Certificate

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/Zckgon4-U6Nn-eqW23uve9Zag-o.cer
File:                     Zckgon4-U6Nn-eqW23uve9Zag-o.cer (raw, json)
Hash identifier:          G+1kfQmlvrrFONYjDCqhnFFLt7y/Gjap7EWpLunw6po=
Subject key identifier:   65:C9:20:A2:7E:3E:53:A3:67:F9:EA:96:DB:7B:AF:7B:D6:5A:83:EA
Authority key identifier: 2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69
Certificate issuer:       /CN=2a94a8dd554ae701072099c70b6407555ddde669
Certificate serial:       018CC64B4AD0556BB48DE07FD1A205346A02
Authority info access:    rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
Manifest:                 rsync://rpki.ripe.net/repository/DEFAULT/05/b2dd00-a621-49a9-bbab-37f9bf7861b6/1/Zckgon4-U6Nn-eqW23uve9Zag-o.mft
caRepository:             rsync://rpki.ripe.net/repository/DEFAULT/05/b2dd00-a621-49a9-bbab-37f9bf7861b6/1/
Notify URL:               https://rrdp.ripe.net/notification.xml
Certificate not before:   Mon 01 Jan 2024 18:31:12 +0000
Certificate not after:    Tue 01 Jul 2025 00:00:00 +0000
Subordinate resources:    IP: 185.252.194.0/24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:4a:d0:55:6b:b4:8d:e0:7f:d1:a2:05:34:6a:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a94a8dd554ae701072099c70b6407555ddde669
        Validity
            Not Before: Jan  1 18:31:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65c920a27e3e53a367f9ea96db7baf7bd65a83ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:86:a9:28:ad:e0:c8:e0:86:61:ad:f5:4b:7d:
                    0c:a2:35:40:2f:35:bd:69:91:cc:a2:ae:d1:2e:b0:
                    43:db:7d:fa:0f:97:22:b0:d3:a7:81:b1:6f:ef:c5:
                    7c:1a:f9:45:f9:84:f4:54:f0:3a:d4:be:d1:74:08:
                    bc:29:e7:aa:1e:8d:8d:3f:e7:1a:d4:ef:88:b7:d3:
                    60:b4:06:fa:27:f8:ad:dc:20:41:2d:80:64:bb:ec:
                    11:8f:87:74:96:b3:25:4d:fe:bb:ba:4f:0e:a7:85:
                    e2:8a:b3:88:66:d6:d2:57:93:ec:02:06:4a:c8:24:
                    ac:8b:ea:5f:e2:31:10:c2:86:b9:99:09:41:c5:1b:
                    cd:03:1e:62:cc:c9:a8:f4:24:83:13:17:de:48:fa:
                    0f:69:2f:08:ea:fe:90:ff:bd:ff:9f:79:72:b4:5e:
                    4d:4a:9b:d6:f3:91:84:9f:b6:b3:8b:10:03:17:17:
                    f4:36:a6:bd:91:f0:10:a9:12:2a:c2:d1:fa:9f:2d:
                    0a:8d:5b:86:17:4b:5d:eb:bb:16:b0:3b:ea:9d:a7:
                    df:d1:56:45:13:40:de:c7:d2:88:28:b7:4c:35:a5:
                    2b:e9:dd:80:03:b5:1e:c6:57:cf:9e:97:8b:fa:d7:
                    99:e6:ff:9f:5d:05:b7:16:fb:10:13:2f:5f:c0:f2:
                    99:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:C9:20:A2:7E:3E:53:A3:67:F9:EA:96:DB:7B:AF:7B:D6:5A:83:EA
            X509v3 Authority Key Identifier:
                keyid:2A:94:A8:DD:55:4A:E7:01:07:20:99:C7:0B:64:07:55:5D:DD:E6:69

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Key Usage: critical
                Certificate Sign, CRL Sign
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer

            Subject Information Access:
                CA Repository - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b2dd00-a621-49a9-bbab-37f9bf7861b6/1/
                RPKI Manifest - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/b2dd00-a621-49a9-bbab-37f9bf7861b6/1/Zckgon4-U6Nn-eqW23uve9Zag-o.mft
                RPKI Notify - URI:https://rrdp.ripe.net/notification.xml

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:c5:c8:7e:1a:d6:75:bb:96:c1:6f:21:75:62:e7:3d:51:68:
         2e:56:bb:ce:dc:61:31:c2:f1:c5:6b:cc:73:03:11:50:2c:ad:
         1d:73:b7:4e:23:f5:e9:b9:70:1c:c7:ed:dc:43:83:8a:b4:15:
         89:d2:d2:09:87:57:73:fb:02:0d:c4:d6:8a:dc:7c:5e:9b:9c:
         b4:a9:3d:1b:1f:10:97:5f:78:2b:7c:f2:f5:45:08:25:22:d3:
         98:a6:55:04:7d:5d:f4:64:cf:3e:1c:29:57:ba:4c:4e:3d:1a:
         54:a8:f6:8e:c2:1a:f3:5a:b6:5a:f8:ed:d4:98:fa:a5:be:2a:
         98:c9:14:69:43:5e:0e:73:58:62:d3:a8:2f:27:23:64:e2:6f:
         78:1a:7a:97:d7:62:3c:53:4c:dd:ce:9b:c9:4a:d9:7c:3c:d7:
         31:82:51:f5:4d:62:6a:26:c1:9d:d1:d2:d3:81:b2:d2:d7:03:
         f3:b9:b3:3f:7c:9a:40:77:a2:80:3f:38:e3:05:6c:c3:a0:8e:
         27:c0:6b:95:18:08:78:f8:4e:eb:84:9f:08:90:8b:3e:dd:68:
         09:0a:0d:24:dc:c7:df:77:f5:88:b9:0a:5a:7c:8a:52:f0:71:
         57:b4:5c:f5:18:90:1f:8d:10:48:89:bf:ea:09:b2:36:19:c2:
         15:ad:bc:f0
-----BEGIN CERTIFICATE-----
MIIFeDCCBGCgAwIBAgISAYzGS0rQVWu0jeB/0aIFNGoCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOTRhOGRkNTU0YWU3MDEwNzIwOTljNzBiNjQwNzU1NWRk
ZGU2NjkwHhcNMjQwMTAxMTgzMTEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWM5MjBhMjdlM2U1M2EzNjdmOWVhOTZkYjdiYWY3YmQ2NWE4M2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4apKK3gyOCGYa31S30MojVALzW9
aZHMoq7RLrBD2336D5cisNOngbFv78V8GvlF+YT0VPA61L7RdAi8KeeqHo2NP+ca
1O+It9NgtAb6J/it3CBBLYBku+wRj4d0lrMlTf67uk8Op4XiirOIZtbSV5PsAgZK
yCSsi+pf4jEQwoa5mQlBxRvNAx5izMmo9CSDExfeSPoPaS8I6v6Q/73/n3lytF5N
SpvW85GEn7azixADFxf0Nqa9kfAQqRIqwtH6ny0KjVuGF0td67sWsDvqnaff0VZF
E0Dex9KIKLdMNaUr6d2AA7UexlfPnpeL+teZ5v+fXQW3FvsQEy9fwPKZeQIDAQAB
o4IChDCCAoAwHQYDVR0OBBYEFGXJIKJ+PlOjZ/nqltt7r3vWWoPqMB8GA1UdIwQY
MBaAFCqUqN1VSucBByCZxwtkB1Vd3eZpMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
AQH/BAQDAgEGMGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEcnN5bmM6Ly9y
cGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvYWNhL0twU28zVlZLNXdFSElKbkhDMlFI
VlYzZDVtay5jZXIwggEjBggrBgEFBQcBCwSCARUwggERMF0GCCsGAQUFBzAFhlFy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzA1L2IyZGQw
MC1hNjIxLTQ5YTktYmJhYi0zN2Y5YmY3ODYxYjYvMS8wfAYIKwYBBQUHMAqGcHJz
eW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDUvYjJkZDAw
LWE2MjEtNDlhOS1iYmFiLTM3ZjliZjc4NjFiNi8xL1pja2dvbjQtVTZObi1lcVcy
M3V2ZTlaYWctby5tZnQwMgYIKwYBBQUHMA2GJmh0dHBzOi8vcnJkcC5yaXBlLm5l
dC9ub3RpZmljYXRpb24ueG1sMFkGA1UdHwRSMFAwTqBMoEqGSHJzeW5jOi8vcnBr
aS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvS3BTbzNWVks1d0VISUpuSEMy
UUhWVjNkNW1rLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUF
BwEHAQH/BBAwDjAMBAIAATAGAwQAufzCMA0GCSqGSIb3DQEBCwUAA4IBAQCYxch+
GtZ1u5bBbyF1Yuc9UWguVrvO3GExwvHFa8xzAxFQLK0dc7dOI/XpuXAcx+3cQ4OK
tBWJ0tIJh1dz+wINxNaK3Hxem5y0qT0bHxCXX3grfPL1RQglItOYplUEfV30ZM8+
HClXukxOPRpUqPaOwhrzWrZa+O3UmPqlviqYyRRpQ14Oc1hi06gvJyNk4m94GnqX
12I8U0zdzpvJStl8PNcxglH1TWJqJsGd0dLTgbLS1wPzubM/fJpAd6KAPzjjBWzD
oI4nwGuVGAh4+E7rhJ8IkIs+3WgJCg0k3Mffd/WIuQpafIpS8HFXtFz1GJAfjRBI
ib/qCbI2GcIVrbzw
-----END CERTIFICATE-----