Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/QjU1qmwxe6dsy4G7_uXUdLGT5uM.cer
File:                     QjU1qmwxe6dsy4G7_uXUdLGT5uM.cer (raw, json)
Hash identifier:          yYUQE5mVO8R1/vGVYFFmHfSljpVUpmZl+uHZhosj+dw=
Subject key identifier:   42:35:35:AA:6C:31:7B:A7:6C:CB:81:BB:FE:E5:D4:74:B1:93:E6:E3
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019425FC3C79071DC08B41B80567F752A4DD
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/c0/a12b7a-2e4a-4f22-8811-099587c71bab/1/QjU1qmwxe6dsy4G7_uXUdLGT5uM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/c0/a12b7a-2e4a-4f22-8811-099587c71bab/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 07:47:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 31505
                          IP: 83.151.32.0/20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:3c:79:07:1d:c0:8b:41:b8:05:67:f7:52:a4:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 07:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=423535aa6c317ba76ccb81bbfee5d474b193e6e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:54:bc:30:c0:9d:02:11:07:83:7a:72:d2:62:
                    fe:4f:b9:34:8d:42:d3:5a:16:dc:60:9a:01:2f:e4:
                    4e:ff:ae:bf:06:36:d0:85:0b:f1:8d:59:3d:18:3e:
                    41:43:91:03:ab:e1:d3:4f:f4:c3:bd:56:77:be:6f:
                    9a:7f:a6:c1:ee:06:f9:16:76:cd:17:e8:aa:f8:86:
                    41:8a:47:9f:b3:55:97:cd:82:7d:96:b7:c8:67:b1:
                    c6:73:fe:5a:fb:aa:66:a7:af:49:79:5b:3f:7f:ed:
                    54:62:3e:44:89:97:e8:43:26:7d:f5:8e:94:ae:41:
                    84:f5:32:49:0d:9e:cb:dd:27:35:a0:71:fb:08:57:
                    6a:04:26:c7:2a:fd:7f:ac:56:9e:af:af:8a:d6:22:
                    22:5c:5a:f9:26:e6:bc:ff:3c:b8:b4:ea:9b:5a:42:
                    72:49:d6:35:63:79:25:96:bf:fb:f6:56:f3:cd:00:
                    a7:cf:b0:64:5f:38:68:1c:5f:e5:cd:75:27:15:6f:
                    0d:43:e6:83:5c:5d:d6:e3:8d:99:13:11:f0:75:89:
                    cb:a4:ce:14:23:03:fc:fa:07:48:c8:d7:5f:83:63:
                    4c:3e:fb:82:b2:71:6f:4b:93:8b:9c:1c:68:88:75:
                    77:58:2a:04:71:e7:8b:d3:b6:75:2e:74:86:26:60:
                    d9:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:35:35:AA:6C:31:7B:A7:6C:CB:81:BB:FE:E5:D4:74:B1:93:E6:E3
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/a12b7a-2e4a-4f22-8811-099587c71bab/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/a12b7a-2e4a-4f22-8811-099587c71bab/1/QjU1qmwxe6dsy4G7_uXUdLGT5uM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.151.32.0/20

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  31505

    Signature Algorithm: sha256WithRSAEncryption
         83:ed:0a:9e:33:4d:f8:81:34:43:c9:b7:ea:8d:b6:38:81:9e:
         a7:fd:7a:eb:db:13:c9:6a:fb:2f:38:f8:36:d3:2b:14:59:ac:
         69:7d:fb:b8:c5:06:fb:91:85:df:fe:4d:8b:45:9d:74:e0:c4:
         2c:fd:9b:2f:4b:7e:56:41:cc:a8:b3:3a:99:46:90:f4:8a:33:
         7f:a7:28:48:70:0b:be:03:1e:eb:b8:03:e2:5f:74:8d:8a:ae:
         9c:79:49:3c:65:84:1a:d7:11:7a:79:4a:86:08:e7:02:f0:1e:
         bf:66:cb:f8:09:d3:d3:7b:e1:9f:88:9c:10:cb:18:01:05:f0:
         1a:0c:9e:dc:fd:16:b5:fd:f3:d7:49:99:10:62:cc:ae:24:6b:
         d8:d1:61:d0:58:84:d1:8e:d4:bd:20:36:f3:9b:c8:44:e9:f2:
         77:78:8f:ea:3c:95:cc:60:6d:e4:dc:21:a1:5b:99:01:4a:fc:
         5a:21:d8:37:c0:3a:d1:c6:a1:b7:a2:c9:78:07:b2:4b:40:72:
         47:6c:7a:b2:e4:5d:fe:47:43:a6:e6:80:53:af:53:9c:c3:6c:
         78:01:45:b9:e1:fb:f2:50:8f:86:f2:cc:17:94:c6:ba:31:c1:
         b3:84:16:2c:cd:ce:aa:68:0a:91:ec:0e:af:b0:6f:43:06:ff:
         71:fc:97:6a
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgISAZQl/Dx5Bx3Ai0G4BWf3UqTdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMDc0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjM1MzVhYTZjMzE3YmE3NmNjYjgxYmJmZWU1ZDQ3NGIxOTNlNmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulS8MMCdAhEHg3py0mL+T7k0jULT
WhbcYJoBL+RO/66/BjbQhQvxjVk9GD5BQ5EDq+HTT/TDvVZ3vm+af6bB7gb5FnbN
F+iq+IZBikefs1WXzYJ9lrfIZ7HGc/5a+6pmp69JeVs/f+1UYj5EiZfoQyZ99Y6U
rkGE9TJJDZ7L3Sc1oHH7CFdqBCbHKv1/rFaer6+K1iIiXFr5Jua8/zy4tOqbWkJy
SdY1Y3kllr/79lbzzQCnz7BkXzhoHF/lzXUnFW8NQ+aDXF3W442ZExHwdYnLpM4U
IwP8+gdIyNdfg2NMPvuCsnFvS5OLnBxoiHV3WCoEceeL07Z1LnSGJmDZlQIDAQAB
o4ICnzCCApswHQYDVR0OBBYEFEI1NapsMXunbMuBu/7l1HSxk+bjMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2MwL2ExMmI3
YS0yZTRhLTRmMjItODgxMS0wOTk1ODdjNzFiYWIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzAvYTEyYjdh
LTJlNGEtNGYyMi04ODExLTA5OTU4N2M3MWJhYi8xL1FqVTFxbXd4ZTZkc3k0Rzdf
dVhVZExHVDV1TS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQEU5cgMBkGCCsGAQUFBwEIAQH/BAowCKAGMAQC
AnsRMA0GCSqGSIb3DQEBCwUAA4IBAQCD7QqeM034gTRDybfqjbY4gZ6n/Xrr2xPJ
avsvOPg20ysUWaxpffu4xQb7kYXf/k2LRZ104MQs/ZsvS35WQcyoszqZRpD0ijN/
pyhIcAu+Ax7ruAPiX3SNiq6ceUk8ZYQa1xF6eUqGCOcC8B6/Zsv4CdPTe+GfiJwQ
yxgBBfAaDJ7c/Ra1/fPXSZkQYsyuJGvY0WHQWITRjtS9IDbzm8hE6fJ3eI/qPJXM
YG3k3CGhW5kBSvxaIdg3wDrRxqG3osl4B7JLQHJHbHqy5F3+R0Om5oBTr1Ocw2x4
AUW54fvyUI+G8swXlMa6McGzhBYszc6qaAqR7A6vsG9DBv9x/Jdq
-----END CERTIFICATE-----