Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/VICpFlHjeO69hx0K3WleZ3v1DS4.cer
File:                     VICpFlHjeO69hx0K3WleZ3v1DS4.cer (raw, json)
Hash identifier:          3bQKBGbJowuBBO2N0HcRkN72lWXm0DpRNRq1XNESzN0=
Subject key identifier:   54:80:A9:16:51:E3:78:EE:BD:87:1D:0A:DD:69:5E:67:7B:F5:0D:2E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CCA2A83F6D6DB55F1FA71AE9A12385F54
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/55/c12b1f-b419-4f7e-94d4-c9a5cd9c144d/1/VICpFlHjeO69hx0K3WleZ3v1DS4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/55/c12b1f-b419-4f7e-94d4-c9a5cd9c144d/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 12:33:53 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 213037

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:83:f6:d6:db:55:f1:fa:71:ae:9a:12:38:5f:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 12:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5480a91651e378eebd871d0add695e677bf50d2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fa:8c:98:c1:e0:ed:27:8e:6b:79:88:6f:82:
                    4d:6d:f9:28:73:d0:fe:e2:65:85:e0:92:18:7f:17:
                    74:e6:d7:12:d2:de:a3:53:b5:00:b1:52:84:2a:c4:
                    92:7e:15:d3:e9:dd:84:ee:ab:1f:de:04:db:36:97:
                    41:85:79:39:e1:80:25:5d:55:c8:56:35:a4:4a:94:
                    16:96:7a:81:f6:c1:8d:5b:a0:38:d4:ec:e6:4b:83:
                    51:8d:89:71:8b:a6:9e:07:2b:ce:e5:a0:9d:fc:a9:
                    a1:69:ad:5b:17:9d:9b:11:51:c5:88:54:04:3c:0a:
                    c4:99:a5:e6:61:9b:cc:53:20:e7:4c:7c:7c:fd:58:
                    29:24:78:d6:ff:c3:92:c4:4a:8b:f4:be:4d:13:d0:
                    6e:6d:52:e3:98:ed:66:1f:ee:12:ad:28:85:d8:93:
                    f0:23:8b:8f:ca:76:fe:6c:ae:09:e9:9f:15:93:e7:
                    88:91:78:a0:8e:d3:bb:84:94:ef:1f:f1:e2:88:04:
                    f8:9d:a7:03:d5:6c:bd:2c:b3:27:56:86:57:0d:60:
                    3d:1b:25:dc:99:df:99:0b:af:78:77:f7:5d:ff:55:
                    64:cf:9d:91:ed:d2:7e:82:0d:2e:95:e6:2e:df:d1:
                    a6:dd:76:eb:e4:34:f4:02:d2:5a:6d:26:0f:4f:7c:
                    10:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:80:A9:16:51:E3:78:EE:BD:87:1D:0A:DD:69:5E:67:7B:F5:0D:2E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/c12b1f-b419-4f7e-94d4-c9a5cd9c144d/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/c12b1f-b419-4f7e-94d4-c9a5cd9c144d/1/VICpFlHjeO69hx0K3WleZ3v1DS4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213037

    Signature Algorithm: sha256WithRSAEncryption
         40:d2:64:90:15:03:4b:9d:d5:6a:5b:cd:cf:1b:31:2e:c7:2c:
         6f:f9:12:e4:3a:ba:3f:73:de:8b:99:cc:2c:3a:f7:1c:2e:d4:
         88:f5:cf:21:a4:b3:c0:46:d5:87:df:73:49:78:c9:86:d1:dc:
         bd:a6:73:7d:44:2a:2a:18:a4:84:66:41:4b:8e:22:12:ab:32:
         14:ed:21:62:ce:df:7b:57:31:0e:a7:ed:ba:5f:f1:85:cb:a7:
         3c:8b:d0:01:d1:c4:63:e8:24:e2:49:94:29:71:42:6f:db:7b:
         f1:9c:bc:87:b2:78:af:ad:dc:7f:b1:bb:1d:94:5b:42:7d:4f:
         7b:3a:1b:ac:ad:3a:d0:6b:64:fc:13:fc:e8:4f:94:7e:bb:58:
         4e:6d:10:b7:e7:da:79:e3:a7:c9:49:42:44:25:7e:aa:c0:5e:
         46:ed:6e:15:ca:bf:7e:e8:88:0f:70:89:a5:66:ba:1a:8a:1c:
         f7:e7:91:a6:d7:6d:e1:28:d8:11:be:0a:79:8d:27:77:95:15:
         d0:91:60:b2:09:3e:ff:36:da:e8:a6:6a:17:e5:b6:98:37:0c:
         e3:4b:03:e2:38:d3:60:5a:3c:52:0a:08:6d:8a:53:1a:4d:be:
         b0:12:dd:d0:57:1d:24:6e:01:49:88:7a:ba:a9:e2:f0:fc:2a:
         5e:cc:5f:99
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAYzKKoP21ttV8fpxrpoSOF9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMTIzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDgwYTkxNjUxZTM3OGVlYmQ4NzFkMGFkZDY5NWU2NzdiZjUwZDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPqMmMHg7SeOa3mIb4JNbfkoc9D+
4mWF4JIYfxd05tcS0t6jU7UAsVKEKsSSfhXT6d2E7qsf3gTbNpdBhXk54YAlXVXI
VjWkSpQWlnqB9sGNW6A41OzmS4NRjYlxi6aeByvO5aCd/Kmhaa1bF52bEVHFiFQE
PArEmaXmYZvMUyDnTHx8/VgpJHjW/8OSxEqL9L5NE9BubVLjmO1mH+4SrSiF2JPw
I4uPynb+bK4J6Z8Vk+eIkXigjtO7hJTvH/HiiAT4nacD1Wy9LLMnVoZXDWA9GyXc
md+ZC694d/dd/1Vkz52R7dJ+gg0uleYu39Gm3Xbr5DT0AtJabSYPT3wQjQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFFSAqRZR43juvYcdCt1pXmd79Q0uMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzU1L2MxMmIx
Zi1iNDE5LTRmN2UtOTRkNC1jOWE1Y2Q5YzE0NGQvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTUvYzEyYjFm
LWI0MTktNGY3ZS05NGQ0LWM5YTVjZDljMTQ0ZC8xL1ZJQ3BGbEhqZU82OWh4MEsz
V2xlWjN2MURTNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNALTANBgkqhkiG9w0BAQsFAAOCAQEAQNJkkBUDS53V
alvNzxsxLscsb/kS5Dq6P3Pei5nMLDr3HC7UiPXPIaSzwEbVh99zSXjJhtHcvaZz
fUQqKhikhGZBS44iEqsyFO0hYs7fe1cxDqftul/xhcunPIvQAdHEY+gk4kmUKXFC
b9t78Zy8h7J4r63cf7G7HZRbQn1PezobrK060Gtk/BP86E+UfrtYTm0Qt+faeeOn
yUlCRCV+qsBeRu1uFcq/fuiID3CJpWa6Gooc9+eRptdt4SjYEb4KeY0nd5UV0JFg
sgk+/zba6KZqF+W2mDcM40sD4jjTYFo8UgoIbYpTGk2+sBLd0FcdJG4BSYh6uqni
8PwqXsxfmQ==
-----END CERTIFICATE-----