Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QRZSBM_kcHPMhtbeQ8QdiBfi5C4.cer
File:                     QRZSBM_kcHPMhtbeQ8QdiBfi5C4.cer (raw, json)
Hash identifier:          B3E5A63F0l3qrhtshDx83oRAIEOR3ODOez38sli7Www=
Subject key identifier:   41:16:52:04:CF:E4:70:73:CC:86:D6:DE:43:C4:1D:88:17:E2:E4:2E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194266BC2E453073D1EC5F7ABEA95F55DD0
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/69/fd3568-dde9-409c-bbd0-34d28b43c324/1/QRZSBM_kcHPMhtbeQ8QdiBfi5C4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/69/fd3568-dde9-409c-bbd0-34d28b43c324/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 09:49:44 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 58337
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c2:e4:53:07:3d:1e:c5:f7:ab:ea:95:f5:5d:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 09:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41165204cfe47073cc86d6de43c41d8817e2e42e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2c:11:ef:f5:12:85:97:9f:c8:fd:0f:c5:ab:
                    ff:17:c4:84:b1:40:ea:c9:b6:c3:49:7b:e3:ec:47:
                    47:6e:70:db:0d:e8:ac:da:86:ec:f6:5c:0d:10:c1:
                    6b:72:19:2a:30:f9:bf:db:b7:d2:5a:ef:48:19:46:
                    a7:77:44:ef:81:fa:d0:28:39:af:a0:ad:d7:6d:02:
                    a5:17:66:9e:ac:62:0a:2c:94:ff:a0:b4:cf:36:61:
                    af:2a:b6:f5:ba:35:68:b0:32:cd:2e:95:d4:12:a4:
                    e8:24:74:ce:b0:f8:b3:2f:5f:05:0e:68:e8:0b:75:
                    14:7c:7d:18:2d:84:f0:a6:24:01:76:ae:96:39:e0:
                    61:c9:29:32:f1:a1:e2:b2:07:fc:5f:27:9b:64:5a:
                    00:25:cc:9b:78:a8:03:a9:4f:31:f3:2e:9f:a9:81:
                    6c:e0:5a:c5:20:b2:0e:85:40:8e:8b:99:b6:ef:8b:
                    33:0a:fb:4b:a7:6a:d7:6f:c3:5a:0a:b6:46:9e:0f:
                    9d:bc:84:7f:29:9c:03:17:3f:59:f1:07:c5:2b:05:
                    d8:86:61:c5:e7:b0:72:f0:74:70:2c:dd:45:c2:02:
                    70:55:32:e2:91:32:0d:eb:19:6f:b9:88:f5:6f:84:
                    89:3e:52:64:40:5c:46:45:c6:cc:fa:53:a3:65:29:
                    b7:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:16:52:04:CF:E4:70:73:CC:86:D6:DE:43:C4:1D:88:17:E2:E4:2E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/fd3568-dde9-409c-bbd0-34d28b43c324/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/fd3568-dde9-409c-bbd0-34d28b43c324/1/QRZSBM_kcHPMhtbeQ8QdiBfi5C4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  58337

    Signature Algorithm: sha256WithRSAEncryption
         2c:a1:e5:eb:b4:07:5d:68:90:f8:b7:54:ab:67:26:03:c7:03:
         59:89:73:86:ca:f0:74:e3:37:e1:63:af:05:90:57:ea:15:19:
         2a:28:51:f0:9d:e6:bf:0b:c5:ff:bd:5d:bd:fd:cd:ec:01:56:
         0d:d8:6e:44:ed:92:9b:5d:4a:8c:fc:47:40:a4:56:73:5a:0b:
         15:d6:33:b2:89:d3:8d:38:85:fa:31:a6:8a:57:77:c0:c9:12:
         39:13:dd:05:c9:20:21:00:9c:ca:71:2e:72:a4:b4:9d:30:eb:
         0a:38:bb:79:f7:81:43:c2:04:d2:33:b1:55:17:ce:d2:1d:c9:
         0a:aa:1c:38:02:55:69:38:cd:c6:0b:d8:fb:78:87:ed:00:0f:
         86:1a:90:37:80:38:a4:6a:19:a7:ca:d8:69:6c:30:75:00:88:
         fd:39:c4:57:bc:9f:16:99:62:97:58:2f:b3:0d:b8:5e:bb:05:
         c2:6e:ee:3f:4c:6c:4d:14:00:f6:c9:86:41:e2:57:e2:1a:af:
         fc:bd:66:39:7d:50:2c:da:55:29:40:5f:8b:02:f3:dd:f6:00:
         c4:e7:68:91:94:dc:09:64:47:76:f2:bc:1d:ff:0e:4b:e2:ee:
         73:04:cd:ff:ca:12:4f:52:27:10:e7:c2:a6:67:22:b1:d1:b3:
         fd:fb:70:5e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQma8LkUwc9HsX3q+qV9V3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDk0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTE2NTIwNGNmZTQ3MDczY2M4NmQ2ZGU0M2M0MWQ4ODE3ZTJlNDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtSwR7/UShZefyP0Pxav/F8SEsUDq
ybbDSXvj7EdHbnDbDeis2obs9lwNEMFrchkqMPm/27fSWu9IGUand0TvgfrQKDmv
oK3XbQKlF2aerGIKLJT/oLTPNmGvKrb1ujVosDLNLpXUEqToJHTOsPizL18FDmjo
C3UUfH0YLYTwpiQBdq6WOeBhySky8aHisgf8XyebZFoAJcybeKgDqU8x8y6fqYFs
4FrFILIOhUCOi5m274szCvtLp2rXb8NaCrZGng+dvIR/KZwDFz9Z8QfFKwXYhmHF
57By8HRwLN1FwgJwVTLikTIN6xlvuYj1b4SJPlJkQFxGRcbM+lOjZSm3fwIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFEEWUgTP5HBzzIbW3kPEHYgX4uQuMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzY5L2ZkMzU2
OC1kZGU5LTQwOWMtYmJkMC0zNGQyOGI0M2MzMjQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjkvZmQzNTY4
LWRkZTktNDA5Yy1iYmQwLTM0ZDI4YjQzYzMyNC8xL1FSWlNCTV9rY0hQTWh0YmVR
OFFkaUJmaTVDNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwDj4TANBgkqhkiG9w0BAQsFAAOCAQEALKHl67QHXWiQ
+LdUq2cmA8cDWYlzhsrwdOM34WOvBZBX6hUZKihR8J3mvwvF/71dvf3N7AFWDdhu
RO2Sm11KjPxHQKRWc1oLFdYzsonTjTiF+jGmild3wMkSORPdBckgIQCcynEucqS0
nTDrCji7efeBQ8IE0jOxVRfO0h3JCqocOAJVaTjNxgvY+3iH7QAPhhqQN4A4pGoZ
p8rYaWwwdQCI/TnEV7yfFplil1gvsw24XrsFwm7uP0xsTRQA9smGQeJX4hqv/L1m
OX1QLNpVKUBfiwLz3fYAxOdokZTcCWRHdvK8Hf8OS+LucwTN/8oST1InEOfCpmci
sdGz/ftwXg==
-----END CERTIFICATE-----