Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/S3IGbX5sqK0v-mKmmwZ5I6Qt-W8.cer
File:                     S3IGbX5sqK0v-mKmmwZ5I6Qt-W8.cer (raw, json)
Hash identifier:          GnQCbIJFSZPzDzYueL+LE4NBKlb2FgCJHeQxFquQ3yc=
Subject key identifier:   4B:72:06:6D:7E:6C:A8:AD:2F:FA:62:A6:9B:06:79:23:A4:2D:F9:6F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019426D9C195D658837A6519E6A7F7F2C44B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/45/a64b09-64df-470c-a64d-1f6991877b26/1/S3IGbX5sqK0v-mKmmwZ5I6Qt-W8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/45/a64b09-64df-470c-a64d-1f6991877b26/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 02 Jan 2025 11:49:52 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 212138
                          IP: 192.145.104.0/22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:c1:95:d6:58:83:7a:65:19:e6:a7:f7:f2:c4:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 11:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b72066d7e6ca8ad2ffa62a69b067923a42df96f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d8:44:00:9d:26:c4:75:89:bc:13:a2:83:f7:
                    33:b0:ac:3c:6c:0e:00:a1:8d:99:b4:a4:7c:f6:b6:
                    a4:17:3a:10:9e:38:8d:38:02:10:ca:1b:7c:bc:53:
                    94:6c:81:25:2a:35:81:66:4e:6d:a5:86:af:91:ec:
                    c9:70:f9:d6:f1:fd:f3:93:9a:fd:51:7a:79:ba:5f:
                    85:8f:45:c0:b7:8f:62:cf:be:15:74:68:e2:2b:b9:
                    8c:4d:38:49:87:02:79:fa:be:6f:a5:83:93:35:e6:
                    4a:2b:3c:e0:2d:7f:f0:6d:08:ee:ad:80:6e:50:16:
                    68:33:bc:a5:73:60:9b:7d:e8:da:a8:fa:bb:b4:d1:
                    81:9d:91:54:c6:f9:20:a6:97:e8:da:da:16:4b:ef:
                    8e:53:d6:72:93:a6:82:58:1e:81:e4:9d:53:bc:07:
                    d8:07:ec:2c:c8:13:d4:77:66:55:6f:e3:21:d7:8a:
                    d1:b7:35:cb:3e:1f:9b:0c:52:7c:e1:b8:f7:0b:92:
                    e4:8c:4d:45:b5:12:a6:97:3f:74:c5:25:46:04:e6:
                    9b:41:dc:a3:30:1e:cf:be:1e:91:04:1c:51:19:6a:
                    90:eb:49:51:cd:4c:7c:fe:78:5f:12:2d:d5:98:19:
                    b6:75:3c:01:c9:49:ba:f3:37:71:65:2c:9a:78:4a:
                    d4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:72:06:6D:7E:6C:A8:AD:2F:FA:62:A6:9B:06:79:23:A4:2D:F9:6F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/a64b09-64df-470c-a64d-1f6991877b26/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/a64b09-64df-470c-a64d-1f6991877b26/1/S3IGbX5sqK0v-mKmmwZ5I6Qt-W8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.145.104.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  212138

    Signature Algorithm: sha256WithRSAEncryption
         0a:92:2d:b5:28:c3:cf:24:c6:4f:59:c8:0f:28:19:ae:ac:14:
         6f:aa:62:d5:dd:4b:78:d3:aa:f7:07:83:0c:9a:0a:15:9d:7b:
         b0:8a:2c:6e:cd:bf:b7:89:00:2f:cb:c4:7d:39:da:b9:18:a9:
         51:b7:43:27:cb:54:ae:cf:d3:8b:db:5e:74:af:6b:f0:17:f4:
         66:79:0e:2d:bb:1b:69:17:3e:48:90:7e:59:aa:54:02:06:a5:
         9b:12:71:d1:d2:ed:33:20:44:c6:4b:28:3d:44:f6:4b:15:79:
         0e:49:06:ab:b4:95:66:b6:4a:29:83:43:d8:bd:50:c5:f5:c1:
         ab:55:50:d7:fb:80:ea:eb:bb:8b:da:f0:d6:27:ff:16:37:db:
         bf:10:9f:3c:c4:02:ae:5f:8b:4c:3e:f4:7d:f9:6a:4d:b8:d7:
         76:5e:fe:31:c9:c4:0b:d3:6b:2e:63:21:e6:b3:02:5d:1b:69:
         a0:6b:1f:97:09:ca:af:8d:d7:e1:fc:f2:57:ef:cb:a6:38:ec:
         7d:e2:c6:75:57:6f:80:60:8d:f1:56:fa:52:75:fb:88:bb:e4:
         10:39:cf:68:b9:8f:59:8c:6f:56:00:a7:bb:8a:38:0c:71:db:
         09:30:da:fb:97:c6:10:2a:10:40:d2:00:d9:04:cd:f9:e1:34:
         76:39:dd:24
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQm2cGV1liDemUZ5qf38sRLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAyMTE0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjcyMDY2ZDdlNmNhOGFkMmZmYTYyYTY5YjA2NzkyM2E0MmRmOTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNhEAJ0mxHWJvBOig/czsKw8bA4A
oY2ZtKR89rakFzoQnjiNOAIQyht8vFOUbIElKjWBZk5tpYavkezJcPnW8f3zk5r9
UXp5ul+Fj0XAt49iz74VdGjiK7mMTThJhwJ5+r5vpYOTNeZKKzzgLX/wbQjurYBu
UBZoM7ylc2CbfejaqPq7tNGBnZFUxvkgppfo2toWS++OU9Zyk6aCWB6B5J1TvAfY
B+wsyBPUd2ZVb+Mh14rRtzXLPh+bDFJ84bj3C5LkjE1FtRKmlz90xSVGBOabQdyj
MB7Pvh6RBBxRGWqQ60lRzUx8/nhfEi3VmBm2dTwByUm68zdxZSyaeErU2wIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFEtyBm1+bKitL/pippsGeSOkLflvMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQ1L2E2NGIw
OS02NGRmLTQ3MGMtYTY0ZC0xZjY5OTE4NzdiMjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvYTY0YjA5
LTY0ZGYtNDcwYy1hNjRkLTFmNjk5MTg3N2IyNi8xL1MzSUdiWDVzcUswdi1tS21t
d1o1STZRdC1XOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCwJFoMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwM8qjANBgkqhkiG9w0BAQsFAAOCAQEACpIttSjDzyTGT1nIDygZrqwUb6pi1d1L
eNOq9weDDJoKFZ17sIosbs2/t4kAL8vEfTnauRipUbdDJ8tUrs/Ti9tedK9r8Bf0
ZnkOLbsbaRc+SJB+WapUAgalmxJx0dLtMyBExksoPUT2SxV5DkkGq7SVZrZKKYND
2L1QxfXBq1VQ1/uA6uu7i9rw1if/FjfbvxCfPMQCrl+LTD70fflqTbjXdl7+McnE
C9NrLmMh5rMCXRtpoGsflwnKr43X4fzyV+/LpjjsfeLGdVdvgGCN8Vb6UnX7iLvk
EDnPaLmPWYxvVgCnu4o4DHHbCTDa+5fGECoQQNIA2QTN+eE0djndJA==
-----END CERTIFICATE-----