Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Q5OKPegDvWyR8UrZZ71BQbigKK8.cer
File:                     Q5OKPegDvWyR8UrZZ71BQbigKK8.cer (raw, json)
Hash identifier:          t/IxLFH7gH7zTTVVUCDxKMmUVpJ0tCReCBmVNwWG2z4=
Subject key identifier:   43:93:8A:3D:E8:03:BD:6C:91:F1:4A:D9:67:BD:41:41:B8:A0:28:AF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC7271D8C3356DC6BDCC523EF332A87C8
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/Q5OKPegDvWyR8UrZZ71BQbigKK8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:31:18 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 203254
                          IP: 185.129.12.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:1d:8c:33:56:dc:6b:dc:c5:23:ef:33:2a:87:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:31:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=43938a3de803bd6c91f14ad967bd4141b8a028af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:93:20:38:35:a9:26:c2:a3:56:b7:14:8c:a4:
                    d3:b3:46:62:01:22:e5:1c:42:6a:07:61:ec:70:66:
                    24:61:97:ff:32:f6:19:17:fb:c2:a1:d2:3f:dc:f5:
                    d8:e7:e5:1e:1c:00:ee:97:4b:ab:9e:9b:19:a6:b5:
                    3b:b9:53:83:99:03:ac:86:0f:0c:34:31:00:d7:4e:
                    b0:03:71:eb:37:51:ff:4b:6c:1f:e8:d4:15:10:d0:
                    51:a4:14:eb:b6:5a:31:f7:79:0a:b4:32:88:00:69:
                    99:dc:f2:53:ec:74:00:73:de:d7:53:63:a5:09:97:
                    68:e1:8a:c8:3d:86:fe:6f:2c:7f:51:96:c0:f9:5b:
                    49:64:b5:f4:5e:c5:56:c9:1e:c9:0e:b3:04:6b:42:
                    48:71:fe:14:0c:01:42:e0:0b:6e:c0:6f:80:70:a0:
                    c6:44:fd:88:99:7a:7c:16:2a:75:6d:7d:2f:79:f3:
                    41:51:76:3f:25:c8:c0:03:56:b9:69:cb:de:2e:2f:
                    40:14:f5:b0:04:de:63:bc:e5:af:3c:9c:c2:9b:14:
                    ea:ac:2d:8c:34:5c:35:a4:88:52:e9:6c:b6:30:43:
                    78:a9:f7:0c:fc:1b:94:85:af:e6:af:8b:5f:a1:ee:
                    99:8b:56:a2:e3:b2:60:bd:27:d2:66:d1:62:37:a1:
                    78:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:93:8A:3D:E8:03:BD:6C:91:F1:4A:D9:67:BD:41:41:B8:A0:28:AF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/ecda24-d7c3-446a-af36-fe5634c17cc9/1/Q5OKPegDvWyR8UrZZ71BQbigKK8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.12.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  203254

    Signature Algorithm: sha256WithRSAEncryption
         73:85:f3:fc:19:4a:a4:1f:39:06:7d:9d:e9:cb:4c:2d:26:18:
         8e:a5:bf:c6:63:a8:60:19:50:1d:63:5f:b3:ac:a5:2e:cb:ff:
         cf:fc:56:85:00:cc:15:ef:ff:5f:71:f0:23:ea:57:b0:f5:f4:
         05:74:40:4e:16:81:95:79:28:12:d1:b9:7f:da:2d:67:fd:50:
         60:bf:a8:ab:3f:e1:76:75:60:de:63:40:a1:4b:88:52:c8:a4:
         10:d3:6e:43:3e:24:1f:e3:41:d9:5d:6f:41:89:7e:84:31:8b:
         7b:18:6a:c6:25:f9:9f:4e:fb:66:9f:fc:39:b8:98:c0:f1:95:
         ac:c3:0d:03:50:6a:63:3d:1d:81:77:95:72:e0:58:33:1a:e6:
         44:3f:ea:9f:4e:c7:fe:e9:2f:6f:ff:f2:be:9d:73:21:01:68:
         51:ec:3e:43:c3:6f:95:f0:e1:55:55:d0:be:c2:91:cd:e3:fa:
         28:15:bc:c3:89:4e:a1:b8:98:1f:f8:99:6b:86:ce:19:82:02:
         25:3c:c8:c5:01:94:d3:98:db:81:1f:a1:f8:2a:de:eb:fd:9d:
         cb:02:68:36:4d:19:b6:8c:de:b5:7e:49:78:c2:44:f5:dd:19:
         af:e0:c3:49:cc:fa:12:1e:34:d9:fc:cb:34:4a:d7:73:bb:ef:
         73:5a:c3:ca
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzHJx2MM1bca9zFI+8zKofIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzkzOGEzZGU4MDNiZDZjOTFmMTRhZDk2N2JkNDE0MWI4YTAyOGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypMgODWpJsKjVrcUjKTTs0ZiASLl
HEJqB2HscGYkYZf/MvYZF/vCodI/3PXY5+UeHADul0urnpsZprU7uVODmQOshg8M
NDEA106wA3HrN1H/S2wf6NQVENBRpBTrtlox93kKtDKIAGmZ3PJT7HQAc97XU2Ol
CZdo4YrIPYb+byx/UZbA+VtJZLX0XsVWyR7JDrMEa0JIcf4UDAFC4AtuwG+AcKDG
RP2ImXp8Fip1bX0vefNBUXY/JcjAA1a5acveLi9AFPWwBN5jvOWvPJzCmxTqrC2M
NFw1pIhS6Wy2MEN4qfcM/BuUha/mr4tfoe6Zi1ai47JgvSfSZtFiN6F4CwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEOTij3oA71skfFK2We9QUG4oCivMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzJjL2VjZGEy
NC1kN2MzLTQ0NmEtYWYzNi1mZTU2MzRjMTdjYzkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmMvZWNkYTI0
LWQ3YzMtNDQ2YS1hZjM2LWZlNTYzNGMxN2NjOS8xL1E1T0tQZWdEdld5UjhVclpa
NzFCUWJpZ0tLOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCuYEMMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMZ9jANBgkqhkiG9w0BAQsFAAOCAQEAc4Xz/BlKpB85Bn2d6ctMLSYYjqW/xmOo
YBlQHWNfs6ylLsv/z/xWhQDMFe//X3HwI+pXsPX0BXRAThaBlXkoEtG5f9otZ/1Q
YL+oqz/hdnVg3mNAoUuIUsikENNuQz4kH+NB2V1vQYl+hDGLexhqxiX5n077Zp/8
ObiYwPGVrMMNA1BqYz0dgXeVcuBYMxrmRD/qn07H/ukvb//yvp1zIQFoUew+Q8Nv
lfDhVVXQvsKRzeP6KBW8w4lOobiYH/iZa4bOGYICJTzIxQGU05jbgR+h+Cre6/2d
ywJoNk0ZtozetX5JeMJE9d0Zr+DDScz6Eh402fzLNErXc7vvc1rDyg==
-----END CERTIFICATE-----