Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ZZw1ZjM4jpvYl9AAo_OLweVG70o.cer
File:                     ZZw1ZjM4jpvYl9AAo_OLweVG70o.cer (raw, json)
Hash identifier:          qMnC9Che15i+y9kgFu9Ne/C912T0gVVZ0zwfr5a49SM=
Subject key identifier:   65:9C:35:66:33:38:8E:9B:D8:97:D0:00:A3:F3:8B:C1:E5:46:EF:4A
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC50133761008DA5B94701565738069D4
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/ZZw1ZjM4jpvYl9AAo_OLweVG70o.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 12:30:39 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 193.38.160.0/19
                          IP: 194.35.128.0/19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:33:76:10:08:da:5b:94:70:15:65:73:80:69:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=659c356633388e9bd897d000a3f38bc1e546ef4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e5:a4:d8:82:7b:1e:c1:48:22:44:b7:2c:a9:
                    42:b3:f6:d3:26:b9:c8:f5:dc:34:20:02:cd:e9:10:
                    5a:a0:47:a6:b6:da:0a:c4:1d:08:db:31:e3:59:05:
                    ec:5c:01:6b:51:16:3a:81:09:54:7b:fc:45:83:04:
                    d7:c1:24:b3:c5:c1:80:34:61:cf:2c:99:67:10:b4:
                    c2:e9:27:31:67:ef:74:56:dd:9f:a0:79:94:79:75:
                    fc:4a:b5:ab:3e:e5:85:7c:5a:ea:ba:3d:3f:e8:aa:
                    3d:c0:e5:e0:4f:1d:6a:97:32:7b:ba:7b:62:16:fa:
                    a1:7f:79:4a:ec:97:8c:ab:91:ee:87:1e:07:92:78:
                    f1:c2:43:b5:54:9c:be:77:2f:89:89:b9:1a:3b:2f:
                    7c:c6:b8:aa:2a:f0:7f:11:5c:92:86:8e:f4:a9:db:
                    9a:16:86:42:bf:b0:b9:56:8d:a8:58:5f:db:ed:13:
                    5a:97:a0:68:f6:0e:0e:82:77:19:c3:c4:45:dc:f5:
                    ee:4a:5a:65:96:98:77:f4:a3:47:4f:a8:7d:6b:2a:
                    28:60:7e:8e:66:97:ff:92:41:ae:47:b7:ab:60:bb:
                    42:24:ee:20:7c:84:89:68:68:1c:49:a6:06:17:50:
                    4c:e5:6b:27:6a:1b:b3:d0:f6:03:1f:49:ef:74:c0:
                    6d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:9C:35:66:33:38:8E:9B:D8:97:D0:00:A3:F3:8B:C1:E5:46:EF:4A
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/7c7851-585b-49f1-8be9-3c7e4f93e42b/1/ZZw1ZjM4jpvYl9AAo_OLweVG70o.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.160.0/19
                  194.35.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         87:29:c5:67:3b:02:47:82:ac:7a:43:e4:3b:d3:26:97:12:56:
         2d:42:62:c6:d9:b8:2d:64:40:5f:cf:03:06:91:ee:d1:b6:11:
         37:98:4a:cc:c3:10:a1:7b:a7:53:ca:60:09:42:2c:02:d3:cf:
         f0:28:62:bc:0e:0d:33:a9:54:82:4a:79:aa:ba:8a:5f:32:cf:
         4a:17:34:98:5e:5d:ad:d2:32:58:40:5b:34:20:d6:9b:88:df:
         b5:7b:18:fb:c4:7e:f8:9f:1b:ed:3e:8f:d9:f6:3c:82:b9:69:
         70:62:e8:70:e5:5f:6a:83:63:24:18:8e:b0:d0:5d:d0:0e:24:
         d7:40:fe:5c:ab:50:a0:97:cd:ac:d4:4b:9c:94:dc:50:90:50:
         b4:f2:e9:62:41:c5:ec:cf:34:c2:a8:2c:64:c1:61:e6:41:f9:
         ed:2d:d8:e9:f6:3f:6c:ee:79:96:0f:3b:9c:d4:4d:3d:64:6f:
         34:5d:e5:54:6e:a9:8c:8e:75:d5:6b:19:03:ad:d3:87:2f:12:
         7e:26:7b:7e:54:e3:ff:88:42:ba:d9:e4:19:f9:1d:ec:62:63:
         7e:07:89:5c:b8:0c:58:54:ad:72:c0:1f:06:b7:11:9c:6b:23:
         45:c3:c5:94:fc:49:44:d5:01:3b:89:e6:6c:66:6c:37:39:ab:
         4d:a6:48:a2
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYzFATN2EAjaW5RwFWVzgGnUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTljMzU2NjMzMzg4ZTliZDg5N2QwMDBhM2YzOGJjMWU1NDZlZjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+Wk2IJ7HsFIIkS3LKlCs/bTJrnI
9dw0IALN6RBaoEemttoKxB0I2zHjWQXsXAFrURY6gQlUe/xFgwTXwSSzxcGANGHP
LJlnELTC6ScxZ+90Vt2foHmUeXX8SrWrPuWFfFrquj0/6Ko9wOXgTx1qlzJ7unti
Fvqhf3lK7JeMq5Huhx4HknjxwkO1VJy+dy+JibkaOy98xriqKvB/EVySho70qdua
FoZCv7C5Vo2oWF/b7RNal6Bo9g4OgncZw8RF3PXuSlpllph39KNHT6h9ayooYH6O
Zpf/kkGuR7erYLtCJO4gfISJaGgcSaYGF1BM5Wsnahuz0PYDH0nvdMBtzQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFGWcNWYzOI6b2JfQAKPzi8HlRu9KMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA4LzdjNzg1
MS01ODViLTQ5ZjEtOGJlOS0zYzdlNGY5M2U0MmIvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDgvN2M3ODUx
LTU4NWItNDlmMS04YmU5LTNjN2U0ZjkzZTQyYi8xL1padzFaak00anB2WWw5QUFv
X09Md2VWRzcwby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUF
BwEHAQH/BBYwFDASBAIAATAMAwQFwSagAwQFwiOAMA0GCSqGSIb3DQEBCwUAA4IB
AQCHKcVnOwJHgqx6Q+Q70yaXElYtQmLG2bgtZEBfzwMGke7RthE3mErMwxChe6dT
ymAJQiwC08/wKGK8Dg0zqVSCSnmquopfMs9KFzSYXl2t0jJYQFs0INabiN+1exj7
xH74nxvtPo/Z9jyCuWlwYuhw5V9qg2MkGI6w0F3QDiTXQP5cq1Cgl82s1EuclNxQ
kFC08uliQcXszzTCqCxkwWHmQfntLdjp9j9s7nmWDzuc1E09ZG80XeVUbqmMjnXV
axkDrdOHLxJ+Jnt+VOP/iEK62eQZ+R3sYmN+B4lcuAxYVK1ywB8GtxGcayNFw8WU
/ElE1QE7ieZsZmw3OatNpkii
-----END CERTIFICATE-----