Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/M0-fg9LXTAwP0A2nNVePc33X2gM.cer
File:                     M0-fg9LXTAwP0A2nNVePc33X2gM.cer (raw, json)
Hash identifier:          LsDtHk+liH81pU3Gq+sg2ebjaxB/s7vLbLGxXcqNe28=
Subject key identifier:   33:4F:9F:83:D2:D7:4C:0C:0F:D0:0D:A7:35:57:8F:73:7D:D7:DA:03
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194258E65CA6685D4E0623BB4FA56C2C357
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/M0-fg9LXTAwP0A2nNVePc33X2gM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 05:47:56 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 195.54.59.0/24
                          IP: 2a12:5340::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:65:ca:66:85:d4:e0:62:3b:b4:fa:56:c2:c3:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 05:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=334f9f83d2d74c0c0fd00da735578f737dd7da03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:49:4d:68:aa:12:0f:16:b0:0d:26:84:26:0c:
                    86:5d:dd:69:e4:ca:45:b8:8c:83:3f:3f:d6:eb:91:
                    78:f0:ca:b5:29:76:2f:20:b7:99:1e:b2:fc:c4:92:
                    a1:b9:e7:36:8f:74:7d:ff:45:3d:22:e4:56:13:d2:
                    8d:5e:9b:2a:00:20:65:6a:c1:ef:be:55:dc:3f:05:
                    1e:1e:b0:2c:9b:6d:1d:76:2a:5a:69:e6:e2:ec:93:
                    f8:92:6a:96:23:18:a0:b1:d4:46:88:7b:eb:f7:16:
                    b4:8b:fe:19:ce:6d:05:6c:bd:ce:45:e1:eb:60:7b:
                    5b:d5:fd:39:ea:a0:f5:c0:d7:1a:85:33:73:e8:67:
                    70:91:b5:b7:2a:c1:0b:cf:12:42:dd:2e:7d:3d:f3:
                    26:22:ad:b0:4f:1e:fe:9b:6b:48:d5:60:6a:b4:78:
                    b0:bf:10:34:9a:36:44:e3:9a:9f:bd:0b:b2:ab:b0:
                    14:3b:23:11:b0:d2:e9:23:d6:a0:4f:9f:7a:b2:a4:
                    bd:09:3c:0e:7a:71:c8:c4:82:0c:bb:c8:f5:96:90:
                    6a:54:65:b2:53:d3:ad:8e:4a:b7:d8:0f:25:8f:04:
                    06:d3:e1:9f:d1:cc:29:19:9b:05:d9:e0:0a:3b:e7:
                    11:ac:2f:19:e9:79:40:49:29:b5:ee:9f:52:a3:79:
                    63:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:4F:9F:83:D2:D7:4C:0C:0F:D0:0D:A7:35:57:8F:73:7D:D7:DA:03
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/9c5f06-59a7-4588-ac28-efd20f6c2ec3/1/M0-fg9LXTAwP0A2nNVePc33X2gM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.54.59.0/24
                IPv6:
                  2a12:5340::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:fa:28:a4:5e:9e:be:fd:bb:4f:2d:35:a8:b0:26:bf:49:ee:
         85:95:49:a9:52:4a:06:8f:15:ba:03:75:87:dc:2a:6a:c9:87:
         52:85:0d:c3:15:f9:90:b2:eb:22:61:2f:76:5d:ba:2c:ef:b7:
         91:64:37:80:82:83:a2:bd:18:67:d2:32:6f:92:a2:2b:70:96:
         fe:ab:c4:9a:18:9b:cc:3f:e5:64:a6:f2:aa:95:6f:28:53:fd:
         19:7e:37:76:da:95:86:ed:49:be:aa:84:f3:dd:87:8d:cf:16:
         72:c5:ff:15:89:10:ea:77:5b:8d:53:8c:f7:c8:25:b3:3c:02:
         26:9f:4e:e8:02:11:2d:78:c4:dd:46:56:0e:40:f2:ef:b0:d9:
         cb:ec:39:28:d5:8a:df:5d:4b:9d:17:66:cd:51:26:e6:5a:1c:
         53:53:0f:23:57:04:ec:34:d2:89:11:55:11:f3:08:09:17:60:
         9b:b8:5f:a0:9f:2e:71:ad:0a:d8:54:f9:b8:1a:e9:3a:6c:a2:
         61:ab:48:bf:f1:e5:d8:a1:01:40:89:89:9a:ce:a0:4d:31:09:
         51:21:30:84:54:48:ae:33:ae:88:b9:8e:dd:a3:0f:e0:30:6c:
         6c:c7:8a:66:95:6a:2b:5b:3c:ef:2c:a1:9c:ab:7d:15:75:24:
         c3:9d:cd:1c
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQljmXKZoXU4GI7tPpWwsNXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzRmOWY4M2QyZDc0YzBjMGZkMDBkYTczNTU3OGY3MzdkZDdkYTAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArElNaKoSDxawDSaEJgyGXd1p5MpF
uIyDPz/W65F48Mq1KXYvILeZHrL8xJKhuec2j3R9/0U9IuRWE9KNXpsqACBlasHv
vlXcPwUeHrAsm20ddipaaebi7JP4kmqWIxigsdRGiHvr9xa0i/4Zzm0FbL3OReHr
YHtb1f056qD1wNcahTNz6GdwkbW3KsELzxJC3S59PfMmIq2wTx7+m2tI1WBqtHiw
vxA0mjZE45qfvQuyq7AUOyMRsNLpI9agT596sqS9CTwOenHIxIIMu8j1lpBqVGWy
U9Otjkq32A8ljwQG0+Gf0cwpGZsF2eAKO+cRrC8Z6XlASSm17p9So3ljEwIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFDNPn4PS10wMD9ANpzVXj3N919oDMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2IxLzljNWYw
Ni01OWE3LTQ1ODgtYWMyOC1lZmQyMGY2YzJlYzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEvOWM1ZjA2
LTU5YTctNDU4OC1hYzI4LWVmZDIwZjZjMmVjMy8xL00wLWZnOUxYVEF3UDBBMm5O
VmVQYzMzWDJnTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQAwzY7MA0EAgACMAcDBQMqElNAMA0GCSqGSIb3
DQEBCwUAA4IBAQA++iikXp6+/btPLTWosCa/Se6FlUmpUkoGjxW6A3WH3CpqyYdS
hQ3DFfmQsusiYS92Xbos77eRZDeAgoOivRhn0jJvkqIrcJb+q8SaGJvMP+VkpvKq
lW8oU/0Zfjd22pWG7Um+qoTz3YeNzxZyxf8ViRDqd1uNU4z3yCWzPAImn07oAhEt
eMTdRlYOQPLvsNnL7Dko1YrfXUudF2bNUSbmWhxTUw8jVwTsNNKJEVUR8wgJF2Cb
uF+gny5xrQrYVPm4Guk6bKJhq0i/8eXYoQFAiYmazqBNMQlRITCEVEiuM66IuY7d
ow/gMGxsx4pmlWorWzzvLKGcq30VdSTDnc0c
-----END CERTIFICATE-----