Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Z4ZEd_6Ui_R7kXlxjDaY7v9YER0.cer
File:                     Z4ZEd_6Ui_R7kXlxjDaY7v9YER0.cer (raw, json)
Hash identifier:          4JuvYgkxXPYrvVlAfTAC8yBTZC/RvxD10yIS4glEOpI=
Subject key identifier:   67:86:44:77:FE:94:8B:F4:7B:91:79:71:8C:36:98:EE:FF:58:11:1D
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC86F61DCA1D6316AE3E03A95035A3E39
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/41/5b961b-bc25-493c-af38-834ae47ad47b/1/Z4ZEd_6Ui_R7kXlxjDaY7v9YER0.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/41/5b961b-bc25-493c-af38-834ae47ad47b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 04:29:51 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    AS: 208895
                          IP: 45.143.116.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:61:dc:a1:d6:31:6a:e3:e0:3a:95:03:5a:3e:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 04:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67864477fe948bf47b9179718c3698eeff58111d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:e6:26:cb:f6:28:23:86:04:99:6f:ed:7f:bf:
                    77:55:04:b3:a0:5a:56:e2:59:24:ed:27:bb:99:e2:
                    f2:1e:91:53:bd:87:da:fa:60:c9:93:14:cd:5e:30:
                    6c:c9:f3:df:6d:5e:a2:0c:07:d2:54:9d:85:1d:23:
                    4a:a4:ab:25:d8:af:e2:de:a3:27:e1:2a:93:13:62:
                    0b:db:a9:8a:3c:98:92:3e:16:e3:da:65:e0:1d:86:
                    57:62:fe:12:f9:82:70:58:71:a3:71:66:93:f4:8d:
                    97:66:29:52:b1:57:b2:46:45:f2:9f:cf:a0:25:ed:
                    5c:ee:f2:e0:cb:60:eb:08:63:38:7f:8f:4d:15:a7:
                    ff:a4:89:e4:1a:e0:a4:80:52:d8:9a:d8:0d:96:d7:
                    79:8f:94:84:f8:fc:52:9f:10:31:65:b8:c6:26:69:
                    7f:09:cd:23:86:77:0c:ff:7f:8d:90:d7:5e:38:16:
                    45:50:2a:b5:98:5e:1d:79:fe:c2:80:d3:12:f0:58:
                    d9:3a:17:a8:a4:79:02:a9:01:4b:42:41:fb:02:6a:
                    96:f3:88:6c:ff:59:db:61:55:de:93:ce:a9:74:56:
                    53:e2:10:9b:17:2c:e1:7f:ee:fc:11:ac:71:40:e8:
                    63:e1:ab:80:49:be:f9:38:6f:88:82:45:cf:28:b6:
                    83:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:86:44:77:FE:94:8B:F4:7B:91:79:71:8C:36:98:EE:FF:58:11:1D
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/5b961b-bc25-493c-af38-834ae47ad47b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/5b961b-bc25-493c-af38-834ae47ad47b/1/Z4ZEd_6Ui_R7kXlxjDaY7v9YER0.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.116.0/22

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  208895

    Signature Algorithm: sha256WithRSAEncryption
         9c:d5:52:46:49:d6:9c:90:55:c6:e2:c2:73:88:39:08:2c:49:
         44:7f:26:77:54:22:e3:0c:e6:8e:9f:b9:43:b2:fa:53:ec:be:
         c3:bc:a3:15:76:94:c2:15:16:bf:03:61:83:1f:aa:e9:dc:fc:
         67:97:aa:dd:8d:d6:22:49:6e:ad:ca:61:f2:f5:2e:56:37:8f:
         cc:61:aa:79:a1:fd:5c:8c:4d:9b:2e:76:31:3a:aa:88:22:71:
         d5:c6:f6:ab:97:0d:77:f2:07:d2:25:d3:54:6e:10:ec:63:46:
         5e:0c:c8:74:00:92:78:41:8f:6f:90:77:82:24:24:f6:5e:31:
         70:89:df:23:24:34:c4:03:b9:aa:2c:0e:cd:45:ba:95:94:1b:
         ec:c8:bc:74:b8:d0:fc:9d:aa:51:93:c6:39:4a:00:4c:d8:c9:
         59:2d:3c:3d:a7:9b:52:ae:53:71:34:0e:6c:b9:27:c5:8d:e9:
         0f:c3:c9:ef:fe:6d:e0:04:e6:86:d6:3d:2c:42:dc:6e:1e:1c:
         38:9d:dd:33:25:bd:96:52:0e:da:c4:7c:d5:a8:1c:cd:98:0c:
         db:02:13:c7:59:9c:14:05:a0:51:89:9e:eb:00:f7:1e:7f:72:
         64:41:e6:6c:b0:30:e0:fe:27:e2:c8:a1:9d:db:68:e3:46:73:
         0d:40:5e:f1
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAYzIb2HcodYxauPgOpUDWj45MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDQyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Nzg2NDQ3N2ZlOTQ4YmY0N2I5MTc5NzE4YzM2OThlZWZmNTgxMTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6eYmy/YoI4YEmW/tf793VQSzoFpW
4lkk7Se7meLyHpFTvYfa+mDJkxTNXjBsyfPfbV6iDAfSVJ2FHSNKpKsl2K/i3qMn
4SqTE2IL26mKPJiSPhbj2mXgHYZXYv4S+YJwWHGjcWaT9I2XZilSsVeyRkXyn8+g
Je1c7vLgy2DrCGM4f49NFaf/pInkGuCkgFLYmtgNltd5j5SE+PxSnxAxZbjGJml/
Cc0jhncM/3+NkNdeOBZFUCq1mF4def7CgNMS8FjZOheopHkCqQFLQkH7AmqW84hs
/1nbYVXek86pdFZT4hCbFyzhf+78EaxxQOhj4auASb75OG+IgkXPKLaDHwIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGeGRHf+lIv0e5F5cYw2mO7/WBEdMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzQxLzViOTYx
Yi1iYzI1LTQ5M2MtYWYzOC04MzRhZTQ3YWQ0N2IvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEvNWI5NjFi
LWJjMjUtNDkzYy1hZjM4LTgzNGFlNDdhZDQ3Yi8xL1o0WkVkXzZVaV9SN2tYbHhq
RGFZN3Y5WUVSMC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQCLY90MBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMv/zANBgkqhkiG9w0BAQsFAAOCAQEAnNVSRknWnJBVxuLCc4g5CCxJRH8md1Qi
4wzmjp+5Q7L6U+y+w7yjFXaUwhUWvwNhgx+q6dz8Z5eq3Y3WIklurcph8vUuVjeP
zGGqeaH9XIxNmy52MTqqiCJx1cb2q5cNd/IH0iXTVG4Q7GNGXgzIdACSeEGPb5B3
giQk9l4xcInfIyQ0xAO5qiwOzUW6lZQb7Mi8dLjQ/J2qUZPGOUoATNjJWS08Paeb
Uq5TcTQObLknxY3pD8PJ7/5t4ATmhtY9LELcbh4cOJ3dMyW9llIO2sR81agczZgM
2wITx1mcFAWgUYme6wD3Hn9yZEHmbLAw4P4n4sihndto40ZzDUBe8Q==
-----END CERTIFICATE-----