Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/XRW9qM6YfX5Kqxw1UXjcoz47jqQ.cer
File:                     XRW9qM6YfX5Kqxw1UXjcoz47jqQ.cer (raw, json)
Hash identifier:          cIUnU12Dn/LavHllZc1HdKfy0tPmEbUCRONaEM5NFT0=
Subject key identifier:   5D:15:BD:A8:CE:98:7D:7E:4A:AB:1C:35:51:78:DC:A3:3E:3B:8E:A4
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018E095B037D47872A62621034B070C47BE7
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/df/123926-104f-46d1-b33f-bba3c8cb0f7a/1/XRW9qM6YfX5Kqxw1UXjcoz47jqQ.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/df/123926-104f-46d1-b33f-bba3c8cb0f7a/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 04 Mar 2024 12:05:43 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 215386

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:09:5b:03:7d:47:87:2a:62:62:10:34:b0:70:c4:7b:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Mar  4 12:05:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5d15bda8ce987d7e4aab1c355178dca33e3b8ea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fd:04:21:e7:31:5c:b1:69:ff:70:cd:6d:c2:
                    62:4e:8d:6a:8d:61:76:b2:59:23:fa:68:c4:ca:e2:
                    96:04:c4:6c:bd:d8:88:c0:8c:23:2a:f3:fa:be:51:
                    23:92:42:99:cd:55:71:9a:2f:99:3e:66:a2:b0:98:
                    58:8d:ef:dd:16:33:3b:a6:43:2d:b4:fb:c5:33:01:
                    d1:dd:99:6f:72:32:39:ae:a0:2e:64:cf:88:01:70:
                    d8:b5:88:dd:77:bc:86:10:8d:06:70:db:96:67:3e:
                    d2:be:5d:c2:5b:1c:8c:c4:b5:02:2f:9e:02:c1:d8:
                    a7:33:bc:25:fd:a8:4d:cc:17:f6:66:65:fc:7a:1a:
                    52:07:06:c2:e2:39:76:0b:94:a1:87:67:d6:c0:13:
                    8c:36:5e:f1:c4:ce:a5:a4:29:54:b5:6c:31:32:7c:
                    f1:4e:47:37:73:1d:a2:cb:44:5b:6f:85:de:30:70:
                    94:c4:e8:ee:2e:99:5e:99:26:29:16:3d:c7:05:39:
                    e5:e3:4a:d6:f9:5e:c2:3e:9a:70:68:fd:02:98:42:
                    03:5b:0b:bc:62:f0:65:f3:1e:bb:aa:3e:9a:01:fc:
                    43:cb:d4:e4:04:13:8d:d8:f0:8a:8a:60:00:26:dc:
                    10:91:46:ed:c4:42:49:5f:61:9b:1f:62:ff:44:c2:
                    79:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:15:BD:A8:CE:98:7D:7E:4A:AB:1C:35:51:78:DC:A3:3E:3B:8E:A4
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/123926-104f-46d1-b33f-bba3c8cb0f7a/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/123926-104f-46d1-b33f-bba3c8cb0f7a/1/XRW9qM6YfX5Kqxw1UXjcoz47jqQ.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  215386

    Signature Algorithm: sha256WithRSAEncryption
         2c:20:c0:f1:1e:b9:4e:f8:d5:e5:4d:0e:c2:b4:ad:f9:fd:bf:
         c1:59:c7:c6:c2:07:9e:c1:b4:2d:b3:8d:e6:cf:09:67:39:01:
         e5:78:3f:2b:eb:7d:fb:b0:45:6e:07:73:28:4b:3a:ad:64:21:
         1f:ad:4f:db:d4:f8:73:61:1d:da:7c:ac:f6:e8:26:a6:9b:c0:
         76:69:6d:3a:e3:cc:d5:db:f9:de:8d:21:0e:82:b6:b3:6d:6f:
         46:8d:24:51:d0:1d:33:fe:bd:ee:e0:f0:2a:c7:a6:f8:19:ab:
         02:71:ba:81:c7:ec:fb:18:9f:d0:69:5a:f8:c1:4f:2a:e1:ae:
         05:0c:2a:eb:91:07:52:d0:74:9e:cd:99:0f:fc:6f:06:ad:72:
         05:8d:b2:7f:0b:97:19:ed:c2:b2:be:dc:2f:04:17:30:2e:dd:
         1c:a6:bb:a1:70:fc:14:5e:8e:4c:c0:72:8c:b5:0e:8f:9b:61:
         34:13:0b:b9:b3:32:bb:3a:33:ec:88:5e:48:8c:48:0c:73:7f:
         51:dc:0f:47:38:79:42:39:90:55:b4:f9:ad:d0:ef:04:7a:ca:
         d4:af:7d:4f:b6:85:a4:22:93:fc:75:cb:61:97:5a:71:8a:44:
         e6:9f:2c:03:9f:87:a6:88:d6:75:7d:eb:25:1b:ee:c8:45:52:
         fa:24:92:5a
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAY4JWwN9R4cqYmIQNLBwxHvnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMzA0MTIwNTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDE1YmRhOGNlOTg3ZDdlNGFhYjFjMzU1MTc4ZGNhMzNlM2I4ZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP0EIecxXLFp/3DNbcJiTo1qjWF2
slkj+mjEyuKWBMRsvdiIwIwjKvP6vlEjkkKZzVVxmi+ZPmaisJhYje/dFjM7pkMt
tPvFMwHR3ZlvcjI5rqAuZM+IAXDYtYjdd7yGEI0GcNuWZz7Svl3CWxyMxLUCL54C
wdinM7wl/ahNzBf2ZmX8ehpSBwbC4jl2C5Shh2fWwBOMNl7xxM6lpClUtWwxMnzx
Tkc3cx2iy0Rbb4XeMHCUxOjuLplemSYpFj3HBTnl40rW+V7CPppwaP0CmEIDWwu8
YvBl8x67qj6aAfxDy9TkBBON2PCKimAAJtwQkUbtxEJJX2GbH2L/RMJ5kQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFF0VvajOmH1+SqscNVF43KM+O46kMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2RmLzEyMzky
Ni0xMDRmLTQ2ZDEtYjMzZi1iYmEzYzhjYjBmN2EvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGYvMTIzOTI2
LTEwNGYtNDZkMS1iMzNmLWJiYTNjOGNiMGY3YS8xL1hSVzlxTTZZZlg1S3F4dzFV
WGpjb3o0N2pxUS5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNJWjANBgkqhkiG9w0BAQsFAAOCAQEALCDA8R65TvjV
5U0OwrSt+f2/wVnHxsIHnsG0LbON5s8JZzkB5Xg/K+t9+7BFbgdzKEs6rWQhH61P
29T4c2Ed2nys9ugmppvAdmltOuPM1dv53o0hDoK2s21vRo0kUdAdM/697uDwKsem
+BmrAnG6gcfs+xif0Gla+MFPKuGuBQwq65EHUtB0ns2ZD/xvBq1yBY2yfwuXGe3C
sr7cLwQXMC7dHKa7oXD8FF6OTMByjLUOj5thNBMLubMyuzoz7IheSIxIDHN/UdwP
Rzh5QjmQVbT5rdDvBHrK1K99T7aFpCKT/HXLYZdacYpE5p8sA5+HpojWdX3rJRvu
yEVS+iSSWg==
-----END CERTIFICATE-----