Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/PqHYsv0nYm97SWZL8Fu95tWb2tM.cer
File:                     PqHYsv0nYm97SWZL8Fu95tWb2tM.cer (raw, json)
Hash identifier:          Mi/IC0hq+hNxxJKF/9E/crmEQRCAJJebrDXWGSTpIRk=
Subject key identifier:   3E:A1:D8:B2:FD:27:62:6F:7B:49:66:4B:F0:5B:BD:E6:D5:9B:DA:D3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B746E8D9B742F1D62DEC10684B8C3C
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/fe/75bba8-57d8-42c2-8aaf-45e954271ab8/1/PqHYsv0nYm97SWZL8Fu95tWb2tM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/fe/75bba8-57d8-42c2-8aaf-45e954271ab8/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:30:17 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 50268
                          IP: 193.104.157.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:46:e8:d9:b7:42:f1:d6:2d:ec:10:68:4b:8c:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3ea1d8b2fd27626f7b49664bf05bbde6d59bdad3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:c6:ab:87:50:90:fa:f7:d9:b9:cc:43:01:13:
                    da:24:a7:3c:80:e2:f8:b1:c9:43:03:f3:16:10:e1:
                    78:02:92:a2:11:3e:2f:4f:47:ad:1a:dd:87:64:53:
                    f5:07:3e:2d:a1:bf:ac:1c:ff:af:86:b6:f6:20:eb:
                    9f:a8:71:e1:f2:21:2a:e2:5b:42:c2:1e:19:dc:dd:
                    c6:9d:e6:a1:c7:64:23:06:a4:1c:14:45:b5:c8:97:
                    64:9a:ff:89:23:db:61:db:00:2e:aa:2c:a5:bb:e0:
                    a2:68:e6:5f:51:d3:7a:4f:c6:aa:88:57:f5:31:cc:
                    4b:be:57:0f:9b:bf:b1:93:63:b2:c7:90:da:5a:74:
                    62:c9:97:49:6b:38:6e:4c:a6:57:19:53:ac:e4:b9:
                    24:f8:0d:76:c8:55:4c:66:78:6a:b1:51:8d:8c:a8:
                    fc:b8:25:23:5b:17:59:dc:9e:ea:6f:b9:a4:21:eb:
                    26:ac:f1:95:81:bb:17:48:8f:7f:53:60:b9:7d:47:
                    48:16:cf:d2:dc:6d:33:67:16:8c:15:f0:7c:c3:eb:
                    ba:c5:ca:dc:d8:16:e2:c2:2f:15:dc:18:e4:15:59:
                    2e:f2:5d:bc:e0:c5:1c:4c:1e:5d:ec:f4:f4:b5:a2:
                    af:31:fe:ee:d0:6a:2f:8a:d9:6e:8a:77:99:75:b5:
                    f2:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:A1:D8:B2:FD:27:62:6F:7B:49:66:4B:F0:5B:BD:E6:D5:9B:DA:D3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/75bba8-57d8-42c2-8aaf-45e954271ab8/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/75bba8-57d8-42c2-8aaf-45e954271ab8/1/PqHYsv0nYm97SWZL8Fu95tWb2tM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.157.0/24

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  50268

    Signature Algorithm: sha256WithRSAEncryption
         ad:0f:f0:1e:e7:19:2c:3f:59:f3:06:5c:70:f4:30:cf:5a:0c:
         7f:bf:77:0a:58:fe:ec:94:fc:21:14:ed:11:ba:24:d8:ed:23:
         9e:97:66:da:40:86:44:00:ea:4a:86:82:22:b1:da:17:bc:a7:
         ed:17:94:d2:b0:a5:27:0c:fd:d3:a9:65:93:fc:2d:0c:41:5d:
         95:23:53:11:5e:9f:6c:50:32:4f:e4:94:c1:18:c9:2b:5b:66:
         7b:8e:2b:5e:de:34:43:af:e3:6b:b0:18:e0:47:2f:5d:06:ee:
         5f:7c:ea:86:2b:b6:2b:ff:cb:de:98:7e:13:0f:63:75:af:d0:
         d1:a7:f9:11:6c:c3:46:9d:63:d7:61:a6:86:39:4d:90:4d:7c:
         f7:b0:4d:6d:e1:b0:36:98:bc:fc:41:ca:50:86:23:b5:1a:7d:
         87:ac:60:95:60:81:e6:c3:1b:05:85:53:ee:5b:4c:0e:89:d7:
         df:55:ab:9c:4a:47:9a:d6:29:4e:b9:3b:4b:8f:c4:95:a6:37:
         ab:52:db:65:86:4e:89:05:0a:8f:28:a5:65:0a:8e:d5:ef:69:
         b1:b5:af:c5:78:64:7d:4b:db:7d:62:d0:39:49:c1:76:57:6b:
         33:a0:a9:c8:dc:ef:68:18:bc:09:20:6c:02:5e:82:d1:49:82:
         e7:d8:ec:0a
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzDt0bo2bdC8dYt7BBoS4w8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWExZDhiMmZkMjc2MjZmN2I0OTY2NGJmMDViYmRlNmQ1OWJkYWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAucarh1CQ+vfZucxDARPaJKc8gOL4
sclDA/MWEOF4ApKiET4vT0etGt2HZFP1Bz4tob+sHP+vhrb2IOufqHHh8iEq4ltC
wh4Z3N3Gneahx2QjBqQcFEW1yJdkmv+JI9th2wAuqiylu+CiaOZfUdN6T8aqiFf1
McxLvlcPm7+xk2Oyx5DaWnRiyZdJazhuTKZXGVOs5Lkk+A12yFVMZnhqsVGNjKj8
uCUjWxdZ3J7qb7mkIesmrPGVgbsXSI9/U2C5fUdIFs/S3G0zZxaMFfB8w+u6xcrc
2Bbiwi8V3BjkFVku8l284MUcTB5d7PT0taKvMf7u0GovitluineZdbXy3QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFD6h2LL9J2Jve0lmS/BbvebVm9rTMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2ZlLzc1YmJh
OC01N2Q4LTQyYzItOGFhZi00NWU5NTQyNzFhYjgvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmUvNzViYmE4
LTU3ZDgtNDJjMi04YWFmLTQ1ZTk1NDI3MWFiOC8xL1BxSFlzdjBuWW05N1NXWkw4
RnU5NXRXYjJ0TS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAwWidMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwDEXDANBgkqhkiG9w0BAQsFAAOCAQEArQ/wHucZLD9Z8wZccPQwz1oMf793Clj+
7JT8IRTtEbok2O0jnpdm2kCGRADqSoaCIrHaF7yn7ReU0rClJwz906llk/wtDEFd
lSNTEV6fbFAyT+SUwRjJK1tme44rXt40Q6/ja7AY4EcvXQbuX3zqhiu2K//L3ph+
Ew9jda/Q0af5EWzDRp1j12GmhjlNkE1897BNbeGwNpi8/EHKUIYjtRp9h6xglWCB
5sMbBYVT7ltMDonX31WrnEpHmtYpTrk7S4/ElaY3q1LbZYZOiQUKjyilZQqO1e9p
sbWvxXhkfUvbfWLQOUnBdldrM6CpyNzvaBi8CSBsAl6C0UmC59jsCg==
-----END CERTIFICATE-----