Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Z8w6UjvqIkp0vJakr0FkwkeGuC4.cer
File:                     Z8w6UjvqIkp0vJakr0FkwkeGuC4.cer (raw, json)
Hash identifier:          Oq3acTtypU68yviG/cY/Je3eMXlxQcUVVP5wk7mGH2I=
Subject key identifier:   67:CC:3A:52:3B:EA:22:4A:74:BC:96:A4:AF:41:64:C2:47:86:B8:2E
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC3B72839D57066E44118A018298FA8E1
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/7a/bc9174-a3d1-4058-aa0a-7cfb19f6e133/1/Z8w6UjvqIkp0vJakr0FkwkeGuC4.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/7a/bc9174-a3d1-4058-aa0a-7cfb19f6e133/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 06:30:09 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 109.206.228.0/22
                          IP: 2a0d:c440::/29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:28:39:d5:70:66:e4:41:18:a0:18:29:8f:a8:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67cc3a523bea224a74bc96a4af4164c24786b82e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:cf:26:0d:30:06:b3:89:f6:f6:dd:bd:66:23:
                    20:62:1e:b3:a1:eb:e1:26:0c:48:2f:d0:cc:c8:c2:
                    2c:3e:9e:79:2d:c5:1b:f3:59:a0:9e:43:2d:d4:c8:
                    2b:f1:6e:d7:ee:ec:81:5f:be:21:e7:25:f3:72:bf:
                    94:71:39:f4:24:d8:ee:ee:aa:25:6f:ad:b8:43:39:
                    d6:6e:6c:73:30:c2:92:b0:8a:88:0b:1c:03:63:e1:
                    dd:a1:29:92:7e:07:e5:6e:28:4f:37:ce:04:c7:de:
                    11:93:e9:3c:92:15:62:ca:ab:c9:a6:da:77:1c:56:
                    8e:13:71:16:07:f7:c5:cc:d2:82:2c:ad:e7:1a:9d:
                    d0:ba:c8:7a:11:f2:cc:35:81:9f:80:3c:8a:e4:e8:
                    48:32:7c:4b:11:07:e5:47:b5:74:08:9c:f8:d3:19:
                    a6:80:1a:a1:dc:ed:96:fe:fe:99:1e:b2:a1:cc:ac:
                    5b:8d:c0:be:9d:ca:d0:df:81:7d:6c:69:af:9d:42:
                    4e:e4:ca:a1:66:fa:6b:e8:fe:d3:d1:28:72:19:83:
                    af:90:6c:17:2a:42:24:e6:f4:b8:1f:9d:87:9f:2a:
                    c1:c6:59:b1:78:a3:61:37:c3:d0:11:a1:d6:a0:23:
                    1a:9d:e3:30:71:01:a4:15:89:6c:75:09:27:83:ee:
                    74:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:CC:3A:52:3B:EA:22:4A:74:BC:96:A4:AF:41:64:C2:47:86:B8:2E
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/bc9174-a3d1-4058-aa0a-7cfb19f6e133/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/bc9174-a3d1-4058-aa0a-7cfb19f6e133/1/Z8w6UjvqIkp0vJakr0FkwkeGuC4.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.206.228.0/22
                IPv6:
                  2a0d:c440::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:be:d1:76:38:6a:d4:7c:e9:28:f1:ac:aa:a5:9f:23:49:18:
         9d:03:48:0d:53:51:55:6a:73:ec:4f:6a:97:59:52:84:58:2c:
         34:a9:c2:bf:c5:d3:79:75:71:1f:30:7a:43:fc:e1:b4:18:9d:
         f4:78:5a:79:d6:56:97:70:a5:91:89:6e:82:a3:53:e8:cd:e1:
         8f:10:a2:88:fb:84:f2:b0:91:92:c7:7e:90:ec:f9:ce:cd:c0:
         7d:d1:b3:71:e0:91:92:53:a9:c8:34:bf:77:b3:89:89:3d:b6:
         03:78:74:22:2f:57:4c:62:c2:fa:7b:81:b5:90:03:7e:ea:59:
         75:62:85:a6:d7:39:4e:db:4a:c7:92:c3:2a:2e:62:b6:89:04:
         ff:0e:be:2e:24:33:ed:d0:c3:70:0e:33:08:b0:42:80:32:ad:
         3f:c7:e6:0a:f8:88:fc:78:af:ab:0d:c3:bd:b5:d3:74:77:67:
         05:16:b0:59:98:30:6b:6f:21:4a:1d:19:11:48:f3:28:ce:54:
         84:89:1f:d3:5c:34:09:a3:e3:a1:2f:42:eb:2a:74:00:7c:c2:
         8c:2c:64:9a:09:39:99:ec:0e:6d:0b:29:1e:8c:cc:e2:a2:94:
         44:0e:ff:62:3c:07:6e:40:cf:5b:f5:c3:c3:a0:ff:9e:bf:bf:
         48:e1:6d:b0
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAYzDtyg51XBm5EEYoBgpj6jhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2NjM2E1MjNiZWEyMjRhNzRiYzk2YTRhZjQxNjRjMjQ3ODZiODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvs8mDTAGs4n29t29ZiMgYh6zoevh
JgxIL9DMyMIsPp55LcUb81mgnkMt1Mgr8W7X7uyBX74h5yXzcr+UcTn0JNju7qol
b624QznWbmxzMMKSsIqICxwDY+HdoSmSfgflbihPN84Ex94Rk+k8khViyqvJptp3
HFaOE3EWB/fFzNKCLK3nGp3Qush6EfLMNYGfgDyK5OhIMnxLEQflR7V0CJz40xmm
gBqh3O2W/v6ZHrKhzKxbjcC+ncrQ34F9bGmvnUJO5MqhZvpr6P7T0ShyGYOvkGwX
KkIk5vS4H52HnyrBxlmxeKNhN8PQEaHWoCManeMwcQGkFYlsdQkng+50XQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFGfMOlI76iJKdLyWpK9BZMJHhrguMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzdhL2JjOTE3
NC1hM2QxLTQwNTgtYWEwYS03Y2ZiMTlmNmUxMzMvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2EvYmM5MTc0
LWEzZDEtNDA1OC1hYTBhLTdjZmIxOWY2ZTEzMy8xL1o4dzZVanZxSWtwMHZKYWty
MEZrd2tlR3VDNC5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMC4GCCsGAQUF
BwEHAQH/BB8wHTAMBAIAATAGAwQCbc7kMA0EAgACMAcDBQMqDcRAMA0GCSqGSIb3
DQEBCwUAA4IBAQBEvtF2OGrUfOko8ayqpZ8jSRidA0gNU1FVanPsT2qXWVKEWCw0
qcK/xdN5dXEfMHpD/OG0GJ30eFp51laXcKWRiW6Co1PozeGPEKKI+4TysJGSx36Q
7PnOzcB90bNx4JGSU6nINL93s4mJPbYDeHQiL1dMYsL6e4G1kAN+6ll1YoWm1zlO
20rHksMqLmK2iQT/Dr4uJDPt0MNwDjMIsEKAMq0/x+YK+Ij8eK+rDcO9tdN0d2cF
FrBZmDBrbyFKHRkRSPMozlSEiR/TXDQJo+OhL0LrKnQAfMKMLGSaCTmZ7A5tCyke
jMziopREDv9iPAduQM9b9cPDoP+ev79I4W2w
-----END CERTIFICATE-----