Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/UaDZglED2dpHYe-pGmDqLKdY0AM.cer
File:                     UaDZglED2dpHYe-pGmDqLKdY0AM.cer (raw, json)
Hash identifier:          Z7qZ2KrCZjyhiEP7yqps91/52ghNRsPtG7BT0G9ua0E=
Subject key identifier:   51:A0:D9:82:51:03:D9:DA:47:61:EF:A9:1A:60:EA:2C:A7:58:D0:03
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       0194221FE7BCD0E50545688AA1FCE052B050
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e4/b4f49b-75e5-4864-908e-6a3df01a3236/1/UaDZglED2dpHYe-pGmDqLKdY0AM.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e4/b4f49b-75e5-4864-908e-6a3df01a3236/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 13:48:23 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    IP: 45.156.96.0/22
                          IP: 2a0f:1c80::/29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e7:bc:d0:e5:05:45:68:8a:a1:fc:e0:52:b0:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 13:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51a0d9825103d9da4761efa91a60ea2ca758d003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:6e:c8:b2:da:30:4c:98:1a:08:f7:52:53:e0:
                    de:15:c2:47:88:d1:a8:2a:91:4a:04:5c:84:28:30:
                    01:3d:19:cd:31:3d:45:e2:20:bc:48:c1:74:fd:50:
                    2e:2d:cd:ee:0c:52:df:80:e8:1d:e6:81:77:95:ee:
                    18:b2:da:5f:b9:1c:b8:3f:c0:f5:1e:31:11:6b:14:
                    09:cd:63:84:36:24:4f:10:72:32:c4:42:19:20:00:
                    a2:02:70:e6:f4:bc:5a:7e:89:4e:f4:c9:77:69:c1:
                    8d:4a:85:f2:22:4e:ca:a7:a2:67:d6:b7:9f:a4:a4:
                    1e:4c:9b:4e:df:71:b5:c6:2b:f4:19:78:4d:6d:3f:
                    6a:f5:51:85:cf:5b:9c:69:5c:c5:ae:ea:96:89:c0:
                    93:d0:7e:93:27:11:be:78:e4:84:81:cc:e5:a9:4f:
                    8a:28:f5:26:98:0e:29:ce:23:35:8e:30:7c:02:7b:
                    95:94:1f:44:be:5c:2c:ae:2e:62:62:29:3a:f4:63:
                    d1:60:6e:ba:92:30:11:9e:d2:77:84:58:0b:2e:83:
                    ab:45:38:95:6b:51:5f:3b:b2:0a:e5:e1:a9:90:70:
                    e7:06:3d:e4:d6:16:25:8b:1a:ed:44:04:8b:f0:6b:
                    7d:6b:a4:f2:48:ec:15:df:e9:38:7f:ea:af:15:69:
                    7d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:A0:D9:82:51:03:D9:DA:47:61:EF:A9:1A:60:EA:2C:A7:58:D0:03
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b4f49b-75e5-4864-908e-6a3df01a3236/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b4f49b-75e5-4864-908e-6a3df01a3236/1/UaDZglED2dpHYe-pGmDqLKdY0AM.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.96.0/22
                IPv6:
                  2a0f:1c80::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:d6:da:3c:48:28:a4:b3:c6:87:40:92:f0:8b:1a:0f:61:6e:
         2c:ee:60:01:71:c1:4d:7f:44:fb:29:39:1c:3d:17:eb:e0:a0:
         dd:fc:f4:a2:eb:59:a6:df:31:75:09:08:57:43:ca:43:45:59:
         ea:3c:7c:22:15:a7:16:26:3c:0b:6a:33:c6:8d:5e:6a:7a:a5:
         81:92:d5:e3:67:dc:23:74:22:64:7a:c1:9a:1d:59:14:5f:ac:
         19:b3:b7:0a:55:86:10:fa:e2:0e:5c:09:d6:8b:bb:29:ca:47:
         8e:4d:38:f5:0f:c4:f1:06:2b:79:88:f1:cf:05:19:b5:2a:d2:
         ae:58:17:e1:67:83:ac:f6:22:cc:3b:c6:41:b1:ef:f8:21:1f:
         4c:07:e2:3b:f3:aa:00:ae:2d:f4:e7:cd:5f:76:82:e3:d1:ba:
         f1:f8:ea:db:7a:ec:5b:6c:94:db:f7:3d:d4:ac:c4:41:35:80:
         89:18:a0:01:99:0d:ce:3f:70:26:a5:41:8f:ab:0d:f5:b5:84:
         f7:29:0b:e6:e8:7f:c9:ee:bd:be:d1:e1:f9:d8:12:7e:7f:3e:
         87:6e:81:fa:3d:5b:f4:91:1f:85:50:70:46:db:c9:96:6d:2f:
         08:ae:f9:39:fb:a1:fa:47:40:a7:4d:16:c3:64:77:b8:a2:f2:
         b6:6e:fe:7f
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQiH+e80OUFRWiKofzgUrBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMTM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWEwZDk4MjUxMDNkOWRhNDc2MWVmYTkxYTYwZWEyY2E3NThkMDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA427IstowTJgaCPdSU+DeFcJHiNGo
KpFKBFyEKDABPRnNMT1F4iC8SMF0/VAuLc3uDFLfgOgd5oF3le4YstpfuRy4P8D1
HjERaxQJzWOENiRPEHIyxEIZIACiAnDm9LxafolO9Ml3acGNSoXyIk7Kp6Jn1ref
pKQeTJtO33G1xiv0GXhNbT9q9VGFz1ucaVzFruqWicCT0H6TJxG+eOSEgczlqU+K
KPUmmA4pziM1jjB8AnuVlB9Evlwsri5iYik69GPRYG66kjARntJ3hFgLLoOrRTiV
a1FfO7IK5eGpkHDnBj3k1hYlixrtRASL8Gt9a6TySOwV3+k4f+qvFWl90QIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFFGg2YJRA9naR2HvqRpg6iynWNADMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U0L2I0ZjQ5
Yi03NWU1LTQ4NjQtOTA4ZS02YTNkZjAxYTMyMzYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQvYjRmNDli
LTc1ZTUtNDg2NC05MDhlLTZhM2RmMDFhMzIzNi8xL1VhRFpnbEVEMmRwSFllLXBH
bURxTEtkWTBBTS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCLZxgMA0EAgACMAcDBQMqDxyAMA0GCSqGSIb3
DQEBCwUAA4IBAQCD1to8SCiks8aHQJLwixoPYW4s7mABccFNf0T7KTkcPRfr4KDd
/PSi61mm3zF1CQhXQ8pDRVnqPHwiFacWJjwLajPGjV5qeqWBktXjZ9wjdCJkesGa
HVkUX6wZs7cKVYYQ+uIOXAnWi7spykeOTTj1D8TxBit5iPHPBRm1KtKuWBfhZ4Os
9iLMO8ZBse/4IR9MB+I786oAri30581fdoLj0brx+OrbeuxbbJTb9z3UrMRBNYCJ
GKABmQ3OP3AmpUGPqw31tYT3KQvm6H/J7r2+0eH52BJ+fz6HboH6PVv0kR+FUHBG
28mWbS8Irvk5+6H6R0CnTRbDZHe4ovK2bv5/
-----END CERTIFICATE-----