Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/W3jiiHXnMAJWzM62gfCmAIc9eVI.cer
File:                     W3jiiHXnMAJWzM62gfCmAIc9eVI.cer (raw, json)
Hash identifier:          LD07IwApg9Nk7H8/cgjcYib9It5KOA2gS8hr72Wx0iQ=
Subject key identifier:   5B:78:E2:88:75:E7:30:02:56:CC:CE:B6:81:F0:A6:00:87:3D:79:52
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019420D5FA280F9A8CF24CFC6AA6822FD8D7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/77/967137-2a8b-4f40-8ca9-638e315beed9/1/W3jiiHXnMAJWzM62gfCmAIc9eVI.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/77/967137-2a8b-4f40-8ca9-638e315beed9/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 07:48:01 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 214906
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:fa:28:0f:9a:8c:f2:4c:fc:6a:a6:82:2f:d8:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 07:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b78e28875e7300256ccceb681f0a600873d7952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:51:31:c7:bf:aa:61:2a:25:f0:d1:f9:22:cd:
                    71:87:e8:8b:89:f7:36:5d:0c:71:4e:5d:ff:95:cd:
                    63:cd:17:12:bf:fc:63:c8:73:b4:2f:8f:66:2a:56:
                    e3:fa:1e:de:db:cd:7c:82:d9:43:8b:25:dd:46:e4:
                    38:61:42:41:ad:75:4f:e2:dc:fd:2f:bc:c4:27:ff:
                    5d:6e:5b:d0:69:27:78:77:87:fb:5d:38:8c:5b:e6:
                    4d:d8:ee:67:91:56:37:f1:7b:70:1c:1f:1a:89:59:
                    a0:fe:bf:5f:be:66:41:26:81:ec:62:00:2c:57:3a:
                    8e:e7:06:1a:6d:5a:bc:08:89:5a:9e:90:50:a5:e6:
                    70:ef:85:18:4f:38:cf:70:f9:b2:d7:de:71:b1:bc:
                    8e:d2:2e:fb:6f:d4:15:f7:e6:fe:f2:b2:bb:c9:b7:
                    a4:16:fe:09:6f:3d:27:5f:a9:27:73:9b:75:1b:28:
                    f3:97:e7:36:83:76:f0:cc:62:11:92:4a:0b:60:ad:
                    87:18:ef:c3:17:10:17:9c:54:ad:88:79:af:a9:da:
                    5f:56:2d:19:1b:8b:74:9c:cf:40:e8:58:af:83:9a:
                    d7:64:d2:ba:2b:57:0a:77:f3:e7:78:b7:6f:d6:be:
                    df:25:2b:56:55:b2:86:67:f5:6a:f9:75:5c:94:b2:
                    96:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:78:E2:88:75:E7:30:02:56:CC:CE:B6:81:F0:A6:00:87:3D:79:52
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/967137-2a8b-4f40-8ca9-638e315beed9/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/967137-2a8b-4f40-8ca9-638e315beed9/1/W3jiiHXnMAJWzM62gfCmAIc9eVI.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  214906

    Signature Algorithm: sha256WithRSAEncryption
         9f:58:bd:25:5f:ab:10:66:9f:c6:94:91:41:74:1e:68:a1:d8:
         8a:17:e0:08:bf:c7:c2:c4:23:d7:5b:74:97:82:f0:3a:3f:3c:
         ac:93:26:7b:5e:51:bf:5d:c0:02:11:c6:60:16:4e:0b:46:f2:
         6f:a6:04:c2:85:97:9b:8b:e3:dd:16:09:d8:54:f6:31:47:9c:
         65:23:b2:31:ca:b5:ad:c1:18:36:fa:8b:28:47:e1:17:98:da:
         84:ca:9b:73:b9:59:77:f4:9c:a3:7e:df:01:de:20:54:ee:dd:
         95:1d:3e:5e:c4:28:d8:8d:d4:71:32:44:3a:ed:f7:5f:48:d4:
         80:dd:03:3b:d0:dd:a5:ac:ff:a7:fc:3a:64:5c:1a:6a:86:a1:
         f8:c2:92:a6:e7:9f:10:1b:00:1b:01:10:da:75:b2:1a:f1:6a:
         87:c4:de:a6:cd:88:d6:a9:d3:28:00:ab:32:7c:08:51:96:2d:
         49:8a:9e:72:2e:a2:75:f9:7a:1c:cf:4d:ee:9e:ca:14:4a:1e:
         e6:a7:03:c4:e3:a3:68:c8:e8:4b:fd:44:d5:d0:69:4d:f5:a6:
         1e:f7:48:db:04:60:d8:bc:b8:c9:a4:01:38:3c:31:47:88:bc:
         5d:ee:d4:90:6d:d5:bd:a7:73:7a:b6:26:19:6e:c5:2c:59:b0:
         22:5e:0a:06
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZQg1fooD5qM8kz8aqaCL9jXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMDc0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjc4ZTI4ODc1ZTczMDAyNTZjY2NlYjY4MWYwYTYwMDg3M2Q3OTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FExx7+qYSol8NH5Is1xh+iLifc2
XQxxTl3/lc1jzRcSv/xjyHO0L49mKlbj+h7e2818gtlDiyXdRuQ4YUJBrXVP4tz9
L7zEJ/9dblvQaSd4d4f7XTiMW+ZN2O5nkVY38XtwHB8aiVmg/r9fvmZBJoHsYgAs
VzqO5wYabVq8CIlanpBQpeZw74UYTzjPcPmy195xsbyO0i77b9QV9+b+8rK7ybek
Fv4Jbz0nX6knc5t1Gyjzl+c2g3bwzGIRkkoLYK2HGO/DFxAXnFStiHmvqdpfVi0Z
G4t0nM9A6Fivg5rXZNK6K1cKd/PneLdv1r7fJStWVbKGZ/Vq+XVclLKW/QIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFFt44oh15zACVszOtoHwpgCHPXlSMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzc3Lzk2NzEz
Ny0yYThiLTRmNDAtOGNhOS02MzhlMzE1YmVlZDkvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzcvOTY3MTM3
LTJhOGItNGY0MC04Y2E5LTYzOGUzMTViZWVkOS8xL1czamlpSFhuTUFKV3pNNjJn
ZkNtQUljOWVWSS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNHejANBgkqhkiG9w0BAQsFAAOCAQEAn1i9JV+rEGaf
xpSRQXQeaKHYihfgCL/HwsQj11t0l4LwOj88rJMme15Rv13AAhHGYBZOC0byb6YE
woWXm4vj3RYJ2FT2MUecZSOyMcq1rcEYNvqLKEfhF5jahMqbc7lZd/Sco37fAd4g
VO7dlR0+XsQo2I3UcTJEOu33X0jUgN0DO9Ddpaz/p/w6ZFwaaoah+MKSpuefEBsA
GwEQ2nWyGvFqh8Teps2I1qnTKACrMnwIUZYtSYqeci6idfl6HM9N7p7KFEoe5qcD
xOOjaMjoS/1E1dBpTfWmHvdI2wRg2Ly4yaQBODwxR4i8Xe7UkG3VvadzerYmGW7F
LFmwIl4KBg==
-----END CERTIFICATE-----