Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/T03WDaNaCp-6RA_USmHl0n19zrE.cer
File:                     T03WDaNaCp-6RA_USmHl0n19zrE.cer (raw, json)
Hash identifier:          qMrf4KWW/jJ5coyaXFwK04xlR7LuYtcLFN2+U4jyEbs=
Subject key identifier:   4F:4D:D6:0D:A3:5A:0A:9F:BA:44:0F:D4:4A:61:E5:D2:7D:7D:CE:B1
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC726410C6A1F81A99544CA4AE3E8EC69
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rsync.paas.rpki.ripe.net/repository/83711608-b3d2-469e-9ab5-68b1cbf9be25/0/4F4DD60DA35A0A9FBA440FD44A61E5D27D7DCEB1.mft
caRepository:             rsync://rsync.paas.rpki.ripe.net/repository/83711608-b3d2-469e-9ab5-68b1cbf9be25/0/
Notify URL:               https://rrdp.paas.rpki.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 22:30:22 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 31.24.253.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:41:0c:6a:1f:81:a9:95:44:ca:4a:e3:e8:ec:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 22:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f4dd60da35a0a9fba440fd44a61e5d27d7dceb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:64:a5:b6:68:51:6e:2a:44:6b:8e:61:6d:20:
                    cd:75:1c:f7:39:b3:18:96:47:0e:62:34:b4:cc:f2:
                    27:e6:f2:9d:f0:72:d9:05:af:a1:73:85:92:c5:c3:
                    ca:f9:e2:ac:aa:3b:27:09:22:81:63:50:18:44:8b:
                    03:02:48:20:dd:eb:ba:86:21:16:c0:d2:9e:88:08:
                    6f:65:00:b2:f0:d3:21:28:fa:ea:a0:0d:df:28:d5:
                    29:52:8f:d4:46:d1:41:9a:59:43:ef:de:05:5d:24:
                    76:51:ed:69:13:18:5d:0f:8c:51:21:d7:ea:e0:b6:
                    13:1e:cb:59:95:b6:b3:83:e6:03:a2:34:36:c3:f6:
                    15:2b:61:8e:13:51:ec:0b:88:3f:aa:92:26:8b:60:
                    cb:1a:cb:a2:e8:15:fb:00:1e:31:ae:d5:ee:e5:19:
                    63:e9:1e:5c:23:0e:f7:20:8d:3c:d3:8f:b3:f9:30:
                    5b:6b:a9:0a:8a:3d:f4:f8:bd:41:53:54:1a:b8:df:
                    8c:ae:33:9e:b3:bc:ea:a5:95:cd:d1:a2:59:46:03:
                    06:0a:17:cc:7b:bc:30:4a:da:36:28:f3:ba:48:9d:
                    66:13:cc:e0:aa:a4:20:27:cc:c2:c4:4f:f9:0f:f9:
                    34:d8:e7:b2:b1:50:76:5d:8e:55:86:1b:e1:a7:bf:
                    a7:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:4D:D6:0D:A3:5A:0A:9F:BA:44:0F:D4:4A:61:E5:D2:7D:7D:CE:B1
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rsync.paas.rpki.ripe.net/repository/83711608-b3d2-469e-9ab5-68b1cbf9be25/0/
                RPKI Manifest - URI:rsync://rsync.paas.rpki.ripe.net/repository/83711608-b3d2-469e-9ab5-68b1cbf9be25/0/4F4DD60DA35A0A9FBA440FD44A61E5D27D7DCEB1.mft
                RPKI Notify - URI:https://rrdp.paas.rpki.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.24.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:ca:c8:2e:98:b4:a8:dc:01:a6:fb:9d:78:5f:81:0d:12:15:
         93:8b:07:37:ae:03:53:9e:53:55:af:16:3c:32:7b:79:45:93:
         f2:df:80:b9:4d:61:73:a8:9f:2e:78:9c:25:d4:fd:ff:8e:1a:
         ce:8a:52:7b:2a:ec:2f:16:1c:ce:8c:73:94:3c:ee:f5:8a:5e:
         fe:1c:a3:5c:67:9c:ea:c0:7e:e1:bf:8b:3e:41:83:62:8d:33:
         60:99:e9:9a:e0:e9:51:ae:b2:eb:2e:1b:63:ca:e3:f0:b9:fa:
         50:21:0a:d2:d6:9d:b1:d9:12:e5:05:a1:7f:2e:10:5a:f0:30:
         02:11:05:34:26:ac:01:97:a6:40:71:81:38:51:5b:65:0e:64:
         a1:9c:b2:2f:84:c1:59:d8:9b:bd:bf:90:97:bf:f0:27:34:39:
         ec:16:52:96:8f:d7:53:dd:13:da:5a:7c:84:96:48:81:fe:a6:
         93:df:fb:d4:41:18:d4:13:85:cf:98:ee:cd:88:6c:42:d3:fe:
         0b:e8:a7:b8:55:3a:9c:06:1b:ea:b3:90:40:ce:cf:fe:56:64:
         ea:9f:ac:12:4d:78:4c:e1:7b:58:71:b3:3e:63:fc:e5:c5:58:
         53:98:2b:aa:6d:44:49:4f:5b:79:4e:6f:ef:4d:6e:87:a0:ec:
         ec:d1:3c:1f
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzHJkEMah+BqZVEykrj6OxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMjIzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjRkZDYwZGEzNWEwYTlmYmE0NDBmZDQ0YTYxZTVkMjdkN2RjZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WSltmhRbipEa45hbSDNdRz3ObMY
lkcOYjS0zPIn5vKd8HLZBa+hc4WSxcPK+eKsqjsnCSKBY1AYRIsDAkgg3eu6hiEW
wNKeiAhvZQCy8NMhKPrqoA3fKNUpUo/URtFBmllD794FXSR2Ue1pExhdD4xRIdfq
4LYTHstZlbazg+YDojQ2w/YVK2GOE1HsC4g/qpImi2DLGsui6BX7AB4xrtXu5Rlj
6R5cIw73II0804+z+TBba6kKij30+L1BU1QauN+MrjOes7zqpZXN0aJZRgMGChfM
e7wwSto2KPO6SJ1mE8zgqqQgJ8zCxE/5D/k02OeysVB2XY5Vhhvhp7+nXwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFE9N1g2jWgqfukQP1Eph5dJ9fc6xMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggE/BggrBgEFBQcBCwSCATEwggEtMF8GCCsGAQUFBzAFhlNy
c3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzgzNzEx
NjA4LWIzZDItNDY5ZS05YWI1LTY4YjFjYmY5YmUyNS8wLzCBiwYIKwYBBQUHMAqG
f3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvODM3
MTE2MDgtYjNkMi00NjllLTlhYjUtNjhiMWNiZjliZTI1LzAvNEY0REQ2MERBMzVB
MEE5RkJBNDQwRkQ0NEE2MUU1RDI3RDdEQ0VCMS5tZnQwPAYIKwYBBQUHMA2GMGh0
dHBzOi8vcnJkcC5wYWFzLnJwa2kucmlwZS5uZXQvbm90aWZpY2F0aW9uLnhtbDBZ
BgNVHR8EUjBQME6gTKBKhkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxUL0twU28zVlZLNXdFSElKbkhDMlFIVlYzZDVtay5jcmwwGAYDVR0g
AQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgME
AB8Y/TANBgkqhkiG9w0BAQsFAAOCAQEAesrILpi0qNwBpvudeF+BDRIVk4sHN64D
U55TVa8WPDJ7eUWT8t+AuU1hc6ifLnicJdT9/44azopSeyrsLxYczoxzlDzu9Ype
/hyjXGec6sB+4b+LPkGDYo0zYJnpmuDpUa6y6y4bY8rj8Ln6UCEK0tadsdkS5QWh
fy4QWvAwAhEFNCasAZemQHGBOFFbZQ5koZyyL4TBWdibvb+Ql7/wJzQ57BZSlo/X
U90T2lp8hJZIgf6mk9/71EEY1BOFz5juzYhsQtP+C+inuFU6nAYb6rOQQM7P/lZk
6p+sEk14TOF7WHGzPmP85cVYU5grqm1ESU9beU5v701uh6Ds7NE8Hw==
-----END CERTIFICATE-----