Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Z4vWSQc2RsH0w7AcrKpy4gnp2v8.cer
File:                     Z4vWSQc2RsH0w7AcrKpy4gnp2v8.cer (raw, json)
Hash identifier:          5eypLV8u87DXohomc7vPT0FC43SrW5Yb3Qg624LLwpo=
Subject key identifier:   67:8B:D6:49:07:36:46:C1:F4:C3:B0:1C:AC:AA:72:E2:09:E9:DA:FF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC801B7E40690521C9C56868FCDF4523B
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/f5/bc3441-3e8f-44ed-913e-ed78cb76661c/1/Z4vWSQc2RsH0w7AcrKpy4gnp2v8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/f5/bc3441-3e8f-44ed-913e-ed78cb76661c/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Tue 02 Jan 2024 02:30:05 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 93.113.192.0/21
                          IP: 185.251.28.0/22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:b7:e4:06:90:52:1c:9c:56:86:8f:cd:f4:52:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  2 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=678bd649073646c1f4c3b01cacaa72e209e9daff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f1:42:38:99:5f:a2:8b:15:6e:05:98:3b:a9:
                    56:e0:a7:29:83:76:3e:4a:9c:05:95:a6:62:13:7b:
                    e4:f8:03:4f:1a:99:18:3f:a5:84:70:54:35:f7:fd:
                    de:d9:7a:57:8b:03:12:fe:53:84:21:36:dc:71:7b:
                    28:f2:50:fa:cd:02:28:06:48:fa:fe:f2:87:34:45:
                    b3:23:10:b8:22:32:30:99:3c:dc:9a:b3:56:f0:cb:
                    16:1b:b0:f0:14:12:03:ab:c0:b4:c2:ce:e7:1a:bf:
                    6a:c4:9f:1c:e7:3f:05:15:04:dc:15:98:8b:7c:5b:
                    20:c8:ed:1f:15:e4:08:6d:29:51:70:20:7e:5e:e2:
                    73:4d:b6:63:04:c6:66:c8:b6:27:55:8b:9e:e7:bc:
                    57:d7:09:25:ec:38:50:df:5f:ed:1b:3f:09:15:22:
                    d4:cd:8c:7e:92:dd:6c:59:8e:8e:8c:75:d0:47:ff:
                    3c:c1:74:10:eb:44:37:7d:aa:14:95:8a:0f:59:a7:
                    82:60:90:34:0e:14:7e:65:9e:84:7e:2c:d0:0f:e3:
                    fb:15:2a:e0:4f:e1:b5:92:e7:0e:82:5b:07:25:38:
                    c3:99:9b:ee:7c:f4:62:ac:b4:f3:0d:8b:fb:34:38:
                    1f:04:e8:39:0f:b7:21:8c:89:b1:82:a6:b6:96:58:
                    00:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:8B:D6:49:07:36:46:C1:F4:C3:B0:1C:AC:AA:72:E2:09:E9:DA:FF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/bc3441-3e8f-44ed-913e-ed78cb76661c/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/bc3441-3e8f-44ed-913e-ed78cb76661c/1/Z4vWSQc2RsH0w7AcrKpy4gnp2v8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.113.192.0/21
                  185.251.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:dc:2c:91:8e:31:a9:06:b2:92:2a:1e:56:df:91:4a:fc:0d:
         06:19:ff:b4:78:64:a8:3d:f2:7a:ee:15:55:1f:77:db:35:27:
         f4:47:90:38:3d:7f:f6:8c:0c:73:59:4b:93:ba:4d:c0:1a:d6:
         3e:0e:4c:85:b5:13:8b:4c:5a:f0:ff:4f:a8:72:26:c4:76:62:
         46:2f:6f:e8:f5:6e:f7:5c:96:95:e6:ea:d6:d4:10:fb:5c:b5:
         19:f9:33:b0:40:7c:fa:e0:7c:2f:87:a4:5f:ce:82:40:81:25:
         b4:85:df:70:94:93:db:4c:0d:cd:70:36:7d:98:80:1f:81:da:
         0f:8a:58:c3:78:f4:ec:7b:c6:cf:b3:4f:27:e5:24:13:5f:31:
         24:4a:09:7d:b7:64:24:d3:7c:8b:24:cd:8e:2f:df:dc:8d:eb:
         d6:e0:21:ab:e7:48:f3:f1:e8:d8:2d:7d:32:1e:0d:6d:e4:8e:
         d2:1e:d2:d5:ab:4f:1b:4b:69:78:be:8e:e8:5e:6e:55:e8:c7:
         0f:ba:64:31:1e:ec:e7:66:93:e5:4f:3c:18:e0:11:ea:33:12:
         d1:46:d5:44:0d:fd:64:1a:21:46:ca:1b:69:cd:87:4a:eb:27:
         08:82:96:52:9c:58:0e:7f:c1:bb:4d:8f:38:8c:09:6c:d9:26:
         92:49:6c:af
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzIAbfkBpBSHJxWho/N9FI7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAyMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzhiZDY0OTA3MzY0NmMxZjRjM2IwMWNhY2FhNzJlMjA5ZTlkYWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPFCOJlfoosVbgWYO6lW4Kcpg3Y+
SpwFlaZiE3vk+ANPGpkYP6WEcFQ19/3e2XpXiwMS/lOEITbccXso8lD6zQIoBkj6
/vKHNEWzIxC4IjIwmTzcmrNW8MsWG7DwFBIDq8C0ws7nGr9qxJ8c5z8FFQTcFZiL
fFsgyO0fFeQIbSlRcCB+XuJzTbZjBMZmyLYnVYue57xX1wkl7DhQ31/tGz8JFSLU
zYx+kt1sWY6OjHXQR/88wXQQ60Q3faoUlYoPWaeCYJA0DhR+ZZ6EfizQD+P7FSrg
T+G1kucOglsHJTjDmZvufPRirLTzDYv7NDgfBOg5D7chjImxgqa2llgAgwIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFGeL1kkHNkbB9MOwHKyqcuIJ6dr/MB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2Y1L2JjMzQ0
MS0zZThmLTQ0ZWQtOTEzZS1lZDc4Y2I3NjY2MWMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjUvYmMzNDQx
LTNlOGYtNDRlZC05MTNlLWVkNzhjYjc2NjYxYy8xL1o0dldTUWMyUnNIMHc3QWNy
S3B5NGducDJ2OC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQDXXHAAwQCufscMA0GCSqGSIb3DQEBCwUAA4IB
AQAA3CyRjjGpBrKSKh5W35FK/A0GGf+0eGSoPfJ67hVVH3fbNSf0R5A4PX/2jAxz
WUuTuk3AGtY+DkyFtROLTFrw/0+ocibEdmJGL2/o9W73XJaV5urW1BD7XLUZ+TOw
QHz64Hwvh6RfzoJAgSW0hd9wlJPbTA3NcDZ9mIAfgdoPiljDePTse8bPs08n5SQT
XzEkSgl9t2Qk03yLJM2OL9/cjevW4CGr50jz8ejYLX0yHg1t5I7SHtLVq08bS2l4
vo7oXm5V6McPumQxHuznZpPlTzwY4BHqMxLRRtVEDf1kGiFGyhtpzYdK6ycIgpZS
nFgOf8G7TY84jAls2SaSSWyv
-----END CERTIFICATE-----