Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Q3FIOk0xlpOmC4o7x5_YgtIScPo.cer
File:                     Q3FIOk0xlpOmC4o7x5_YgtIScPo.cer (raw, json)
Hash identifier:          absVAngFq8kVB4GLgMb9Axf/iJzKgOjUOdlDsTj5aGo=
Subject key identifier:   43:71:48:3A:4D:31:96:93:A6:0B:8A:3B:C7:9F:D8:82:D2:12:70:FA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01942067C4E2CBEAADE88916283F53C78AD9
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e4/14dd4c-d72d-4666-9242-920dd39ac62b/1/Q3FIOk0xlpOmC4o7x5_YgtIScPo.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e4/14dd4c-d72d-4666-9242-920dd39ac62b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 05:47:39 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198448
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:c4:e2:cb:ea:ad:e8:89:16:28:3f:53:c7:8a:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 05:47:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4371483a4d319693a60b8a3bc79fd882d21270fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:af:6c:e4:a1:4e:80:7d:e6:36:17:1a:cb:76:
                    a9:8b:44:cb:23:1e:01:41:2b:78:dd:fd:c4:dc:ae:
                    33:23:cc:d3:de:7d:c5:44:aa:f2:65:13:0a:49:b1:
                    d2:02:8b:42:3e:4b:89:20:49:2e:2f:ff:99:7b:2a:
                    55:e9:e8:04:b4:54:66:9b:7e:73:6f:b5:1c:2e:8f:
                    4f:28:c3:b5:4b:9d:47:ff:9c:fb:ad:8f:24:e0:4e:
                    43:f0:5d:69:de:f0:7a:37:01:4f:cc:ef:bc:19:5e:
                    c9:14:b6:34:60:21:ee:2e:50:fc:d5:31:42:8a:e5:
                    4c:ca:ee:9b:e5:71:26:f6:2a:31:47:43:58:8e:fa:
                    43:60:7e:b8:7f:57:b0:6c:a8:81:e4:6a:14:c1:d0:
                    3e:a5:41:a5:35:99:3c:d8:ce:6c:54:1c:79:90:e3:
                    fd:58:df:d0:f9:4f:a1:7c:f9:64:8d:83:8c:32:be:
                    a9:f0:cb:ba:23:13:db:32:b3:3d:2f:7b:d5:a2:66:
                    0b:fc:f0:d5:92:f5:b2:df:3f:15:16:55:68:dd:62:
                    58:76:89:11:30:e9:54:58:f5:ea:e8:0c:d9:08:84:
                    3e:e2:dc:30:52:e6:9b:55:14:dc:a5:41:38:79:cf:
                    a6:f6:45:f2:67:78:42:7a:e5:a3:03:c2:16:aa:e1:
                    69:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:71:48:3A:4D:31:96:93:A6:0B:8A:3B:C7:9F:D8:82:D2:12:70:FA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/14dd4c-d72d-4666-9242-920dd39ac62b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/14dd4c-d72d-4666-9242-920dd39ac62b/1/Q3FIOk0xlpOmC4o7x5_YgtIScPo.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198448

    Signature Algorithm: sha256WithRSAEncryption
         36:e0:34:66:b7:c8:77:ff:2c:ac:8c:6f:13:f4:4d:43:ce:db:
         50:76:ef:3c:50:bc:68:1c:4b:69:98:30:b5:06:59:71:b7:4b:
         83:41:54:6e:d2:4e:32:08:ba:02:ed:ff:b1:fa:b8:27:33:6c:
         c6:8d:06:aa:18:c3:ee:e4:13:5e:17:1a:ef:83:2a:6e:22:ae:
         bc:69:40:ab:4a:23:a9:f7:c4:0a:13:f3:26:25:c8:f2:27:11:
         2f:98:18:90:99:93:ae:6c:a7:0d:52:81:78:b0:bc:88:6b:61:
         7f:fe:45:de:e9:c7:8d:43:c9:43:fe:17:83:e0:7b:5b:37:db:
         56:a3:d1:16:65:92:c2:ba:09:90:8b:f0:88:c8:42:26:e2:50:
         ed:0f:b9:88:06:20:47:71:23:6e:66:fb:11:f0:78:98:78:e7:
         e8:04:2c:3a:e8:67:67:b6:69:da:f8:19:6a:a0:64:79:bd:f1:
         f5:21:7e:e9:d0:df:64:7b:f2:99:52:da:aa:24:83:7f:5e:72:
         0d:2d:6a:19:26:35:fc:c7:b8:e6:22:5b:d6:6f:1d:a2:bf:2a:
         ca:b0:81:d7:27:0a:46:76:b2:be:28:7c:09:e7:62:c4:f3:2c:
         d3:22:c5:4c:7d:20:98:51:02:24:61:34:e0:01:13:0b:34:5e:
         60:9b:ae:29
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQgZ8Tiy+qt6IkWKD9Tx4rZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDU0NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzcxNDgzYTRkMzE5NjkzYTYwYjhhM2JjNzlmZDg4MmQyMTI3MGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwa9s5KFOgH3mNhcay3api0TLIx4B
QSt43f3E3K4zI8zT3n3FRKryZRMKSbHSAotCPkuJIEkuL/+ZeypV6egEtFRmm35z
b7UcLo9PKMO1S51H/5z7rY8k4E5D8F1p3vB6NwFPzO+8GV7JFLY0YCHuLlD81TFC
iuVMyu6b5XEm9ioxR0NYjvpDYH64f1ewbKiB5GoUwdA+pUGlNZk82M5sVBx5kOP9
WN/Q+U+hfPlkjYOMMr6p8Mu6IxPbMrM9L3vVomYL/PDVkvWy3z8VFlVo3WJYdokR
MOlUWPXq6AzZCIQ+4twwUuabVRTcpUE4ec+m9kXyZ3hCeuWjA8IWquFpLQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFENxSDpNMZaTpguKO8ef2ILSEnD6MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U0LzE0ZGQ0
Yy1kNzJkLTQ2NjYtOTI0Mi05MjBkZDM5YWM2MmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQvMTRkZDRj
LWQ3MmQtNDY2Ni05MjQyLTkyMGRkMzlhYzYyYi8xL1EzRklPazB4bHBPbUM0bzd4
NV9ZZ3RJU2NQby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwMHMDANBgkqhkiG9w0BAQsFAAOCAQEANuA0ZrfId/8s
rIxvE/RNQ87bUHbvPFC8aBxLaZgwtQZZcbdLg0FUbtJOMgi6Au3/sfq4JzNsxo0G
qhjD7uQTXhca74MqbiKuvGlAq0ojqffEChPzJiXI8icRL5gYkJmTrmynDVKBeLC8
iGthf/5F3unHjUPJQ/4Xg+B7WzfbVqPRFmWSwroJkIvwiMhCJuJQ7Q+5iAYgR3Ej
bmb7EfB4mHjn6AQsOuhnZ7Zp2vgZaqBkeb3x9SF+6dDfZHvymVLaqiSDf15yDS1q
GSY1/Me45iJb1m8dor8qyrCB1ycKRnayvih8CedixPMs0yLFTH0gmFECJGE04AET
CzReYJuuKQ==
-----END CERTIFICATE-----