td6Pw2ksm+RZN6EAtvfu
8FNIVLRCjox8aUJeIiJ2agGjZOrHnXClzQ8xcjw0IOSeqMK7efMGPHTP8rXCjvdg
Obh2IH6DA0Xr8/rDzqDLkquuHp6GVsvv5+WBntVpF1gmj6Tp5y/xq6+GH0I73s5t
d3Os4KTUlVwlLMVD
-----END CERTIFICATE-----