Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PXD-HXX32nbS49w0T7HwsLad4AE.cer
File:                     PXD-HXX32nbS49w0T7HwsLad4AE.cer (raw, json)
Hash identifier:          08X23I2tjKKaoNjHdHZFKynXj/IaX9t7+9cUBAUsnDU=
Subject key identifier:   3D:70:FE:1D:75:F7:DA:76:D2:E3:DC:34:4F:B1:F0:B0:B6:9D:E0:01
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7951C188FFBE8067F525D25F336E019
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e8/2456e5-61dd-4ae3-a24f-b852bd8123f0/1/PXD-HXX32nbS49w0T7HwsLad4AE.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e8/2456e5-61dd-4ae3-a24f-b852bd8123f0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 00:31:27 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.23.148.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1c:18:8f:fb:e8:06:7f:52:5d:25:f3:36:e0:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 00:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d70fe1d75f7da76d2e3dc344fb1f0b0b69de001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c4:66:16:52:80:9d:06:ce:63:1f:36:9a:9a:
                    a4:15:40:75:f0:86:ff:dd:8f:dc:31:af:2e:a9:c8:
                    72:ea:27:9b:c1:3c:8e:68:84:e2:8c:6a:6d:7a:38:
                    89:6f:eb:dd:97:07:20:70:88:a4:da:86:50:bb:0a:
                    bd:78:e7:de:24:4d:c1:de:0c:fa:a8:f6:cf:1f:de:
                    3d:2e:fc:a6:2b:6d:ad:3e:e4:35:b0:7a:e2:da:99:
                    72:7d:4a:d3:74:5b:cf:4b:e7:81:db:9f:e7:bb:42:
                    37:1c:36:c0:69:05:4e:41:fe:ed:8c:e4:9d:20:35:
                    08:d8:50:a3:fb:60:46:8e:74:e7:00:8e:8f:5a:c4:
                    1a:5e:f0:39:43:f9:ff:97:ce:97:dc:79:88:6f:6b:
                    c9:ad:6b:89:54:f1:75:13:42:1d:2e:6c:6b:e7:93:
                    aa:30:c7:89:86:65:f0:a8:99:d0:dd:cc:38:24:32:
                    94:78:76:d1:b9:84:a0:6b:8a:4e:ae:e4:a1:3f:f5:
                    4a:28:ba:e7:3c:fb:0d:1a:2f:14:bf:2f:e5:06:b1:
                    85:12:7a:13:0f:b8:94:f7:0e:b3:db:84:42:c4:d3:
                    9f:d3:52:18:4f:4c:26:40:c3:30:b1:03:0d:d7:7a:
                    22:0b:f5:6b:3c:0a:e4:58:c8:5b:10:89:ee:cc:fc:
                    9c:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:70:FE:1D:75:F7:DA:76:D2:E3:DC:34:4F:B1:F0:B0:B6:9D:E0:01
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/2456e5-61dd-4ae3-a24f-b852bd8123f0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/2456e5-61dd-4ae3-a24f-b852bd8123f0/1/PXD-HXX32nbS49w0T7HwsLad4AE.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.23.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:10:7e:5f:f9:6b:6a:a3:94:4e:0c:b7:e6:ea:45:37:e5:d9:
         e9:10:c3:4f:49:c0:68:62:27:9d:8f:8e:bb:5a:5b:0d:00:a7:
         a8:0d:7c:79:45:a6:e8:a2:bb:64:ad:e6:21:99:2b:78:5d:dd:
         42:83:82:52:36:f4:08:f4:4d:82:c9:23:94:ca:94:79:34:1a:
         e2:73:90:ea:ce:bf:d1:45:04:3c:61:c7:19:7b:ca:9a:36:7b:
         e0:97:b9:41:25:42:e3:e4:02:50:19:33:2e:a8:1b:cf:9a:28:
         0e:45:55:35:ab:32:a6:77:b7:52:a4:c5:c1:5e:10:6a:fa:36:
         19:a8:5f:06:59:bd:df:33:20:f6:77:28:52:00:ca:8f:c5:be:
         3f:7d:93:ed:f6:3c:b2:ab:6a:ab:48:62:aa:c3:c7:64:fe:26:
         64:5c:96:73:f1:e1:55:51:f6:4f:65:09:a5:e5:7e:3e:83:4f:
         5d:b5:f5:bf:7e:8e:98:7f:1e:1a:1f:64:dd:62:36:f9:5d:53:
         61:70:e8:2d:8e:00:42:a7:58:65:05:7a:5c:1c:10:b1:1a:a1:
         8c:e4:05:bc:0c:94:c5:6b:b7:9a:d6:85:88:2f:dc:14:6e:4c:
         45:d2:04:e7:eb:ce:d2:ed:0b:cb:f1:b3:e2:b2:4e:26:5b:72:
         d8:55:7a:82
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzHlRwYj/voBn9SXSXzNuAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDAzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDcwZmUxZDc1ZjdkYTc2ZDJlM2RjMzQ0ZmIxZjBiMGI2OWRlMDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsRmFlKAnQbOYx82mpqkFUB18Ib/
3Y/cMa8uqchy6iebwTyOaITijGptejiJb+vdlwcgcIik2oZQuwq9eOfeJE3B3gz6
qPbPH949LvymK22tPuQ1sHri2plyfUrTdFvPS+eB25/nu0I3HDbAaQVOQf7tjOSd
IDUI2FCj+2BGjnTnAI6PWsQaXvA5Q/n/l86X3HmIb2vJrWuJVPF1E0IdLmxr55Oq
MMeJhmXwqJnQ3cw4JDKUeHbRuYSga4pOruShP/VKKLrnPPsNGi8Uvy/lBrGFEnoT
D7iU9w6z24RCxNOf01IYT0wmQMMwsQMN13oiC/VrPArkWMhbEInuzPycawIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFD1w/h1199p20uPcNE+x8LC2neABMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U4LzI0NTZl
NS02MWRkLTRhZTMtYTI0Zi1iODUyYmQ4MTIzZjAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTgvMjQ1NmU1
LTYxZGQtNGFlMy1hMjRmLWI4NTJiZDgxMjNmMC8xL1BYRC1IWFgzMm5iUzQ5dzBU
N0h3c0xhZDRBRS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwReUMA0GCSqGSIb3DQEBCwUAA4IBAQCdEH5f
+Wtqo5RODLfm6kU35dnpEMNPScBoYiedj467WlsNAKeoDXx5RaboortkreYhmSt4
Xd1Cg4JSNvQI9E2CySOUypR5NBric5Dqzr/RRQQ8YccZe8qaNnvgl7lBJULj5AJQ
GTMuqBvPmigORVU1qzKmd7dSpMXBXhBq+jYZqF8GWb3fMyD2dyhSAMqPxb4/fZPt
9jyyq2qrSGKqw8dk/iZkXJZz8eFVUfZPZQml5X4+g09dtfW/fo6Yfx4aH2TdYjb5
XVNhcOgtjgBCp1hlBXpcHBCxGqGM5AW8DJTFa7ea1oWIL9wUbkxF0gTn687S7QvL
8bPisk4mW3LYVXqC
-----END CERTIFICATE-----