Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZZbw3BZbfNIJAispZINMRedNISw.cer
File:                     ZZbw3BZbfNIJAispZINMRedNISw.cer (raw, json)
Hash identifier:          uTDtRnD9IiODWEc28WRrnRA5rL6DwoZlcjFrJyLlTeM=
Subject key identifier:   65:96:F0:DC:16:5B:7C:D2:09:02:2B:29:64:83:4C:45:E7:4D:21:2C
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       019423D6EE829CA5020E805C805F961C3C4F
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/ZZbw3BZbfNIJAispZINMRedNISw.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Wed 01 Jan 2025 21:47:55 +0000
Certificate not after:    Wed 01 Jul 2026 00:00:00 +0000
Subordinate resources:    AS: 198569
                          IP: 37.152.160.0/20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 18:56:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:ee:82:9c:a5:02:0e:80:5c:80:5f:96:1c:3c:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 21:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6596f0dc165b7cd209022b2964834c45e74d212c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:7d:cf:ac:6c:75:c5:52:f4:08:16:26:ee:23:
                    a7:cf:da:ab:6f:18:94:76:c5:96:e5:5a:5c:ba:1b:
                    d7:42:d8:c6:1f:de:f2:f9:ad:b5:19:90:45:69:42:
                    c4:56:0d:5e:5b:14:f0:50:98:df:ee:b2:5b:ae:59:
                    ca:80:a2:b3:b7:85:58:44:d2:3b:9c:1e:46:d3:ec:
                    0a:2c:20:a9:01:56:6e:9f:18:57:e0:00:8f:f6:24:
                    fe:b8:25:b0:78:71:6d:ac:d0:81:2e:a4:1e:87:02:
                    81:cf:ee:ae:9f:c5:d3:55:b2:e9:b5:dc:f8:77:37:
                    4a:a8:f5:89:cf:7b:1a:ce:01:b1:55:5b:12:7c:42:
                    1b:37:f7:f7:84:51:fb:69:3a:21:63:de:38:8b:86:
                    2e:e2:84:8a:f1:d9:2d:ff:d1:36:c2:23:81:56:81:
                    6b:99:20:0b:f9:8d:0c:9d:1b:64:f0:68:7d:7f:97:
                    08:3a:5b:03:2f:de:09:01:14:b2:8e:79:29:7c:65:
                    c4:e0:fb:f3:0b:04:70:a5:b0:06:79:86:92:2a:60:
                    c9:08:2c:c4:b5:6c:94:f7:65:55:a9:9a:d3:1d:5d:
                    31:f6:d0:d3:22:f7:bd:36:57:c0:7f:12:a7:35:8d:
                    e3:a3:55:f5:cd:7d:54:4d:94:1b:0b:f3:d9:53:7d:
                    e2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:96:F0:DC:16:5B:7C:D2:09:02:2B:29:64:83:4C:45:E7:4D:21:2C
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/9904b3-8ca0-4946-8766-2d13cf9b45c0/1/ZZbw3BZbfNIJAispZINMRedNISw.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.152.160.0/20

            sbgp-autonomousSysNum: critical
                Autonomous System Numbers:
                  198569

    Signature Algorithm: sha256WithRSAEncryption
         54:e6:6a:31:d2:9d:65:b4:c6:b9:d9:63:29:4f:c9:81:1f:ca:
         01:02:8a:c7:b7:3d:26:35:d1:73:91:f3:23:4c:42:1e:4e:09:
         8c:84:f7:0d:67:95:a1:77:4a:53:d4:8d:e2:d1:d4:63:99:bf:
         5f:cf:ac:ce:9e:24:42:42:e0:a1:59:e8:f6:ee:0d:44:d6:6a:
         63:46:ba:bd:81:c4:8c:b5:a4:bd:c3:6f:8d:b8:54:c0:8c:f2:
         92:d4:90:c6:32:a2:b5:de:b8:d1:88:8b:26:4d:e9:d8:ca:1c:
         58:9a:76:45:d0:47:01:43:74:c1:58:a0:d0:a8:88:cf:b3:01:
         90:7c:93:4e:04:2e:0d:87:bc:01:27:36:bf:af:0b:14:3c:ba:
         10:b6:97:67:5d:2c:3d:16:00:ff:76:2b:58:b7:d2:c4:82:68:
         54:a2:6a:86:ae:bc:d6:8a:07:f6:12:39:8f:a9:a9:c8:9a:4e:
         16:9a:77:08:43:15:b6:38:94:e6:0b:22:61:02:1d:e4:6e:2e:
         c1:bf:04:e6:29:7d:b6:9c:1a:f1:fc:43:ca:81:41:88:a1:e0:
         1f:d6:42:57:99:a2:d8:14:7c:bf:75:50:d9:2f:f2:78:a8:3d:
         1a:cd:f8:b6:eb:1e:2a:bd:86:81:d3:07:75:3a:0f:e1:0a:a6:
         95:80:fc:c7
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAZQj1u6CnKUCDoBcgF+WHDxPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjUwMTAxMjE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTk2ZjBkYzE2NWI3Y2QyMDkwMjJiMjk2NDgzNGM0NWU3NGQyMTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApn3PrGx1xVL0CBYm7iOnz9qrbxiU
dsWW5VpcuhvXQtjGH97y+a21GZBFaULEVg1eWxTwUJjf7rJbrlnKgKKzt4VYRNI7
nB5G0+wKLCCpAVZunxhX4ACP9iT+uCWweHFtrNCBLqQehwKBz+6un8XTVbLptdz4
dzdKqPWJz3sazgGxVVsSfEIbN/f3hFH7aTohY944i4Yu4oSK8dkt/9E2wiOBVoFr
mSAL+Y0MnRtk8Gh9f5cIOlsDL94JARSyjnkpfGXE4PvzCwRwpbAGeYaSKmDJCCzE
tWyU92VVqZrTHV0x9tDTIve9NlfAfxKnNY3jo1X1zX1UTZQbC/PZU33i+QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFGWW8NwWW3zSCQIrKWSDTEXnTSEsMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2U0Lzk5MDRi
My04Y2EwLTQ5NDYtODc2Ni0yZDEzY2Y5YjQ1YzAvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTQvOTkwNGIz
LThjYTAtNDk0Ni04NzY2LTJkMTNjZjliNDVjMC8xL1paYnczQlpiZk5JSkFpc3Ba
SU5NUmVkTklTdy5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQEJZigMBoGCCsGAQUFBwEIAQH/BAswCaAHMAUC
AwMHqTANBgkqhkiG9w0BAQsFAAOCAQEAVOZqMdKdZbTGudljKU/JgR/KAQKKx7c9
JjXRc5HzI0xCHk4JjIT3DWeVoXdKU9SN4tHUY5m/X8+szp4kQkLgoVno9u4NRNZq
Y0a6vYHEjLWkvcNvjbhUwIzyktSQxjKitd640YiLJk3p2MocWJp2RdBHAUN0wVig
0KiIz7MBkHyTTgQuDYe8ASc2v68LFDy6ELaXZ10sPRYA/3YrWLfSxIJoVKJqhq68
1ooH9hI5j6mpyJpOFpp3CEMVtjiU5gsiYQId5G4uwb8E5il9tpwa8fxDyoFBiKHg
H9ZCV5mi2BR8v3VQ2S/yeKg9Gs34tuseKr2GgdMHdToP4QqmlYD8xw==
-----END CERTIFICATE-----