Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/MHoDlQLUamuZCREM4qsTlod70I4.cer
File:                     MHoDlQLUamuZCREM4qsTlod70I4.cer (raw, json)
Hash identifier:          XFof8v91iX8m2IPR5b3zPpiwq6VHHbynAPx0sIyrSjs=
Subject key identifier:   30:7A:03:95:02:D4:6A:6B:99:09:11:0C:E2:AB:13:96:87:7B:D0:8E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC5DC165DD6ED9050D52AE7CA4D7282CC
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/d8/d51211-d0bb-4a57-9390-ce2a496fee86/1/MHoDlQLUamuZCREM4qsTlod70I4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/d8/d51211-d0bb-4a57-9390-ce2a496fee86/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 16:29:44 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 194.15.143.0/24
                          IP: 194.45.144.0 -- 194.45.153.255

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:16:5d:d6:ed:90:50:d5:2a:e7:ca:4d:72:82:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 16:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=307a039502d46a6b9909110ce2ab1396877bd08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1b:bf:ad:9c:a6:6d:fe:a1:d2:92:c0:b8:f4:
                    aa:26:cb:9f:24:e7:af:a2:e9:3b:a5:42:74:96:2f:
                    7d:1f:b1:39:db:a0:80:5a:43:a3:75:26:a8:ea:41:
                    70:94:8e:e0:6f:ea:f1:d9:a1:18:63:f9:65:96:08:
                    04:2e:80:12:ff:62:86:94:55:0d:1f:67:09:3b:e2:
                    78:ec:96:de:f9:2f:02:82:19:b6:fa:58:3f:75:e8:
                    6b:2b:4c:70:8e:e1:64:37:99:d6:83:9a:45:1b:01:
                    89:12:e1:a0:51:03:0d:60:dd:b1:50:78:b4:38:01:
                    d3:e4:3b:83:1c:91:e6:c7:bc:1c:3d:02:6a:21:3d:
                    75:25:a1:86:3d:ac:80:a8:c2:15:63:18:42:4b:ea:
                    ce:cc:11:46:bf:09:da:a6:ba:4a:7c:52:7e:29:be:
                    75:0a:d3:32:dd:a6:24:68:aa:6f:e1:da:d5:29:06:
                    c9:58:1d:c1:85:da:75:c3:06:72:f3:47:ef:a4:7f:
                    ae:37:a3:bc:eb:01:c9:cf:e1:6d:98:c3:03:a0:13:
                    31:40:05:7f:06:c9:25:c7:89:41:7c:6f:e4:39:e2:
                    81:b5:08:b0:5e:ae:e9:31:b6:8d:a0:9a:a7:36:db:
                    6f:7b:f3:9e:4b:3e:b6:b2:86:dd:b7:4f:d4:07:ca:
                    f0:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:7A:03:95:02:D4:6A:6B:99:09:11:0C:E2:AB:13:96:87:7B:D0:8E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d51211-d0bb-4a57-9390-ce2a496fee86/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d51211-d0bb-4a57-9390-ce2a496fee86/1/MHoDlQLUamuZCREM4qsTlod70I4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.143.0/24
                  194.45.144.0-194.45.153.255

    Signature Algorithm: sha256WithRSAEncryption
         07:e6:80:06:49:f6:ac:fc:6a:45:30:3b:85:a7:e0:e3:48:da:
         42:df:da:ad:2c:1f:89:7e:d1:5e:54:25:72:bf:b1:72:b6:e6:
         67:9e:44:91:e5:51:7a:68:ba:9e:26:e1:01:a9:3a:a3:c1:b6:
         1d:e7:62:8c:2f:54:6e:34:35:bb:c1:73:4c:0c:81:5e:77:17:
         26:c5:d7:db:1b:f1:10:e5:ea:cf:24:ce:c4:31:cb:b3:7b:fc:
         55:f8:8b:74:7a:51:f8:13:40:b1:b6:cc:b0:80:a9:3f:09:7c:
         28:38:66:ac:5a:42:e4:b9:74:9c:53:5d:be:c7:39:26:d4:7a:
         ef:1d:45:aa:4b:08:91:61:5f:38:0d:1d:32:85:83:e0:1b:b3:
         70:be:f4:6d:82:b1:63:86:d7:74:f6:4f:a5:2b:56:89:54:eb:
         db:2b:5e:1b:5b:2e:1c:01:14:d0:e8:67:f8:53:5c:1f:45:d8:
         b8:0b:88:4c:5f:2c:74:24:69:3c:83:a9:05:38:6d:4d:a9:6d:
         7e:06:02:40:8e:44:3e:0f:93:08:81:fd:50:d2:ca:ec:e0:71:
         8d:01:85:b9:a5:28:7e:52:bb:3f:5d:5d:4a:c7:69:d6:7f:93:
         e4:b4:d6:05:d9:d4:dd:d5:88:83:e5:89:70:6e:bb:ee:44:4c:
         08:75:db:61
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAYzF3BZd1u2QUNUq58pNcoLMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDdhMDM5NTAyZDQ2YTZiOTkwOTExMGNlMmFiMTM5Njg3N2JkMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhu/rZymbf6h0pLAuPSqJsufJOev
ouk7pUJ0li99H7E526CAWkOjdSao6kFwlI7gb+rx2aEYY/lllggELoAS/2KGlFUN
H2cJO+J47Jbe+S8Cghm2+lg/dehrK0xwjuFkN5nWg5pFGwGJEuGgUQMNYN2xUHi0
OAHT5DuDHJHmx7wcPQJqIT11JaGGPayAqMIVYxhCS+rOzBFGvwnaprpKfFJ+Kb51
CtMy3aYkaKpv4drVKQbJWB3Bhdp1wwZy80fvpH+uN6O86wHJz+FtmMMDoBMxQAV/
Bsklx4lBfG/kOeKBtQiwXq7pMbaNoJqnNttve/OeSz62sobdt0/UB8rwpwIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFDB6A5UC1GprmQkRDOKrE5aHe9COMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Q4L2Q1MTIx
MS1kMGJiLTRhNTctOTM5MC1jZTJhNDk2ZmVlODYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDgvZDUxMjEx
LWQwYmItNGE1Ny05MzkwLWNlMmE0OTZmZWU4Ni8xL01Ib0RsUUxVYW11WkNSRU00
cXNUbG9kNzBJNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUF
BwEHAQH/BB4wHDAaBAIAATAUAwQAwg+PMAwDBATCLZADBAHCLZgwDQYJKoZIhvcN
AQELBQADggEBAAfmgAZJ9qz8akUwO4Wn4ONI2kLf2q0sH4l+0V5UJXK/sXK25mee
RJHlUXpoup4m4QGpOqPBth3nYowvVG40NbvBc0wMgV53FybF19sb8RDl6s8kzsQx
y7N7/FX4i3R6UfgTQLG2zLCAqT8JfCg4ZqxaQuS5dJxTXb7HOSbUeu8dRapLCJFh
XzgNHTKFg+Abs3C+9G2CsWOG13T2T6UrVolU69srXhtbLhwBFNDoZ/hTXB9F2LgL
iExfLHQkaTyDqQU4bU2pbX4GAkCORD4PkwiB/VDSyuzgcY0BhbmlKH5Suz9dXUrH
adZ/k+S01gXZ1N3ViIPliXBuu+5ETAh122E=
-----END CERTIFICATE-----