Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/SuKsLjoMm_HuJsFjpwz2Zhkvey8.cer
File:                     SuKsLjoMm_HuJsFjpwz2Zhkvey8.cer (raw, json)
Hash identifier:          ZN1POxer3Xw0gd9pjEnxiWaw6s+9acYkM5m3X8GIe7o=
Subject key identifier:   4A:E2:AC:2E:3A:0C:9B:F1:EE:26:C1:63:A7:0C:F6:66:19:2F:7B:2F
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       01913DCD162B0720511E01EADE46E47BA55B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/b0c75df9-5b92-48c0-bbda-a43bd19ef7d3/0/4AE2AC2E3A0C9BF1EE26C163A70CF666192F7B2F.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/b0c75df9-5b92-48c0-bbda-a43bd19ef7d3/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Sat 10 Aug 2024 19:38:56 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 214809

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:3d:cd:16:2b:07:20:51:1e:01:ea:de:46:e4:7b:a5:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Aug 10 19:38:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ae2ac2e3a0c9bf1ee26c163a70cf666192f7b2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:30:21:f7:df:eb:5f:29:a4:68:60:4e:1e:ea:
                    90:8e:d6:3b:3b:e2:37:2a:84:98:2d:70:0d:a6:42:
                    e0:ad:2d:f9:81:4f:75:d2:f9:a2:83:b4:c9:83:2d:
                    e0:ea:2a:14:02:6d:eb:f7:4c:e1:0e:87:7b:04:d5:
                    63:f4:00:69:b7:fc:eb:aa:02:ae:78:a5:02:a6:9d:
                    43:18:23:f8:5f:28:fc:84:d0:5e:34:93:40:19:86:
                    4e:24:38:81:5b:b2:f0:40:3f:df:52:a5:3a:43:27:
                    fa:42:98:1c:5a:1b:73:c6:de:1d:3c:d1:ba:54:ac:
                    9b:b7:51:0f:cf:c6:71:22:8b:1e:70:8c:24:1c:6d:
                    9f:f3:7c:65:48:ba:e9:6b:51:c4:7b:f0:02:6c:9a:
                    ce:b6:56:1d:3a:04:0d:b3:b8:3c:18:10:c2:20:a0:
                    c5:f0:2d:21:aa:4b:c4:c5:02:3f:78:55:23:02:e2:
                    c0:8b:68:a1:fa:34:83:f0:a8:70:d8:98:65:d9:05:
                    6c:76:9f:2e:00:96:c1:5f:57:40:8d:23:4b:44:99:
                    eb:13:72:03:21:b7:cf:af:87:d4:8d:04:c9:99:3b:
                    86:7d:59:ee:62:23:ea:6a:8b:f1:6d:bc:a9:ce:ec:
                    7d:80:37:c6:45:10:c0:f4:1b:ad:9d:27:27:70:b8:
                    06:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:E2:AC:2E:3A:0C:9B:F1:EE:26:C1:63:A7:0C:F6:66:19:2F:7B:2F
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/b0c75df9-5b92-48c0-bbda-a43bd19ef7d3/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/b0c75df9-5b92-48c0-bbda-a43bd19ef7d3/0/4AE2AC2E3A0C9BF1EE26C163A70CF666192F7B2F.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214809

    Signature Algorithm: sha256WithRSAEncryption
         79:03:4e:90:2d:47:7b:5a:f5:b6:26:0d:8e:45:22:fc:9b:28:
         24:dc:6f:52:e8:31:fe:e9:ff:0a:89:c7:74:a0:45:42:d4:6a:
         b9:91:03:2c:1d:2c:f6:a1:a5:b9:31:a2:86:78:29:45:9c:39:
         b9:4d:ac:2e:7b:45:ab:93:23:c8:ab:8e:cf:21:ce:08:2a:df:
         ab:0c:6a:da:53:d2:a4:76:fc:e6:5c:67:84:e1:62:c3:14:68:
         58:1f:15:db:57:7a:81:17:f5:e0:f2:0b:8a:b6:c1:04:00:c4:
         51:27:57:4f:f0:8a:f0:07:75:ef:9f:7d:2b:8d:86:34:ff:f9:
         9e:42:d1:43:d7:57:bf:5d:3e:d5:cb:f0:70:dd:40:26:71:00:
         e8:9d:7d:f6:72:32:9d:1f:44:70:63:9b:88:6d:e8:dd:9d:79:
         a0:81:d1:cd:ad:c2:23:8a:82:50:fb:aa:e1:85:6a:9b:da:30:
         00:27:de:a3:4a:f4:11:ba:95:b4:03:50:d8:74:a1:8d:ae:c6:
         c0:34:69:bd:58:ae:04:c0:9e:78:00:88:ad:fe:8f:a9:82:f6:
         5f:3f:4b:ea:13:fc:71:d9:f0:3b:e1:90:fc:b4:0f:83:aa:ee:
         77:c0:85:3b:d7:b3:a3:ef:25:c6:7c:ea:33:3c:c6:88:5e:19:
         c5:ee:f1:9a
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgISAZE9zRYrByBRHgHq3kbke6VbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwODEwMTkzODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWUyYWMyZTNhMGM5YmYxZWUyNmMxNjNhNzBjZjY2NjE5MmY3YjJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDAh99/rXymkaGBOHuqQjtY7O+I3
KoSYLXANpkLgrS35gU910vmig7TJgy3g6ioUAm3r90zhDod7BNVj9ABpt/zrqgKu
eKUCpp1DGCP4Xyj8hNBeNJNAGYZOJDiBW7LwQD/fUqU6Qyf6QpgcWhtzxt4dPNG6
VKybt1EPz8ZxIosecIwkHG2f83xlSLrpa1HEe/ACbJrOtlYdOgQNs7g8GBDCIKDF
8C0hqkvExQI/eFUjAuLAi2ih+jSD8Khw2Jhl2QVsdp8uAJbBX1dAjSNLRJnrE3ID
IbfPr4fUjQTJmTuGfVnuYiPqaovxbbypzux9gDfGRRDA9ButnScncLgGoQIDAQAB
o4ICmzCCApcwHQYDVR0OBBYEFErirC46DJvx7ibBY6cM9mYZL3svMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2IwYzc1
ZGY5LTViOTItNDhjMC1iYmRhLWE0M2JkMTllZjdkMy8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYjBj
NzVkZjktNWI5Mi00OGMwLWJiZGEtYTQzYmQxOWVmN2QzLzAvNEFFMkFDMkUzQTBD
OUJGMUVFMjZDMTYzQTcwQ0Y2NjYxOTJGN0IyRi5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAaBggrBgEFBQcBCAEB/wQLMAmgBzAFAgMDRxkw
DQYJKoZIhvcNAQELBQADggEBAHkDTpAtR3ta9bYmDY5FIvybKCTcb1LoMf7p/wqJ
x3SgRULUarmRAywdLPahpbkxooZ4KUWcOblNrC57RauTI8irjs8hzggq36sMatpT
0qR2/OZcZ4ThYsMUaFgfFdtXeoEX9eDyC4q2wQQAxFEnV0/wivAHde+ffSuNhjT/
+Z5C0UPXV79dPtXL8HDdQCZxAOidffZyMp0fRHBjm4ht6N2deaCB0c2twiOKglD7
quGFapvaMAAn3qNK9BG6lbQDUNh0oY2uxsA0ab1YrgTAnngAiK3+j6mC9l8/S+oT
/HHZ8DvhkPy0D4Oq7nfAhTvXs6PvJcZ86jM8xoheGcXu8Zo=
-----END CERTIFICATE-----