Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Z6l5VHaH5_nNB8FgpUnA3zs8wN8.cer
File:                     Z6l5VHaH5_nNB8FgpUnA3zs8wN8.cer (raw, json)
Hash identifier:          QBB+uvBPJT29DvxrC5r5uox6f9ovqcZnYoxGYWn4mXQ=
Subject key identifier:   67:A9:79:54:76:87:E7:F9:CD:07:C1:60:A5:49:C0:DF:3B:3C:C0:DF
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019492CEB90755EBC8F13004AEE53C7E6F21
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/97/e08cdc-a3d4-490b-8a2b-d9c3df8e92e7/1/Z6l5VHaH5_nNB8FgpUnA3zs8wN8.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/97/e08cdc-a3d4-490b-8a2b-d9c3df8e92e7/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Thu 23 Jan 2025 10:56:48 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 213563
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 21:14:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:92:ce:b9:07:55:eb:c8:f1:30:04:ae:e5:3c:7e:6f:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan 23 10:56:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67a979547687e7f9cd07c160a549c0df3b3cc0df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:a7:3a:12:e8:21:23:13:34:58:45:e8:a7:df:
                    2b:41:61:41:79:a1:d7:3f:cd:64:60:c6:4c:c6:20:
                    3b:df:0d:9b:53:be:81:a8:ea:c3:36:ec:c0:67:c3:
                    8d:27:27:1b:64:cb:cc:b0:50:e7:ba:f9:d2:79:1b:
                    ff:55:fa:f1:3d:9f:c9:6b:65:fc:53:67:8f:48:13:
                    f8:0b:8f:f7:cc:18:50:40:de:f6:1c:42:aa:c8:3f:
                    9a:b5:6e:e3:3e:2d:e7:d4:60:3f:80:49:da:ea:b3:
                    bf:79:09:bc:39:a1:8e:32:f6:6e:b5:09:4e:cb:58:
                    43:48:f9:12:33:02:ee:3b:ee:67:df:d1:76:4f:3f:
                    3f:21:e4:9c:55:40:bf:d4:86:ae:2f:04:ee:b3:45:
                    1a:1b:70:8d:49:67:d2:69:25:a4:56:1d:58:8b:87:
                    18:2e:a5:cf:6e:0f:ec:3d:03:27:33:10:50:9b:69:
                    55:b5:0b:3e:83:85:7c:73:a6:44:00:b6:19:ea:15:
                    e2:e2:ee:48:a1:fd:82:5d:a5:90:5f:71:88:49:f6:
                    b8:ba:35:78:58:01:a6:45:11:97:d2:78:6d:1a:29:
                    4e:70:7e:a3:ef:2b:c2:4c:e0:da:5c:33:ef:ee:eb:
                    59:de:a8:63:a9:99:25:d0:22:3d:14:40:1b:de:2b:
                    d6:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A9:79:54:76:87:E7:F9:CD:07:C1:60:A5:49:C0:DF:3B:3C:C0:DF
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/e08cdc-a3d4-490b-8a2b-d9c3df8e92e7/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/e08cdc-a3d4-490b-8a2b-d9c3df8e92e7/1/Z6l5VHaH5_nNB8FgpUnA3zs8wN8.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  213563

    Signature Algorithm: sha256WithRSAEncryption
         a3:f7:f5:5c:16:60:05:ea:0d:db:18:91:d2:8d:1f:54:c3:a4:
         c3:70:f1:8b:5b:9a:53:25:18:a8:85:6a:8d:fc:81:f4:b3:35:
         49:e2:05:2f:a7:c3:72:da:40:b8:7a:ae:69:0b:b4:5d:ff:72:
         2a:79:01:ab:07:9d:a8:ae:96:42:aa:01:d7:f7:9d:04:c3:c1:
         4d:76:59:52:e7:29:45:ae:25:54:25:1f:ad:13:e8:4c:e8:dd:
         6a:f9:8f:e5:fb:a8:a7:ae:3b:13:e5:2a:31:96:29:0a:17:b8:
         1a:0a:1b:5c:fa:85:4b:2e:75:d0:96:21:8f:7d:a7:b4:6a:ca:
         35:7b:1b:50:d1:7f:c1:51:0a:ae:a9:76:5a:6b:47:cc:9a:ae:
         99:cd:56:73:b2:ca:4c:10:00:9b:1e:59:16:2a:aa:0b:14:6c:
         8d:98:13:b3:e9:13:ba:41:44:93:c1:44:f8:70:83:86:bd:3a:
         fe:d8:65:e6:38:0f:01:50:28:59:b4:94:aa:42:2f:d8:fe:c1:
         6c:94:0a:9d:b2:fe:8b:b9:d8:0e:4d:ab:ad:64:05:d5:55:13:
         66:04:95:c5:f1:c3:49:e9:e6:35:e2:39:e5:2c:47:7c:bc:3e:
         70:db:6f:63:60:d9:cf:1b:97:97:23:3c:b2:19:43:ff:0c:7d:
         64:3b:9e:9a
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgISAZSSzrkHVevI8TAEruU8fm8hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTIzMTA1NjQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2E5Nzk1NDc2ODdlN2Y5Y2QwN2MxNjBhNTQ5YzBkZjNiM2NjMGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy6c6EughIxM0WEXop98rQWFBeaHX
P81kYMZMxiA73w2bU76BqOrDNuzAZ8ONJycbZMvMsFDnuvnSeRv/VfrxPZ/Ja2X8
U2ePSBP4C4/3zBhQQN72HEKqyD+atW7jPi3n1GA/gEna6rO/eQm8OaGOMvZutQlO
y1hDSPkSMwLuO+5n39F2Tz8/IeScVUC/1IauLwTus0UaG3CNSWfSaSWkVh1Yi4cY
LqXPbg/sPQMnMxBQm2lVtQs+g4V8c6ZEALYZ6hXi4u5Iof2CXaWQX3GISfa4ujV4
WAGmRRGX0nhtGilOcH6j7yvCTODaXDPv7utZ3qhjqZkl0CI9FEAb3ivWmQIDAQAB
o4ICfzCCAnswHQYDVR0OBBYEFGepeVR2h+f5zQfBYKVJwN87PMDfMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzk3L2UwOGNk
Yy1hM2Q0LTQ5MGItOGEyYi1kOWMzZGY4ZTkyZTcvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTcvZTA4Y2Rj
LWEzZDQtNDkwYi04YTJiLWQ5YzNkZjhlOTJlNy8xL1o2bDVWSGFINV9uTkI4Rmdw
VW5BM3pzOHdOOC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMBoGCCsGAQUF
BwEIAQH/BAswCaAHMAUCAwNCOzANBgkqhkiG9w0BAQsFAAOCAQEAo/f1XBZgBeoN
2xiR0o0fVMOkw3Dxi1uaUyUYqIVqjfyB9LM1SeIFL6fDctpAuHquaQu0Xf9yKnkB
qwedqK6WQqoB1/edBMPBTXZZUucpRa4lVCUfrRPoTOjdavmP5fuop647E+UqMZYp
Che4GgobXPqFSy510JYhj32ntGrKNXsbUNF/wVEKrql2WmtHzJqumc1Wc7LKTBAA
mx5ZFiqqCxRsjZgTs+kTukFEk8FE+HCDhr06/thl5jgPAVAoWbSUqkIv2P7BbJQK
nbL+i7nYDk2rrWQF1VUTZgSVxfHDSenmNeI55SxHfLw+cNtvY2DZzxuXlyM8shlD
/wx9ZDuemg==
-----END CERTIFICATE-----